Analysis Overview
SHA256
02229c757c01b07239d030159c39b38281b72687a8d3406f01043e42db7128b9
Threat Level: Known bad
The file 2024-03-02_2680d6392f72a0c5db4e1d4eb20e3fb2_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Executes dropped EXE
Deletes itself
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-02 16:37
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-02 16:37
Reported
2024-03-02 16:39
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{076EC35C-09F6-4f9b-82BB-77423B6A286B}\stubpath = "C:\\Windows\\{076EC35C-09F6-4f9b-82BB-77423B6A286B}.exe" | C:\Windows\{2B8FDD9D-0067-40a3-A7EC-552286070268}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{933B6DB4-F9F5-4f47-A84E-937B41564C73}\stubpath = "C:\\Windows\\{933B6DB4-F9F5-4f47-A84E-937B41564C73}.exe" | C:\Windows\{076EC35C-09F6-4f9b-82BB-77423B6A286B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{87FCF7F5-F675-4490-B6FD-18630AA83617} | C:\Windows\{933B6DB4-F9F5-4f47-A84E-937B41564C73}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8831F8CB-554A-46f9-8C5B-74B37D277869}\stubpath = "C:\\Windows\\{8831F8CB-554A-46f9-8C5B-74B37D277869}.exe" | C:\Windows\{79611CE9-02B9-455c-8ECF-E92BD5531AEF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3AEEC420-0A05-442b-910A-B0880445E89F} | C:\Windows\{ED5B6993-E65C-4ed0-84EE-AD8E4A8E5091}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CCD72FFE-43F8-41e6-90CD-8A7BEA66DA02}\stubpath = "C:\\Windows\\{CCD72FFE-43F8-41e6-90CD-8A7BEA66DA02}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_2680d6392f72a0c5db4e1d4eb20e3fb2_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2B8FDD9D-0067-40a3-A7EC-552286070268} | C:\Windows\{86A21F3A-2532-49e6-8F47-6BDB6DE7B757}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2B8FDD9D-0067-40a3-A7EC-552286070268}\stubpath = "C:\\Windows\\{2B8FDD9D-0067-40a3-A7EC-552286070268}.exe" | C:\Windows\{86A21F3A-2532-49e6-8F47-6BDB6DE7B757}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3AEEC420-0A05-442b-910A-B0880445E89F}\stubpath = "C:\\Windows\\{3AEEC420-0A05-442b-910A-B0880445E89F}.exe" | C:\Windows\{ED5B6993-E65C-4ed0-84EE-AD8E4A8E5091}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6F07FF5D-1A0E-49dc-970D-6196304AC766} | C:\Windows\{3AEEC420-0A05-442b-910A-B0880445E89F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{076EC35C-09F6-4f9b-82BB-77423B6A286B} | C:\Windows\{2B8FDD9D-0067-40a3-A7EC-552286070268}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CCD72FFE-43F8-41e6-90CD-8A7BEA66DA02} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_2680d6392f72a0c5db4e1d4eb20e3fb2_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{86A21F3A-2532-49e6-8F47-6BDB6DE7B757} | C:\Windows\{CCD72FFE-43F8-41e6-90CD-8A7BEA66DA02}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{86A21F3A-2532-49e6-8F47-6BDB6DE7B757}\stubpath = "C:\\Windows\\{86A21F3A-2532-49e6-8F47-6BDB6DE7B757}.exe" | C:\Windows\{CCD72FFE-43F8-41e6-90CD-8A7BEA66DA02}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8A059DDF-466D-4a6d-A9E7-244ED35FBC40} | C:\Windows\{6F07FF5D-1A0E-49dc-970D-6196304AC766}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8A059DDF-466D-4a6d-A9E7-244ED35FBC40}\stubpath = "C:\\Windows\\{8A059DDF-466D-4a6d-A9E7-244ED35FBC40}.exe" | C:\Windows\{6F07FF5D-1A0E-49dc-970D-6196304AC766}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{933B6DB4-F9F5-4f47-A84E-937B41564C73} | C:\Windows\{076EC35C-09F6-4f9b-82BB-77423B6A286B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{87FCF7F5-F675-4490-B6FD-18630AA83617}\stubpath = "C:\\Windows\\{87FCF7F5-F675-4490-B6FD-18630AA83617}.exe" | C:\Windows\{933B6DB4-F9F5-4f47-A84E-937B41564C73}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{ED5B6993-E65C-4ed0-84EE-AD8E4A8E5091} | C:\Windows\{8831F8CB-554A-46f9-8C5B-74B37D277869}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{ED5B6993-E65C-4ed0-84EE-AD8E4A8E5091}\stubpath = "C:\\Windows\\{ED5B6993-E65C-4ed0-84EE-AD8E4A8E5091}.exe" | C:\Windows\{8831F8CB-554A-46f9-8C5B-74B37D277869}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6F07FF5D-1A0E-49dc-970D-6196304AC766}\stubpath = "C:\\Windows\\{6F07FF5D-1A0E-49dc-970D-6196304AC766}.exe" | C:\Windows\{3AEEC420-0A05-442b-910A-B0880445E89F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{79611CE9-02B9-455c-8ECF-E92BD5531AEF} | C:\Windows\{87FCF7F5-F675-4490-B6FD-18630AA83617}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{79611CE9-02B9-455c-8ECF-E92BD5531AEF}\stubpath = "C:\\Windows\\{79611CE9-02B9-455c-8ECF-E92BD5531AEF}.exe" | C:\Windows\{87FCF7F5-F675-4490-B6FD-18630AA83617}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8831F8CB-554A-46f9-8C5B-74B37D277869} | C:\Windows\{79611CE9-02B9-455c-8ECF-E92BD5531AEF}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{CCD72FFE-43F8-41e6-90CD-8A7BEA66DA02}.exe | N/A |
| N/A | N/A | C:\Windows\{86A21F3A-2532-49e6-8F47-6BDB6DE7B757}.exe | N/A |
| N/A | N/A | C:\Windows\{2B8FDD9D-0067-40a3-A7EC-552286070268}.exe | N/A |
| N/A | N/A | C:\Windows\{076EC35C-09F6-4f9b-82BB-77423B6A286B}.exe | N/A |
| N/A | N/A | C:\Windows\{933B6DB4-F9F5-4f47-A84E-937B41564C73}.exe | N/A |
| N/A | N/A | C:\Windows\{87FCF7F5-F675-4490-B6FD-18630AA83617}.exe | N/A |
| N/A | N/A | C:\Windows\{79611CE9-02B9-455c-8ECF-E92BD5531AEF}.exe | N/A |
| N/A | N/A | C:\Windows\{8831F8CB-554A-46f9-8C5B-74B37D277869}.exe | N/A |
| N/A | N/A | C:\Windows\{ED5B6993-E65C-4ed0-84EE-AD8E4A8E5091}.exe | N/A |
| N/A | N/A | C:\Windows\{3AEEC420-0A05-442b-910A-B0880445E89F}.exe | N/A |
| N/A | N/A | C:\Windows\{6F07FF5D-1A0E-49dc-970D-6196304AC766}.exe | N/A |
| N/A | N/A | C:\Windows\{8A059DDF-466D-4a6d-A9E7-244ED35FBC40}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{8A059DDF-466D-4a6d-A9E7-244ED35FBC40}.exe | C:\Windows\{6F07FF5D-1A0E-49dc-970D-6196304AC766}.exe | N/A |
| File created | C:\Windows\{CCD72FFE-43F8-41e6-90CD-8A7BEA66DA02}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_2680d6392f72a0c5db4e1d4eb20e3fb2_goldeneye.exe | N/A |
| File created | C:\Windows\{933B6DB4-F9F5-4f47-A84E-937B41564C73}.exe | C:\Windows\{076EC35C-09F6-4f9b-82BB-77423B6A286B}.exe | N/A |
| File created | C:\Windows\{79611CE9-02B9-455c-8ECF-E92BD5531AEF}.exe | C:\Windows\{87FCF7F5-F675-4490-B6FD-18630AA83617}.exe | N/A |
| File created | C:\Windows\{8831F8CB-554A-46f9-8C5B-74B37D277869}.exe | C:\Windows\{79611CE9-02B9-455c-8ECF-E92BD5531AEF}.exe | N/A |
| File created | C:\Windows\{3AEEC420-0A05-442b-910A-B0880445E89F}.exe | C:\Windows\{ED5B6993-E65C-4ed0-84EE-AD8E4A8E5091}.exe | N/A |
| File created | C:\Windows\{6F07FF5D-1A0E-49dc-970D-6196304AC766}.exe | C:\Windows\{3AEEC420-0A05-442b-910A-B0880445E89F}.exe | N/A |
| File created | C:\Windows\{86A21F3A-2532-49e6-8F47-6BDB6DE7B757}.exe | C:\Windows\{CCD72FFE-43F8-41e6-90CD-8A7BEA66DA02}.exe | N/A |
| File created | C:\Windows\{2B8FDD9D-0067-40a3-A7EC-552286070268}.exe | C:\Windows\{86A21F3A-2532-49e6-8F47-6BDB6DE7B757}.exe | N/A |
| File created | C:\Windows\{076EC35C-09F6-4f9b-82BB-77423B6A286B}.exe | C:\Windows\{2B8FDD9D-0067-40a3-A7EC-552286070268}.exe | N/A |
| File created | C:\Windows\{87FCF7F5-F675-4490-B6FD-18630AA83617}.exe | C:\Windows\{933B6DB4-F9F5-4f47-A84E-937B41564C73}.exe | N/A |
| File created | C:\Windows\{ED5B6993-E65C-4ed0-84EE-AD8E4A8E5091}.exe | C:\Windows\{8831F8CB-554A-46f9-8C5B-74B37D277869}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_2680d6392f72a0c5db4e1d4eb20e3fb2_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_2680d6392f72a0c5db4e1d4eb20e3fb2_goldeneye.exe"
C:\Windows\{CCD72FFE-43F8-41e6-90CD-8A7BEA66DA02}.exe
C:\Windows\{CCD72FFE-43F8-41e6-90CD-8A7BEA66DA02}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{86A21F3A-2532-49e6-8F47-6BDB6DE7B757}.exe
C:\Windows\{86A21F3A-2532-49e6-8F47-6BDB6DE7B757}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CCD72~1.EXE > nul
C:\Windows\{2B8FDD9D-0067-40a3-A7EC-552286070268}.exe
C:\Windows\{2B8FDD9D-0067-40a3-A7EC-552286070268}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{86A21~1.EXE > nul
C:\Windows\{076EC35C-09F6-4f9b-82BB-77423B6A286B}.exe
C:\Windows\{076EC35C-09F6-4f9b-82BB-77423B6A286B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2B8FD~1.EXE > nul
C:\Windows\{933B6DB4-F9F5-4f47-A84E-937B41564C73}.exe
C:\Windows\{933B6DB4-F9F5-4f47-A84E-937B41564C73}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{076EC~1.EXE > nul
C:\Windows\{87FCF7F5-F675-4490-B6FD-18630AA83617}.exe
C:\Windows\{87FCF7F5-F675-4490-B6FD-18630AA83617}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{933B6~1.EXE > nul
C:\Windows\{79611CE9-02B9-455c-8ECF-E92BD5531AEF}.exe
C:\Windows\{79611CE9-02B9-455c-8ECF-E92BD5531AEF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{87FCF~1.EXE > nul
C:\Windows\{8831F8CB-554A-46f9-8C5B-74B37D277869}.exe
C:\Windows\{8831F8CB-554A-46f9-8C5B-74B37D277869}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{79611~1.EXE > nul
C:\Windows\{ED5B6993-E65C-4ed0-84EE-AD8E4A8E5091}.exe
C:\Windows\{ED5B6993-E65C-4ed0-84EE-AD8E4A8E5091}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8831F~1.EXE > nul
C:\Windows\{3AEEC420-0A05-442b-910A-B0880445E89F}.exe
C:\Windows\{3AEEC420-0A05-442b-910A-B0880445E89F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{ED5B6~1.EXE > nul
C:\Windows\{6F07FF5D-1A0E-49dc-970D-6196304AC766}.exe
C:\Windows\{6F07FF5D-1A0E-49dc-970D-6196304AC766}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3AEEC~1.EXE > nul
C:\Windows\{8A059DDF-466D-4a6d-A9E7-244ED35FBC40}.exe
C:\Windows\{8A059DDF-466D-4a6d-A9E7-244ED35FBC40}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6F07F~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
Files
C:\Windows\{CCD72FFE-43F8-41e6-90CD-8A7BEA66DA02}.exe
| MD5 | 0222c0644392482b8c3739427502e3df |
| SHA1 | b5e2f97c7fe430d663ddec04d8f460dcf8090cbe |
| SHA256 | a2e9a9174be46d3d56ffa28f75a1e87c9aeee7084227838c37dae21922a4f82e |
| SHA512 | bcc51aa975d5c55bf6118c75908a9de604ae0c3cc4e4b99015455f949be6255a0ab4f9fcb94bbd4eed1ce1a754ddadfa768bf80de214a21dfe6394912295f42d |
C:\Windows\{86A21F3A-2532-49e6-8F47-6BDB6DE7B757}.exe
| MD5 | f76e25a2a9ec34485124050eb887c171 |
| SHA1 | 57e283859ecff5d4fd67909458a1d1cd22dc5246 |
| SHA256 | c6ece3af24f6f61a1295e80ab8e5a13225354d1f3a63c95ef68dd47a4585d6e2 |
| SHA512 | 1e6e243bb3dba0c7bb0d68c6242cc5296a1bea4e4d0c968a1882c02a5dfb073fd90c1f1ed8cecfcdd3c22dd0808acb5172535704bfe402ba559a338a14f8363c |
C:\Windows\{2B8FDD9D-0067-40a3-A7EC-552286070268}.exe
| MD5 | 93014206419f1bf219162c2d939f0de6 |
| SHA1 | 482a32325b57e7a4e0880401217ad181de3faff8 |
| SHA256 | ce22842c522925fba5cd17f95f8be33557218244a267e0bf5f17d9b1477687c9 |
| SHA512 | bc92927a3ab95bce82a7a7892f12f58fe5ef0e0d79748a3510132df8379b04fe09c150e72ff5d7a252d0239ec905a236440034a7d957d0c9b2b70923cf122e49 |
C:\Windows\{076EC35C-09F6-4f9b-82BB-77423B6A286B}.exe
| MD5 | 3dac8a0000423b8d656b4ca0e0358560 |
| SHA1 | 5f46bb597a200cd033f93874b3d3bbce6755d855 |
| SHA256 | dca6f5effb16c5269bf80bdb7845f6c6162c6db2e09332db0e9ffe1186034462 |
| SHA512 | aa45571a307b7054db80e8fbed2e8ec682421945443c87da36ff6c8c6242acdb182f1cb93d3b09f238ad04621f0d7d432d5ebfbfbfa6d0f366494bd816c4d9de |
C:\Windows\{933B6DB4-F9F5-4f47-A84E-937B41564C73}.exe
| MD5 | c500b16705b7f2dc7d3f8beee5f887e9 |
| SHA1 | 4ffc6625a6b40060dfec1a2a6cc0e9e485ead7ea |
| SHA256 | 4940a34fc59855a9e7e4c4c2d31dad3d1344b0d3fea70ca0463092a55fe54177 |
| SHA512 | 688acccafb63485bf4254bf973c88cd6fcfdc6f6df85e0f54fc0b4a09bb1e5f63241f3c14b0b85f3ee6824e38e3d504a372320687a1256e47241a5fb8204f462 |
C:\Windows\{87FCF7F5-F675-4490-B6FD-18630AA83617}.exe
| MD5 | 33a6e25d5d9f217bb285eaf3cc006f21 |
| SHA1 | eb6b11a10d19472ad474d460d4b94db7182be57e |
| SHA256 | 024be0c1b1859ba502143e882d527c8041866a0d9481cf446ece0a809e884d0e |
| SHA512 | 5fc68cfe3a826f4f6af7c718dd2bf82cab64baa93990496971cb101d7e77594234625468ac702eebb3a2054eca3bfab73b9fd042e9efd8d3966ff2a119c02610 |
C:\Windows\{87FCF7F5-F675-4490-B6FD-18630AA83617}.exe
| MD5 | 37d58c1180a0c0e00808b873341774e1 |
| SHA1 | 3302cb3983739d8604a021fefd833cf4fb63d758 |
| SHA256 | ba8a36c3f79ee4ffa48f24d979aaeea758a00bcff1699aa55a2921a8c175343d |
| SHA512 | b4420bf980830608461b29c09a1ecdc447e1f96c0f753cff3ce908c06f5c17d5f78b238babe93b4de02bb54b754d5fbfced9271702acb250c3253c4f2c8e9d90 |
C:\Windows\{79611CE9-02B9-455c-8ECF-E92BD5531AEF}.exe
| MD5 | eaab6ff271b0cb5812015c6d704ef2e9 |
| SHA1 | b0dd32fb57b3c5c24ddd7a7a7c64f75187a9eea1 |
| SHA256 | 8a0264dcd10f756d7cc23db486dd16ee04e07453ef5f0870c2a7e77673a59ef3 |
| SHA512 | 8f2f51634a65b4722449a82450c7308397cec0f091a21866d0c24f22752a63cd4227209dcd234c636c7fa01e53f79c97329a906034711bb1b2cf75d1c26b8191 |
C:\Windows\{8831F8CB-554A-46f9-8C5B-74B37D277869}.exe
| MD5 | 850c8cef58d54f74daeefd446279194f |
| SHA1 | 4e8ccec6c7176215639b21bf067450649edaca58 |
| SHA256 | 1a62d1b53ea741cc0dc49fde505023f343e706c4ee771cb27c12b86792b43a35 |
| SHA512 | dc2d3f8a140141f50adb957779eba40edb34b17e88d4c6d68c8c83e49f0845292c5e603a9f6d31f561431e45fd314f86e4e599170c21673202d1972a88bd534c |
C:\Windows\{ED5B6993-E65C-4ed0-84EE-AD8E4A8E5091}.exe
| MD5 | dc4061bc402c57cbddfc1ebb51c9042e |
| SHA1 | 713e294fdccba195f9e9654399a690c4a60afd1d |
| SHA256 | 5ae79d6b8a88a237b1fc1291661799f3a18926abda8dd01788cffa31b3b6b58b |
| SHA512 | 10a55a85d666cd33e7202b27b5046f3aa088508af9d36fa3b89151ca51b887208a55190878069ef1457c50b393c2ff167380f4186353d3847d67b7d50b67d199 |
C:\Windows\{3AEEC420-0A05-442b-910A-B0880445E89F}.exe
| MD5 | e0360ad5bc9e658dd3e5020e0cc2d1da |
| SHA1 | 8e307b30f2c3f6510c015b6f524fff1df35d9fc5 |
| SHA256 | cd56f90760ffa61219ad127c9c8540260b7147ad100d20d82e98364fad9fddf5 |
| SHA512 | 186b07345eceb209bb8058329bf6fa5f3051fd4408a7583c7f7a27e2a87c3eb48123dcaa370fee4504315ae96ae10f6556217495fcacf6037e1da38b95b76a2e |
C:\Windows\{6F07FF5D-1A0E-49dc-970D-6196304AC766}.exe
| MD5 | bb21f764b3471002aa73f194c15b25e2 |
| SHA1 | 8f3a180a3ca4cd6b87a00b687d4b52fc185a5126 |
| SHA256 | 2b9ba5d951f622dc366f9cc2cb7fa3313474637628a4692fe5084aa1c18e8323 |
| SHA512 | 45e7656e147c6bf96b083ce2536c135c3a9a57d9257943ec08fcb45a372cf30735a75df84453bd9eb1b60e01245fe9dfa6f65f92eae5c426125c495ab6e8d991 |
C:\Windows\{8A059DDF-466D-4a6d-A9E7-244ED35FBC40}.exe
| MD5 | 8fdcea4c2e9680d8ae6c735a6bdecc7f |
| SHA1 | c03a98646f165c6a111e95029a6aab839c7ea6eb |
| SHA256 | 303080708d49b6254543630f4da6cb52b48d5483b5ae6ef128e41eac4a9d18db |
| SHA512 | 85cbd8e2ebb7197df8028639d90714f2d36bbbc61c92645f3acb8fc6d6256791565e20d13d7afeb702246a02cf71ec3be2743c6315f8a96e097e7d001ff3bd21 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-02 16:37
Reported
2024-03-02 16:39
Platform
win7-20240220-en
Max time kernel
144s
Max time network
122s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A0DD74C5-72BF-495e-9739-FD9FBE692788} | C:\Windows\{B11088D9-15BA-4c5f-9020-580D11D28345}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{34794B5F-6ADF-41ba-991B-BD29A125913E}\stubpath = "C:\\Windows\\{34794B5F-6ADF-41ba-991B-BD29A125913E}.exe" | C:\Windows\{93F810EF-4D2A-4724-BDAE-45589F53D6D4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07979479-C257-4cbe-9B30-235C54347859} | C:\Windows\{34794B5F-6ADF-41ba-991B-BD29A125913E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{878795C7-C9ED-4655-B3A7-B2EFC13E9D70} | C:\Windows\{07979479-C257-4cbe-9B30-235C54347859}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FE95C3CA-288F-489d-A3DD-D8B8997B65DF}\stubpath = "C:\\Windows\\{FE95C3CA-288F-489d-A3DD-D8B8997B65DF}.exe" | C:\Windows\{878795C7-C9ED-4655-B3A7-B2EFC13E9D70}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{ACA9DC7D-35C0-44c0-B3D4-5CD400DC38EC} | C:\Windows\{FE95C3CA-288F-489d-A3DD-D8B8997B65DF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2A39C267-FC2B-4054-8343-584CC181B7A8}\stubpath = "C:\\Windows\\{2A39C267-FC2B-4054-8343-584CC181B7A8}.exe" | C:\Windows\{F6B16D40-80FF-4d0a-BAC6-B961264ED1BC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07979479-C257-4cbe-9B30-235C54347859}\stubpath = "C:\\Windows\\{07979479-C257-4cbe-9B30-235C54347859}.exe" | C:\Windows\{34794B5F-6ADF-41ba-991B-BD29A125913E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FE95C3CA-288F-489d-A3DD-D8B8997B65DF} | C:\Windows\{878795C7-C9ED-4655-B3A7-B2EFC13E9D70}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{ACA9DC7D-35C0-44c0-B3D4-5CD400DC38EC}\stubpath = "C:\\Windows\\{ACA9DC7D-35C0-44c0-B3D4-5CD400DC38EC}.exe" | C:\Windows\{FE95C3CA-288F-489d-A3DD-D8B8997B65DF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D81173C5-D70A-4f74-8469-08D7C1B33BD6}\stubpath = "C:\\Windows\\{D81173C5-D70A-4f74-8469-08D7C1B33BD6}.exe" | C:\Windows\{ACA9DC7D-35C0-44c0-B3D4-5CD400DC38EC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F6B16D40-80FF-4d0a-BAC6-B961264ED1BC} | C:\Windows\{D81173C5-D70A-4f74-8469-08D7C1B33BD6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2A39C267-FC2B-4054-8343-584CC181B7A8} | C:\Windows\{F6B16D40-80FF-4d0a-BAC6-B961264ED1BC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A0DD74C5-72BF-495e-9739-FD9FBE692788}\stubpath = "C:\\Windows\\{A0DD74C5-72BF-495e-9739-FD9FBE692788}.exe" | C:\Windows\{B11088D9-15BA-4c5f-9020-580D11D28345}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{34794B5F-6ADF-41ba-991B-BD29A125913E} | C:\Windows\{93F810EF-4D2A-4724-BDAE-45589F53D6D4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D81173C5-D70A-4f74-8469-08D7C1B33BD6} | C:\Windows\{ACA9DC7D-35C0-44c0-B3D4-5CD400DC38EC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F6B16D40-80FF-4d0a-BAC6-B961264ED1BC}\stubpath = "C:\\Windows\\{F6B16D40-80FF-4d0a-BAC6-B961264ED1BC}.exe" | C:\Windows\{D81173C5-D70A-4f74-8469-08D7C1B33BD6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B11088D9-15BA-4c5f-9020-580D11D28345} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_2680d6392f72a0c5db4e1d4eb20e3fb2_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B11088D9-15BA-4c5f-9020-580D11D28345}\stubpath = "C:\\Windows\\{B11088D9-15BA-4c5f-9020-580D11D28345}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_2680d6392f72a0c5db4e1d4eb20e3fb2_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{93F810EF-4D2A-4724-BDAE-45589F53D6D4} | C:\Windows\{A0DD74C5-72BF-495e-9739-FD9FBE692788}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{93F810EF-4D2A-4724-BDAE-45589F53D6D4}\stubpath = "C:\\Windows\\{93F810EF-4D2A-4724-BDAE-45589F53D6D4}.exe" | C:\Windows\{A0DD74C5-72BF-495e-9739-FD9FBE692788}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{878795C7-C9ED-4655-B3A7-B2EFC13E9D70}\stubpath = "C:\\Windows\\{878795C7-C9ED-4655-B3A7-B2EFC13E9D70}.exe" | C:\Windows\{07979479-C257-4cbe-9B30-235C54347859}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{B11088D9-15BA-4c5f-9020-580D11D28345}.exe | N/A |
| N/A | N/A | C:\Windows\{A0DD74C5-72BF-495e-9739-FD9FBE692788}.exe | N/A |
| N/A | N/A | C:\Windows\{93F810EF-4D2A-4724-BDAE-45589F53D6D4}.exe | N/A |
| N/A | N/A | C:\Windows\{34794B5F-6ADF-41ba-991B-BD29A125913E}.exe | N/A |
| N/A | N/A | C:\Windows\{07979479-C257-4cbe-9B30-235C54347859}.exe | N/A |
| N/A | N/A | C:\Windows\{878795C7-C9ED-4655-B3A7-B2EFC13E9D70}.exe | N/A |
| N/A | N/A | C:\Windows\{FE95C3CA-288F-489d-A3DD-D8B8997B65DF}.exe | N/A |
| N/A | N/A | C:\Windows\{ACA9DC7D-35C0-44c0-B3D4-5CD400DC38EC}.exe | N/A |
| N/A | N/A | C:\Windows\{D81173C5-D70A-4f74-8469-08D7C1B33BD6}.exe | N/A |
| N/A | N/A | C:\Windows\{F6B16D40-80FF-4d0a-BAC6-B961264ED1BC}.exe | N/A |
| N/A | N/A | C:\Windows\{2A39C267-FC2B-4054-8343-584CC181B7A8}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{D81173C5-D70A-4f74-8469-08D7C1B33BD6}.exe | C:\Windows\{ACA9DC7D-35C0-44c0-B3D4-5CD400DC38EC}.exe | N/A |
| File created | C:\Windows\{2A39C267-FC2B-4054-8343-584CC181B7A8}.exe | C:\Windows\{F6B16D40-80FF-4d0a-BAC6-B961264ED1BC}.exe | N/A |
| File created | C:\Windows\{B11088D9-15BA-4c5f-9020-580D11D28345}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_2680d6392f72a0c5db4e1d4eb20e3fb2_goldeneye.exe | N/A |
| File created | C:\Windows\{A0DD74C5-72BF-495e-9739-FD9FBE692788}.exe | C:\Windows\{B11088D9-15BA-4c5f-9020-580D11D28345}.exe | N/A |
| File created | C:\Windows\{93F810EF-4D2A-4724-BDAE-45589F53D6D4}.exe | C:\Windows\{A0DD74C5-72BF-495e-9739-FD9FBE692788}.exe | N/A |
| File created | C:\Windows\{34794B5F-6ADF-41ba-991B-BD29A125913E}.exe | C:\Windows\{93F810EF-4D2A-4724-BDAE-45589F53D6D4}.exe | N/A |
| File created | C:\Windows\{FE95C3CA-288F-489d-A3DD-D8B8997B65DF}.exe | C:\Windows\{878795C7-C9ED-4655-B3A7-B2EFC13E9D70}.exe | N/A |
| File created | C:\Windows\{07979479-C257-4cbe-9B30-235C54347859}.exe | C:\Windows\{34794B5F-6ADF-41ba-991B-BD29A125913E}.exe | N/A |
| File created | C:\Windows\{878795C7-C9ED-4655-B3A7-B2EFC13E9D70}.exe | C:\Windows\{07979479-C257-4cbe-9B30-235C54347859}.exe | N/A |
| File created | C:\Windows\{ACA9DC7D-35C0-44c0-B3D4-5CD400DC38EC}.exe | C:\Windows\{FE95C3CA-288F-489d-A3DD-D8B8997B65DF}.exe | N/A |
| File created | C:\Windows\{F6B16D40-80FF-4d0a-BAC6-B961264ED1BC}.exe | C:\Windows\{D81173C5-D70A-4f74-8469-08D7C1B33BD6}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_2680d6392f72a0c5db4e1d4eb20e3fb2_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_2680d6392f72a0c5db4e1d4eb20e3fb2_goldeneye.exe"
C:\Windows\{B11088D9-15BA-4c5f-9020-580D11D28345}.exe
C:\Windows\{B11088D9-15BA-4c5f-9020-580D11D28345}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{A0DD74C5-72BF-495e-9739-FD9FBE692788}.exe
C:\Windows\{A0DD74C5-72BF-495e-9739-FD9FBE692788}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B1108~1.EXE > nul
C:\Windows\{93F810EF-4D2A-4724-BDAE-45589F53D6D4}.exe
C:\Windows\{93F810EF-4D2A-4724-BDAE-45589F53D6D4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A0DD7~1.EXE > nul
C:\Windows\{34794B5F-6ADF-41ba-991B-BD29A125913E}.exe
C:\Windows\{34794B5F-6ADF-41ba-991B-BD29A125913E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{93F81~1.EXE > nul
C:\Windows\{07979479-C257-4cbe-9B30-235C54347859}.exe
C:\Windows\{07979479-C257-4cbe-9B30-235C54347859}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{34794~1.EXE > nul
C:\Windows\{878795C7-C9ED-4655-B3A7-B2EFC13E9D70}.exe
C:\Windows\{878795C7-C9ED-4655-B3A7-B2EFC13E9D70}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{07979~1.EXE > nul
C:\Windows\{FE95C3CA-288F-489d-A3DD-D8B8997B65DF}.exe
C:\Windows\{FE95C3CA-288F-489d-A3DD-D8B8997B65DF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{87879~1.EXE > nul
C:\Windows\{ACA9DC7D-35C0-44c0-B3D4-5CD400DC38EC}.exe
C:\Windows\{ACA9DC7D-35C0-44c0-B3D4-5CD400DC38EC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FE95C~1.EXE > nul
C:\Windows\{D81173C5-D70A-4f74-8469-08D7C1B33BD6}.exe
C:\Windows\{D81173C5-D70A-4f74-8469-08D7C1B33BD6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{ACA9D~1.EXE > nul
C:\Windows\{F6B16D40-80FF-4d0a-BAC6-B961264ED1BC}.exe
C:\Windows\{F6B16D40-80FF-4d0a-BAC6-B961264ED1BC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D8117~1.EXE > nul
C:\Windows\{2A39C267-FC2B-4054-8343-584CC181B7A8}.exe
C:\Windows\{2A39C267-FC2B-4054-8343-584CC181B7A8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F6B16~1.EXE > nul
Network
Files
C:\Windows\{B11088D9-15BA-4c5f-9020-580D11D28345}.exe
| MD5 | 243b6ece830e64446c5bf1a1b833375b |
| SHA1 | a55c44dcf55875b18c8b50eb60d6653678ca3814 |
| SHA256 | e8972d906dcfc2fd0c0f1e8d3be138b161c4fd11a76f60ef026e59eeb3816b3b |
| SHA512 | 5cc767fbb24bb2c3d0cf06f69bb6093824dda0d1b893997e984f4c36d930f0a66a63bc6cf2a223bb4365ff00d0a4f121b69138881b02a884592ff7bf2a7717ee |
C:\Windows\{A0DD74C5-72BF-495e-9739-FD9FBE692788}.exe
| MD5 | 17fa96149d2fffbe71bbe306482417ec |
| SHA1 | b93f81ce37200debcd52ee1b21b3138b3eeda8fc |
| SHA256 | 8f9c18fabb72006c45134c814717896803b828d823c5301ed38a6fd19a22d309 |
| SHA512 | 1f4a9bba23dc821ef5376fb7e1bdab5e1b51e9d065391e9f4053b4399b3bd4b05a2665182a276ae0620ad676755ede3b9331301368eb0c31e2336c62d91b2fdc |
C:\Windows\{93F810EF-4D2A-4724-BDAE-45589F53D6D4}.exe
| MD5 | 6d1e6f9b0d112d0b4026b93387080304 |
| SHA1 | b3d1fa8428f1fddaa76ee2f801dff69619d6bce1 |
| SHA256 | 6bc2cb4cba952c47dd33f511f61177aabb49cf565b4d2b4ee6dd714c5bb644dd |
| SHA512 | 5495e4e7108601b583b61ab0a54e908fef54f386a88892b5a29e6a964e3f09ea5b1719c0a0be2616597c3e6e1435c2a0e4ae7c5fd4f834d01f72ece7d95e8b7f |
C:\Windows\{34794B5F-6ADF-41ba-991B-BD29A125913E}.exe
| MD5 | b9c783bd79f264b1284ee69e4e7b183e |
| SHA1 | e54ba80e8a8fce94b1b37a299a6b408768dced68 |
| SHA256 | e6472563a8bee4ced468bf5a97a3b5b436d24005c0f90a01e711dac49093ef78 |
| SHA512 | 2d546cff0d569dcb22eee484660a2397fbc762d02c4af53c5232b63e31fa3965bfc13a9e85d217d16638e569292e3377eec1e3d65b8f9252d2a0369339856edd |
C:\Windows\{07979479-C257-4cbe-9B30-235C54347859}.exe
| MD5 | 6f2c20e3b0a402c56ef0c761ca471503 |
| SHA1 | 61a5f5031c233e5dd0538d88b6098168207fe27e |
| SHA256 | 3834d237bd69ca2568740a4eca0977d72c84843c5f6292f25494649ee41ba411 |
| SHA512 | ea27126a868506ea787269f8c513f0aefa8ce53970bb35c8a3e1f1f5bc5327bf5893db52c7561345a759f212832e3daa20100be8c5f66a78c32fddcdfbf1bb38 |
C:\Windows\{878795C7-C9ED-4655-B3A7-B2EFC13E9D70}.exe
| MD5 | 2b6b909821942d68a586460dfa1a06ef |
| SHA1 | 2f67467a3794d1de47e0364d2d9a63acb60ec7e4 |
| SHA256 | e39e91d0c45cd109f66f913f54d5d0246fa8ed69abcb3dca929a7f7489a4bdf7 |
| SHA512 | 1b84e89445c7b945d32a369a008cfc7ba693821e8522abaa273a47677656618a00f46cd6728649cf1f8b231e3b2351b444567081f1202e4b57de825e9ac1abdc |
C:\Windows\{FE95C3CA-288F-489d-A3DD-D8B8997B65DF}.exe
| MD5 | df56c7201eb6f98f49e61767f1b6f440 |
| SHA1 | 3221bd87c2cc0013508ea9805c39ec054268b2c0 |
| SHA256 | ee1abe13ebf33f46ddf363c8ed7d8757f8ee2adb51aaf122553a76f64283389d |
| SHA512 | 191c6b22c05eb13b6b99b5691a1c5652ca8eb80760f3f8118afcc1c8aa5baeb9731819c9c497a4ae3fb65aa718cb09dccbb7011f8bfdf3a27cba83fbf9b3704c |
C:\Windows\{ACA9DC7D-35C0-44c0-B3D4-5CD400DC38EC}.exe
| MD5 | 1dd005d27374ab7866934557b258edec |
| SHA1 | f4f1b6e5d807c001cb21eb06937ceae595a8c3dc |
| SHA256 | 9b13f709ba4e9b33a7a927680c668c52448fb1b2e4391d464031fe352a80ce36 |
| SHA512 | 849a241fd56fb9c96008f2661ce0921bad29ea1dcdba1d9e171e934953d3e29dc90a347e57782db13e330c11826cf1060181a6ddb063c7ea0a5ebde5b9300588 |
C:\Windows\{D81173C5-D70A-4f74-8469-08D7C1B33BD6}.exe
| MD5 | 410d0bda6c6cdb26d71fb4c402cbb9cd |
| SHA1 | 92c3240ac607ab713f557b6bb095e8059db08e61 |
| SHA256 | 8c8a62ce64affd4bce5edeb2b094d4ba5d0c0976037dce9915989748d065509f |
| SHA512 | 33d1258ba7c8d169d41ab5be9bfa64406d4c782e7f4b7053311f5794c683728759f6eeebc67ad1cfe59d942cb1a5160a620a305f8741e1f53f8bdd68ec13a64d |
C:\Windows\{F6B16D40-80FF-4d0a-BAC6-B961264ED1BC}.exe
| MD5 | 93a690030a9578e17a4de8edee6cd383 |
| SHA1 | 2f0fa931cc184b35377036c8bfc8f9f0871b8d76 |
| SHA256 | 2f7206911447ef3d3cd92b112da991f36fbad26cf62329b92ad0d6c5c0466a1d |
| SHA512 | 3844f3a1137d12be6ab068ecc414292e3fd6604f56e85f68e3c6d5f789edb1cfb4707d589d03e049d20e0b6394437ee99c0f0e1ac301f13e729120feb91ea495 |
C:\Windows\{2A39C267-FC2B-4054-8343-584CC181B7A8}.exe
| MD5 | f8caae330947a6bffbd32f7c40d8de22 |
| SHA1 | 18067c6341c34bba89845e439d5b2b4791d90b32 |
| SHA256 | 9338e17b77a9e1d30ae2a19cf2d470d996bdf9b8fa15dbca7a48e9ffe6980277 |
| SHA512 | 3ba168257f382ef4094e11cd50bc9c0b091fcbaae2721a60badec249db8fdd53bb4d5c329dc8aa719a1ed9b521c9aaa98001b8977ddb846f4c276f3bcfae3086 |