Analysis Overview
SHA256
81553f1592a6e50fd6facb95710195f8a3d6b4e9e2269bcbec79678d17b0c182
Threat Level: Known bad
The file 2024-03-02_3165b9f7012dbb650ea326364bd4808a_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Executes dropped EXE
Deletes itself
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-02 16:40
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-02 16:40
Reported
2024-03-02 16:42
Platform
win7-20240221-en
Max time kernel
151s
Max time network
124s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CF5AF656-4A08-4ae8-B8A3-2558E7BA602A}\stubpath = "C:\\Windows\\{CF5AF656-4A08-4ae8-B8A3-2558E7BA602A}.exe" | C:\Windows\{50585677-D0E6-4114-86CA-2766851ECBE8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AA93C51-50A1-4c90-9311-953F4E6ADBF2} | C:\Windows\{05BD4040-845D-4213-8D25-50C5888F151B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5A138DBA-EBD3-449d-8BFD-B8A759DEF15A} | C:\Windows\{D95E9586-EA22-4cb3-9567-47390ABB001D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{50585677-D0E6-4114-86CA-2766851ECBE8} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_3165b9f7012dbb650ea326364bd4808a_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C238F10B-946E-4885-92AC-3E7418C36887} | C:\Windows\{7F69377D-A230-4f8b-BC36-50663C83845E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{05BD4040-845D-4213-8D25-50C5888F151B} | C:\Windows\{C238F10B-946E-4885-92AC-3E7418C36887}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AA93C51-50A1-4c90-9311-953F4E6ADBF2}\stubpath = "C:\\Windows\\{8AA93C51-50A1-4c90-9311-953F4E6ADBF2}.exe" | C:\Windows\{05BD4040-845D-4213-8D25-50C5888F151B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D95E9586-EA22-4cb3-9567-47390ABB001D}\stubpath = "C:\\Windows\\{D95E9586-EA22-4cb3-9567-47390ABB001D}.exe" | C:\Windows\{8AA93C51-50A1-4c90-9311-953F4E6ADBF2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{452B0288-016E-4049-8C26-0C5DBC5CCBE9} | C:\Windows\{5A138DBA-EBD3-449d-8BFD-B8A759DEF15A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{58CF4DD8-E7B4-437f-9F7B-C607CFAEDF32} | C:\Windows\{F559BA1B-F487-4680-A8A3-8A2B89408B6B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{58CF4DD8-E7B4-437f-9F7B-C607CFAEDF32}\stubpath = "C:\\Windows\\{58CF4DD8-E7B4-437f-9F7B-C607CFAEDF32}.exe" | C:\Windows\{F559BA1B-F487-4680-A8A3-8A2B89408B6B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{50585677-D0E6-4114-86CA-2766851ECBE8}\stubpath = "C:\\Windows\\{50585677-D0E6-4114-86CA-2766851ECBE8}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_3165b9f7012dbb650ea326364bd4808a_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CF5AF656-4A08-4ae8-B8A3-2558E7BA602A} | C:\Windows\{50585677-D0E6-4114-86CA-2766851ECBE8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C238F10B-946E-4885-92AC-3E7418C36887}\stubpath = "C:\\Windows\\{C238F10B-946E-4885-92AC-3E7418C36887}.exe" | C:\Windows\{7F69377D-A230-4f8b-BC36-50663C83845E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{05BD4040-845D-4213-8D25-50C5888F151B}\stubpath = "C:\\Windows\\{05BD4040-845D-4213-8D25-50C5888F151B}.exe" | C:\Windows\{C238F10B-946E-4885-92AC-3E7418C36887}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5A138DBA-EBD3-449d-8BFD-B8A759DEF15A}\stubpath = "C:\\Windows\\{5A138DBA-EBD3-449d-8BFD-B8A759DEF15A}.exe" | C:\Windows\{D95E9586-EA22-4cb3-9567-47390ABB001D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8225FA58-5299-4e72-96C4-A5A397A72C39}\stubpath = "C:\\Windows\\{8225FA58-5299-4e72-96C4-A5A397A72C39}.exe" | C:\Windows\{452B0288-016E-4049-8C26-0C5DBC5CCBE9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F559BA1B-F487-4680-A8A3-8A2B89408B6B} | C:\Windows\{8225FA58-5299-4e72-96C4-A5A397A72C39}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F559BA1B-F487-4680-A8A3-8A2B89408B6B}\stubpath = "C:\\Windows\\{F559BA1B-F487-4680-A8A3-8A2B89408B6B}.exe" | C:\Windows\{8225FA58-5299-4e72-96C4-A5A397A72C39}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7F69377D-A230-4f8b-BC36-50663C83845E} | C:\Windows\{CF5AF656-4A08-4ae8-B8A3-2558E7BA602A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7F69377D-A230-4f8b-BC36-50663C83845E}\stubpath = "C:\\Windows\\{7F69377D-A230-4f8b-BC36-50663C83845E}.exe" | C:\Windows\{CF5AF656-4A08-4ae8-B8A3-2558E7BA602A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D95E9586-EA22-4cb3-9567-47390ABB001D} | C:\Windows\{8AA93C51-50A1-4c90-9311-953F4E6ADBF2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{452B0288-016E-4049-8C26-0C5DBC5CCBE9}\stubpath = "C:\\Windows\\{452B0288-016E-4049-8C26-0C5DBC5CCBE9}.exe" | C:\Windows\{5A138DBA-EBD3-449d-8BFD-B8A759DEF15A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8225FA58-5299-4e72-96C4-A5A397A72C39} | C:\Windows\{452B0288-016E-4049-8C26-0C5DBC5CCBE9}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{50585677-D0E6-4114-86CA-2766851ECBE8}.exe | N/A |
| N/A | N/A | C:\Windows\{CF5AF656-4A08-4ae8-B8A3-2558E7BA602A}.exe | N/A |
| N/A | N/A | C:\Windows\{7F69377D-A230-4f8b-BC36-50663C83845E}.exe | N/A |
| N/A | N/A | C:\Windows\{C238F10B-946E-4885-92AC-3E7418C36887}.exe | N/A |
| N/A | N/A | C:\Windows\{05BD4040-845D-4213-8D25-50C5888F151B}.exe | N/A |
| N/A | N/A | C:\Windows\{8AA93C51-50A1-4c90-9311-953F4E6ADBF2}.exe | N/A |
| N/A | N/A | C:\Windows\{D95E9586-EA22-4cb3-9567-47390ABB001D}.exe | N/A |
| N/A | N/A | C:\Windows\{5A138DBA-EBD3-449d-8BFD-B8A759DEF15A}.exe | N/A |
| N/A | N/A | C:\Windows\{452B0288-016E-4049-8C26-0C5DBC5CCBE9}.exe | N/A |
| N/A | N/A | C:\Windows\{8225FA58-5299-4e72-96C4-A5A397A72C39}.exe | N/A |
| N/A | N/A | C:\Windows\{F559BA1B-F487-4680-A8A3-8A2B89408B6B}.exe | N/A |
| N/A | N/A | C:\Windows\{58CF4DD8-E7B4-437f-9F7B-C607CFAEDF32}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{CF5AF656-4A08-4ae8-B8A3-2558E7BA602A}.exe | C:\Windows\{50585677-D0E6-4114-86CA-2766851ECBE8}.exe | N/A |
| File created | C:\Windows\{C238F10B-946E-4885-92AC-3E7418C36887}.exe | C:\Windows\{7F69377D-A230-4f8b-BC36-50663C83845E}.exe | N/A |
| File created | C:\Windows\{D95E9586-EA22-4cb3-9567-47390ABB001D}.exe | C:\Windows\{8AA93C51-50A1-4c90-9311-953F4E6ADBF2}.exe | N/A |
| File created | C:\Windows\{452B0288-016E-4049-8C26-0C5DBC5CCBE9}.exe | C:\Windows\{5A138DBA-EBD3-449d-8BFD-B8A759DEF15A}.exe | N/A |
| File created | C:\Windows\{F559BA1B-F487-4680-A8A3-8A2B89408B6B}.exe | C:\Windows\{8225FA58-5299-4e72-96C4-A5A397A72C39}.exe | N/A |
| File created | C:\Windows\{58CF4DD8-E7B4-437f-9F7B-C607CFAEDF32}.exe | C:\Windows\{F559BA1B-F487-4680-A8A3-8A2B89408B6B}.exe | N/A |
| File created | C:\Windows\{50585677-D0E6-4114-86CA-2766851ECBE8}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_3165b9f7012dbb650ea326364bd4808a_goldeneye.exe | N/A |
| File created | C:\Windows\{05BD4040-845D-4213-8D25-50C5888F151B}.exe | C:\Windows\{C238F10B-946E-4885-92AC-3E7418C36887}.exe | N/A |
| File created | C:\Windows\{8AA93C51-50A1-4c90-9311-953F4E6ADBF2}.exe | C:\Windows\{05BD4040-845D-4213-8D25-50C5888F151B}.exe | N/A |
| File created | C:\Windows\{5A138DBA-EBD3-449d-8BFD-B8A759DEF15A}.exe | C:\Windows\{D95E9586-EA22-4cb3-9567-47390ABB001D}.exe | N/A |
| File created | C:\Windows\{8225FA58-5299-4e72-96C4-A5A397A72C39}.exe | C:\Windows\{452B0288-016E-4049-8C26-0C5DBC5CCBE9}.exe | N/A |
| File created | C:\Windows\{7F69377D-A230-4f8b-BC36-50663C83845E}.exe | C:\Windows\{CF5AF656-4A08-4ae8-B8A3-2558E7BA602A}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_3165b9f7012dbb650ea326364bd4808a_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_3165b9f7012dbb650ea326364bd4808a_goldeneye.exe"
C:\Windows\{50585677-D0E6-4114-86CA-2766851ECBE8}.exe
C:\Windows\{50585677-D0E6-4114-86CA-2766851ECBE8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{CF5AF656-4A08-4ae8-B8A3-2558E7BA602A}.exe
C:\Windows\{CF5AF656-4A08-4ae8-B8A3-2558E7BA602A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{50585~1.EXE > nul
C:\Windows\{7F69377D-A230-4f8b-BC36-50663C83845E}.exe
C:\Windows\{7F69377D-A230-4f8b-BC36-50663C83845E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CF5AF~1.EXE > nul
C:\Windows\{C238F10B-946E-4885-92AC-3E7418C36887}.exe
C:\Windows\{C238F10B-946E-4885-92AC-3E7418C36887}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7F693~1.EXE > nul
C:\Windows\{05BD4040-845D-4213-8D25-50C5888F151B}.exe
C:\Windows\{05BD4040-845D-4213-8D25-50C5888F151B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C238F~1.EXE > nul
C:\Windows\{8AA93C51-50A1-4c90-9311-953F4E6ADBF2}.exe
C:\Windows\{8AA93C51-50A1-4c90-9311-953F4E6ADBF2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{05BD4~1.EXE > nul
C:\Windows\{D95E9586-EA22-4cb3-9567-47390ABB001D}.exe
C:\Windows\{D95E9586-EA22-4cb3-9567-47390ABB001D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8AA93~1.EXE > nul
C:\Windows\{5A138DBA-EBD3-449d-8BFD-B8A759DEF15A}.exe
C:\Windows\{5A138DBA-EBD3-449d-8BFD-B8A759DEF15A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D95E9~1.EXE > nul
C:\Windows\{452B0288-016E-4049-8C26-0C5DBC5CCBE9}.exe
C:\Windows\{452B0288-016E-4049-8C26-0C5DBC5CCBE9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5A138~1.EXE > nul
C:\Windows\{8225FA58-5299-4e72-96C4-A5A397A72C39}.exe
C:\Windows\{8225FA58-5299-4e72-96C4-A5A397A72C39}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{452B0~1.EXE > nul
C:\Windows\{F559BA1B-F487-4680-A8A3-8A2B89408B6B}.exe
C:\Windows\{F559BA1B-F487-4680-A8A3-8A2B89408B6B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8225F~1.EXE > nul
C:\Windows\{58CF4DD8-E7B4-437f-9F7B-C607CFAEDF32}.exe
C:\Windows\{58CF4DD8-E7B4-437f-9F7B-C607CFAEDF32}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F559B~1.EXE > nul
Network
Files
C:\Windows\{50585677-D0E6-4114-86CA-2766851ECBE8}.exe
| MD5 | d0a6460ba0e4520aa7b99f60e19008b3 |
| SHA1 | d43bf08f59662aaa2abef14c31e2d0d07b7a93b6 |
| SHA256 | 1ebfe46c066599ee000ce1493b424ece21b649778fbe122d6ec5443c0f2a9b0c |
| SHA512 | 21ac324a6f0f12bc990a961af41e8dbaa12375cdc530da67614f66bb593f15dba03fb9e35facc4bde44705e688dc9866752c522e9a913a4f8537bf6e4c346526 |
C:\Windows\{CF5AF656-4A08-4ae8-B8A3-2558E7BA602A}.exe
| MD5 | e39e3163467045f97f592aa00cd4488c |
| SHA1 | 21b104121c9c42fe6502c9ad14710725bfc91e65 |
| SHA256 | 7177d64893a675bfb19323e079676cdf7b454be4216ed74b801832544c6e6c27 |
| SHA512 | eca21cda60237fcd552fb5b1ff6aca2ec2b722a9e8339f8fa72680f448443b3e7fb6437140b64541654eafb64f23dfdc901c8d514b118a96358eed4921be761d |
C:\Windows\{7F69377D-A230-4f8b-BC36-50663C83845E}.exe
| MD5 | a4020abd96505f3b0dffbd615e91ea35 |
| SHA1 | a1ccd8f4e535ca033d440224ec33516b671e7624 |
| SHA256 | 703e6407c0deca5d6f82113fd90aaf28c8965cd8ad6fa71e50ca088a517d6a5e |
| SHA512 | 5090ccff293fbe2410173b2bb2b644c538b38e69fb08a9a1b8c208390a0d193e1184a6c28d06fdc7e21d3ca04868f60c930fab1e50a859414aaab6ec43d3bb03 |
C:\Windows\{C238F10B-946E-4885-92AC-3E7418C36887}.exe
| MD5 | 6f915ef3b9130be1621a3df1ec94fa4a |
| SHA1 | 67b558465ac3b0cd1b37a1243b69c573f9b0bdb9 |
| SHA256 | 9a7456517b208a9a689dcedeb6f792dad207168ab1735db591b06b9d531e7dae |
| SHA512 | 0c4acafb536d391a6b1d421b8562e934e251436beeb0ebacb4a4221252d97217ea6c3b9b6ac5940e55f11acd5f3a57ba4df1897af22ed0eecbc8b169ea05ac98 |
C:\Windows\{05BD4040-845D-4213-8D25-50C5888F151B}.exe
| MD5 | 23a8a3d667aa1dec00f491cc9fed4d54 |
| SHA1 | 0febb1a2713d6268c7af98dea8623cb94ad420ee |
| SHA256 | 379f6b8aa819726ded8f0efc283e3c120f90a7456c6600b7cfba865a6c37cdb2 |
| SHA512 | 58faaa2b7e13345ca296814249ca47bd4d8cffa6ce03fc3a7309880a33a9e017ef9b4585b73107fe4a138c94b883b23099f10c0be49cf41f23f66719b63139c3 |
C:\Windows\{8AA93C51-50A1-4c90-9311-953F4E6ADBF2}.exe
| MD5 | 5994c63cbb90584152e4744a1d59e260 |
| SHA1 | f5751ddcc67ee87e00d1c88992e9685dc1a1d01f |
| SHA256 | bf75e180c63986076999d0174a11ef7648272438079775560445885ebf3f2574 |
| SHA512 | da32d8a72d88fda795d2f7fe5d4cf54186dd5ca2963171b1209dead171f9b5c641ef46b280481b256409028bee0d477a0f0e0e0b658827228e41a72242c59c0c |
C:\Windows\{D95E9586-EA22-4cb3-9567-47390ABB001D}.exe
| MD5 | d01a6ac9ba3fc56d760e767181241f5d |
| SHA1 | f8b946fb6009326d68b83c8ff2da165f5ecdac4c |
| SHA256 | 8002f315d532a8976d685cd67154e409422068553f690688b41ced2af4315efe |
| SHA512 | 9b12305a1205208f5548fcb90f69c293a0bf429d8c5a9c724401a87730857b021546d9c78431625f16e7821e2cd87ca38931d1a561c850aed2262d239bf00e3e |
C:\Windows\{5A138DBA-EBD3-449d-8BFD-B8A759DEF15A}.exe
| MD5 | dbeb31fcbd98185b6f29529e1b16dbf3 |
| SHA1 | 5a2ffce4a1858c399c0bf2f2dab46b6fa95188f3 |
| SHA256 | adf49f9aee8e7c938b038b56b75f40ae7ab654bc0c064c2550cf931b6f4403dd |
| SHA512 | f97119f34ed5b20ef98f4d562b14551e8898400d0e7551c5cc262700d9c19fb85f966f016582b7fe91e0da00ed08234253a1bc31ac83d965bf6e510f4fed7134 |
C:\Windows\{452B0288-016E-4049-8C26-0C5DBC5CCBE9}.exe
| MD5 | 7250e2d39ffe7a7f35d1cd47687ef8bf |
| SHA1 | fffc3f4686a598c42cdb54affb7c68cf1a3b8b09 |
| SHA256 | baf34db5cef61dc7c2d25a5e76fd25dbfed2f3d16fdb4a503248fc908875084c |
| SHA512 | 3cc792abc7fe009249051da866765991b89cdb74a9e26f2de95d405db10c153aa1a90ca286e7ec44aa8c829b0df585e46b8e263a1c5b3aed736f622cb6ce5134 |
C:\Windows\{8225FA58-5299-4e72-96C4-A5A397A72C39}.exe
| MD5 | c740497d7f086dcec681ba3b7b7cf5b2 |
| SHA1 | 0bc46e55f3c56a15cd916797b39291c5ff28fb26 |
| SHA256 | 1ac366c0afac3a08a78e77e7b0f74485bf48ea3b7b775c70d8de480a4c74339d |
| SHA512 | d81bd8dbcc34e19f0edcf06c199a59e1a4bc01369881c82e32bfbaa1f5a4a0706ad2ecfc153c72d5f35e8a56de051f84c37fc8dbf6309385f7de777df6ff87dd |
C:\Windows\{F559BA1B-F487-4680-A8A3-8A2B89408B6B}.exe
| MD5 | 923e02862829fca540e83b38bce6f14b |
| SHA1 | aad0bb741539837421c747abb352035f3260b9df |
| SHA256 | b10590ee956c0b18bf04a27f245a81290ad456ce63f6dd27c019db819cba590f |
| SHA512 | 51dae9360a8404df356872361f069c20937fd52287ac66534936fa2f8e1c1bcb948027b2d8879796375b721f4b2478019c6cd6e7ef3a5f2e61a022e09b9120cc |
C:\Windows\{58CF4DD8-E7B4-437f-9F7B-C607CFAEDF32}.exe
| MD5 | 131398e6443c3117035ec6c47d62474a |
| SHA1 | d2ae9c726b5751a5614816b48b297e81ef47d5b1 |
| SHA256 | d0365f24749190725f9edc83793fd9a54f0dcf4acfb3f6d8af2a92f2d6777ea7 |
| SHA512 | 18535dbe62d0885ab701f9f39d9b68defe9d71bc8ea5324cdddcc7d86ca24835889f1ad36a005c9d2b9573ccee6211da8a0266b7f006b327919374f9dd599460 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-02 16:40
Reported
2024-03-02 16:42
Platform
win10v2004-20240226-en
Max time kernel
144s
Max time network
143s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BBAC153F-BB60-412b-8C3F-F1B34EC93524} | C:\Windows\{E54C357F-FA2A-45be-B6A6-452751C97022}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BBAC153F-BB60-412b-8C3F-F1B34EC93524}\stubpath = "C:\\Windows\\{BBAC153F-BB60-412b-8C3F-F1B34EC93524}.exe" | C:\Windows\{E54C357F-FA2A-45be-B6A6-452751C97022}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{23DAC6B3-FB50-4562-A919-6DE567CDEF5D} | C:\Windows\{F2D2B923-E5F7-4039-8524-2F186A503072}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2E312C99-BE09-4d60-852F-924EA9BEF217}\stubpath = "C:\\Windows\\{2E312C99-BE09-4d60-852F-924EA9BEF217}.exe" | C:\Windows\{47BA070E-A646-48c3-9CF8-430F095B9F8E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1FF0B8E6-6E3B-4612-823A-84DFC1B29D56}\stubpath = "C:\\Windows\\{1FF0B8E6-6E3B-4612-823A-84DFC1B29D56}.exe" | C:\Windows\{2197D2BF-4031-4864-8338-89ADD2AA9500}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A5EE6AB0-2004-4492-B7A9-6F7219E0F87A} | C:\Windows\{1FF0B8E6-6E3B-4612-823A-84DFC1B29D56}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{77591AFF-1B7E-46a3-A9CA-3FB5CC001627} | C:\Windows\{5D9EE67D-88A9-4350-9CE0-E8481EC3C32A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E54C357F-FA2A-45be-B6A6-452751C97022} | C:\Windows\{77591AFF-1B7E-46a3-A9CA-3FB5CC001627}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{23DAC6B3-FB50-4562-A919-6DE567CDEF5D}\stubpath = "C:\\Windows\\{23DAC6B3-FB50-4562-A919-6DE567CDEF5D}.exe" | C:\Windows\{F2D2B923-E5F7-4039-8524-2F186A503072}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2E312C99-BE09-4d60-852F-924EA9BEF217} | C:\Windows\{47BA070E-A646-48c3-9CF8-430F095B9F8E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2197D2BF-4031-4864-8338-89ADD2AA9500} | C:\Windows\{2E312C99-BE09-4d60-852F-924EA9BEF217}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A5EE6AB0-2004-4492-B7A9-6F7219E0F87A}\stubpath = "C:\\Windows\\{A5EE6AB0-2004-4492-B7A9-6F7219E0F87A}.exe" | C:\Windows\{1FF0B8E6-6E3B-4612-823A-84DFC1B29D56}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E54C357F-FA2A-45be-B6A6-452751C97022}\stubpath = "C:\\Windows\\{E54C357F-FA2A-45be-B6A6-452751C97022}.exe" | C:\Windows\{77591AFF-1B7E-46a3-A9CA-3FB5CC001627}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F2D2B923-E5F7-4039-8524-2F186A503072} | C:\Windows\{BBAC153F-BB60-412b-8C3F-F1B34EC93524}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F2D2B923-E5F7-4039-8524-2F186A503072}\stubpath = "C:\\Windows\\{F2D2B923-E5F7-4039-8524-2F186A503072}.exe" | C:\Windows\{BBAC153F-BB60-412b-8C3F-F1B34EC93524}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{47BA070E-A646-48c3-9CF8-430F095B9F8E} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_3165b9f7012dbb650ea326364bd4808a_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{47BA070E-A646-48c3-9CF8-430F095B9F8E}\stubpath = "C:\\Windows\\{47BA070E-A646-48c3-9CF8-430F095B9F8E}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_3165b9f7012dbb650ea326364bd4808a_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2197D2BF-4031-4864-8338-89ADD2AA9500}\stubpath = "C:\\Windows\\{2197D2BF-4031-4864-8338-89ADD2AA9500}.exe" | C:\Windows\{2E312C99-BE09-4d60-852F-924EA9BEF217}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5D9EE67D-88A9-4350-9CE0-E8481EC3C32A} | C:\Windows\{A5EE6AB0-2004-4492-B7A9-6F7219E0F87A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{77591AFF-1B7E-46a3-A9CA-3FB5CC001627}\stubpath = "C:\\Windows\\{77591AFF-1B7E-46a3-A9CA-3FB5CC001627}.exe" | C:\Windows\{5D9EE67D-88A9-4350-9CE0-E8481EC3C32A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1FF0B8E6-6E3B-4612-823A-84DFC1B29D56} | C:\Windows\{2197D2BF-4031-4864-8338-89ADD2AA9500}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5D9EE67D-88A9-4350-9CE0-E8481EC3C32A}\stubpath = "C:\\Windows\\{5D9EE67D-88A9-4350-9CE0-E8481EC3C32A}.exe" | C:\Windows\{A5EE6AB0-2004-4492-B7A9-6F7219E0F87A}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{47BA070E-A646-48c3-9CF8-430F095B9F8E}.exe | N/A |
| N/A | N/A | C:\Windows\{2E312C99-BE09-4d60-852F-924EA9BEF217}.exe | N/A |
| N/A | N/A | C:\Windows\{2197D2BF-4031-4864-8338-89ADD2AA9500}.exe | N/A |
| N/A | N/A | C:\Windows\{1FF0B8E6-6E3B-4612-823A-84DFC1B29D56}.exe | N/A |
| N/A | N/A | C:\Windows\{A5EE6AB0-2004-4492-B7A9-6F7219E0F87A}.exe | N/A |
| N/A | N/A | C:\Windows\{5D9EE67D-88A9-4350-9CE0-E8481EC3C32A}.exe | N/A |
| N/A | N/A | C:\Windows\{77591AFF-1B7E-46a3-A9CA-3FB5CC001627}.exe | N/A |
| N/A | N/A | C:\Windows\{E54C357F-FA2A-45be-B6A6-452751C97022}.exe | N/A |
| N/A | N/A | C:\Windows\{BBAC153F-BB60-412b-8C3F-F1B34EC93524}.exe | N/A |
| N/A | N/A | C:\Windows\{F2D2B923-E5F7-4039-8524-2F186A503072}.exe | N/A |
| N/A | N/A | C:\Windows\{23DAC6B3-FB50-4562-A919-6DE567CDEF5D}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{5D9EE67D-88A9-4350-9CE0-E8481EC3C32A}.exe | C:\Windows\{A5EE6AB0-2004-4492-B7A9-6F7219E0F87A}.exe | N/A |
| File created | C:\Windows\{77591AFF-1B7E-46a3-A9CA-3FB5CC001627}.exe | C:\Windows\{5D9EE67D-88A9-4350-9CE0-E8481EC3C32A}.exe | N/A |
| File created | C:\Windows\{E54C357F-FA2A-45be-B6A6-452751C97022}.exe | C:\Windows\{77591AFF-1B7E-46a3-A9CA-3FB5CC001627}.exe | N/A |
| File created | C:\Windows\{23DAC6B3-FB50-4562-A919-6DE567CDEF5D}.exe | C:\Windows\{F2D2B923-E5F7-4039-8524-2F186A503072}.exe | N/A |
| File created | C:\Windows\{2197D2BF-4031-4864-8338-89ADD2AA9500}.exe | C:\Windows\{2E312C99-BE09-4d60-852F-924EA9BEF217}.exe | N/A |
| File created | C:\Windows\{1FF0B8E6-6E3B-4612-823A-84DFC1B29D56}.exe | C:\Windows\{2197D2BF-4031-4864-8338-89ADD2AA9500}.exe | N/A |
| File created | C:\Windows\{A5EE6AB0-2004-4492-B7A9-6F7219E0F87A}.exe | C:\Windows\{1FF0B8E6-6E3B-4612-823A-84DFC1B29D56}.exe | N/A |
| File created | C:\Windows\{F2D2B923-E5F7-4039-8524-2F186A503072}.exe | C:\Windows\{BBAC153F-BB60-412b-8C3F-F1B34EC93524}.exe | N/A |
| File created | C:\Windows\{47BA070E-A646-48c3-9CF8-430F095B9F8E}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_3165b9f7012dbb650ea326364bd4808a_goldeneye.exe | N/A |
| File created | C:\Windows\{2E312C99-BE09-4d60-852F-924EA9BEF217}.exe | C:\Windows\{47BA070E-A646-48c3-9CF8-430F095B9F8E}.exe | N/A |
| File created | C:\Windows\{BBAC153F-BB60-412b-8C3F-F1B34EC93524}.exe | C:\Windows\{E54C357F-FA2A-45be-B6A6-452751C97022}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_3165b9f7012dbb650ea326364bd4808a_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_3165b9f7012dbb650ea326364bd4808a_goldeneye.exe"
C:\Windows\{47BA070E-A646-48c3-9CF8-430F095B9F8E}.exe
C:\Windows\{47BA070E-A646-48c3-9CF8-430F095B9F8E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{2E312C99-BE09-4d60-852F-924EA9BEF217}.exe
C:\Windows\{2E312C99-BE09-4d60-852F-924EA9BEF217}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{47BA0~1.EXE > nul
C:\Windows\{2197D2BF-4031-4864-8338-89ADD2AA9500}.exe
C:\Windows\{2197D2BF-4031-4864-8338-89ADD2AA9500}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2E312~1.EXE > nul
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4140 --field-trial-handle=2272,i,17338911640954948469,1637568328132129119,262144 --variations-seed-version /prefetch:8
C:\Windows\{1FF0B8E6-6E3B-4612-823A-84DFC1B29D56}.exe
C:\Windows\{1FF0B8E6-6E3B-4612-823A-84DFC1B29D56}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2197D~1.EXE > nul
C:\Windows\{A5EE6AB0-2004-4492-B7A9-6F7219E0F87A}.exe
C:\Windows\{A5EE6AB0-2004-4492-B7A9-6F7219E0F87A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1FF0B~1.EXE > nul
C:\Windows\{5D9EE67D-88A9-4350-9CE0-E8481EC3C32A}.exe
C:\Windows\{5D9EE67D-88A9-4350-9CE0-E8481EC3C32A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A5EE6~1.EXE > nul
C:\Windows\{77591AFF-1B7E-46a3-A9CA-3FB5CC001627}.exe
C:\Windows\{77591AFF-1B7E-46a3-A9CA-3FB5CC001627}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5D9EE~1.EXE > nul
C:\Windows\{E54C357F-FA2A-45be-B6A6-452751C97022}.exe
C:\Windows\{E54C357F-FA2A-45be-B6A6-452751C97022}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{77591~1.EXE > nul
C:\Windows\{BBAC153F-BB60-412b-8C3F-F1B34EC93524}.exe
C:\Windows\{BBAC153F-BB60-412b-8C3F-F1B34EC93524}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E54C3~1.EXE > nul
C:\Windows\{F2D2B923-E5F7-4039-8524-2F186A503072}.exe
C:\Windows\{F2D2B923-E5F7-4039-8524-2F186A503072}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BBAC1~1.EXE > nul
C:\Windows\{23DAC6B3-FB50-4562-A919-6DE567CDEF5D}.exe
C:\Windows\{23DAC6B3-FB50-4562-A919-6DE567CDEF5D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F2D2B~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.179.234:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
Files
C:\Windows\{47BA070E-A646-48c3-9CF8-430F095B9F8E}.exe
| MD5 | 0fca95936320ef7652a6226c696db753 |
| SHA1 | 19301c0f6a1db028c870d2bc4d11c2f9ca8a2080 |
| SHA256 | 878af7c83ab958f08ac591529648d7a19c98e3f1ff3e2e00b3811578b3570117 |
| SHA512 | f34c0cd419ce56f776ee9cbd6fb79b7fe21b08b31a65a6dc0d3e275fc9eaf73c8413d29de5ffef90f6611c2a586ff02133168f01a711f865c292c830df7865d7 |
C:\Windows\{2E312C99-BE09-4d60-852F-924EA9BEF217}.exe
| MD5 | 2661adf58cc1085a05a164e4f282836c |
| SHA1 | a437fb91e661a698ca16a14c4074e77c381746da |
| SHA256 | 5d66c31f49f7f973bea8249ff5a60db617b7a12b1b815213cbf819f4786b4ad0 |
| SHA512 | c6c63aa89a904b9db6b833f4f33c406971fb6472d712742138f06b84efcec9a3e28ac9680309406dc1fab0732b6ff888dac1df3e1289ed7e1dd7a7a2ac34c37f |
C:\Windows\{2197D2BF-4031-4864-8338-89ADD2AA9500}.exe
| MD5 | 587b7d4b954a4cef2e92ecadb5e2079f |
| SHA1 | e1f5a776214389059d331aac54f970b8703dc740 |
| SHA256 | 35e9298bde40defec090fb819e12b70d0a62fd7495bd6408106e8ce18162ff89 |
| SHA512 | 04596edacc6331fe4a31655172eacc844e6744ae4f776a00ae01942c9db480ce2d8a2379502d63843244536920797279619ef2d93d901ac0495beaa0f93690eb |
C:\Windows\{1FF0B8E6-6E3B-4612-823A-84DFC1B29D56}.exe
| MD5 | 1621f13afd01660d04a674ab644c5e49 |
| SHA1 | 4497ac719660aa0d555e86e1e3cd3a88d445e17d |
| SHA256 | 961104ab387497dd86914599d5a0b038d9e5dd69c74b1d304142ef2472a10e04 |
| SHA512 | 1e0c58d517c328c327ac19cccacac571d3357fb193f9d600d304d827ebac4562b532bb686504c72aa129f9825fe8b610f27105401646d4e91278d6216f8b6566 |
C:\Windows\{A5EE6AB0-2004-4492-B7A9-6F7219E0F87A}.exe
| MD5 | 60e3f1188eb9543985dce240ba146172 |
| SHA1 | ccdf18e1a8fcf7a9802c8b19cd71b599468d7d58 |
| SHA256 | 0df832e047d3f0c50a7ad982736a491f910873be0e957f21f8cc9e86fcb95f9b |
| SHA512 | 6f98d730985212f372e379c9cb53e2c9a535e76f6ae634dcbd820a8eb6f203cb6e80071a30840bdf5b68ca94c6cf6247201bbc3cc800b3704868978e3c693111 |
C:\Windows\{5D9EE67D-88A9-4350-9CE0-E8481EC3C32A}.exe
| MD5 | 7120fff8ab996c36830f3f9f3125760f |
| SHA1 | 26d4178273e95d0ce3950fd3f72f875697143e7d |
| SHA256 | e29ad291faa377c41708cea6edd25d895e41a42c701d114833b538f64c86de3c |
| SHA512 | c8e8f6c6efb34e7a4afbc2586e802c5abe4c7ec4e733c10611f900c20d62f0f9920c78c20ff2d60b9f870b760f64ce4bfe0cb651ff89c7c5b3cc5568be006c18 |
C:\Windows\{77591AFF-1B7E-46a3-A9CA-3FB5CC001627}.exe
| MD5 | 43dfb71b4482e4557379a2295aee8be2 |
| SHA1 | b33ee106c44b8546d4c4eeed7ec491a7c404ce1f |
| SHA256 | 3b7f7731df850b57267e425dd060a59905e5ea1ffcb6077003aefe398705e54b |
| SHA512 | 6687a1040e509febed8437ee2ecc030a3872013ee95c5fa1f86a2627c0f218f74d9e81a603ce7802eafbd2d4e7f75b00ce45d094ad6c49e5242dfc914d4aff41 |
C:\Windows\{E54C357F-FA2A-45be-B6A6-452751C97022}.exe
| MD5 | 7fc22b8a82efd85fec22b43327a33ba4 |
| SHA1 | fe10711d8e3b8f56f9a5c94a0a94bd706f0eb54d |
| SHA256 | 7097f4214f12471f7fb616dc38213eb166774956e72bac78c93f507309dd92c6 |
| SHA512 | b3b83ddb0039ad0da0143bedf141cb1ee2390674dc9c4ca5d8ef698806d2241fec16d4cb8e23af69852cb34b249c5fd5cc8210c1fa1341ce9757d18be2d5361f |
C:\Windows\{BBAC153F-BB60-412b-8C3F-F1B34EC93524}.exe
| MD5 | cd798d87908f4770b05dba0ea015ce78 |
| SHA1 | 9b60aba1f4e87eb91bee8ce68e1d196f9b0a9033 |
| SHA256 | 9e869640cc2fb619edcfca48e778cd59833c2380ba6e32d694b7e29ed7a41963 |
| SHA512 | 2363ede2ff5c55249031501917b0c3f67f79522c1c1e9f7afc1e4954a95883e777c7f9a2fc3f47b59c0d31961154f971417f473b1eb6c530eaf291fd839d9c0a |
C:\Windows\{F2D2B923-E5F7-4039-8524-2F186A503072}.exe
| MD5 | 5ab84c126baadf46c059da66b6b37cf3 |
| SHA1 | 803599193cd9e9e16092627f6b77a11603613c68 |
| SHA256 | 544489fac4679b40a6396c9785b7e52d84aae92f40705e3392177ad067867968 |
| SHA512 | 791b9b5e2649781ac6e03fd628d8c6440ca3c6068eedea47372a6aae931ce4e71b26801a617179a6bb7047cae76cf8fb07cc7e091c29ec212a364b8d3e7d995b |
C:\Windows\{23DAC6B3-FB50-4562-A919-6DE567CDEF5D}.exe
| MD5 | 106976e94e6d2d155a0694ecf9b12208 |
| SHA1 | aa283aed1e0dbe54ea6dcba78fb560648c755ba1 |
| SHA256 | 5b99c975beceb7fc84e723b128a0c492d977a98df89935afbf680c0b2d9fa260 |
| SHA512 | 65d0ff816b4a16892922f0e91eb47b9c63b7d7e50ad8eacb8bdb85b4feb75e7e5ccb11c7339d5a6c956a5551e6705e24ec5b2fe4093db4bcac78d5e36be2bc95 |