Analysis Overview
SHA256
81a487f5327b4005b040996fbcdc64b9d9e70023f47d3bfcf57f93d762a55a47
Threat Level: Known bad
The file 2024-03-02_02df46e8c5329e63f5ec9bf636f35022_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-02 16:25
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-02 16:25
Reported
2024-03-02 16:28
Platform
win7-20240221-en
Max time kernel
144s
Max time network
123s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BEDB4307-1DDE-45b2-9B8E-8311924F767B}\stubpath = "C:\\Windows\\{BEDB4307-1DDE-45b2-9B8E-8311924F767B}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_02df46e8c5329e63f5ec9bf636f35022_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E7D8197D-251E-40d7-AF3B-8F0782EF9870} | C:\Windows\{A15A0CBD-32FF-48e4-9D14-573F6171BE1D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E7D8197D-251E-40d7-AF3B-8F0782EF9870}\stubpath = "C:\\Windows\\{E7D8197D-251E-40d7-AF3B-8F0782EF9870}.exe" | C:\Windows\{A15A0CBD-32FF-48e4-9D14-573F6171BE1D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{69A2CA21-AF6B-4537-AE56-254EAA5BA0F4}\stubpath = "C:\\Windows\\{69A2CA21-AF6B-4537-AE56-254EAA5BA0F4}.exe" | C:\Windows\{E7D8197D-251E-40d7-AF3B-8F0782EF9870}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B027FFF6-2ACD-48cd-8A62-C295D915022E} | C:\Windows\{69A2CA21-AF6B-4537-AE56-254EAA5BA0F4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FFF02C56-7136-4c0c-917C-5D2983F7746D}\stubpath = "C:\\Windows\\{FFF02C56-7136-4c0c-917C-5D2983F7746D}.exe" | C:\Windows\{A3DB71D6-9E5A-464f-9646-7F19EFCC57E8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F570F08C-9E71-4362-BCC1-A5B9761F6285} | C:\Windows\{F8EB0A63-238A-4f14-9C36-E062A27D36ED}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BEDB4307-1DDE-45b2-9B8E-8311924F767B} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_02df46e8c5329e63f5ec9bf636f35022_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A15A0CBD-32FF-48e4-9D14-573F6171BE1D} | C:\Windows\{FA15A97A-1836-453e-9D75-FF0425E25087}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B027FFF6-2ACD-48cd-8A62-C295D915022E}\stubpath = "C:\\Windows\\{B027FFF6-2ACD-48cd-8A62-C295D915022E}.exe" | C:\Windows\{69A2CA21-AF6B-4537-AE56-254EAA5BA0F4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A3DB71D6-9E5A-464f-9646-7F19EFCC57E8} | C:\Windows\{B027FFF6-2ACD-48cd-8A62-C295D915022E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FACC182A-310B-4d08-BBFA-690EDBAA01DA}\stubpath = "C:\\Windows\\{FACC182A-310B-4d08-BBFA-690EDBAA01DA}.exe" | C:\Windows\{FFF02C56-7136-4c0c-917C-5D2983F7746D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F8EB0A63-238A-4f14-9C36-E062A27D36ED}\stubpath = "C:\\Windows\\{F8EB0A63-238A-4f14-9C36-E062A27D36ED}.exe" | C:\Windows\{FACC182A-310B-4d08-BBFA-690EDBAA01DA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F570F08C-9E71-4362-BCC1-A5B9761F6285}\stubpath = "C:\\Windows\\{F570F08C-9E71-4362-BCC1-A5B9761F6285}.exe" | C:\Windows\{F8EB0A63-238A-4f14-9C36-E062A27D36ED}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FA15A97A-1836-453e-9D75-FF0425E25087} | C:\Windows\{BEDB4307-1DDE-45b2-9B8E-8311924F767B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A15A0CBD-32FF-48e4-9D14-573F6171BE1D}\stubpath = "C:\\Windows\\{A15A0CBD-32FF-48e4-9D14-573F6171BE1D}.exe" | C:\Windows\{FA15A97A-1836-453e-9D75-FF0425E25087}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{69A2CA21-AF6B-4537-AE56-254EAA5BA0F4} | C:\Windows\{E7D8197D-251E-40d7-AF3B-8F0782EF9870}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A3DB71D6-9E5A-464f-9646-7F19EFCC57E8}\stubpath = "C:\\Windows\\{A3DB71D6-9E5A-464f-9646-7F19EFCC57E8}.exe" | C:\Windows\{B027FFF6-2ACD-48cd-8A62-C295D915022E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FFF02C56-7136-4c0c-917C-5D2983F7746D} | C:\Windows\{A3DB71D6-9E5A-464f-9646-7F19EFCC57E8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FACC182A-310B-4d08-BBFA-690EDBAA01DA} | C:\Windows\{FFF02C56-7136-4c0c-917C-5D2983F7746D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F8EB0A63-238A-4f14-9C36-E062A27D36ED} | C:\Windows\{FACC182A-310B-4d08-BBFA-690EDBAA01DA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FA15A97A-1836-453e-9D75-FF0425E25087}\stubpath = "C:\\Windows\\{FA15A97A-1836-453e-9D75-FF0425E25087}.exe" | C:\Windows\{BEDB4307-1DDE-45b2-9B8E-8311924F767B}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{BEDB4307-1DDE-45b2-9B8E-8311924F767B}.exe | N/A |
| N/A | N/A | C:\Windows\{FA15A97A-1836-453e-9D75-FF0425E25087}.exe | N/A |
| N/A | N/A | C:\Windows\{A15A0CBD-32FF-48e4-9D14-573F6171BE1D}.exe | N/A |
| N/A | N/A | C:\Windows\{E7D8197D-251E-40d7-AF3B-8F0782EF9870}.exe | N/A |
| N/A | N/A | C:\Windows\{69A2CA21-AF6B-4537-AE56-254EAA5BA0F4}.exe | N/A |
| N/A | N/A | C:\Windows\{B027FFF6-2ACD-48cd-8A62-C295D915022E}.exe | N/A |
| N/A | N/A | C:\Windows\{A3DB71D6-9E5A-464f-9646-7F19EFCC57E8}.exe | N/A |
| N/A | N/A | C:\Windows\{FFF02C56-7136-4c0c-917C-5D2983F7746D}.exe | N/A |
| N/A | N/A | C:\Windows\{FACC182A-310B-4d08-BBFA-690EDBAA01DA}.exe | N/A |
| N/A | N/A | C:\Windows\{F8EB0A63-238A-4f14-9C36-E062A27D36ED}.exe | N/A |
| N/A | N/A | C:\Windows\{F570F08C-9E71-4362-BCC1-A5B9761F6285}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{69A2CA21-AF6B-4537-AE56-254EAA5BA0F4}.exe | C:\Windows\{E7D8197D-251E-40d7-AF3B-8F0782EF9870}.exe | N/A |
| File created | C:\Windows\{FFF02C56-7136-4c0c-917C-5D2983F7746D}.exe | C:\Windows\{A3DB71D6-9E5A-464f-9646-7F19EFCC57E8}.exe | N/A |
| File created | C:\Windows\{F8EB0A63-238A-4f14-9C36-E062A27D36ED}.exe | C:\Windows\{FACC182A-310B-4d08-BBFA-690EDBAA01DA}.exe | N/A |
| File created | C:\Windows\{BEDB4307-1DDE-45b2-9B8E-8311924F767B}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_02df46e8c5329e63f5ec9bf636f35022_goldeneye.exe | N/A |
| File created | C:\Windows\{FA15A97A-1836-453e-9D75-FF0425E25087}.exe | C:\Windows\{BEDB4307-1DDE-45b2-9B8E-8311924F767B}.exe | N/A |
| File created | C:\Windows\{A15A0CBD-32FF-48e4-9D14-573F6171BE1D}.exe | C:\Windows\{FA15A97A-1836-453e-9D75-FF0425E25087}.exe | N/A |
| File created | C:\Windows\{FACC182A-310B-4d08-BBFA-690EDBAA01DA}.exe | C:\Windows\{FFF02C56-7136-4c0c-917C-5D2983F7746D}.exe | N/A |
| File created | C:\Windows\{F570F08C-9E71-4362-BCC1-A5B9761F6285}.exe | C:\Windows\{F8EB0A63-238A-4f14-9C36-E062A27D36ED}.exe | N/A |
| File created | C:\Windows\{E7D8197D-251E-40d7-AF3B-8F0782EF9870}.exe | C:\Windows\{A15A0CBD-32FF-48e4-9D14-573F6171BE1D}.exe | N/A |
| File created | C:\Windows\{B027FFF6-2ACD-48cd-8A62-C295D915022E}.exe | C:\Windows\{69A2CA21-AF6B-4537-AE56-254EAA5BA0F4}.exe | N/A |
| File created | C:\Windows\{A3DB71D6-9E5A-464f-9646-7F19EFCC57E8}.exe | C:\Windows\{B027FFF6-2ACD-48cd-8A62-C295D915022E}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_02df46e8c5329e63f5ec9bf636f35022_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_02df46e8c5329e63f5ec9bf636f35022_goldeneye.exe"
C:\Windows\{BEDB4307-1DDE-45b2-9B8E-8311924F767B}.exe
C:\Windows\{BEDB4307-1DDE-45b2-9B8E-8311924F767B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{FA15A97A-1836-453e-9D75-FF0425E25087}.exe
C:\Windows\{FA15A97A-1836-453e-9D75-FF0425E25087}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BEDB4~1.EXE > nul
C:\Windows\{A15A0CBD-32FF-48e4-9D14-573F6171BE1D}.exe
C:\Windows\{A15A0CBD-32FF-48e4-9D14-573F6171BE1D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FA15A~1.EXE > nul
C:\Windows\{E7D8197D-251E-40d7-AF3B-8F0782EF9870}.exe
C:\Windows\{E7D8197D-251E-40d7-AF3B-8F0782EF9870}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A15A0~1.EXE > nul
C:\Windows\{69A2CA21-AF6B-4537-AE56-254EAA5BA0F4}.exe
C:\Windows\{69A2CA21-AF6B-4537-AE56-254EAA5BA0F4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E7D81~1.EXE > nul
C:\Windows\{B027FFF6-2ACD-48cd-8A62-C295D915022E}.exe
C:\Windows\{B027FFF6-2ACD-48cd-8A62-C295D915022E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{69A2C~1.EXE > nul
C:\Windows\{A3DB71D6-9E5A-464f-9646-7F19EFCC57E8}.exe
C:\Windows\{A3DB71D6-9E5A-464f-9646-7F19EFCC57E8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B027F~1.EXE > nul
C:\Windows\{FFF02C56-7136-4c0c-917C-5D2983F7746D}.exe
C:\Windows\{FFF02C56-7136-4c0c-917C-5D2983F7746D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A3DB7~1.EXE > nul
C:\Windows\{FACC182A-310B-4d08-BBFA-690EDBAA01DA}.exe
C:\Windows\{FACC182A-310B-4d08-BBFA-690EDBAA01DA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FFF02~1.EXE > nul
C:\Windows\{F8EB0A63-238A-4f14-9C36-E062A27D36ED}.exe
C:\Windows\{F8EB0A63-238A-4f14-9C36-E062A27D36ED}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FACC1~1.EXE > nul
C:\Windows\{F570F08C-9E71-4362-BCC1-A5B9761F6285}.exe
C:\Windows\{F570F08C-9E71-4362-BCC1-A5B9761F6285}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F8EB0~1.EXE > nul
Network
Files
C:\Windows\{BEDB4307-1DDE-45b2-9B8E-8311924F767B}.exe
| MD5 | 4edd5fff43c0a4e9e7f1bc9c63b90b11 |
| SHA1 | a1785f0eae2ff6e235b1af5750c4227e99fb8f9a |
| SHA256 | 0e44ce803dbb27202ecdc2414294b7bc7617a900b74f8274661f3d5c710d4988 |
| SHA512 | 1a7cefc3f4d281c1359b26d3ea1e6caf9d9eff158d1323342af934299c227989a6ad265001f79910e84f37076d4609d1f4dee28024d4fc0443749be2e1d0a812 |
C:\Windows\{FA15A97A-1836-453e-9D75-FF0425E25087}.exe
| MD5 | ff57b42fac1d06e59916c1f3977f203f |
| SHA1 | ce19ab7b0a3fdc24e34b0dd66ab2bbabef864024 |
| SHA256 | b8a353b10df0f0475415220813d6ddfa0d436c9696a0909cdb0f90ff44686f41 |
| SHA512 | c08f3462c14578bbc8af75b7f70ff7330276e6bbb8589c63d9b81144add622c34a80c368ff17d6025c2d92de96c0a5609e024ffa77a4402ae7ffb1781577676c |
C:\Windows\{A15A0CBD-32FF-48e4-9D14-573F6171BE1D}.exe
| MD5 | fad26117e8c2d660d8fcc32be983e06a |
| SHA1 | 26f6128d7b6a0c840f8976dc5a066efc398b9622 |
| SHA256 | 2407b9f4e4210da0755041e5a871a87f9f36940593d7880b208dc1162aa37d71 |
| SHA512 | 298dd86c73247824b53a286d938d9c4319b36f28e43d589271902753ce78def663ea19d9357bd2fb6b91af361c78e75e30731ae5ddf40c2c4e887877893b0402 |
C:\Windows\{E7D8197D-251E-40d7-AF3B-8F0782EF9870}.exe
| MD5 | 440f9ba14dce5b8614d6a05d25e9dda9 |
| SHA1 | e7ccb3c3cb394c25917ea61eb99361f3fabeb770 |
| SHA256 | c6bc88516f0aab5cbed7202ad57974574e4288cbaf829d5cc688eaa98e636b77 |
| SHA512 | 047b39d462d67364dde819a3c3f4711e6157aa75a309e5b00dc50135e4305782f586d6735c0948da0cbbd9e99a4b94db33d200886236381477355e638cb10d4b |
C:\Windows\{69A2CA21-AF6B-4537-AE56-254EAA5BA0F4}.exe
| MD5 | 1a69e022b9262facd6dafe4b5a59ea43 |
| SHA1 | aef71ee94c763836499dba6d38e1c8c79d98e704 |
| SHA256 | 50cd0eea2bbeaaa8cf61c48a7256002590e079f049c8200a163a4e694410c0bc |
| SHA512 | 620ba11f8bb74046395f2400774da5864acb5d3d04828e3e7f4515f76f665e98326ca3342a5e10f23759ae5e8d288105463c3b3541f50855805c7168c33db042 |
C:\Windows\{B027FFF6-2ACD-48cd-8A62-C295D915022E}.exe
| MD5 | 370f1599a85d086ecbb3f6a28c469539 |
| SHA1 | 1d186dec0c8a4f0c309d31ec5f7aec2b2393d4f1 |
| SHA256 | d473681c7da0a5585edc55651e309b8196b113e4c8b7612e0e10b8e6f002f062 |
| SHA512 | e9ca1ab0b882259e4bacbb724323f7a8bc971784c4f851897d1d61faa047c095c25404cf6f53962f23801201e49981ad670f61d5d4bc20eb30001c0c4acf008a |
C:\Windows\{A3DB71D6-9E5A-464f-9646-7F19EFCC57E8}.exe
| MD5 | 39582d3a589b7a6f80313232464b056b |
| SHA1 | 4c347d2f66f52a4876666010e4bddf86784ba8ed |
| SHA256 | 4b475286f2d7ffc3fe45a35d0ba009bb486bed88d39ac153857bb287afe41648 |
| SHA512 | 3e2f56b9fa04af5edf44e1989eddabea83094cfffb0a26b45ae0f822d22e41f5fb81be735e5076d96908fb84bf5659f5b44535abe9312376e18f81f759dfdd0e |
C:\Windows\{FFF02C56-7136-4c0c-917C-5D2983F7746D}.exe
| MD5 | 268b585eead4b1aa6c702981baa8d048 |
| SHA1 | 2822874260679c515eefa10b2a14fbaf1ca448d6 |
| SHA256 | 33e28632d500bbd61132da6a49d73d44516950e7738eb7350ac361f77591dd67 |
| SHA512 | 36597e702d7719e583fbce92d85746dcaeecbdb6304dfd2f139ba9a48874cbacd5975cb46297e60a7539bc4347359e9fe5c894083c16b9ecde0c458a1a3030b0 |
C:\Windows\{FACC182A-310B-4d08-BBFA-690EDBAA01DA}.exe
| MD5 | ad8196d01fa438699d676000eeea256a |
| SHA1 | 7d30349d09b0cf4b11960656ecee05f56f7a5c25 |
| SHA256 | 5811b9685336a68ee8cb984abc51e495a335a708b19877ea39b5ad9afc1420c9 |
| SHA512 | b0996dd0da7e0fe339f1c7437bc7ed5669f9d88691d341056f99df20fd706d5a44a4cbb01b383e3b65773ab028d4ccbcf70bb76e80a2651c03e1e5785d8edd2c |
C:\Windows\{F8EB0A63-238A-4f14-9C36-E062A27D36ED}.exe
| MD5 | 25f43251e8d5ba4b18f7df77e460a18e |
| SHA1 | 9a6a2d0d4116298fe1a7b2854ecdaf9933d4ccc6 |
| SHA256 | c9bee3b88774b0c94283ac8fabfb87dff424354c2c000e318140e635a2011fc2 |
| SHA512 | 10d9e147298424f9275b378b0194178cb9d83e8a4ae48f3bfdb48fc73ea47f4fb1e7c3b05c284122f3cc8350815fec073d2269223c05b2af64d26d13a2e6d882 |
C:\Windows\{F570F08C-9E71-4362-BCC1-A5B9761F6285}.exe
| MD5 | b3167267f67232d331187aee53a2341a |
| SHA1 | a9d4bca99451e1c382eb2f613fcbe6324edbc1fa |
| SHA256 | f8479845705603c3213e9be3d843fd74c1aa9a2eaf82b42a91bcfd67da124402 |
| SHA512 | a73ad55c1b191e9393f8d0c2f1ee7c9217f50f04f9e68a15f625c48fa4ab7454c649bd6f915763456332c960db428239f411d2703b3cd09759ff80af4e11b3f8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-02 16:25
Reported
2024-03-02 16:28
Platform
win10v2004-20240226-en
Max time kernel
156s
Max time network
157s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D9D95A58-AA04-4058-897D-7E7D0C41EA9C}\stubpath = "C:\\Windows\\{D9D95A58-AA04-4058-897D-7E7D0C41EA9C}.exe" | C:\Windows\{94363654-19F7-4678-8B07-D5CD65D36F09}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E929C434-DB3F-4f5e-8E6A-2C2EAFE0C8BD} | C:\Windows\{D11CD935-48D4-482f-904B-5A7A29BAEEE9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BC689295-DDC6-4101-BD61-EA5837D77485} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_02df46e8c5329e63f5ec9bf636f35022_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{267F06CF-ED21-422d-B770-4A2701D7B694} | C:\Windows\{BC689295-DDC6-4101-BD61-EA5837D77485}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{267F06CF-ED21-422d-B770-4A2701D7B694}\stubpath = "C:\\Windows\\{267F06CF-ED21-422d-B770-4A2701D7B694}.exe" | C:\Windows\{BC689295-DDC6-4101-BD61-EA5837D77485}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{94363654-19F7-4678-8B07-D5CD65D36F09}\stubpath = "C:\\Windows\\{94363654-19F7-4678-8B07-D5CD65D36F09}.exe" | C:\Windows\{BA14B5E8-4534-4e66-8D75-F022991DA23C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D11CD935-48D4-482f-904B-5A7A29BAEEE9}\stubpath = "C:\\Windows\\{D11CD935-48D4-482f-904B-5A7A29BAEEE9}.exe" | C:\Windows\{1E839587-FE50-4d42-A95C-8612D512782B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BC689295-DDC6-4101-BD61-EA5837D77485}\stubpath = "C:\\Windows\\{BC689295-DDC6-4101-BD61-EA5837D77485}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_02df46e8c5329e63f5ec9bf636f35022_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89AF3A4B-7DDD-4441-8D5B-051CDADCC4F6} | C:\Windows\{D9D95A58-AA04-4058-897D-7E7D0C41EA9C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89AF3A4B-7DDD-4441-8D5B-051CDADCC4F6}\stubpath = "C:\\Windows\\{89AF3A4B-7DDD-4441-8D5B-051CDADCC4F6}.exe" | C:\Windows\{D9D95A58-AA04-4058-897D-7E7D0C41EA9C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{18F6C0E5-BA5F-4964-86D4-E7FC35F10B55} | C:\Windows\{4D34472B-DBE7-4bcb-9E1C-4AA1D6EB2080}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1E839587-FE50-4d42-A95C-8612D512782B}\stubpath = "C:\\Windows\\{1E839587-FE50-4d42-A95C-8612D512782B}.exe" | C:\Windows\{CE0A0E6B-4C0A-47a9-B535-F84482917B5D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BA14B5E8-4534-4e66-8D75-F022991DA23C} | C:\Windows\{267F06CF-ED21-422d-B770-4A2701D7B694}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{94363654-19F7-4678-8B07-D5CD65D36F09} | C:\Windows\{BA14B5E8-4534-4e66-8D75-F022991DA23C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4D34472B-DBE7-4bcb-9E1C-4AA1D6EB2080} | C:\Windows\{89AF3A4B-7DDD-4441-8D5B-051CDADCC4F6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4D34472B-DBE7-4bcb-9E1C-4AA1D6EB2080}\stubpath = "C:\\Windows\\{4D34472B-DBE7-4bcb-9E1C-4AA1D6EB2080}.exe" | C:\Windows\{89AF3A4B-7DDD-4441-8D5B-051CDADCC4F6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CE0A0E6B-4C0A-47a9-B535-F84482917B5D}\stubpath = "C:\\Windows\\{CE0A0E6B-4C0A-47a9-B535-F84482917B5D}.exe" | C:\Windows\{18F6C0E5-BA5F-4964-86D4-E7FC35F10B55}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1E839587-FE50-4d42-A95C-8612D512782B} | C:\Windows\{CE0A0E6B-4C0A-47a9-B535-F84482917B5D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D11CD935-48D4-482f-904B-5A7A29BAEEE9} | C:\Windows\{1E839587-FE50-4d42-A95C-8612D512782B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E929C434-DB3F-4f5e-8E6A-2C2EAFE0C8BD}\stubpath = "C:\\Windows\\{E929C434-DB3F-4f5e-8E6A-2C2EAFE0C8BD}.exe" | C:\Windows\{D11CD935-48D4-482f-904B-5A7A29BAEEE9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BA14B5E8-4534-4e66-8D75-F022991DA23C}\stubpath = "C:\\Windows\\{BA14B5E8-4534-4e66-8D75-F022991DA23C}.exe" | C:\Windows\{267F06CF-ED21-422d-B770-4A2701D7B694}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D9D95A58-AA04-4058-897D-7E7D0C41EA9C} | C:\Windows\{94363654-19F7-4678-8B07-D5CD65D36F09}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{18F6C0E5-BA5F-4964-86D4-E7FC35F10B55}\stubpath = "C:\\Windows\\{18F6C0E5-BA5F-4964-86D4-E7FC35F10B55}.exe" | C:\Windows\{4D34472B-DBE7-4bcb-9E1C-4AA1D6EB2080}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CE0A0E6B-4C0A-47a9-B535-F84482917B5D} | C:\Windows\{18F6C0E5-BA5F-4964-86D4-E7FC35F10B55}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{BC689295-DDC6-4101-BD61-EA5837D77485}.exe | N/A |
| N/A | N/A | C:\Windows\{267F06CF-ED21-422d-B770-4A2701D7B694}.exe | N/A |
| N/A | N/A | C:\Windows\{BA14B5E8-4534-4e66-8D75-F022991DA23C}.exe | N/A |
| N/A | N/A | C:\Windows\{94363654-19F7-4678-8B07-D5CD65D36F09}.exe | N/A |
| N/A | N/A | C:\Windows\{D9D95A58-AA04-4058-897D-7E7D0C41EA9C}.exe | N/A |
| N/A | N/A | C:\Windows\{89AF3A4B-7DDD-4441-8D5B-051CDADCC4F6}.exe | N/A |
| N/A | N/A | C:\Windows\{4D34472B-DBE7-4bcb-9E1C-4AA1D6EB2080}.exe | N/A |
| N/A | N/A | C:\Windows\{18F6C0E5-BA5F-4964-86D4-E7FC35F10B55}.exe | N/A |
| N/A | N/A | C:\Windows\{CE0A0E6B-4C0A-47a9-B535-F84482917B5D}.exe | N/A |
| N/A | N/A | C:\Windows\{1E839587-FE50-4d42-A95C-8612D512782B}.exe | N/A |
| N/A | N/A | C:\Windows\{D11CD935-48D4-482f-904B-5A7A29BAEEE9}.exe | N/A |
| N/A | N/A | C:\Windows\{E929C434-DB3F-4f5e-8E6A-2C2EAFE0C8BD}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{18F6C0E5-BA5F-4964-86D4-E7FC35F10B55}.exe | C:\Windows\{4D34472B-DBE7-4bcb-9E1C-4AA1D6EB2080}.exe | N/A |
| File created | C:\Windows\{CE0A0E6B-4C0A-47a9-B535-F84482917B5D}.exe | C:\Windows\{18F6C0E5-BA5F-4964-86D4-E7FC35F10B55}.exe | N/A |
| File created | C:\Windows\{D11CD935-48D4-482f-904B-5A7A29BAEEE9}.exe | C:\Windows\{1E839587-FE50-4d42-A95C-8612D512782B}.exe | N/A |
| File created | C:\Windows\{E929C434-DB3F-4f5e-8E6A-2C2EAFE0C8BD}.exe | C:\Windows\{D11CD935-48D4-482f-904B-5A7A29BAEEE9}.exe | N/A |
| File created | C:\Windows\{BC689295-DDC6-4101-BD61-EA5837D77485}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_02df46e8c5329e63f5ec9bf636f35022_goldeneye.exe | N/A |
| File created | C:\Windows\{267F06CF-ED21-422d-B770-4A2701D7B694}.exe | C:\Windows\{BC689295-DDC6-4101-BD61-EA5837D77485}.exe | N/A |
| File created | C:\Windows\{BA14B5E8-4534-4e66-8D75-F022991DA23C}.exe | C:\Windows\{267F06CF-ED21-422d-B770-4A2701D7B694}.exe | N/A |
| File created | C:\Windows\{4D34472B-DBE7-4bcb-9E1C-4AA1D6EB2080}.exe | C:\Windows\{89AF3A4B-7DDD-4441-8D5B-051CDADCC4F6}.exe | N/A |
| File created | C:\Windows\{94363654-19F7-4678-8B07-D5CD65D36F09}.exe | C:\Windows\{BA14B5E8-4534-4e66-8D75-F022991DA23C}.exe | N/A |
| File created | C:\Windows\{D9D95A58-AA04-4058-897D-7E7D0C41EA9C}.exe | C:\Windows\{94363654-19F7-4678-8B07-D5CD65D36F09}.exe | N/A |
| File created | C:\Windows\{89AF3A4B-7DDD-4441-8D5B-051CDADCC4F6}.exe | C:\Windows\{D9D95A58-AA04-4058-897D-7E7D0C41EA9C}.exe | N/A |
| File created | C:\Windows\{1E839587-FE50-4d42-A95C-8612D512782B}.exe | C:\Windows\{CE0A0E6B-4C0A-47a9-B535-F84482917B5D}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_02df46e8c5329e63f5ec9bf636f35022_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_02df46e8c5329e63f5ec9bf636f35022_goldeneye.exe"
C:\Windows\{BC689295-DDC6-4101-BD61-EA5837D77485}.exe
C:\Windows\{BC689295-DDC6-4101-BD61-EA5837D77485}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{267F06CF-ED21-422d-B770-4A2701D7B694}.exe
C:\Windows\{267F06CF-ED21-422d-B770-4A2701D7B694}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BC689~1.EXE > nul
C:\Windows\{BA14B5E8-4534-4e66-8D75-F022991DA23C}.exe
C:\Windows\{BA14B5E8-4534-4e66-8D75-F022991DA23C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{267F0~1.EXE > nul
C:\Windows\{94363654-19F7-4678-8B07-D5CD65D36F09}.exe
C:\Windows\{94363654-19F7-4678-8B07-D5CD65D36F09}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BA14B~1.EXE > nul
C:\Windows\{D9D95A58-AA04-4058-897D-7E7D0C41EA9C}.exe
C:\Windows\{D9D95A58-AA04-4058-897D-7E7D0C41EA9C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{94363~1.EXE > nul
C:\Windows\{89AF3A4B-7DDD-4441-8D5B-051CDADCC4F6}.exe
C:\Windows\{89AF3A4B-7DDD-4441-8D5B-051CDADCC4F6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D9D95~1.EXE > nul
C:\Windows\{4D34472B-DBE7-4bcb-9E1C-4AA1D6EB2080}.exe
C:\Windows\{4D34472B-DBE7-4bcb-9E1C-4AA1D6EB2080}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{89AF3~1.EXE > nul
C:\Windows\{18F6C0E5-BA5F-4964-86D4-E7FC35F10B55}.exe
C:\Windows\{18F6C0E5-BA5F-4964-86D4-E7FC35F10B55}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4D344~1.EXE > nul
C:\Windows\{CE0A0E6B-4C0A-47a9-B535-F84482917B5D}.exe
C:\Windows\{CE0A0E6B-4C0A-47a9-B535-F84482917B5D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{18F6C~1.EXE > nul
C:\Windows\{1E839587-FE50-4d42-A95C-8612D512782B}.exe
C:\Windows\{1E839587-FE50-4d42-A95C-8612D512782B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CE0A0~1.EXE > nul
C:\Windows\{D11CD935-48D4-482f-904B-5A7A29BAEEE9}.exe
C:\Windows\{D11CD935-48D4-482f-904B-5A7A29BAEEE9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1E839~1.EXE > nul
C:\Windows\{E929C434-DB3F-4f5e-8E6A-2C2EAFE0C8BD}.exe
C:\Windows\{E929C434-DB3F-4f5e-8E6A-2C2EAFE0C8BD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D11CD~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
Files
C:\Windows\{BC689295-DDC6-4101-BD61-EA5837D77485}.exe
| MD5 | c38f4769b4e2908dd1c7f683b0b2d7d9 |
| SHA1 | 1c2827b5ad02ead6a63a87f99e013d23a3030350 |
| SHA256 | 201523b09c288349030db4d5fab966028a6c5c599f3e141a7460624a41707b39 |
| SHA512 | eee6a7ff3d6715554865149ca700021c05f6365df9a515f0d2b9a1e4d010329b9241a9be41b8969c52e105cd28f007cd5cee7e37b2c0f65af12c416c0253a6bb |
C:\Windows\{267F06CF-ED21-422d-B770-4A2701D7B694}.exe
| MD5 | f3fa84d287a99cd0e097bdfc80e1a269 |
| SHA1 | bf778edbd932925473b949ae5ca00921612f9cd7 |
| SHA256 | 96ce59d2f43de6ec82263944699b4813994f38fc2768d0141ee9724fc2284f0e |
| SHA512 | 6a6f7a06ac466b8f2f6051bb14b80a7648e69e1663fd4612677e14c3cf58b8872fe6cecff99b62ca70b2b192ef47771c3457ff2f0ca936f74af730c281769eb6 |
C:\Windows\{BA14B5E8-4534-4e66-8D75-F022991DA23C}.exe
| MD5 | ee05685c7b970dcf673f9ebf062faa63 |
| SHA1 | 595ea19d139224be7bf8070596ee3ef2c182475a |
| SHA256 | d811ce8809271bbd6600f26fc9d47d1bd37c99ceb5f582556757c4273fa5677d |
| SHA512 | 5c5dd96cdb1578e5b8b6eed559fbe4b69e0ff1ee57a88b2cdf633ee4bbe50d093f2abcb0f3d4e0b0e6b647c3057e2de6e52a96cdfc223146ca5ac2614f64778e |
C:\Windows\{94363654-19F7-4678-8B07-D5CD65D36F09}.exe
| MD5 | 372ab1ffb6ee78a1ed5a982910193973 |
| SHA1 | 19ad626b70d43014e05c82e4095e2df1dced37c5 |
| SHA256 | 013e38ba65e6ea736b5a87f46d4481036c9d728e3fdb92b317dcc6533e392ea7 |
| SHA512 | 70c96091b7b4bbfcf8cdd12d3b77d95ee97e8b651f636400e04c3273ad0dae009a63b611ed1212ed41bbd8d1402c8ca158c97768ac8e51cbaa1468d3b78b8df4 |
C:\Windows\{D9D95A58-AA04-4058-897D-7E7D0C41EA9C}.exe
| MD5 | 6a79f739517b3714af643fa28751ce33 |
| SHA1 | 81a18a05a6604505bf5f3e92b46a568026ab2664 |
| SHA256 | d90d6029cb469f5f6bd62d37bb10f295596688189267cd54ed3ae3caa3ba161e |
| SHA512 | 9e38a99d7a04cb42b569ee006e9477a7d0414e9560eef185398f85482c6695a44e315827c8f3921e3994c0c0667ed192799b869a627be3895af490ce5cdf3c0f |
C:\Windows\{89AF3A4B-7DDD-4441-8D5B-051CDADCC4F6}.exe
| MD5 | d6cefdfccdb872b99c8e1b870e64e8f5 |
| SHA1 | d69a0d6680bd4215bc266ef47cf52d96bed7befe |
| SHA256 | b68f5c3cc05966ee36fc3dc7957921f0c8680b8b713e4e3ef0b4a6739e177a9e |
| SHA512 | 2bccd6a879abaa9aec5ff5e8185de6dfa1188b7b215f5e40381f4ac4c4c3c005f22dd9f6c60cd23ac1b1655e2ef0b198f6c18a451120956f1f5454cc40e15a5e |
C:\Windows\{4D34472B-DBE7-4bcb-9E1C-4AA1D6EB2080}.exe
| MD5 | 825456a2bed572757822f29cef50ea80 |
| SHA1 | e6304c5ef4a2e1c0c92ec49d5a794341c0639989 |
| SHA256 | 5f742294946fe2e5d10bc96f8da81433b7f10bf23b334bd97602cd45a9200907 |
| SHA512 | 55cef6a8df85922e2d1a35e89730df1b9ceb96a598fb520a0d4ebbdaa3a9906d95c32dfac54f64eff4f75883ae5297e5cdc125b767826b0302c0d18187be83f1 |
C:\Windows\{18F6C0E5-BA5F-4964-86D4-E7FC35F10B55}.exe
| MD5 | 2c5540a0f911e7db4656926c3adcfb3c |
| SHA1 | 1df8f05a25502ff4884374ced1c6886565a5c3e5 |
| SHA256 | 3f83cebe70bcbe8d8f0821ad0c1cff4f7e18f8d73c9dacaf4e471aba9bcbab59 |
| SHA512 | aeb6afbfebbae2c7e903d5c4da1377b95fb63dbeaa20f064db391b8a336d66b3eda350620be64cb16c0e5f59c41538dcdf5438b7c90ecef39ccd9999854576ee |
C:\Windows\{CE0A0E6B-4C0A-47a9-B535-F84482917B5D}.exe
| MD5 | 0d48bd44c10744b0de2ff79ec541a324 |
| SHA1 | 7f5103cd6b18210ccff6d5dcb05c13f2d424bbae |
| SHA256 | fc179016fc97981cad794d28927795a1d60f8203fd23d6aac9009da0e3e251e7 |
| SHA512 | 43e2633ad7ce85d5e2ae8966eed1122b0f220f11bd267eb5e6bd4f93c94c112e9ce46e61c31ade5ba5a63dca446ce1e546aff67a85e0119b82b863dd56cb97d5 |
C:\Windows\{1E839587-FE50-4d42-A95C-8612D512782B}.exe
| MD5 | 012604ab294eec1770dfc2ded574e1ca |
| SHA1 | 8dc865ec317649091d51fefa1b62d472d58ff580 |
| SHA256 | aa171bfbcd1dc420a0cd793b8e272e81701f1b0d288a12d6d12d68920b35924a |
| SHA512 | 79ee7b0ea5a165c9ec0dcc7f911681abd1a1f98fd81535e27bdd07df70e888d80ad2a0a28c8fc1c561a0d31283679cb8476bd6b1fa02281776b3f4d190a62b5e |
C:\Windows\{D11CD935-48D4-482f-904B-5A7A29BAEEE9}.exe
| MD5 | 4148d5c79246434524345401ed06933a |
| SHA1 | 7c6e9e6869176f33de72a81d67540e3e08c6edb6 |
| SHA256 | 97269594132ab851dfa4367cc095f89094c5eabb8e97d8db5878e9249a9d8f88 |
| SHA512 | 7059bd1bc3691873668773e86287156f03d6b18f3cd316148042bcc7e3113e228d60a3a842e5ea6efec0808893734a84843d04d7b673e5f0350bc5be1dcd939f |
C:\Windows\{E929C434-DB3F-4f5e-8E6A-2C2EAFE0C8BD}.exe
| MD5 | 7f0263a7db903a3ecaddd2664681564a |
| SHA1 | 11491f4225e17811c950ee66d0ce789f05373ee4 |
| SHA256 | fa630b1440ea4dbeec213c22c86044d41b0a92b67a325e6c18c2a94c6eac9e67 |
| SHA512 | 96229b6cc09aa1115579dff15ab26b2fa9bdddf23d16864b9c1b9c1e6867d77dfc6c1af8dc671accc07d1da3c91d03d0c135a6df427dae577355d6cf0b39bf60 |