Analysis Overview
SHA256
9ae334582da93f547d84f738b8d96fdae5999d61459a2c8a1b7213aff0c7466a
Threat Level: Known bad
The file 2024-04-04_14f5b92fdb38838cf5a78fa932e15e9e_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-04 13:28
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-04 13:28
Reported
2024-04-04 13:31
Platform
win7-20231129-en
Max time kernel
144s
Max time network
119s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F7F1EB66-49DC-41bb-BA92-754531032856} | C:\Windows\{A06D913A-E5F3-463c-B330-539A520C6954}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F7F1EB66-49DC-41bb-BA92-754531032856}\stubpath = "C:\\Windows\\{F7F1EB66-49DC-41bb-BA92-754531032856}.exe" | C:\Windows\{A06D913A-E5F3-463c-B330-539A520C6954}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9DD1C78B-9C26-4228-97A7-16181126C540} | C:\Windows\{0B260884-9373-4cff-912A-0A4DB2E6FB12}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C5283680-C069-4aa6-820B-083E4D49A75F} | C:\Windows\{46A07A74-5686-4710-911D-FF1F65E315C2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3D5F003E-F27A-469b-BBD0-4AF4B779CFD8} | C:\Windows\{C5283680-C069-4aa6-820B-083E4D49A75F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FA6FAD46-262F-48d2-A0C7-0C53551D3D54} | C:\Windows\{3D5F003E-F27A-469b-BBD0-4AF4B779CFD8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FA6FAD46-262F-48d2-A0C7-0C53551D3D54}\stubpath = "C:\\Windows\\{FA6FAD46-262F-48d2-A0C7-0C53551D3D54}.exe" | C:\Windows\{3D5F003E-F27A-469b-BBD0-4AF4B779CFD8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A06D913A-E5F3-463c-B330-539A520C6954} | C:\Windows\{FA6FAD46-262F-48d2-A0C7-0C53551D3D54}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{514AF039-3A2F-489a-BD5F-25A5325A5A2B} | C:\Windows\{F7F1EB66-49DC-41bb-BA92-754531032856}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2792A540-FCE4-4693-AE0F-03BBA61C58BD} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_14f5b92fdb38838cf5a78fa932e15e9e_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2792A540-FCE4-4693-AE0F-03BBA61C58BD}\stubpath = "C:\\Windows\\{2792A540-FCE4-4693-AE0F-03BBA61C58BD}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_14f5b92fdb38838cf5a78fa932e15e9e_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9DD1C78B-9C26-4228-97A7-16181126C540}\stubpath = "C:\\Windows\\{9DD1C78B-9C26-4228-97A7-16181126C540}.exe" | C:\Windows\{0B260884-9373-4cff-912A-0A4DB2E6FB12}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C5283680-C069-4aa6-820B-083E4D49A75F}\stubpath = "C:\\Windows\\{C5283680-C069-4aa6-820B-083E4D49A75F}.exe" | C:\Windows\{46A07A74-5686-4710-911D-FF1F65E315C2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0B260884-9373-4cff-912A-0A4DB2E6FB12} | C:\Windows\{2792A540-FCE4-4693-AE0F-03BBA61C58BD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{46A07A74-5686-4710-911D-FF1F65E315C2}\stubpath = "C:\\Windows\\{46A07A74-5686-4710-911D-FF1F65E315C2}.exe" | C:\Windows\{9DD1C78B-9C26-4228-97A7-16181126C540}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A06D913A-E5F3-463c-B330-539A520C6954}\stubpath = "C:\\Windows\\{A06D913A-E5F3-463c-B330-539A520C6954}.exe" | C:\Windows\{FA6FAD46-262F-48d2-A0C7-0C53551D3D54}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{15763438-CB9B-4ca9-91AB-2A2BF718BEE3}\stubpath = "C:\\Windows\\{15763438-CB9B-4ca9-91AB-2A2BF718BEE3}.exe" | C:\Windows\{514AF039-3A2F-489a-BD5F-25A5325A5A2B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{15763438-CB9B-4ca9-91AB-2A2BF718BEE3} | C:\Windows\{514AF039-3A2F-489a-BD5F-25A5325A5A2B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0B260884-9373-4cff-912A-0A4DB2E6FB12}\stubpath = "C:\\Windows\\{0B260884-9373-4cff-912A-0A4DB2E6FB12}.exe" | C:\Windows\{2792A540-FCE4-4693-AE0F-03BBA61C58BD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{46A07A74-5686-4710-911D-FF1F65E315C2} | C:\Windows\{9DD1C78B-9C26-4228-97A7-16181126C540}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3D5F003E-F27A-469b-BBD0-4AF4B779CFD8}\stubpath = "C:\\Windows\\{3D5F003E-F27A-469b-BBD0-4AF4B779CFD8}.exe" | C:\Windows\{C5283680-C069-4aa6-820B-083E4D49A75F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{514AF039-3A2F-489a-BD5F-25A5325A5A2B}\stubpath = "C:\\Windows\\{514AF039-3A2F-489a-BD5F-25A5325A5A2B}.exe" | C:\Windows\{F7F1EB66-49DC-41bb-BA92-754531032856}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{2792A540-FCE4-4693-AE0F-03BBA61C58BD}.exe | N/A |
| N/A | N/A | C:\Windows\{0B260884-9373-4cff-912A-0A4DB2E6FB12}.exe | N/A |
| N/A | N/A | C:\Windows\{9DD1C78B-9C26-4228-97A7-16181126C540}.exe | N/A |
| N/A | N/A | C:\Windows\{46A07A74-5686-4710-911D-FF1F65E315C2}.exe | N/A |
| N/A | N/A | C:\Windows\{C5283680-C069-4aa6-820B-083E4D49A75F}.exe | N/A |
| N/A | N/A | C:\Windows\{3D5F003E-F27A-469b-BBD0-4AF4B779CFD8}.exe | N/A |
| N/A | N/A | C:\Windows\{FA6FAD46-262F-48d2-A0C7-0C53551D3D54}.exe | N/A |
| N/A | N/A | C:\Windows\{A06D913A-E5F3-463c-B330-539A520C6954}.exe | N/A |
| N/A | N/A | C:\Windows\{F7F1EB66-49DC-41bb-BA92-754531032856}.exe | N/A |
| N/A | N/A | C:\Windows\{514AF039-3A2F-489a-BD5F-25A5325A5A2B}.exe | N/A |
| N/A | N/A | C:\Windows\{15763438-CB9B-4ca9-91AB-2A2BF718BEE3}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{A06D913A-E5F3-463c-B330-539A520C6954}.exe | C:\Windows\{FA6FAD46-262F-48d2-A0C7-0C53551D3D54}.exe | N/A |
| File created | C:\Windows\{514AF039-3A2F-489a-BD5F-25A5325A5A2B}.exe | C:\Windows\{F7F1EB66-49DC-41bb-BA92-754531032856}.exe | N/A |
| File created | C:\Windows\{0B260884-9373-4cff-912A-0A4DB2E6FB12}.exe | C:\Windows\{2792A540-FCE4-4693-AE0F-03BBA61C58BD}.exe | N/A |
| File created | C:\Windows\{9DD1C78B-9C26-4228-97A7-16181126C540}.exe | C:\Windows\{0B260884-9373-4cff-912A-0A4DB2E6FB12}.exe | N/A |
| File created | C:\Windows\{C5283680-C069-4aa6-820B-083E4D49A75F}.exe | C:\Windows\{46A07A74-5686-4710-911D-FF1F65E315C2}.exe | N/A |
| File created | C:\Windows\{3D5F003E-F27A-469b-BBD0-4AF4B779CFD8}.exe | C:\Windows\{C5283680-C069-4aa6-820B-083E4D49A75F}.exe | N/A |
| File created | C:\Windows\{FA6FAD46-262F-48d2-A0C7-0C53551D3D54}.exe | C:\Windows\{3D5F003E-F27A-469b-BBD0-4AF4B779CFD8}.exe | N/A |
| File created | C:\Windows\{2792A540-FCE4-4693-AE0F-03BBA61C58BD}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_14f5b92fdb38838cf5a78fa932e15e9e_goldeneye.exe | N/A |
| File created | C:\Windows\{46A07A74-5686-4710-911D-FF1F65E315C2}.exe | C:\Windows\{9DD1C78B-9C26-4228-97A7-16181126C540}.exe | N/A |
| File created | C:\Windows\{F7F1EB66-49DC-41bb-BA92-754531032856}.exe | C:\Windows\{A06D913A-E5F3-463c-B330-539A520C6954}.exe | N/A |
| File created | C:\Windows\{15763438-CB9B-4ca9-91AB-2A2BF718BEE3}.exe | C:\Windows\{514AF039-3A2F-489a-BD5F-25A5325A5A2B}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_14f5b92fdb38838cf5a78fa932e15e9e_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_14f5b92fdb38838cf5a78fa932e15e9e_goldeneye.exe"
C:\Windows\{2792A540-FCE4-4693-AE0F-03BBA61C58BD}.exe
C:\Windows\{2792A540-FCE4-4693-AE0F-03BBA61C58BD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{0B260884-9373-4cff-912A-0A4DB2E6FB12}.exe
C:\Windows\{0B260884-9373-4cff-912A-0A4DB2E6FB12}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2792A~1.EXE > nul
C:\Windows\{9DD1C78B-9C26-4228-97A7-16181126C540}.exe
C:\Windows\{9DD1C78B-9C26-4228-97A7-16181126C540}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0B260~1.EXE > nul
C:\Windows\{46A07A74-5686-4710-911D-FF1F65E315C2}.exe
C:\Windows\{46A07A74-5686-4710-911D-FF1F65E315C2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9DD1C~1.EXE > nul
C:\Windows\{C5283680-C069-4aa6-820B-083E4D49A75F}.exe
C:\Windows\{C5283680-C069-4aa6-820B-083E4D49A75F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{46A07~1.EXE > nul
C:\Windows\{3D5F003E-F27A-469b-BBD0-4AF4B779CFD8}.exe
C:\Windows\{3D5F003E-F27A-469b-BBD0-4AF4B779CFD8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C5283~1.EXE > nul
C:\Windows\{FA6FAD46-262F-48d2-A0C7-0C53551D3D54}.exe
C:\Windows\{FA6FAD46-262F-48d2-A0C7-0C53551D3D54}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3D5F0~1.EXE > nul
C:\Windows\{A06D913A-E5F3-463c-B330-539A520C6954}.exe
C:\Windows\{A06D913A-E5F3-463c-B330-539A520C6954}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FA6FA~1.EXE > nul
C:\Windows\{F7F1EB66-49DC-41bb-BA92-754531032856}.exe
C:\Windows\{F7F1EB66-49DC-41bb-BA92-754531032856}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A06D9~1.EXE > nul
C:\Windows\{514AF039-3A2F-489a-BD5F-25A5325A5A2B}.exe
C:\Windows\{514AF039-3A2F-489a-BD5F-25A5325A5A2B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F7F1E~1.EXE > nul
C:\Windows\{15763438-CB9B-4ca9-91AB-2A2BF718BEE3}.exe
C:\Windows\{15763438-CB9B-4ca9-91AB-2A2BF718BEE3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{514AF~1.EXE > nul
Network
Files
C:\Windows\{2792A540-FCE4-4693-AE0F-03BBA61C58BD}.exe
| MD5 | 9f639dd1fd56592e8b95c38f672a5343 |
| SHA1 | 1b3e45a0607bd373931ba5234070f24b6d7f7c90 |
| SHA256 | dab88d6ca41f08d9947c1d8a64fd693c8a9069c6bda26af9d761ff871bad8419 |
| SHA512 | 1e83fa853f5e19ae92106f7f7c1016b827092b1f886dfb1b5a5372b065c8318c2a51e1ec4eb00e81f13af4020e875a7aa529820cb3f336bc87545460556ccffb |
C:\Windows\{0B260884-9373-4cff-912A-0A4DB2E6FB12}.exe
| MD5 | 75555498e7462e5ca3903dcbdb77a712 |
| SHA1 | 4ef6de9cc56d18d6254eef75ebd5885ddbdbafee |
| SHA256 | d9879c6735e7064dbf4d444296e82b1e16d71006642345713eb3c4c82a2f7c17 |
| SHA512 | 7e94a830053601c243ce2a22f7c84d27ecf08847797b8443b1b34db9c6648631496387b637e64a5d71fe9814408c911c1d14329457ca9248ddf8fc27b71aafd4 |
C:\Windows\{9DD1C78B-9C26-4228-97A7-16181126C540}.exe
| MD5 | 6de2f55313bfc3c5c4bb32f50bdb9607 |
| SHA1 | bc4a7df290ca7376afe4916f1f97ba2f9d6a4549 |
| SHA256 | 8ed6ba6112688800a2cbfae7edfbde1af827df7d2756fad7b5b67dfadb212c41 |
| SHA512 | 2bc1d098ea32056a8812fd5073258bfef6d677502beb4266973f57eecb74a0d6e13731e8a7743e13cf694f0439022af3b88f919d9c2f0e8465d238e2015da952 |
C:\Windows\{46A07A74-5686-4710-911D-FF1F65E315C2}.exe
| MD5 | 19ded82733648cb42402579c89721b90 |
| SHA1 | 64e536ab1a82afe9afd16134e0cc2af185a77bf2 |
| SHA256 | fa62f5f5746943470d923d0876233a6af848465a0ca264fcdb66eb5b1f62672b |
| SHA512 | 6d88cc369a1e7b818686ba7ee5388ba6b394ad2e3ed761363d0ea7fb0314af0b4767ce4dbcd98c8c6ec582085fee9ed180258a487d454e6e5964b578d73e8bec |
C:\Windows\{C5283680-C069-4aa6-820B-083E4D49A75F}.exe
| MD5 | 80fe89a3fc86d9a59f7d604370b80462 |
| SHA1 | 76be8caa9b362d8f30c081912d94eeeb312cb3d2 |
| SHA256 | ddb5eae00174809be9e9e5f776d05efec2a725a720adc88cf5c40b8cd229faeb |
| SHA512 | 528e8184cd59286ab152eed2d5e553d1b0c50924d56f31d8b5ba6c81f00d5f43ff8f226be208973c44a331f6d02fd4abac2b05809d808ddc1d390b9170bad452 |
C:\Windows\{3D5F003E-F27A-469b-BBD0-4AF4B779CFD8}.exe
| MD5 | 7fd75b2c398c47491a2721ffd8236150 |
| SHA1 | df3f136b1930ec02105f4a874eb1ee82e00dd50f |
| SHA256 | da74124e85ea179d403b99b90732de38e5458b3e0f0c2ecbd4d8c2ff4ec2b6e7 |
| SHA512 | 1bbcad5a5fca13c5c5cdc15c9b143cd0127a0d7bb6472f12d12d1c16708a3490dd3cf6b18d06232daa84121cff556c9d6b77bc007431c5a961ca1ebd0715b47e |
C:\Windows\{FA6FAD46-262F-48d2-A0C7-0C53551D3D54}.exe
| MD5 | 4000f6ec9f25a293c3232ac453e37f76 |
| SHA1 | dd68b0ffbe2a5d3f762d4d0f15dff2e3ef42b135 |
| SHA256 | a23f959ba9712d4eb55fa02f962ea43c02d5046212e7ef085a52aa85a98d0dec |
| SHA512 | 8ae94707520f4f60e2de9ad51928dad74608769ade6de19a1ed4cc5e4a72356379d4e41ee006118f51145911bc9d63a82783baa0f36c5fcb6811e304f07ca197 |
C:\Windows\{A06D913A-E5F3-463c-B330-539A520C6954}.exe
| MD5 | 4813f9470e30d6753085a33c795f4fef |
| SHA1 | e5819371c36a5eb2570f8cef22ea57e0d37b8454 |
| SHA256 | 73913842b95a683cae890be7916fef8ea8ddb0347210e79d515c2f4b6030f913 |
| SHA512 | 1b8320a3bd83c030129e196020d520745f06f9768d93d813ea3017276b8a89e617bec7ca8b39f8e45c9c38f7dd284ca10ed87e39d5576ceef56a11941f25657d |
C:\Windows\{F7F1EB66-49DC-41bb-BA92-754531032856}.exe
| MD5 | e9c6a887c4c61c6bc87ae00c59113a7e |
| SHA1 | 8146ff60604b3ff4c2ff3f3f30fd63d4887cb540 |
| SHA256 | 223d6ce922b6f126ddce077d7949c60d85896ccbb61e1f0f9e3cfd9fc66187e3 |
| SHA512 | a5075dbc102f73f274f184e6d80abd1976f391401dbc423535bc78fb310cf777843ff447afce8d7c004c85e1d253d641c3975b9fcda909aeb44e5a69abbd0ba8 |
C:\Windows\{514AF039-3A2F-489a-BD5F-25A5325A5A2B}.exe
| MD5 | 1ac6cab7b7d70ee75d48d0063f5c21f3 |
| SHA1 | 3f9ee7799ad34b25e48e1705cd3761bdadb41c4b |
| SHA256 | 87d6e98a63b96722af65dcf57b077207617d4a28eaea909cf356e8255c883eb7 |
| SHA512 | dfd6407d10783dcda030db79d3ad5826631fe47b9302523ad7313b869c23d07b2cc4eeac802dd8524dce7fea9ee51225c3d0d04bab12297be3667f9a0b118f17 |
C:\Windows\{15763438-CB9B-4ca9-91AB-2A2BF718BEE3}.exe
| MD5 | eb4d316c1da32f144b864c3e23edd6c0 |
| SHA1 | bbdda0814d02e556c463d1ca2df6ccf4bf8db2f2 |
| SHA256 | 8c73881ec6dbbe077455b3a74bf76162dfc7f7a70c8e7ed8000000b3266bd295 |
| SHA512 | 0f589cc0345eb90885bbfd4dafaa8cc1264c3e2e4cf2367a98cb58c367333704ac313eea511d127226f1abccf2dfaba9a2a73318010c7d2539b92642fa550ea6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-04 13:28
Reported
2024-04-04 13:31
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9873B557-5F84-4067-BECC-4D078279318B}\stubpath = "C:\\Windows\\{9873B557-5F84-4067-BECC-4D078279318B}.exe" | C:\Windows\{19319331-2D65-41b5-9F3D-DC5D53B3FF9C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{16F6CCF4-7BFC-406f-9966-51706500F890}\stubpath = "C:\\Windows\\{16F6CCF4-7BFC-406f-9966-51706500F890}.exe" | C:\Windows\{9873B557-5F84-4067-BECC-4D078279318B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EEB675F2-3449-4623-86F9-98030183B8BE}\stubpath = "C:\\Windows\\{EEB675F2-3449-4623-86F9-98030183B8BE}.exe" | C:\Windows\{65837DA2-5C01-4209-9ECB-740A0E066B86}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7BDE0B4A-A0E4-478b-8454-E5DD049C6081} | C:\Windows\{8555BFAB-8489-43b9-9215-B6A70703C756}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7BDE0B4A-A0E4-478b-8454-E5DD049C6081}\stubpath = "C:\\Windows\\{7BDE0B4A-A0E4-478b-8454-E5DD049C6081}.exe" | C:\Windows\{8555BFAB-8489-43b9-9215-B6A70703C756}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2711BB1E-3879-43ac-B9AC-DC08CDDEE8CE} | C:\Windows\{0E1CE916-7E0E-49f9-8D74-B36342E50FD9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2711BB1E-3879-43ac-B9AC-DC08CDDEE8CE}\stubpath = "C:\\Windows\\{2711BB1E-3879-43ac-B9AC-DC08CDDEE8CE}.exe" | C:\Windows\{0E1CE916-7E0E-49f9-8D74-B36342E50FD9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{19319331-2D65-41b5-9F3D-DC5D53B3FF9C}\stubpath = "C:\\Windows\\{19319331-2D65-41b5-9F3D-DC5D53B3FF9C}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_14f5b92fdb38838cf5a78fa932e15e9e_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BA485FBD-4481-46d0-AE22-F2962B1948F4} | C:\Windows\{4A491B1C-D9CE-4eef-AA18-CBC83FA41C37}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4A491B1C-D9CE-4eef-AA18-CBC83FA41C37}\stubpath = "C:\\Windows\\{4A491B1C-D9CE-4eef-AA18-CBC83FA41C37}.exe" | C:\Windows\{2711BB1E-3879-43ac-B9AC-DC08CDDEE8CE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C0C0F86B-A3C9-4269-8729-50F3D2188815}\stubpath = "C:\\Windows\\{C0C0F86B-A3C9-4269-8729-50F3D2188815}.exe" | C:\Windows\{BA485FBD-4481-46d0-AE22-F2962B1948F4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EEB675F2-3449-4623-86F9-98030183B8BE} | C:\Windows\{65837DA2-5C01-4209-9ECB-740A0E066B86}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65837DA2-5C01-4209-9ECB-740A0E066B86}\stubpath = "C:\\Windows\\{65837DA2-5C01-4209-9ECB-740A0E066B86}.exe" | C:\Windows\{16F6CCF4-7BFC-406f-9966-51706500F890}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0E1CE916-7E0E-49f9-8D74-B36342E50FD9}\stubpath = "C:\\Windows\\{0E1CE916-7E0E-49f9-8D74-B36342E50FD9}.exe" | C:\Windows\{7BDE0B4A-A0E4-478b-8454-E5DD049C6081}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4A491B1C-D9CE-4eef-AA18-CBC83FA41C37} | C:\Windows\{2711BB1E-3879-43ac-B9AC-DC08CDDEE8CE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BA485FBD-4481-46d0-AE22-F2962B1948F4}\stubpath = "C:\\Windows\\{BA485FBD-4481-46d0-AE22-F2962B1948F4}.exe" | C:\Windows\{4A491B1C-D9CE-4eef-AA18-CBC83FA41C37}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C0C0F86B-A3C9-4269-8729-50F3D2188815} | C:\Windows\{BA485FBD-4481-46d0-AE22-F2962B1948F4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65837DA2-5C01-4209-9ECB-740A0E066B86} | C:\Windows\{16F6CCF4-7BFC-406f-9966-51706500F890}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9873B557-5F84-4067-BECC-4D078279318B} | C:\Windows\{19319331-2D65-41b5-9F3D-DC5D53B3FF9C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{16F6CCF4-7BFC-406f-9966-51706500F890} | C:\Windows\{9873B557-5F84-4067-BECC-4D078279318B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8555BFAB-8489-43b9-9215-B6A70703C756} | C:\Windows\{EEB675F2-3449-4623-86F9-98030183B8BE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8555BFAB-8489-43b9-9215-B6A70703C756}\stubpath = "C:\\Windows\\{8555BFAB-8489-43b9-9215-B6A70703C756}.exe" | C:\Windows\{EEB675F2-3449-4623-86F9-98030183B8BE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0E1CE916-7E0E-49f9-8D74-B36342E50FD9} | C:\Windows\{7BDE0B4A-A0E4-478b-8454-E5DD049C6081}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{19319331-2D65-41b5-9F3D-DC5D53B3FF9C} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_14f5b92fdb38838cf5a78fa932e15e9e_goldeneye.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{19319331-2D65-41b5-9F3D-DC5D53B3FF9C}.exe | N/A |
| N/A | N/A | C:\Windows\{9873B557-5F84-4067-BECC-4D078279318B}.exe | N/A |
| N/A | N/A | C:\Windows\{16F6CCF4-7BFC-406f-9966-51706500F890}.exe | N/A |
| N/A | N/A | C:\Windows\{65837DA2-5C01-4209-9ECB-740A0E066B86}.exe | N/A |
| N/A | N/A | C:\Windows\{EEB675F2-3449-4623-86F9-98030183B8BE}.exe | N/A |
| N/A | N/A | C:\Windows\{8555BFAB-8489-43b9-9215-B6A70703C756}.exe | N/A |
| N/A | N/A | C:\Windows\{7BDE0B4A-A0E4-478b-8454-E5DD049C6081}.exe | N/A |
| N/A | N/A | C:\Windows\{0E1CE916-7E0E-49f9-8D74-B36342E50FD9}.exe | N/A |
| N/A | N/A | C:\Windows\{2711BB1E-3879-43ac-B9AC-DC08CDDEE8CE}.exe | N/A |
| N/A | N/A | C:\Windows\{4A491B1C-D9CE-4eef-AA18-CBC83FA41C37}.exe | N/A |
| N/A | N/A | C:\Windows\{BA485FBD-4481-46d0-AE22-F2962B1948F4}.exe | N/A |
| N/A | N/A | C:\Windows\{C0C0F86B-A3C9-4269-8729-50F3D2188815}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{65837DA2-5C01-4209-9ECB-740A0E066B86}.exe | C:\Windows\{16F6CCF4-7BFC-406f-9966-51706500F890}.exe | N/A |
| File created | C:\Windows\{8555BFAB-8489-43b9-9215-B6A70703C756}.exe | C:\Windows\{EEB675F2-3449-4623-86F9-98030183B8BE}.exe | N/A |
| File created | C:\Windows\{7BDE0B4A-A0E4-478b-8454-E5DD049C6081}.exe | C:\Windows\{8555BFAB-8489-43b9-9215-B6A70703C756}.exe | N/A |
| File created | C:\Windows\{BA485FBD-4481-46d0-AE22-F2962B1948F4}.exe | C:\Windows\{4A491B1C-D9CE-4eef-AA18-CBC83FA41C37}.exe | N/A |
| File created | C:\Windows\{16F6CCF4-7BFC-406f-9966-51706500F890}.exe | C:\Windows\{9873B557-5F84-4067-BECC-4D078279318B}.exe | N/A |
| File created | C:\Windows\{9873B557-5F84-4067-BECC-4D078279318B}.exe | C:\Windows\{19319331-2D65-41b5-9F3D-DC5D53B3FF9C}.exe | N/A |
| File created | C:\Windows\{EEB675F2-3449-4623-86F9-98030183B8BE}.exe | C:\Windows\{65837DA2-5C01-4209-9ECB-740A0E066B86}.exe | N/A |
| File created | C:\Windows\{0E1CE916-7E0E-49f9-8D74-B36342E50FD9}.exe | C:\Windows\{7BDE0B4A-A0E4-478b-8454-E5DD049C6081}.exe | N/A |
| File created | C:\Windows\{2711BB1E-3879-43ac-B9AC-DC08CDDEE8CE}.exe | C:\Windows\{0E1CE916-7E0E-49f9-8D74-B36342E50FD9}.exe | N/A |
| File created | C:\Windows\{4A491B1C-D9CE-4eef-AA18-CBC83FA41C37}.exe | C:\Windows\{2711BB1E-3879-43ac-B9AC-DC08CDDEE8CE}.exe | N/A |
| File created | C:\Windows\{C0C0F86B-A3C9-4269-8729-50F3D2188815}.exe | C:\Windows\{BA485FBD-4481-46d0-AE22-F2962B1948F4}.exe | N/A |
| File created | C:\Windows\{19319331-2D65-41b5-9F3D-DC5D53B3FF9C}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_14f5b92fdb38838cf5a78fa932e15e9e_goldeneye.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_14f5b92fdb38838cf5a78fa932e15e9e_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_14f5b92fdb38838cf5a78fa932e15e9e_goldeneye.exe"
C:\Windows\{19319331-2D65-41b5-9F3D-DC5D53B3FF9C}.exe
C:\Windows\{19319331-2D65-41b5-9F3D-DC5D53B3FF9C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{9873B557-5F84-4067-BECC-4D078279318B}.exe
C:\Windows\{9873B557-5F84-4067-BECC-4D078279318B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{19319~1.EXE > nul
C:\Windows\{16F6CCF4-7BFC-406f-9966-51706500F890}.exe
C:\Windows\{16F6CCF4-7BFC-406f-9966-51706500F890}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9873B~1.EXE > nul
C:\Windows\{65837DA2-5C01-4209-9ECB-740A0E066B86}.exe
C:\Windows\{65837DA2-5C01-4209-9ECB-740A0E066B86}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{16F6C~1.EXE > nul
C:\Windows\{EEB675F2-3449-4623-86F9-98030183B8BE}.exe
C:\Windows\{EEB675F2-3449-4623-86F9-98030183B8BE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{65837~1.EXE > nul
C:\Windows\{8555BFAB-8489-43b9-9215-B6A70703C756}.exe
C:\Windows\{8555BFAB-8489-43b9-9215-B6A70703C756}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EEB67~1.EXE > nul
C:\Windows\{7BDE0B4A-A0E4-478b-8454-E5DD049C6081}.exe
C:\Windows\{7BDE0B4A-A0E4-478b-8454-E5DD049C6081}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8555B~1.EXE > nul
C:\Windows\{0E1CE916-7E0E-49f9-8D74-B36342E50FD9}.exe
C:\Windows\{0E1CE916-7E0E-49f9-8D74-B36342E50FD9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7BDE0~1.EXE > nul
C:\Windows\{2711BB1E-3879-43ac-B9AC-DC08CDDEE8CE}.exe
C:\Windows\{2711BB1E-3879-43ac-B9AC-DC08CDDEE8CE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0E1CE~1.EXE > nul
C:\Windows\{4A491B1C-D9CE-4eef-AA18-CBC83FA41C37}.exe
C:\Windows\{4A491B1C-D9CE-4eef-AA18-CBC83FA41C37}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2711B~1.EXE > nul
C:\Windows\{BA485FBD-4481-46d0-AE22-F2962B1948F4}.exe
C:\Windows\{BA485FBD-4481-46d0-AE22-F2962B1948F4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4A491~1.EXE > nul
C:\Windows\{C0C0F86B-A3C9-4269-8729-50F3D2188815}.exe
C:\Windows\{C0C0F86B-A3C9-4269-8729-50F3D2188815}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BA485~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.162.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.73.50.20.in-addr.arpa | udp |
Files
C:\Windows\{19319331-2D65-41b5-9F3D-DC5D53B3FF9C}.exe
| MD5 | bf3944d79c533641f472a67e1c3cded4 |
| SHA1 | 15a67a057bbdc63e9f01e125f74bebce91f2742f |
| SHA256 | c33671345dc129a49326d2ac9ebb406622c9d3990a7d5e479f53f7973e4edff0 |
| SHA512 | 0bf16a387e8c797eb17f0e19e507dac34efd35e171e8d67e98d959323c52bea1ede750d1c43ec23461ff9d61bff7cd770c8bdc01afa24e2882fe1c6d36fab0fb |
C:\Windows\{9873B557-5F84-4067-BECC-4D078279318B}.exe
| MD5 | 1ca058c88acc64ddefaaaabb10225440 |
| SHA1 | 0fbab38ce08dd5685abcea0ae57f30c7eb2bcbab |
| SHA256 | 6b2eef1e34c3e5912ee6f0b9a408b47f1d260eb8ead03c919fb937fd33dc994c |
| SHA512 | 6b3fd434b25a8ee40230285416abb7baa0ffec9f4d89a5b0b0fa6a571ee58e3d1d63e87343dc1dc6c17ecb3a2b445be82f63849bee717191eb4c65356f878415 |
C:\Windows\{16F6CCF4-7BFC-406f-9966-51706500F890}.exe
| MD5 | 782feeaf14549278d6b67c6aae225505 |
| SHA1 | f1a9d377d36a107279e3c433eb38157d21b6ebc0 |
| SHA256 | 0300a1c0dbccade6b7b11c1a7b173de91076472f50fb28d41e2e96f43c46dc61 |
| SHA512 | aafd5b44881495ab66451f38af53433194b03495e4655bead0826e7b9fe858e421ce76845a62f2de485a70774d6da2ef30d3f0b476c218d99051dec90915f680 |
C:\Windows\{65837DA2-5C01-4209-9ECB-740A0E066B86}.exe
| MD5 | 04fc6040d06e73f4b8097113ef271c97 |
| SHA1 | 9ef832ad1bdd147dcb14bbe57234d4ff80617b7a |
| SHA256 | 938f43e602e76d99d35b4c28de17f6a342836483ed5adb8b8c9ff6ae1687573d |
| SHA512 | b4d4941ee2eb7cce0b07df2ef12a59160f79b19e5c2a070304af541c8a4b6b6a61193c2806d287e1b8fa021d038ef2fdf5f853b846be9692364d7a41b40a74b0 |
C:\Windows\{EEB675F2-3449-4623-86F9-98030183B8BE}.exe
| MD5 | d17eceb6ebf8c197cf2d384a49687c7c |
| SHA1 | d7a0980913b70052ee1194b895d949f8ebed74e1 |
| SHA256 | ce350b5ff85601fcebace0e0efa5b02f9933ebf70657920cb3077ea00a63385a |
| SHA512 | 9baea24195c90608e131cb7646cc3549a55c47b251b0f27615050ea686bf5538664df208d804f561ff16f817044bafceca58e0d755f15834d16876df3f1b8737 |
C:\Windows\{8555BFAB-8489-43b9-9215-B6A70703C756}.exe
| MD5 | af785546614f5e1ffd09eb0fccf4632c |
| SHA1 | 4150caf0c9db071b2cf17ca07e9fe9e8d02c6263 |
| SHA256 | 8ad519e8a30dca113cae61e61482a567bd9803b062cc82a09216f3306dffca5e |
| SHA512 | e2d26bfc877482fbec84ca3ac5b9745d64b2fb087c7ce77000782168928130a8b8d3410c4851b05d8a7e8e2db910bf2b2f098cda6f7254cacb681a035201169a |
C:\Windows\{7BDE0B4A-A0E4-478b-8454-E5DD049C6081}.exe
| MD5 | 819658b8b59d3e1af28967b624c8066a |
| SHA1 | 39619b1c49ac1d68100a7f1eb3c24e94a1c0c0f4 |
| SHA256 | 652ba381267b314e30e59b4e3940ee6208a3a7036f2adc91dc6e55eeb754b81b |
| SHA512 | 3d372051251bdde9e907db5dcb29b75eaaef9de18ccca754ed9cd3739b9c31afb2b9f35ef12e993c004157bed5e3127d14f4b00d9149cc1bc95ea18d7044da4c |
C:\Windows\{0E1CE916-7E0E-49f9-8D74-B36342E50FD9}.exe
| MD5 | 8326c86edfa2f92ec039afbd10c41acc |
| SHA1 | e01d8d1d34f307057bb7b61fac9a66d68c13c2d7 |
| SHA256 | bb7c6e51279ba03a6994684ee7f4989bcf03999797712f8829e89d45ee995108 |
| SHA512 | 30c05da4ba18e031c52202d908900df1b32d752bb5721e9e798ecdd7ced7f8ace44840ccfda9db032c6831622b4d886d1691188799c237046db383c6dcf8e468 |
C:\Windows\{2711BB1E-3879-43ac-B9AC-DC08CDDEE8CE}.exe
| MD5 | 785de830219f036c4d25d356a70e9db2 |
| SHA1 | 594133632194e4b7a448931a4edf4af781a739d5 |
| SHA256 | b3face999cf2103c2c0cef0f5f22bffa02e85530273984e8a0d9f689037fbae4 |
| SHA512 | 6a010f253dfe52ec4197d984c775487d3e45577542d27d5e8557a4532ceea9d3be780295db0ae3edfe0b0ff5077c3627a05864c984758daa514091dbd2134a1d |
C:\Windows\{4A491B1C-D9CE-4eef-AA18-CBC83FA41C37}.exe
| MD5 | bff9696e205d7d6e375ed63289bbfda7 |
| SHA1 | 3d8725b1100b59fce0afb78dfbbbd12270413abb |
| SHA256 | 0a6948ce8b9346084e6423406fca482db9365c384fb4087ffbc647de70fee324 |
| SHA512 | 4eaf57c8c1007efd94103f730f4ebee66e9fe578a8d6ed499f329653c0f40d0e203d0ea98491a05bbe868ad0f5b9fcb5df2ba551938864fd687164a5c0c86666 |
C:\Windows\{BA485FBD-4481-46d0-AE22-F2962B1948F4}.exe
| MD5 | fc9e47e93d3de3cbce4c283c9c5e682d |
| SHA1 | 3ff2d9df653f8cff8552388fe31c3198df868660 |
| SHA256 | bfbc3b382388cd11c9f3aedd26cedf6b2b43b8da855128a36c93f74e04252e31 |
| SHA512 | b888d344c6242c5a0e93ba7425f738cca75136f6626289609c57a8dcebc738c7e7cd3aff0ac26305087666f31bc18180e242e3431792db03466b7b31356cf814 |
C:\Windows\{C0C0F86B-A3C9-4269-8729-50F3D2188815}.exe
| MD5 | 3fa0a82e4e4d708e647aca3edf172fce |
| SHA1 | 4919dc9486a35cb32bd489df3f84b9ad114cd23e |
| SHA256 | 4fa0180d4bf7026950b0a924a8732068b2a0515b13c7fdaa2f561e88e0434eb3 |
| SHA512 | a3127c2d2a1aec0690cd5a6b76f1e4c5e91022d8bd4dcbf554d8e81aa2b305417730e431321ac4a6beb92fa8779fd74eadb45a280985c0f63b98a03f31b8bce5 |