Analysis Overview
SHA256
28ed2df07c6fed10c0db88198033703b8d23b987bbb0ec0c83e087b5ac875840
Threat Level: Known bad
The file 2024-04-04_375dbfc59e996eb9752cdbd68645f0a0_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-04 13:33
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-04 13:33
Reported
2024-04-04 13:36
Platform
win7-20240220-en
Max time kernel
144s
Max time network
121s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A01261DD-327E-4fa2-8449-5A52A8E69F38}\stubpath = "C:\\Windows\\{A01261DD-327E-4fa2-8449-5A52A8E69F38}.exe" | C:\Windows\{60F17303-6864-42fe-8C50-2685E8C133E5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1E887CEA-0C2E-4a0a-81D9-EA857726F2BC}\stubpath = "C:\\Windows\\{1E887CEA-0C2E-4a0a-81D9-EA857726F2BC}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_375dbfc59e996eb9752cdbd68645f0a0_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D3048EB6-2C35-4daf-A628-8160CFCEE987} | C:\Windows\{1E887CEA-0C2E-4a0a-81D9-EA857726F2BC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1A366651-1280-4e5d-A8B2-5CA00566D18C}\stubpath = "C:\\Windows\\{1A366651-1280-4e5d-A8B2-5CA00566D18C}.exe" | C:\Windows\{D3048EB6-2C35-4daf-A628-8160CFCEE987}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{65FCDE4B-91EB-4198-9CB2-B606763AEDC1} | C:\Windows\{1A366651-1280-4e5d-A8B2-5CA00566D18C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4F910C86-4864-4838-A08B-6974D02587EE} | C:\Windows\{ADB912C5-F98A-43bd-86A9-7A7BD1E0B389}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4F910C86-4864-4838-A08B-6974D02587EE}\stubpath = "C:\\Windows\\{4F910C86-4864-4838-A08B-6974D02587EE}.exe" | C:\Windows\{ADB912C5-F98A-43bd-86A9-7A7BD1E0B389}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{60F17303-6864-42fe-8C50-2685E8C133E5} | C:\Windows\{65FCDE4B-91EB-4198-9CB2-B606763AEDC1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A01261DD-327E-4fa2-8449-5A52A8E69F38} | C:\Windows\{60F17303-6864-42fe-8C50-2685E8C133E5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BE19D4A4-E0B5-4d44-BDA3-5C3CC52595A7} | C:\Windows\{87BB5C8A-652F-4bc9-882F-5DA348E5B89D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{ADB912C5-F98A-43bd-86A9-7A7BD1E0B389}\stubpath = "C:\\Windows\\{ADB912C5-F98A-43bd-86A9-7A7BD1E0B389}.exe" | C:\Windows\{BE19D4A4-E0B5-4d44-BDA3-5C3CC52595A7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1A366651-1280-4e5d-A8B2-5CA00566D18C} | C:\Windows\{D3048EB6-2C35-4daf-A628-8160CFCEE987}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BE19D4A4-E0B5-4d44-BDA3-5C3CC52595A7}\stubpath = "C:\\Windows\\{BE19D4A4-E0B5-4d44-BDA3-5C3CC52595A7}.exe" | C:\Windows\{87BB5C8A-652F-4bc9-882F-5DA348E5B89D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{ADB912C5-F98A-43bd-86A9-7A7BD1E0B389} | C:\Windows\{BE19D4A4-E0B5-4d44-BDA3-5C3CC52595A7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D5C5264E-B694-41e7-B83B-639A0752B0DF}\stubpath = "C:\\Windows\\{D5C5264E-B694-41e7-B83B-639A0752B0DF}.exe" | C:\Windows\{4F910C86-4864-4838-A08B-6974D02587EE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{87BB5C8A-652F-4bc9-882F-5DA348E5B89D} | C:\Windows\{A01261DD-327E-4fa2-8449-5A52A8E69F38}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{87BB5C8A-652F-4bc9-882F-5DA348E5B89D}\stubpath = "C:\\Windows\\{87BB5C8A-652F-4bc9-882F-5DA348E5B89D}.exe" | C:\Windows\{A01261DD-327E-4fa2-8449-5A52A8E69F38}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D5C5264E-B694-41e7-B83B-639A0752B0DF} | C:\Windows\{4F910C86-4864-4838-A08B-6974D02587EE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1E887CEA-0C2E-4a0a-81D9-EA857726F2BC} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_375dbfc59e996eb9752cdbd68645f0a0_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D3048EB6-2C35-4daf-A628-8160CFCEE987}\stubpath = "C:\\Windows\\{D3048EB6-2C35-4daf-A628-8160CFCEE987}.exe" | C:\Windows\{1E887CEA-0C2E-4a0a-81D9-EA857726F2BC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{65FCDE4B-91EB-4198-9CB2-B606763AEDC1}\stubpath = "C:\\Windows\\{65FCDE4B-91EB-4198-9CB2-B606763AEDC1}.exe" | C:\Windows\{1A366651-1280-4e5d-A8B2-5CA00566D18C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{60F17303-6864-42fe-8C50-2685E8C133E5}\stubpath = "C:\\Windows\\{60F17303-6864-42fe-8C50-2685E8C133E5}.exe" | C:\Windows\{65FCDE4B-91EB-4198-9CB2-B606763AEDC1}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{1E887CEA-0C2E-4a0a-81D9-EA857726F2BC}.exe | N/A |
| N/A | N/A | C:\Windows\{D3048EB6-2C35-4daf-A628-8160CFCEE987}.exe | N/A |
| N/A | N/A | C:\Windows\{1A366651-1280-4e5d-A8B2-5CA00566D18C}.exe | N/A |
| N/A | N/A | C:\Windows\{65FCDE4B-91EB-4198-9CB2-B606763AEDC1}.exe | N/A |
| N/A | N/A | C:\Windows\{60F17303-6864-42fe-8C50-2685E8C133E5}.exe | N/A |
| N/A | N/A | C:\Windows\{A01261DD-327E-4fa2-8449-5A52A8E69F38}.exe | N/A |
| N/A | N/A | C:\Windows\{87BB5C8A-652F-4bc9-882F-5DA348E5B89D}.exe | N/A |
| N/A | N/A | C:\Windows\{BE19D4A4-E0B5-4d44-BDA3-5C3CC52595A7}.exe | N/A |
| N/A | N/A | C:\Windows\{ADB912C5-F98A-43bd-86A9-7A7BD1E0B389}.exe | N/A |
| N/A | N/A | C:\Windows\{4F910C86-4864-4838-A08B-6974D02587EE}.exe | N/A |
| N/A | N/A | C:\Windows\{D5C5264E-B694-41e7-B83B-639A0752B0DF}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{D3048EB6-2C35-4daf-A628-8160CFCEE987}.exe | C:\Windows\{1E887CEA-0C2E-4a0a-81D9-EA857726F2BC}.exe | N/A |
| File created | C:\Windows\{1A366651-1280-4e5d-A8B2-5CA00566D18C}.exe | C:\Windows\{D3048EB6-2C35-4daf-A628-8160CFCEE987}.exe | N/A |
| File created | C:\Windows\{60F17303-6864-42fe-8C50-2685E8C133E5}.exe | C:\Windows\{65FCDE4B-91EB-4198-9CB2-B606763AEDC1}.exe | N/A |
| File created | C:\Windows\{A01261DD-327E-4fa2-8449-5A52A8E69F38}.exe | C:\Windows\{60F17303-6864-42fe-8C50-2685E8C133E5}.exe | N/A |
| File created | C:\Windows\{ADB912C5-F98A-43bd-86A9-7A7BD1E0B389}.exe | C:\Windows\{BE19D4A4-E0B5-4d44-BDA3-5C3CC52595A7}.exe | N/A |
| File created | C:\Windows\{4F910C86-4864-4838-A08B-6974D02587EE}.exe | C:\Windows\{ADB912C5-F98A-43bd-86A9-7A7BD1E0B389}.exe | N/A |
| File created | C:\Windows\{D5C5264E-B694-41e7-B83B-639A0752B0DF}.exe | C:\Windows\{4F910C86-4864-4838-A08B-6974D02587EE}.exe | N/A |
| File created | C:\Windows\{1E887CEA-0C2E-4a0a-81D9-EA857726F2BC}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_375dbfc59e996eb9752cdbd68645f0a0_goldeneye.exe | N/A |
| File created | C:\Windows\{87BB5C8A-652F-4bc9-882F-5DA348E5B89D}.exe | C:\Windows\{A01261DD-327E-4fa2-8449-5A52A8E69F38}.exe | N/A |
| File created | C:\Windows\{BE19D4A4-E0B5-4d44-BDA3-5C3CC52595A7}.exe | C:\Windows\{87BB5C8A-652F-4bc9-882F-5DA348E5B89D}.exe | N/A |
| File created | C:\Windows\{65FCDE4B-91EB-4198-9CB2-B606763AEDC1}.exe | C:\Windows\{1A366651-1280-4e5d-A8B2-5CA00566D18C}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_375dbfc59e996eb9752cdbd68645f0a0_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_375dbfc59e996eb9752cdbd68645f0a0_goldeneye.exe"
C:\Windows\{1E887CEA-0C2E-4a0a-81D9-EA857726F2BC}.exe
C:\Windows\{1E887CEA-0C2E-4a0a-81D9-EA857726F2BC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{D3048EB6-2C35-4daf-A628-8160CFCEE987}.exe
C:\Windows\{D3048EB6-2C35-4daf-A628-8160CFCEE987}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1E887~1.EXE > nul
C:\Windows\{1A366651-1280-4e5d-A8B2-5CA00566D18C}.exe
C:\Windows\{1A366651-1280-4e5d-A8B2-5CA00566D18C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D3048~1.EXE > nul
C:\Windows\{65FCDE4B-91EB-4198-9CB2-B606763AEDC1}.exe
C:\Windows\{65FCDE4B-91EB-4198-9CB2-B606763AEDC1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1A366~1.EXE > nul
C:\Windows\{60F17303-6864-42fe-8C50-2685E8C133E5}.exe
C:\Windows\{60F17303-6864-42fe-8C50-2685E8C133E5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{65FCD~1.EXE > nul
C:\Windows\{A01261DD-327E-4fa2-8449-5A52A8E69F38}.exe
C:\Windows\{A01261DD-327E-4fa2-8449-5A52A8E69F38}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{60F17~1.EXE > nul
C:\Windows\{87BB5C8A-652F-4bc9-882F-5DA348E5B89D}.exe
C:\Windows\{87BB5C8A-652F-4bc9-882F-5DA348E5B89D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A0126~1.EXE > nul
C:\Windows\{BE19D4A4-E0B5-4d44-BDA3-5C3CC52595A7}.exe
C:\Windows\{BE19D4A4-E0B5-4d44-BDA3-5C3CC52595A7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{87BB5~1.EXE > nul
C:\Windows\{ADB912C5-F98A-43bd-86A9-7A7BD1E0B389}.exe
C:\Windows\{ADB912C5-F98A-43bd-86A9-7A7BD1E0B389}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BE19D~1.EXE > nul
C:\Windows\{4F910C86-4864-4838-A08B-6974D02587EE}.exe
C:\Windows\{4F910C86-4864-4838-A08B-6974D02587EE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{ADB91~1.EXE > nul
C:\Windows\{D5C5264E-B694-41e7-B83B-639A0752B0DF}.exe
C:\Windows\{D5C5264E-B694-41e7-B83B-639A0752B0DF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4F910~1.EXE > nul
Network
Files
C:\Windows\{1E887CEA-0C2E-4a0a-81D9-EA857726F2BC}.exe
| MD5 | 5399c9798202f70a677ed821373fc51c |
| SHA1 | df33b9f4610d0a532cf62daced1cbaeb12382e90 |
| SHA256 | 83a474ddc1a9ba78ed554ecaf93493b6ff28e9cd4656ec8833f78ba3f2425f50 |
| SHA512 | 6408c8b7846a3d5a0a410a839e0f1dca1dd3ad36d80ccac16c0a7b6e05d4735d21390dce54933f10650c1d96cf2fd6c0d13e0a2f0e0b7ca7832d601c06f2b9eb |
C:\Windows\{D3048EB6-2C35-4daf-A628-8160CFCEE987}.exe
| MD5 | 0cfb6f50aaf97ef9e5ca01d8a36ebcc5 |
| SHA1 | 95aa04d2572a11b1f978e0b0d3382060ce8e10f6 |
| SHA256 | 0d211aaa744e65a547e3e0d830f0c41ddfe34dc7be94228466bc1b7f864e4cdc |
| SHA512 | 13959bb866378473c2955611e8731803e10c67642bf83c332d610698c253b3a4379284c502cd66742544d6cd0b65b2df550c1513cdd4ea170437c4a7de32174f |
C:\Windows\{1A366651-1280-4e5d-A8B2-5CA00566D18C}.exe
| MD5 | dd9b13d119704df675d88dbc14c984d1 |
| SHA1 | 8fb4f5e69eccad3da479da3f939849a7e7440d02 |
| SHA256 | cf6d076e08e1de2a1875d9b6a77f057fab9c493a72c3f444f65e6ffa0f958080 |
| SHA512 | b43526fd739633dc4c179c78159d289305f93478ebbc283dae96d943ea5debbc2264798790af0efeee82a369a8214f4341f521f79c87a722aabb98bcbdf2e23d |
C:\Windows\{65FCDE4B-91EB-4198-9CB2-B606763AEDC1}.exe
| MD5 | 56b1c7ec78f95c4eef7ca5507a3c0005 |
| SHA1 | f47c3fabc38a53811f49a39007dbb2a257385d80 |
| SHA256 | 202f1e8883e6598a33478c3bfcc88cc68523cfa4825e820e9b8696ff79389328 |
| SHA512 | ad20fa9607b97f171267e5dc297d964baa34296d3fc541de1d49a145e44bad3620afaad10ec596c74b8122c388c683d2d80a436a457e232cc1f2ca3889751b32 |
C:\Windows\{60F17303-6864-42fe-8C50-2685E8C133E5}.exe
| MD5 | 10f8fe41fa6795d904a76dd525a1b14c |
| SHA1 | 465781678a8836bc1b9e8f2bc3479f6764d79338 |
| SHA256 | 8b62598ea62c5190f554faec567a11f49b84b5a9050056ff72f1ff0a987ca4cb |
| SHA512 | 69469a27e8c37df18afe0f44eccf8f2cddf5a7bb09f171ecabe180791ef866646f9c91f1959cb812fa2e0c31e4a9e7f5f415aa7104d44e85c4f571f985f6d01b |
C:\Windows\{A01261DD-327E-4fa2-8449-5A52A8E69F38}.exe
| MD5 | 8d7a3f63fd15a12ddc3a21548dda960a |
| SHA1 | 721a3e18946836d4a2693025547f064c07c7c97b |
| SHA256 | f2d67b64a2aba5ebf27a29f0641f00a615e24bfd25eb0675b586f96411f9d96e |
| SHA512 | c946208bc5890f608df76c5aa420ba0a6d0f3b9c88ee2494a63875bbba7200c37d89340217e92e28ed3dc4ef910fd6181b5088ac6872171b7798b06605d21400 |
C:\Windows\{87BB5C8A-652F-4bc9-882F-5DA348E5B89D}.exe
| MD5 | 224dff83407275da3b6a1d8a11bcd345 |
| SHA1 | 1a39fcce5f7b94f780733d680a27acd5eaca559d |
| SHA256 | a84cf7b4b99616b150de50cf9d9f7d507533daaa7a4ff03139e8b2a9b0b1aadd |
| SHA512 | 3fe175f07c0d97252f20ddcffe307fcbf2868b1ebe2e0d99e35c74dec83dce777d0c6750c230ed658db1bc39cce0eb560a52759517186e279c78cdd3eff19d86 |
C:\Windows\{BE19D4A4-E0B5-4d44-BDA3-5C3CC52595A7}.exe
| MD5 | 57644328720eb97d9a7c52d30f056161 |
| SHA1 | aa7b2d59dac00255ecd01454f59402a2dbcb23f3 |
| SHA256 | 1be1a8af8b67d29c6468d106aef4f74c1474d099c7341338bf8529b2396854b0 |
| SHA512 | 9b337607ba1badeb9e5dd1f96d7e12199dae9a396a4dbfaad8ca7cd3402149dea5b6610d85d1e36f31eb287054fab995be2cfd61bcef21aa0fc8243a0fd46420 |
C:\Windows\{ADB912C5-F98A-43bd-86A9-7A7BD1E0B389}.exe
| MD5 | 71aa768d0833da5568ef641d9bd64ec0 |
| SHA1 | 94c390cd9318fae45b3be5a9abd7b375a3a64ad6 |
| SHA256 | 0efdf28f900627b04006493e8b59b1996cd19d8d91594ad80e6e0e1343b725c1 |
| SHA512 | 34a7d8a06bdbbc9e589196575efc06dfc384888c82d23017e02cc9e0bdd0b1dbd7a1b8221ade51d65309168244f6a4b3b7fbcfcd9b4d04d5c9747f04838716c2 |
C:\Windows\{4F910C86-4864-4838-A08B-6974D02587EE}.exe
| MD5 | c26bb1056be0b019c9eff58f47627b16 |
| SHA1 | 30174555516dab67cee6729f51a8435ae1661bf4 |
| SHA256 | eecec752bff6a6e567edb26fc571a01576aa0b0e63551239c8c2217b2545dcb4 |
| SHA512 | 4c625ccae26482efc38d35f295527de0186a48496cca285daaf68f6a7ddbe88362dd60455c56f80a0ea87c7bdbecb318eb4869c3d4466f727a423cb38bc10487 |
C:\Windows\{D5C5264E-B694-41e7-B83B-639A0752B0DF}.exe
| MD5 | ba720864efd67e14565ae7a03f4d4d5c |
| SHA1 | b00dfd0c9df14af71d66697479e6739137769476 |
| SHA256 | a7151f2068ddf5cded8ca8f6187241942d9b791d5b1f593557fa48a5824ea48f |
| SHA512 | a6273dfcfae49155bb4eee41b98ba12c31a1bee62466ae0d5cbacfd09056a2fc487fd2ab0da8228ddd669df1786f1387bb5135aa18c66dafa233a0cbf5600d34 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-04 13:33
Reported
2024-04-04 13:36
Platform
win10v2004-20231215-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BE86F5D0-EA7C-40e1-A47A-C1D312A7B83F} | C:\Windows\{35658802-4DD5-498e-A1B3-2A2701AD9A11}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E8490A6B-918E-4738-845D-083C6D5EF9BD}\stubpath = "C:\\Windows\\{E8490A6B-918E-4738-845D-083C6D5EF9BD}.exe" | C:\Windows\{BE86F5D0-EA7C-40e1-A47A-C1D312A7B83F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CF96ECCF-DBA1-44db-AC94-5BAAD769B5EC} | C:\Windows\{31B60D9C-91B4-4c85-9BC6-874FEEE13526}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CF96ECCF-DBA1-44db-AC94-5BAAD769B5EC}\stubpath = "C:\\Windows\\{CF96ECCF-DBA1-44db-AC94-5BAAD769B5EC}.exe" | C:\Windows\{31B60D9C-91B4-4c85-9BC6-874FEEE13526}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2F6EFC9C-5480-4c59-98C3-AA4AD1403F79} | C:\Windows\{6180A030-7BC1-4b24-AA14-8CD6F2B217CB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{685FF935-5B69-47eb-BB41-062752329406}\stubpath = "C:\\Windows\\{685FF935-5B69-47eb-BB41-062752329406}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_375dbfc59e996eb9752cdbd68645f0a0_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A25AF221-709B-4973-B956-8CCD4113756D}\stubpath = "C:\\Windows\\{A25AF221-709B-4973-B956-8CCD4113756D}.exe" | C:\Windows\{0D74E14A-10F1-4a82-B628-C95754D6B2A5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35658802-4DD5-498e-A1B3-2A2701AD9A11}\stubpath = "C:\\Windows\\{35658802-4DD5-498e-A1B3-2A2701AD9A11}.exe" | C:\Windows\{1DA4DA3D-AD97-4154-A036-6311162F83DA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6180A030-7BC1-4b24-AA14-8CD6F2B217CB} | C:\Windows\{FFA21867-9A9E-48cc-B8C3-8A874040480D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6180A030-7BC1-4b24-AA14-8CD6F2B217CB}\stubpath = "C:\\Windows\\{6180A030-7BC1-4b24-AA14-8CD6F2B217CB}.exe" | C:\Windows\{FFA21867-9A9E-48cc-B8C3-8A874040480D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1DA4DA3D-AD97-4154-A036-6311162F83DA} | C:\Windows\{A25AF221-709B-4973-B956-8CCD4113756D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{FFA21867-9A9E-48cc-B8C3-8A874040480D} | C:\Windows\{CF96ECCF-DBA1-44db-AC94-5BAAD769B5EC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{FFA21867-9A9E-48cc-B8C3-8A874040480D}\stubpath = "C:\\Windows\\{FFA21867-9A9E-48cc-B8C3-8A874040480D}.exe" | C:\Windows\{CF96ECCF-DBA1-44db-AC94-5BAAD769B5EC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35658802-4DD5-498e-A1B3-2A2701AD9A11} | C:\Windows\{1DA4DA3D-AD97-4154-A036-6311162F83DA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{31B60D9C-91B4-4c85-9BC6-874FEEE13526}\stubpath = "C:\\Windows\\{31B60D9C-91B4-4c85-9BC6-874FEEE13526}.exe" | C:\Windows\{E8490A6B-918E-4738-845D-083C6D5EF9BD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2F6EFC9C-5480-4c59-98C3-AA4AD1403F79}\stubpath = "C:\\Windows\\{2F6EFC9C-5480-4c59-98C3-AA4AD1403F79}.exe" | C:\Windows\{6180A030-7BC1-4b24-AA14-8CD6F2B217CB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0D74E14A-10F1-4a82-B628-C95754D6B2A5} | C:\Windows\{685FF935-5B69-47eb-BB41-062752329406}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A25AF221-709B-4973-B956-8CCD4113756D} | C:\Windows\{0D74E14A-10F1-4a82-B628-C95754D6B2A5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1DA4DA3D-AD97-4154-A036-6311162F83DA}\stubpath = "C:\\Windows\\{1DA4DA3D-AD97-4154-A036-6311162F83DA}.exe" | C:\Windows\{A25AF221-709B-4973-B956-8CCD4113756D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E8490A6B-918E-4738-845D-083C6D5EF9BD} | C:\Windows\{BE86F5D0-EA7C-40e1-A47A-C1D312A7B83F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{31B60D9C-91B4-4c85-9BC6-874FEEE13526} | C:\Windows\{E8490A6B-918E-4738-845D-083C6D5EF9BD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{685FF935-5B69-47eb-BB41-062752329406} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_375dbfc59e996eb9752cdbd68645f0a0_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0D74E14A-10F1-4a82-B628-C95754D6B2A5}\stubpath = "C:\\Windows\\{0D74E14A-10F1-4a82-B628-C95754D6B2A5}.exe" | C:\Windows\{685FF935-5B69-47eb-BB41-062752329406}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BE86F5D0-EA7C-40e1-A47A-C1D312A7B83F}\stubpath = "C:\\Windows\\{BE86F5D0-EA7C-40e1-A47A-C1D312A7B83F}.exe" | C:\Windows\{35658802-4DD5-498e-A1B3-2A2701AD9A11}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{685FF935-5B69-47eb-BB41-062752329406}.exe | N/A |
| N/A | N/A | C:\Windows\{0D74E14A-10F1-4a82-B628-C95754D6B2A5}.exe | N/A |
| N/A | N/A | C:\Windows\{A25AF221-709B-4973-B956-8CCD4113756D}.exe | N/A |
| N/A | N/A | C:\Windows\{1DA4DA3D-AD97-4154-A036-6311162F83DA}.exe | N/A |
| N/A | N/A | C:\Windows\{35658802-4DD5-498e-A1B3-2A2701AD9A11}.exe | N/A |
| N/A | N/A | C:\Windows\{BE86F5D0-EA7C-40e1-A47A-C1D312A7B83F}.exe | N/A |
| N/A | N/A | C:\Windows\{E8490A6B-918E-4738-845D-083C6D5EF9BD}.exe | N/A |
| N/A | N/A | C:\Windows\{31B60D9C-91B4-4c85-9BC6-874FEEE13526}.exe | N/A |
| N/A | N/A | C:\Windows\{CF96ECCF-DBA1-44db-AC94-5BAAD769B5EC}.exe | N/A |
| N/A | N/A | C:\Windows\{FFA21867-9A9E-48cc-B8C3-8A874040480D}.exe | N/A |
| N/A | N/A | C:\Windows\{6180A030-7BC1-4b24-AA14-8CD6F2B217CB}.exe | N/A |
| N/A | N/A | C:\Windows\{2F6EFC9C-5480-4c59-98C3-AA4AD1403F79}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{1DA4DA3D-AD97-4154-A036-6311162F83DA}.exe | C:\Windows\{A25AF221-709B-4973-B956-8CCD4113756D}.exe | N/A |
| File created | C:\Windows\{35658802-4DD5-498e-A1B3-2A2701AD9A11}.exe | C:\Windows\{1DA4DA3D-AD97-4154-A036-6311162F83DA}.exe | N/A |
| File created | C:\Windows\{31B60D9C-91B4-4c85-9BC6-874FEEE13526}.exe | C:\Windows\{E8490A6B-918E-4738-845D-083C6D5EF9BD}.exe | N/A |
| File created | C:\Windows\{CF96ECCF-DBA1-44db-AC94-5BAAD769B5EC}.exe | C:\Windows\{31B60D9C-91B4-4c85-9BC6-874FEEE13526}.exe | N/A |
| File created | C:\Windows\{0D74E14A-10F1-4a82-B628-C95754D6B2A5}.exe | C:\Windows\{685FF935-5B69-47eb-BB41-062752329406}.exe | N/A |
| File created | C:\Windows\{A25AF221-709B-4973-B956-8CCD4113756D}.exe | C:\Windows\{0D74E14A-10F1-4a82-B628-C95754D6B2A5}.exe | N/A |
| File created | C:\Windows\{BE86F5D0-EA7C-40e1-A47A-C1D312A7B83F}.exe | C:\Windows\{35658802-4DD5-498e-A1B3-2A2701AD9A11}.exe | N/A |
| File created | C:\Windows\{E8490A6B-918E-4738-845D-083C6D5EF9BD}.exe | C:\Windows\{BE86F5D0-EA7C-40e1-A47A-C1D312A7B83F}.exe | N/A |
| File created | C:\Windows\{FFA21867-9A9E-48cc-B8C3-8A874040480D}.exe | C:\Windows\{CF96ECCF-DBA1-44db-AC94-5BAAD769B5EC}.exe | N/A |
| File created | C:\Windows\{6180A030-7BC1-4b24-AA14-8CD6F2B217CB}.exe | C:\Windows\{FFA21867-9A9E-48cc-B8C3-8A874040480D}.exe | N/A |
| File created | C:\Windows\{2F6EFC9C-5480-4c59-98C3-AA4AD1403F79}.exe | C:\Windows\{6180A030-7BC1-4b24-AA14-8CD6F2B217CB}.exe | N/A |
| File created | C:\Windows\{685FF935-5B69-47eb-BB41-062752329406}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_375dbfc59e996eb9752cdbd68645f0a0_goldeneye.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_375dbfc59e996eb9752cdbd68645f0a0_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_375dbfc59e996eb9752cdbd68645f0a0_goldeneye.exe"
C:\Windows\{685FF935-5B69-47eb-BB41-062752329406}.exe
C:\Windows\{685FF935-5B69-47eb-BB41-062752329406}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{0D74E14A-10F1-4a82-B628-C95754D6B2A5}.exe
C:\Windows\{0D74E14A-10F1-4a82-B628-C95754D6B2A5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{685FF~1.EXE > nul
C:\Windows\{A25AF221-709B-4973-B956-8CCD4113756D}.exe
C:\Windows\{A25AF221-709B-4973-B956-8CCD4113756D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0D74E~1.EXE > nul
C:\Windows\{1DA4DA3D-AD97-4154-A036-6311162F83DA}.exe
C:\Windows\{1DA4DA3D-AD97-4154-A036-6311162F83DA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A25AF~1.EXE > nul
C:\Windows\{35658802-4DD5-498e-A1B3-2A2701AD9A11}.exe
C:\Windows\{35658802-4DD5-498e-A1B3-2A2701AD9A11}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1DA4D~1.EXE > nul
C:\Windows\{BE86F5D0-EA7C-40e1-A47A-C1D312A7B83F}.exe
C:\Windows\{BE86F5D0-EA7C-40e1-A47A-C1D312A7B83F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{35658~1.EXE > nul
C:\Windows\{E8490A6B-918E-4738-845D-083C6D5EF9BD}.exe
C:\Windows\{E8490A6B-918E-4738-845D-083C6D5EF9BD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BE86F~1.EXE > nul
C:\Windows\{31B60D9C-91B4-4c85-9BC6-874FEEE13526}.exe
C:\Windows\{31B60D9C-91B4-4c85-9BC6-874FEEE13526}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E8490~1.EXE > nul
C:\Windows\{CF96ECCF-DBA1-44db-AC94-5BAAD769B5EC}.exe
C:\Windows\{CF96ECCF-DBA1-44db-AC94-5BAAD769B5EC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{31B60~1.EXE > nul
C:\Windows\{FFA21867-9A9E-48cc-B8C3-8A874040480D}.exe
C:\Windows\{FFA21867-9A9E-48cc-B8C3-8A874040480D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CF96E~1.EXE > nul
C:\Windows\{6180A030-7BC1-4b24-AA14-8CD6F2B217CB}.exe
C:\Windows\{6180A030-7BC1-4b24-AA14-8CD6F2B217CB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FFA21~1.EXE > nul
C:\Windows\{2F6EFC9C-5480-4c59-98C3-AA4AD1403F79}.exe
C:\Windows\{2F6EFC9C-5480-4c59-98C3-AA4AD1403F79}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6180A~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| GB | 23.44.234.16:80 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.162.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Windows\{685FF935-5B69-47eb-BB41-062752329406}.exe
| MD5 | dadee5902bb19a0f906e4322cd5eafd9 |
| SHA1 | c7b2a67df809e9d77f38f665378b173d22be83f0 |
| SHA256 | ae82694a54fbd17fc5933c58f123a33e5e59ce823a96f34f61c573be1ed8b0c9 |
| SHA512 | cd4f96526d0b0cad0895109fb0b531852d76f4ec13e58ac9367684538a6215b847f0c0452b0942649ff29a19fc7b26f5566007d0bf627aa333145f84687d9e07 |
C:\Windows\{0D74E14A-10F1-4a82-B628-C95754D6B2A5}.exe
| MD5 | f146143f2ef6021371270deef53111a9 |
| SHA1 | 23bd8cca3e9237aede4b9ec330ff5e48c845b5e6 |
| SHA256 | e77d34eab745bb8d7bc9c2f3c84849646315bcb1c6df29242268d3aa76c54903 |
| SHA512 | 1a1e823a499248024864d0695dfb9d3c920718219cc0acd85e106a3a016937e1f072c7e1ca9b1dc79533092e91b0584c48d10a36d180e85a6b9e99de940d1a2b |
C:\Windows\{A25AF221-709B-4973-B956-8CCD4113756D}.exe
| MD5 | 811ba40cedac4cfd57256e9eb44d1b69 |
| SHA1 | 015047263871b3feb0b27d0d32787f8315cf2bfc |
| SHA256 | 228119a3bf659bd8bc5ce57caa6191bfc1000d40f7d0d7a307c224de49867c1b |
| SHA512 | b1607c2f43a2b54be11b8c5640a593505e12460092e9fab644a8bb726189da9c75be8a4a81760b429587be37b1920fca31c5e55175bc6d88daacab490ee1c4d0 |
C:\Windows\{1DA4DA3D-AD97-4154-A036-6311162F83DA}.exe
| MD5 | fafefdf99cfaa77daeabc2a6b2715962 |
| SHA1 | a43ae8a1da853dc7a44695ee4d41fa1ab636eb25 |
| SHA256 | 7ebb431968c62e7651fcb582d3b4f5c2e2deff6f8274bf4b28d6e7bbda9893b2 |
| SHA512 | ca73e5eaa5ed7e9689212b0cb3209618fbf4933b7633203b3021c469d70fc005292b980114f1a2823c0d51e4aba966fa5be57cf4fda589226e01970a03d11959 |
C:\Windows\{35658802-4DD5-498e-A1B3-2A2701AD9A11}.exe
| MD5 | 87ef0bc28a61ac359e56c5cbe9f5ffe8 |
| SHA1 | 5ecf593999f0eb6c6e24cc78b5b112be94a6fbf5 |
| SHA256 | 94e56d00df762168c6ab26febe3f8a1e1957835a4559d245374ed4a9d58a9fe1 |
| SHA512 | 9415f6c3ca27a0e6740609d3cf32e8cea3dd2d681b8299ae9ec8b9276b4407398663207f81f6587d1f6ed3721e450bec96a50809193b5ef4f4914935bc472687 |
C:\Windows\{BE86F5D0-EA7C-40e1-A47A-C1D312A7B83F}.exe
| MD5 | 60a69933a680e105860be1713da3f0e0 |
| SHA1 | 4837af4ab057fb11dd9ce675a76f80bf69e5cfb4 |
| SHA256 | f2aad0027d12a27dd5d8002a36e2fcca7417508224dfc55636bd00ceee1976b2 |
| SHA512 | b907307daf1581d35248eb70c6207c6f21531a1f7c9c6cdaa4ec616c5d831d35374eb9e77ba2fdf57fa1090460616e53579c394b244f64a3a1d536e628c4d537 |
C:\Windows\{E8490A6B-918E-4738-845D-083C6D5EF9BD}.exe
| MD5 | 00abee47345ffdf7cf7703df02d45b4a |
| SHA1 | 3020a37efab8a9b375610e252a3d9365d62444d6 |
| SHA256 | bab173335d06915afc6464ef1693ee2173e4f0901c633a6a72ba92a7b68a5cec |
| SHA512 | d2c7e818aa1d56e2e0d7659939c3499152f57cc8ee59573b5832f2679360ff70a399075502d91ca45d60f019ec060a3b8d0eeefa11b45d9019ef3d7004194463 |
C:\Windows\{31B60D9C-91B4-4c85-9BC6-874FEEE13526}.exe
| MD5 | c4e344d3e94fab2741f5fa63b457510a |
| SHA1 | 86f25a0acb53669928accb3db26f3e891da9ba24 |
| SHA256 | 4bd0f966754e2b8114684fb74f785348786b6d3304ad1dbbde778fc2b3f2bbf2 |
| SHA512 | e386f81bca0c04d6f9d0b9f6e6133b8ae1d824c0c97ea0338b7d134f4b496adfe363b0de3c1a87b427030a9ddea67146e435adb2359db09086e0635d8e122389 |
C:\Windows\{CF96ECCF-DBA1-44db-AC94-5BAAD769B5EC}.exe
| MD5 | 3cc74f982262b2fb2d450a5196681b37 |
| SHA1 | 78e3be41e4e3675049c2d1ea665c6b947d859e72 |
| SHA256 | b825a35ebf4e65c7a353aad1fb8f0c97425cc7a33ffc99894f1c572452f0391a |
| SHA512 | 76d0ed7660d1b7aa17046b64d0861265cdfa3dbd4ce4dae975234c2aad8d89fbdfbca900eebc99022ab00f6b4f395175a23e7c062d5a6a3709d3949b34cc7c60 |
C:\Windows\{FFA21867-9A9E-48cc-B8C3-8A874040480D}.exe
| MD5 | 658ff29c1d05e212bcc19b92a2d5db2b |
| SHA1 | 3a90dbe4fa9aba73ef16fdbcb27a73f1f880e820 |
| SHA256 | a8ec0a2b305673dbf5186c3276e639ae649ab6c91d0ea088bc17afc88092f3f9 |
| SHA512 | f459493be97eb1a0b657a8f2be36327b6e5287d6f1434fea7fdb5bd350e269751f4cdd933fde64f5e86611f84e9b0a31e24f93cc12f1e25485d10b025481d16e |
C:\Windows\{6180A030-7BC1-4b24-AA14-8CD6F2B217CB}.exe
| MD5 | 871ae90fe42404da8087759c20ce4639 |
| SHA1 | 6f756ca0f21f818b3c5f1d770a6e13b7b2716f4e |
| SHA256 | 08b98c1056e88d94f323984d572b1088bc602d456ed7e68412df8772b82b49ce |
| SHA512 | d3b2665ef0210e1e112d2293d1a3815a5cce3f8fce26c87f913bae2f82378a11a6b1b24b27f44fe97a46945a49a0e19e91c2143ce521175d7917ed5d6f28d8a5 |
C:\Windows\{2F6EFC9C-5480-4c59-98C3-AA4AD1403F79}.exe
| MD5 | d657b61b37f6ddedf05c03215838e8de |
| SHA1 | 00323e974a8783bb7bb022c30f79890b6ecd7687 |
| SHA256 | 3f2f53d8f4333e8a6efe69744d0f456d37478ecfb8c241a150d2a2498ab5a6dd |
| SHA512 | c334d1f93162a2407a72f2abdef56ab1dfce6c08cbe1561de16e3c70a46f9c602e7722434122bfb3c9b4522d0f4259f4dcf8814892463ff1d13a3f872d7fea6a |