Analysis Overview
SHA256
0b0777db0ffd874117d99e8b6c058940f53a70c0368e7aa64219fc4ee584d285
Threat Level: Known bad
The file 2024-04-04_37f14fbc75ba06a427b0a6e6bbffa3d1_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-04 13:34
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-04 13:34
Reported
2024-04-04 13:36
Platform
win7-20240221-en
Max time kernel
144s
Max time network
121s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B845A054-066B-49c9-8534-FA6692E64EC9} | C:\Windows\{E62871A3-4B41-4119-A387-D24A9268E602}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B9D009BB-74B8-442a-AE0A-3EDD7EA930AD} | C:\Windows\{CE7ACB97-9533-498a-AD12-C396408CD496}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5B1672D4-CB2D-45d5-9B5F-0F787B8DD8BB}\stubpath = "C:\\Windows\\{5B1672D4-CB2D-45d5-9B5F-0F787B8DD8BB}.exe" | C:\Windows\{B9D009BB-74B8-442a-AE0A-3EDD7EA930AD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EDA75B77-B029-429f-AEDB-98353ADD729C} | C:\Windows\{70A3E6DE-25D7-48ed-81F0-7E5D3DE3EDDF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AF223F36-74C8-4321-A72A-FB418B2CFF13} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_37f14fbc75ba06a427b0a6e6bbffa3d1_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CE7ACB97-9533-498a-AD12-C396408CD496} | C:\Windows\{B845A054-066B-49c9-8534-FA6692E64EC9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{70A3E6DE-25D7-48ed-81F0-7E5D3DE3EDDF} | C:\Windows\{5B1672D4-CB2D-45d5-9B5F-0F787B8DD8BB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EDA75B77-B029-429f-AEDB-98353ADD729C}\stubpath = "C:\\Windows\\{EDA75B77-B029-429f-AEDB-98353ADD729C}.exe" | C:\Windows\{70A3E6DE-25D7-48ed-81F0-7E5D3DE3EDDF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E78CEBFC-3DA4-47b8-B43B-B411C04EBEB6}\stubpath = "C:\\Windows\\{E78CEBFC-3DA4-47b8-B43B-B411C04EBEB6}.exe" | C:\Windows\{EDA75B77-B029-429f-AEDB-98353ADD729C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2C205BB7-5DE7-4ddc-86D4-743B9A180B0E} | C:\Windows\{E78CEBFC-3DA4-47b8-B43B-B411C04EBEB6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2C205BB7-5DE7-4ddc-86D4-743B9A180B0E}\stubpath = "C:\\Windows\\{2C205BB7-5DE7-4ddc-86D4-743B9A180B0E}.exe" | C:\Windows\{E78CEBFC-3DA4-47b8-B43B-B411C04EBEB6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{58AE291D-10F4-4141-8D69-8CC6AD4C2921}\stubpath = "C:\\Windows\\{58AE291D-10F4-4141-8D69-8CC6AD4C2921}.exe" | C:\Windows\{AF223F36-74C8-4321-A72A-FB418B2CFF13}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{58AE291D-10F4-4141-8D69-8CC6AD4C2921} | C:\Windows\{AF223F36-74C8-4321-A72A-FB418B2CFF13}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E62871A3-4B41-4119-A387-D24A9268E602} | C:\Windows\{58AE291D-10F4-4141-8D69-8CC6AD4C2921}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E62871A3-4B41-4119-A387-D24A9268E602}\stubpath = "C:\\Windows\\{E62871A3-4B41-4119-A387-D24A9268E602}.exe" | C:\Windows\{58AE291D-10F4-4141-8D69-8CC6AD4C2921}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B845A054-066B-49c9-8534-FA6692E64EC9}\stubpath = "C:\\Windows\\{B845A054-066B-49c9-8534-FA6692E64EC9}.exe" | C:\Windows\{E62871A3-4B41-4119-A387-D24A9268E602}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CE7ACB97-9533-498a-AD12-C396408CD496}\stubpath = "C:\\Windows\\{CE7ACB97-9533-498a-AD12-C396408CD496}.exe" | C:\Windows\{B845A054-066B-49c9-8534-FA6692E64EC9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B9D009BB-74B8-442a-AE0A-3EDD7EA930AD}\stubpath = "C:\\Windows\\{B9D009BB-74B8-442a-AE0A-3EDD7EA930AD}.exe" | C:\Windows\{CE7ACB97-9533-498a-AD12-C396408CD496}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5B1672D4-CB2D-45d5-9B5F-0F787B8DD8BB} | C:\Windows\{B9D009BB-74B8-442a-AE0A-3EDD7EA930AD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AF223F36-74C8-4321-A72A-FB418B2CFF13}\stubpath = "C:\\Windows\\{AF223F36-74C8-4321-A72A-FB418B2CFF13}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_37f14fbc75ba06a427b0a6e6bbffa3d1_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E78CEBFC-3DA4-47b8-B43B-B411C04EBEB6} | C:\Windows\{EDA75B77-B029-429f-AEDB-98353ADD729C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{70A3E6DE-25D7-48ed-81F0-7E5D3DE3EDDF}\stubpath = "C:\\Windows\\{70A3E6DE-25D7-48ed-81F0-7E5D3DE3EDDF}.exe" | C:\Windows\{5B1672D4-CB2D-45d5-9B5F-0F787B8DD8BB}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{AF223F36-74C8-4321-A72A-FB418B2CFF13}.exe | N/A |
| N/A | N/A | C:\Windows\{58AE291D-10F4-4141-8D69-8CC6AD4C2921}.exe | N/A |
| N/A | N/A | C:\Windows\{E62871A3-4B41-4119-A387-D24A9268E602}.exe | N/A |
| N/A | N/A | C:\Windows\{B845A054-066B-49c9-8534-FA6692E64EC9}.exe | N/A |
| N/A | N/A | C:\Windows\{CE7ACB97-9533-498a-AD12-C396408CD496}.exe | N/A |
| N/A | N/A | C:\Windows\{B9D009BB-74B8-442a-AE0A-3EDD7EA930AD}.exe | N/A |
| N/A | N/A | C:\Windows\{5B1672D4-CB2D-45d5-9B5F-0F787B8DD8BB}.exe | N/A |
| N/A | N/A | C:\Windows\{70A3E6DE-25D7-48ed-81F0-7E5D3DE3EDDF}.exe | N/A |
| N/A | N/A | C:\Windows\{EDA75B77-B029-429f-AEDB-98353ADD729C}.exe | N/A |
| N/A | N/A | C:\Windows\{E78CEBFC-3DA4-47b8-B43B-B411C04EBEB6}.exe | N/A |
| N/A | N/A | C:\Windows\{2C205BB7-5DE7-4ddc-86D4-743B9A180B0E}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{E78CEBFC-3DA4-47b8-B43B-B411C04EBEB6}.exe | C:\Windows\{EDA75B77-B029-429f-AEDB-98353ADD729C}.exe | N/A |
| File created | C:\Windows\{AF223F36-74C8-4321-A72A-FB418B2CFF13}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_37f14fbc75ba06a427b0a6e6bbffa3d1_goldeneye.exe | N/A |
| File created | C:\Windows\{58AE291D-10F4-4141-8D69-8CC6AD4C2921}.exe | C:\Windows\{AF223F36-74C8-4321-A72A-FB418B2CFF13}.exe | N/A |
| File created | C:\Windows\{B845A054-066B-49c9-8534-FA6692E64EC9}.exe | C:\Windows\{E62871A3-4B41-4119-A387-D24A9268E602}.exe | N/A |
| File created | C:\Windows\{CE7ACB97-9533-498a-AD12-C396408CD496}.exe | C:\Windows\{B845A054-066B-49c9-8534-FA6692E64EC9}.exe | N/A |
| File created | C:\Windows\{5B1672D4-CB2D-45d5-9B5F-0F787B8DD8BB}.exe | C:\Windows\{B9D009BB-74B8-442a-AE0A-3EDD7EA930AD}.exe | N/A |
| File created | C:\Windows\{E62871A3-4B41-4119-A387-D24A9268E602}.exe | C:\Windows\{58AE291D-10F4-4141-8D69-8CC6AD4C2921}.exe | N/A |
| File created | C:\Windows\{B9D009BB-74B8-442a-AE0A-3EDD7EA930AD}.exe | C:\Windows\{CE7ACB97-9533-498a-AD12-C396408CD496}.exe | N/A |
| File created | C:\Windows\{70A3E6DE-25D7-48ed-81F0-7E5D3DE3EDDF}.exe | C:\Windows\{5B1672D4-CB2D-45d5-9B5F-0F787B8DD8BB}.exe | N/A |
| File created | C:\Windows\{EDA75B77-B029-429f-AEDB-98353ADD729C}.exe | C:\Windows\{70A3E6DE-25D7-48ed-81F0-7E5D3DE3EDDF}.exe | N/A |
| File created | C:\Windows\{2C205BB7-5DE7-4ddc-86D4-743B9A180B0E}.exe | C:\Windows\{E78CEBFC-3DA4-47b8-B43B-B411C04EBEB6}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_37f14fbc75ba06a427b0a6e6bbffa3d1_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_37f14fbc75ba06a427b0a6e6bbffa3d1_goldeneye.exe"
C:\Windows\{AF223F36-74C8-4321-A72A-FB418B2CFF13}.exe
C:\Windows\{AF223F36-74C8-4321-A72A-FB418B2CFF13}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{58AE291D-10F4-4141-8D69-8CC6AD4C2921}.exe
C:\Windows\{58AE291D-10F4-4141-8D69-8CC6AD4C2921}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{AF223~1.EXE > nul
C:\Windows\{E62871A3-4B41-4119-A387-D24A9268E602}.exe
C:\Windows\{E62871A3-4B41-4119-A387-D24A9268E602}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{58AE2~1.EXE > nul
C:\Windows\{B845A054-066B-49c9-8534-FA6692E64EC9}.exe
C:\Windows\{B845A054-066B-49c9-8534-FA6692E64EC9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E6287~1.EXE > nul
C:\Windows\{CE7ACB97-9533-498a-AD12-C396408CD496}.exe
C:\Windows\{CE7ACB97-9533-498a-AD12-C396408CD496}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B845A~1.EXE > nul
C:\Windows\{B9D009BB-74B8-442a-AE0A-3EDD7EA930AD}.exe
C:\Windows\{B9D009BB-74B8-442a-AE0A-3EDD7EA930AD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CE7AC~1.EXE > nul
C:\Windows\{5B1672D4-CB2D-45d5-9B5F-0F787B8DD8BB}.exe
C:\Windows\{5B1672D4-CB2D-45d5-9B5F-0F787B8DD8BB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B9D00~1.EXE > nul
C:\Windows\{70A3E6DE-25D7-48ed-81F0-7E5D3DE3EDDF}.exe
C:\Windows\{70A3E6DE-25D7-48ed-81F0-7E5D3DE3EDDF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5B167~1.EXE > nul
C:\Windows\{EDA75B77-B029-429f-AEDB-98353ADD729C}.exe
C:\Windows\{EDA75B77-B029-429f-AEDB-98353ADD729C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{70A3E~1.EXE > nul
C:\Windows\{E78CEBFC-3DA4-47b8-B43B-B411C04EBEB6}.exe
C:\Windows\{E78CEBFC-3DA4-47b8-B43B-B411C04EBEB6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EDA75~1.EXE > nul
C:\Windows\{2C205BB7-5DE7-4ddc-86D4-743B9A180B0E}.exe
C:\Windows\{2C205BB7-5DE7-4ddc-86D4-743B9A180B0E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E78CE~1.EXE > nul
Network
Files
C:\Windows\{AF223F36-74C8-4321-A72A-FB418B2CFF13}.exe
| MD5 | 0d9c906f4439bbcfeacf1c8bb08218f9 |
| SHA1 | cee9409622ba76d42cccb3501bec66fc9cf26a93 |
| SHA256 | 6896fea704b9eaa6d2f6465c14a29f17589f7304900075b523821c3e33ae7a50 |
| SHA512 | 6f36c27e61031f889b3f03ef4af724c30fc3a4f73f8a97647d7eb91df9639c1002b44544937de5df6c8ba2629e5c5e7c1772a0f34c55bce6ea0d756c7a5c6215 |
C:\Windows\{58AE291D-10F4-4141-8D69-8CC6AD4C2921}.exe
| MD5 | df6d198f0371a49ae9609085f1291d31 |
| SHA1 | fafb82545d8e03093adb55789a34c7b675778d2f |
| SHA256 | 0a8bda7d501c4ea2897790daca60d1f7f92db74f7679679c954a43e0fa8499b4 |
| SHA512 | 3fb4a4ba18375900bb860edb972cde9dc34c7241a36ca1fc3ee181aab49d77e54d6f9ef29a342bf1093c53a3978bfa49369116ee870cbddaab91a4b9bd426c62 |
C:\Windows\{E62871A3-4B41-4119-A387-D24A9268E602}.exe
| MD5 | 4da37b754cd22f1dcc14716eeef6dd2a |
| SHA1 | b478e10b9c256667b6d746e0ada03092ae8961b6 |
| SHA256 | 7132656997c9490f24a1b53a0ad468c13ea2bf1aaa4aa7811fff28f5b3733d40 |
| SHA512 | b5fb4e4c1d70432ac743a496eff5c068ac7a871af2eb6cc4b28f1d3680727b8c644cf238e34031486ce6d4bb5a620be52c70c037d58c111a6d1660bd7e6061fb |
C:\Windows\{B845A054-066B-49c9-8534-FA6692E64EC9}.exe
| MD5 | 0bfcf77dc8ffb76d1ab46afc929ceaa5 |
| SHA1 | 1f41a3ddf16ca5a26af7825680df89e8b31ba105 |
| SHA256 | ddba66bee3ef076703679c5715eeff60ff62f6956e608387598befdf68610847 |
| SHA512 | e2770cad68cfb70b64df9908de017b0583068ab8f1e1be6286a788d3d778630963be7ee1f0ea76d0034027128a852c4a7c82f8f6066fc1aa1636cd64275bdcf0 |
C:\Windows\{CE7ACB97-9533-498a-AD12-C396408CD496}.exe
| MD5 | 7896a7db0afd39b71ef3d06e35e1396e |
| SHA1 | 188fbb2243b55bd84629a8bb35ef6b77a4137164 |
| SHA256 | e65699ad2828ff019d4ad2cdf763e7764c2ae5dc2a002bde0ae18f06df011f33 |
| SHA512 | e3a1e2c2a7755f8a0cb5a08264788e82426d9c31e7969ec600bd33f2cbd89dbd04826fd16edcb8ccb5a6a4aa3c5ec0c6e99f0df1e53b357ad7d51226a49e22c3 |
C:\Windows\{B9D009BB-74B8-442a-AE0A-3EDD7EA930AD}.exe
| MD5 | 0a43bb9710db25a320d9b9cf090ed9f3 |
| SHA1 | 972242682a43302561669fb8fba7c9dafc6c1118 |
| SHA256 | 789300252398d6485978bcdd8b53238de3d16955e09aac236c49d69091c2fdba |
| SHA512 | 03db8011b3dcdcb1cd0db70f3c81c0fa97b8fe22f68ee6106102c5276450e1ad7eba7d4c65e26657a200c98ca52f975a3644a85930e8c2d09fac95295d557251 |
C:\Windows\{5B1672D4-CB2D-45d5-9B5F-0F787B8DD8BB}.exe
| MD5 | 549eb82483622ce523a936a44bdbb3c7 |
| SHA1 | 17e492ed0c4fffbe5380d4289f287ecd3b0c0ac1 |
| SHA256 | 81f9f8235ee8491e9646df217b29bd66ad9ce8ee6e5d330498d593e4ea814ed2 |
| SHA512 | c8df51a747676d73641e76224ca1fe114e757b1b57dff14bf4f7f5720c702c19ff0d05e7c2989574806939a790b347ae1cff096a1a59d4bfce5f0427c9fd16d9 |
C:\Windows\{70A3E6DE-25D7-48ed-81F0-7E5D3DE3EDDF}.exe
| MD5 | fd24fe43f08278ab608912090903e8a5 |
| SHA1 | bccaf567a8eda59ec49e9afe7a878e3556190981 |
| SHA256 | 395d8e133184d7e982a1597938d49385d1107d32fe646339eb39bb634873e368 |
| SHA512 | 1f9a298a0a052fecb96a192c374f744ea571ccdc176251998ec00b3a1caa6719c0bc3b5f6e69e6b57f3d7d3527cdbdd7b07d13c7c57ca92ef36c7c50a3a61ef4 |
C:\Windows\{EDA75B77-B029-429f-AEDB-98353ADD729C}.exe
| MD5 | 298091adbd6370d37db33656afe1b89c |
| SHA1 | 9d969551f51dded49e86c4391eef935dd1c5a4a9 |
| SHA256 | d5e91ac7b5f4eb091e7624faefaa5a646ae34e14d962c7423bf55725bbe8257c |
| SHA512 | 9c745b822aa465823c7273034b5a61bd19ce8df71bd26a3ae9a8511268fcdc509e9d9a178241646f147c87047032575a1141ccac757707dc3b700380fd47a12f |
C:\Windows\{E78CEBFC-3DA4-47b8-B43B-B411C04EBEB6}.exe
| MD5 | d408dd2c36569776c03b0d392c453d9d |
| SHA1 | d65a8c1be858271b328c1dc918d229295d07f639 |
| SHA256 | e54180b557030be6b7890055a2386b21452e67c24128f85bd5e15f19ec5b21e2 |
| SHA512 | b863a33b1fd775717830cf2e1927c54e874ac1700ea094c3b6935d761b14232b31f0ad1c464b2258bc5447753e50cbe68471f0cd2493b249523a4b6202a218ad |
C:\Windows\{2C205BB7-5DE7-4ddc-86D4-743B9A180B0E}.exe
| MD5 | 64b5cb59a5ab022eb7a31f133e7c5639 |
| SHA1 | bfd9e2377434f93f30401a6ba9fcf139d774b35c |
| SHA256 | ef66ed80fd3593a828456ea25053be6c9576057513c0edb3081018de04d6d14e |
| SHA512 | 1d6946ccd7f7ac96a5559e3df6947b229fe50e1fc89a966fd575a09e440c3d11267347eeffc121de38a45a258fdebbd2c2215fbb1f27e8a28973483c1e91eeb2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-04 13:34
Reported
2024-04-04 13:36
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
156s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0AF1CBAD-A25C-43b9-86C5-1ED5682184A8}\stubpath = "C:\\Windows\\{0AF1CBAD-A25C-43b9-86C5-1ED5682184A8}.exe" | C:\Windows\{582093A3-ED38-4802-98BE-9BD36E38E564}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A2295CA9-35D5-4a5e-97D2-71D8AC3EA54C} | C:\Windows\{548D2A58-2777-4aee-8D81-6656009C40B0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1CEA97D4-2644-4964-A3AC-75EF54C8E72A} | C:\Windows\{A2295CA9-35D5-4a5e-97D2-71D8AC3EA54C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DCC261A4-B43A-4615-A7B3-805B07F6E4C0} | C:\Windows\{1CEA97D4-2644-4964-A3AC-75EF54C8E72A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D0805CE4-B146-49b0-82BD-44D9E3444EAB} | C:\Windows\{DCC261A4-B43A-4615-A7B3-805B07F6E4C0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2A21B419-79AF-4538-B643-83E7C65C1CB5} | C:\Windows\{AEA53100-C6F9-49ce-AEF0-6E1FFC5013D9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2A21B419-79AF-4538-B643-83E7C65C1CB5}\stubpath = "C:\\Windows\\{2A21B419-79AF-4538-B643-83E7C65C1CB5}.exe" | C:\Windows\{AEA53100-C6F9-49ce-AEF0-6E1FFC5013D9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{582093A3-ED38-4802-98BE-9BD36E38E564} | C:\Windows\{902AA2BB-3774-4f1e-A002-1591C8266969}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{582093A3-ED38-4802-98BE-9BD36E38E564}\stubpath = "C:\\Windows\\{582093A3-ED38-4802-98BE-9BD36E38E564}.exe" | C:\Windows\{902AA2BB-3774-4f1e-A002-1591C8266969}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0AF1CBAD-A25C-43b9-86C5-1ED5682184A8} | C:\Windows\{582093A3-ED38-4802-98BE-9BD36E38E564}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A2295CA9-35D5-4a5e-97D2-71D8AC3EA54C}\stubpath = "C:\\Windows\\{A2295CA9-35D5-4a5e-97D2-71D8AC3EA54C}.exe" | C:\Windows\{548D2A58-2777-4aee-8D81-6656009C40B0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D0805CE4-B146-49b0-82BD-44D9E3444EAB}\stubpath = "C:\\Windows\\{D0805CE4-B146-49b0-82BD-44D9E3444EAB}.exe" | C:\Windows\{DCC261A4-B43A-4615-A7B3-805B07F6E4C0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AEA53100-C6F9-49ce-AEF0-6E1FFC5013D9} | C:\Windows\{D0805CE4-B146-49b0-82BD-44D9E3444EAB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AEA53100-C6F9-49ce-AEF0-6E1FFC5013D9}\stubpath = "C:\\Windows\\{AEA53100-C6F9-49ce-AEF0-6E1FFC5013D9}.exe" | C:\Windows\{D0805CE4-B146-49b0-82BD-44D9E3444EAB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{902AA2BB-3774-4f1e-A002-1591C8266969}\stubpath = "C:\\Windows\\{902AA2BB-3774-4f1e-A002-1591C8266969}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_37f14fbc75ba06a427b0a6e6bbffa3d1_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{56BDC5DE-66AF-401b-88C0-5AEA219A3D88} | C:\Windows\{0AF1CBAD-A25C-43b9-86C5-1ED5682184A8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2B2A3036-98A1-4f7d-9186-7339DAA62DE9}\stubpath = "C:\\Windows\\{2B2A3036-98A1-4f7d-9186-7339DAA62DE9}.exe" | C:\Windows\{2A21B419-79AF-4538-B643-83E7C65C1CB5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{902AA2BB-3774-4f1e-A002-1591C8266969} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_37f14fbc75ba06a427b0a6e6bbffa3d1_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{548D2A58-2777-4aee-8D81-6656009C40B0} | C:\Windows\{56BDC5DE-66AF-401b-88C0-5AEA219A3D88}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{548D2A58-2777-4aee-8D81-6656009C40B0}\stubpath = "C:\\Windows\\{548D2A58-2777-4aee-8D81-6656009C40B0}.exe" | C:\Windows\{56BDC5DE-66AF-401b-88C0-5AEA219A3D88}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1CEA97D4-2644-4964-A3AC-75EF54C8E72A}\stubpath = "C:\\Windows\\{1CEA97D4-2644-4964-A3AC-75EF54C8E72A}.exe" | C:\Windows\{A2295CA9-35D5-4a5e-97D2-71D8AC3EA54C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DCC261A4-B43A-4615-A7B3-805B07F6E4C0}\stubpath = "C:\\Windows\\{DCC261A4-B43A-4615-A7B3-805B07F6E4C0}.exe" | C:\Windows\{1CEA97D4-2644-4964-A3AC-75EF54C8E72A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2B2A3036-98A1-4f7d-9186-7339DAA62DE9} | C:\Windows\{2A21B419-79AF-4538-B643-83E7C65C1CB5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{56BDC5DE-66AF-401b-88C0-5AEA219A3D88}\stubpath = "C:\\Windows\\{56BDC5DE-66AF-401b-88C0-5AEA219A3D88}.exe" | C:\Windows\{0AF1CBAD-A25C-43b9-86C5-1ED5682184A8}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{902AA2BB-3774-4f1e-A002-1591C8266969}.exe | N/A |
| N/A | N/A | C:\Windows\{582093A3-ED38-4802-98BE-9BD36E38E564}.exe | N/A |
| N/A | N/A | C:\Windows\{0AF1CBAD-A25C-43b9-86C5-1ED5682184A8}.exe | N/A |
| N/A | N/A | C:\Windows\{56BDC5DE-66AF-401b-88C0-5AEA219A3D88}.exe | N/A |
| N/A | N/A | C:\Windows\{548D2A58-2777-4aee-8D81-6656009C40B0}.exe | N/A |
| N/A | N/A | C:\Windows\{A2295CA9-35D5-4a5e-97D2-71D8AC3EA54C}.exe | N/A |
| N/A | N/A | C:\Windows\{1CEA97D4-2644-4964-A3AC-75EF54C8E72A}.exe | N/A |
| N/A | N/A | C:\Windows\{DCC261A4-B43A-4615-A7B3-805B07F6E4C0}.exe | N/A |
| N/A | N/A | C:\Windows\{D0805CE4-B146-49b0-82BD-44D9E3444EAB}.exe | N/A |
| N/A | N/A | C:\Windows\{AEA53100-C6F9-49ce-AEF0-6E1FFC5013D9}.exe | N/A |
| N/A | N/A | C:\Windows\{2A21B419-79AF-4538-B643-83E7C65C1CB5}.exe | N/A |
| N/A | N/A | C:\Windows\{2B2A3036-98A1-4f7d-9186-7339DAA62DE9}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{582093A3-ED38-4802-98BE-9BD36E38E564}.exe | C:\Windows\{902AA2BB-3774-4f1e-A002-1591C8266969}.exe | N/A |
| File created | C:\Windows\{DCC261A4-B43A-4615-A7B3-805B07F6E4C0}.exe | C:\Windows\{1CEA97D4-2644-4964-A3AC-75EF54C8E72A}.exe | N/A |
| File created | C:\Windows\{D0805CE4-B146-49b0-82BD-44D9E3444EAB}.exe | C:\Windows\{DCC261A4-B43A-4615-A7B3-805B07F6E4C0}.exe | N/A |
| File created | C:\Windows\{AEA53100-C6F9-49ce-AEF0-6E1FFC5013D9}.exe | C:\Windows\{D0805CE4-B146-49b0-82BD-44D9E3444EAB}.exe | N/A |
| File created | C:\Windows\{902AA2BB-3774-4f1e-A002-1591C8266969}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_37f14fbc75ba06a427b0a6e6bbffa3d1_goldeneye.exe | N/A |
| File created | C:\Windows\{0AF1CBAD-A25C-43b9-86C5-1ED5682184A8}.exe | C:\Windows\{582093A3-ED38-4802-98BE-9BD36E38E564}.exe | N/A |
| File created | C:\Windows\{56BDC5DE-66AF-401b-88C0-5AEA219A3D88}.exe | C:\Windows\{0AF1CBAD-A25C-43b9-86C5-1ED5682184A8}.exe | N/A |
| File created | C:\Windows\{548D2A58-2777-4aee-8D81-6656009C40B0}.exe | C:\Windows\{56BDC5DE-66AF-401b-88C0-5AEA219A3D88}.exe | N/A |
| File created | C:\Windows\{A2295CA9-35D5-4a5e-97D2-71D8AC3EA54C}.exe | C:\Windows\{548D2A58-2777-4aee-8D81-6656009C40B0}.exe | N/A |
| File created | C:\Windows\{1CEA97D4-2644-4964-A3AC-75EF54C8E72A}.exe | C:\Windows\{A2295CA9-35D5-4a5e-97D2-71D8AC3EA54C}.exe | N/A |
| File created | C:\Windows\{2A21B419-79AF-4538-B643-83E7C65C1CB5}.exe | C:\Windows\{AEA53100-C6F9-49ce-AEF0-6E1FFC5013D9}.exe | N/A |
| File created | C:\Windows\{2B2A3036-98A1-4f7d-9186-7339DAA62DE9}.exe | C:\Windows\{2A21B419-79AF-4538-B643-83E7C65C1CB5}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_37f14fbc75ba06a427b0a6e6bbffa3d1_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_37f14fbc75ba06a427b0a6e6bbffa3d1_goldeneye.exe"
C:\Windows\{902AA2BB-3774-4f1e-A002-1591C8266969}.exe
C:\Windows\{902AA2BB-3774-4f1e-A002-1591C8266969}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{582093A3-ED38-4802-98BE-9BD36E38E564}.exe
C:\Windows\{582093A3-ED38-4802-98BE-9BD36E38E564}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{902AA~1.EXE > nul
C:\Windows\{0AF1CBAD-A25C-43b9-86C5-1ED5682184A8}.exe
C:\Windows\{0AF1CBAD-A25C-43b9-86C5-1ED5682184A8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{58209~1.EXE > nul
C:\Windows\{56BDC5DE-66AF-401b-88C0-5AEA219A3D88}.exe
C:\Windows\{56BDC5DE-66AF-401b-88C0-5AEA219A3D88}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0AF1C~1.EXE > nul
C:\Windows\{548D2A58-2777-4aee-8D81-6656009C40B0}.exe
C:\Windows\{548D2A58-2777-4aee-8D81-6656009C40B0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{56BDC~1.EXE > nul
C:\Windows\{A2295CA9-35D5-4a5e-97D2-71D8AC3EA54C}.exe
C:\Windows\{A2295CA9-35D5-4a5e-97D2-71D8AC3EA54C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{548D2~1.EXE > nul
C:\Windows\{1CEA97D4-2644-4964-A3AC-75EF54C8E72A}.exe
C:\Windows\{1CEA97D4-2644-4964-A3AC-75EF54C8E72A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A2295~1.EXE > nul
C:\Windows\{DCC261A4-B43A-4615-A7B3-805B07F6E4C0}.exe
C:\Windows\{DCC261A4-B43A-4615-A7B3-805B07F6E4C0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1CEA9~1.EXE > nul
C:\Windows\{D0805CE4-B146-49b0-82BD-44D9E3444EAB}.exe
C:\Windows\{D0805CE4-B146-49b0-82BD-44D9E3444EAB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{DCC26~1.EXE > nul
C:\Windows\{AEA53100-C6F9-49ce-AEF0-6E1FFC5013D9}.exe
C:\Windows\{AEA53100-C6F9-49ce-AEF0-6E1FFC5013D9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D0805~1.EXE > nul
C:\Windows\{2A21B419-79AF-4538-B643-83E7C65C1CB5}.exe
C:\Windows\{2A21B419-79AF-4538-B643-83E7C65C1CB5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{AEA53~1.EXE > nul
C:\Windows\{2B2A3036-98A1-4f7d-9186-7339DAA62DE9}.exe
C:\Windows\{2B2A3036-98A1-4f7d-9186-7339DAA62DE9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2A21B~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.189.79.40.in-addr.arpa | udp |
Files
C:\Windows\{902AA2BB-3774-4f1e-A002-1591C8266969}.exe
| MD5 | 16a7b73d2c73fd08215e90727d29d38e |
| SHA1 | e63c99a592bf630e5df938ccd009b66dfb44d589 |
| SHA256 | b5ddc3dc92e6da2f370c8ffa00b049f12900edba3bce7379974ebe480553022f |
| SHA512 | 1dcf6fbe05ea1ab0574475282a751af96bcf7231c9240fcbc8760563c8804c783d09500fe738e27900e8be4a840f747ae1e034fe3f1c2984f0c930273ba11f4b |
C:\Windows\{582093A3-ED38-4802-98BE-9BD36E38E564}.exe
| MD5 | 32ac4ec35baf5cfa3a5900c79d00a036 |
| SHA1 | 73a4465a66ee096e05ac60ebd0240a2628b8aec1 |
| SHA256 | ce7953372321a2c164c65647b1f5ad6787f7ffac883bd3e767f29567bd7a94ba |
| SHA512 | 9f7e3fd0adb6dd8870c9c0289413e65eb34b1afe35870d5a2b44ea6ffba06611e7440eece48ecd0157b7aa558c3c889c8a63c0cc4bd3a9b2e2e9567328916284 |
C:\Windows\{0AF1CBAD-A25C-43b9-86C5-1ED5682184A8}.exe
| MD5 | 2640e945f1ab332267dc03dd264bbf5b |
| SHA1 | d8e8e2b9094208a008653800a7aa8893f2eba5c7 |
| SHA256 | f106f77dbdba2b91f65152cdfa083dc713e547fc1b7ca0f1ba6b64bf79a698af |
| SHA512 | 5713ffc950005feef210b1e9d6091456502dd530d03973b30cb384e76bc5d37aa0551adfed33275c87e692ef4e380962f36477e83a43d9f361ccff40c730b237 |
C:\Windows\{56BDC5DE-66AF-401b-88C0-5AEA219A3D88}.exe
| MD5 | ded34ab414e98684a678de6aa638cd84 |
| SHA1 | 28cbe97c92f43a4bbdfc90bba35fe4a4b2c89a34 |
| SHA256 | 844c133a9db791837bd96a87fb909aafb1f0288df88cae983592cbdfd72854cf |
| SHA512 | 4e7ebdc1fcfbb6b56fe066d36d4bb653c4ca31a2303e53e3b8a69cfb70793e9f943dc8536e06c0301192c45ab367607562b34633274ce9a02afd52bd7fc0cc9c |
C:\Windows\{548D2A58-2777-4aee-8D81-6656009C40B0}.exe
| MD5 | da40be5853bc60ad215406d5cd94fd3b |
| SHA1 | 0d35259c7f7c90e4b85eed4f3b2808318792b5e2 |
| SHA256 | e22a5f5e0c6fa9d72dcb958ca855683359a4146586e5720e99d985469fb7497c |
| SHA512 | 7dba0e477ae44ef13894de78f54c9e987eb0d17746e3b1ffaa196f0c146a7e48f71b3c417b107690d952095dfa5415bbd0ec981fcd9d346806a1139367a83796 |
C:\Windows\{A2295CA9-35D5-4a5e-97D2-71D8AC3EA54C}.exe
| MD5 | 235e803a92d9a27b636e61f08e0bdb3d |
| SHA1 | 1541bece82604eddc1a7f4bd8a7a65e014ae3d13 |
| SHA256 | 91e42240aff224ae114426cb7cdfa0dd167f345503e52419ae5ddbc637f2512c |
| SHA512 | f873851a88ea3fc71ad2d46bf40cc5ac3b5749fe6fe44cfd3bd129814a2029d299bc35ddebc72742692d00ff357f400aa70625b76bdcb5d93e93e63033d9ae92 |
C:\Windows\{1CEA97D4-2644-4964-A3AC-75EF54C8E72A}.exe
| MD5 | 48b93c069cb8b65de95e7bfc7c8bfd45 |
| SHA1 | 72d5c048d1cb2b9bf61dbf9fc897e44012d38739 |
| SHA256 | 9b00215f4d5a1aa13118680d076bcc687dd5cb15ac9d09c28f3166c35a9f41eb |
| SHA512 | 6b612b7ae8da146e57985233b4e2958d4707324cc78019cfa69b07ab09b110eb0a98208e658fd4c73566ad47f0d5aaea99f7567d35c600d4e39116010d0c7d82 |
C:\Windows\{DCC261A4-B43A-4615-A7B3-805B07F6E4C0}.exe
| MD5 | 814b4b91ecdb0b335975a70ba7e7cc7e |
| SHA1 | 35c99d1226a74711ecf85c529e071a9001ae5624 |
| SHA256 | 090554f10ae2b8bb34f0f3a5bfe2067cefbe83c74ce4b40341e41cc4f39a080c |
| SHA512 | 6287f56b9e9b8b9608d02d54ddf23061c834d10b5cece2577d4e474a019ff22abedc1c7c6fb0b20a947a311ee5fd7266225a0c6e861d544e2ff67c2b38841eb4 |
C:\Windows\{D0805CE4-B146-49b0-82BD-44D9E3444EAB}.exe
| MD5 | 460bf4434d28eb429bdb61ff2ea043d5 |
| SHA1 | 5e8c26fdda90c6968bbbb619b7ccef3c1c71db3e |
| SHA256 | 62769621c703e1144f8f6bc63d77afcafc0d27280a1e527f834245bb30f6ac3d |
| SHA512 | 1aa74921404cffbbdd700d5a3feeb2b63a8d07438af14c134bf6f7cabcefa541a10006092adf7d8d2fbe52ec18b2678f3f4332f10ead349935044739ad5450ce |
C:\Windows\{AEA53100-C6F9-49ce-AEF0-6E1FFC5013D9}.exe
| MD5 | 15cb0337e01710db1c895fa861c5111b |
| SHA1 | f1c4e0e8996f9aa89c85283a14f3c2e8543c814f |
| SHA256 | 61dcf5f83c78f60cfe1601a3f628f3547d88b7735f40959fa6ff2524021d2ad5 |
| SHA512 | 40c47650ebadba4f21616e37f954a9989a9c6bdd3041ed484ff8ff6762762b810f998bd3e8cf59bcb02bf22abfacdf635ee66f522435c947a83e36887b80786b |
C:\Windows\{2A21B419-79AF-4538-B643-83E7C65C1CB5}.exe
| MD5 | a8e7e63dd2e7cdb3337d8818ad61f465 |
| SHA1 | 09c232a7ebbaf4a7f93835d4aacc47413746f6e3 |
| SHA256 | a7292be80d9a57a60ef55905f9be44f5ba0d9ddabd26276b69f5f10f1039bbf6 |
| SHA512 | 279fdaef1093854e80bedb4310555257f6a4c78d5f99b155d35342a32ea13f9b21056608aa68f9dc12778fc23789f45c8ab058cd5ae0a0809096a42d72887554 |
C:\Windows\{2B2A3036-98A1-4f7d-9186-7339DAA62DE9}.exe
| MD5 | a8f266f091a11853ec78930e1eb125f9 |
| SHA1 | 9f9a34165c568e53ecfa9039edf8d92a04b11cff |
| SHA256 | 5d22c6265992fda014ebb3532a90c972bf2f14e94b145820d3caf3bfa32d8bad |
| SHA512 | 96ff3c659d6beb82f5632b2992f0adb086230788be679a5cb42a6a978527d59e5250f73ac5349ea2ed9ab91e2fde7100fc8bb6403a5611140ef56ee6c26e5a98 |