Analysis Overview
SHA256
9235dafa5d7eeef3a72e666e239a5c6951f1fe1815be71898d8e6e1aba87e15b
Threat Level: Known bad
The file 2024-04-04_63674177d321bd82d8149f48e69fd53a_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-04 13:37
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-04 13:37
Reported
2024-04-04 13:40
Platform
win7-20231129-en
Max time kernel
144s
Max time network
120s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F682B477-5F40-4e5a-87DD-95E0AFCD0E28}\stubpath = "C:\\Windows\\{F682B477-5F40-4e5a-87DD-95E0AFCD0E28}.exe" | C:\Windows\{9DF3038B-1E0F-4c18-AEB7-7271AA6F39C9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EC54689C-C80C-4a22-9ACE-AFCA466F3050}\stubpath = "C:\\Windows\\{EC54689C-C80C-4a22-9ACE-AFCA466F3050}.exe" | C:\Windows\{F682B477-5F40-4e5a-87DD-95E0AFCD0E28}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C77A1454-F23A-4dc2-A284-7D800C7B708C}\stubpath = "C:\\Windows\\{C77A1454-F23A-4dc2-A284-7D800C7B708C}.exe" | C:\Windows\{99C5292B-5F47-44e4-BAB2-F196AD5BF7C2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{213237EF-16EA-4f8e-B83E-CDDF85EE4139} | C:\Windows\{C77A1454-F23A-4dc2-A284-7D800C7B708C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAF96995-C120-43da-9B5F-A1398B1DCF9E}\stubpath = "C:\\Windows\\{CAF96995-C120-43da-9B5F-A1398B1DCF9E}.exe" | C:\Windows\{97BA95AD-07DD-4b72-8192-81D57F4EDD92}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{931C1CFE-D7D0-4efd-BAB5-3CB853A31BE5}\stubpath = "C:\\Windows\\{931C1CFE-D7D0-4efd-BAB5-3CB853A31BE5}.exe" | C:\Windows\{6958DF70-2E70-47fb-B333-8654538B68C7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{97BA95AD-07DD-4b72-8192-81D57F4EDD92} | C:\Windows\{931C1CFE-D7D0-4efd-BAB5-3CB853A31BE5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EEC619BF-6069-4dfb-AFF9-703CB71AD46D} | C:\Windows\{EC54689C-C80C-4a22-9ACE-AFCA466F3050}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{99C5292B-5F47-44e4-BAB2-F196AD5BF7C2}\stubpath = "C:\\Windows\\{99C5292B-5F47-44e4-BAB2-F196AD5BF7C2}.exe" | C:\Windows\{EEC619BF-6069-4dfb-AFF9-703CB71AD46D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C77A1454-F23A-4dc2-A284-7D800C7B708C} | C:\Windows\{99C5292B-5F47-44e4-BAB2-F196AD5BF7C2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6958DF70-2E70-47fb-B333-8654538B68C7} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_63674177d321bd82d8149f48e69fd53a_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAF96995-C120-43da-9B5F-A1398B1DCF9E} | C:\Windows\{97BA95AD-07DD-4b72-8192-81D57F4EDD92}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9DF3038B-1E0F-4c18-AEB7-7271AA6F39C9} | C:\Windows\{CAF96995-C120-43da-9B5F-A1398B1DCF9E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F682B477-5F40-4e5a-87DD-95E0AFCD0E28} | C:\Windows\{9DF3038B-1E0F-4c18-AEB7-7271AA6F39C9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EEC619BF-6069-4dfb-AFF9-703CB71AD46D}\stubpath = "C:\\Windows\\{EEC619BF-6069-4dfb-AFF9-703CB71AD46D}.exe" | C:\Windows\{EC54689C-C80C-4a22-9ACE-AFCA466F3050}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{99C5292B-5F47-44e4-BAB2-F196AD5BF7C2} | C:\Windows\{EEC619BF-6069-4dfb-AFF9-703CB71AD46D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{931C1CFE-D7D0-4efd-BAB5-3CB853A31BE5} | C:\Windows\{6958DF70-2E70-47fb-B333-8654538B68C7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{97BA95AD-07DD-4b72-8192-81D57F4EDD92}\stubpath = "C:\\Windows\\{97BA95AD-07DD-4b72-8192-81D57F4EDD92}.exe" | C:\Windows\{931C1CFE-D7D0-4efd-BAB5-3CB853A31BE5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9DF3038B-1E0F-4c18-AEB7-7271AA6F39C9}\stubpath = "C:\\Windows\\{9DF3038B-1E0F-4c18-AEB7-7271AA6F39C9}.exe" | C:\Windows\{CAF96995-C120-43da-9B5F-A1398B1DCF9E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EC54689C-C80C-4a22-9ACE-AFCA466F3050} | C:\Windows\{F682B477-5F40-4e5a-87DD-95E0AFCD0E28}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{213237EF-16EA-4f8e-B83E-CDDF85EE4139}\stubpath = "C:\\Windows\\{213237EF-16EA-4f8e-B83E-CDDF85EE4139}.exe" | C:\Windows\{C77A1454-F23A-4dc2-A284-7D800C7B708C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6958DF70-2E70-47fb-B333-8654538B68C7}\stubpath = "C:\\Windows\\{6958DF70-2E70-47fb-B333-8654538B68C7}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_63674177d321bd82d8149f48e69fd53a_goldeneye.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{6958DF70-2E70-47fb-B333-8654538B68C7}.exe | N/A |
| N/A | N/A | C:\Windows\{931C1CFE-D7D0-4efd-BAB5-3CB853A31BE5}.exe | N/A |
| N/A | N/A | C:\Windows\{97BA95AD-07DD-4b72-8192-81D57F4EDD92}.exe | N/A |
| N/A | N/A | C:\Windows\{CAF96995-C120-43da-9B5F-A1398B1DCF9E}.exe | N/A |
| N/A | N/A | C:\Windows\{9DF3038B-1E0F-4c18-AEB7-7271AA6F39C9}.exe | N/A |
| N/A | N/A | C:\Windows\{F682B477-5F40-4e5a-87DD-95E0AFCD0E28}.exe | N/A |
| N/A | N/A | C:\Windows\{EC54689C-C80C-4a22-9ACE-AFCA466F3050}.exe | N/A |
| N/A | N/A | C:\Windows\{EEC619BF-6069-4dfb-AFF9-703CB71AD46D}.exe | N/A |
| N/A | N/A | C:\Windows\{99C5292B-5F47-44e4-BAB2-F196AD5BF7C2}.exe | N/A |
| N/A | N/A | C:\Windows\{C77A1454-F23A-4dc2-A284-7D800C7B708C}.exe | N/A |
| N/A | N/A | C:\Windows\{213237EF-16EA-4f8e-B83E-CDDF85EE4139}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{EEC619BF-6069-4dfb-AFF9-703CB71AD46D}.exe | C:\Windows\{EC54689C-C80C-4a22-9ACE-AFCA466F3050}.exe | N/A |
| File created | C:\Windows\{99C5292B-5F47-44e4-BAB2-F196AD5BF7C2}.exe | C:\Windows\{EEC619BF-6069-4dfb-AFF9-703CB71AD46D}.exe | N/A |
| File created | C:\Windows\{C77A1454-F23A-4dc2-A284-7D800C7B708C}.exe | C:\Windows\{99C5292B-5F47-44e4-BAB2-F196AD5BF7C2}.exe | N/A |
| File created | C:\Windows\{931C1CFE-D7D0-4efd-BAB5-3CB853A31BE5}.exe | C:\Windows\{6958DF70-2E70-47fb-B333-8654538B68C7}.exe | N/A |
| File created | C:\Windows\{F682B477-5F40-4e5a-87DD-95E0AFCD0E28}.exe | C:\Windows\{9DF3038B-1E0F-4c18-AEB7-7271AA6F39C9}.exe | N/A |
| File created | C:\Windows\{EC54689C-C80C-4a22-9ACE-AFCA466F3050}.exe | C:\Windows\{F682B477-5F40-4e5a-87DD-95E0AFCD0E28}.exe | N/A |
| File created | C:\Windows\{9DF3038B-1E0F-4c18-AEB7-7271AA6F39C9}.exe | C:\Windows\{CAF96995-C120-43da-9B5F-A1398B1DCF9E}.exe | N/A |
| File created | C:\Windows\{213237EF-16EA-4f8e-B83E-CDDF85EE4139}.exe | C:\Windows\{C77A1454-F23A-4dc2-A284-7D800C7B708C}.exe | N/A |
| File created | C:\Windows\{6958DF70-2E70-47fb-B333-8654538B68C7}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_63674177d321bd82d8149f48e69fd53a_goldeneye.exe | N/A |
| File created | C:\Windows\{97BA95AD-07DD-4b72-8192-81D57F4EDD92}.exe | C:\Windows\{931C1CFE-D7D0-4efd-BAB5-3CB853A31BE5}.exe | N/A |
| File created | C:\Windows\{CAF96995-C120-43da-9B5F-A1398B1DCF9E}.exe | C:\Windows\{97BA95AD-07DD-4b72-8192-81D57F4EDD92}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_63674177d321bd82d8149f48e69fd53a_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_63674177d321bd82d8149f48e69fd53a_goldeneye.exe"
C:\Windows\{6958DF70-2E70-47fb-B333-8654538B68C7}.exe
C:\Windows\{6958DF70-2E70-47fb-B333-8654538B68C7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{931C1CFE-D7D0-4efd-BAB5-3CB853A31BE5}.exe
C:\Windows\{931C1CFE-D7D0-4efd-BAB5-3CB853A31BE5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6958D~1.EXE > nul
C:\Windows\{97BA95AD-07DD-4b72-8192-81D57F4EDD92}.exe
C:\Windows\{97BA95AD-07DD-4b72-8192-81D57F4EDD92}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{931C1~1.EXE > nul
C:\Windows\{CAF96995-C120-43da-9B5F-A1398B1DCF9E}.exe
C:\Windows\{CAF96995-C120-43da-9B5F-A1398B1DCF9E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{97BA9~1.EXE > nul
C:\Windows\{9DF3038B-1E0F-4c18-AEB7-7271AA6F39C9}.exe
C:\Windows\{9DF3038B-1E0F-4c18-AEB7-7271AA6F39C9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CAF96~1.EXE > nul
C:\Windows\{F682B477-5F40-4e5a-87DD-95E0AFCD0E28}.exe
C:\Windows\{F682B477-5F40-4e5a-87DD-95E0AFCD0E28}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9DF30~1.EXE > nul
C:\Windows\{EC54689C-C80C-4a22-9ACE-AFCA466F3050}.exe
C:\Windows\{EC54689C-C80C-4a22-9ACE-AFCA466F3050}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F682B~1.EXE > nul
C:\Windows\{EEC619BF-6069-4dfb-AFF9-703CB71AD46D}.exe
C:\Windows\{EEC619BF-6069-4dfb-AFF9-703CB71AD46D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EC546~1.EXE > nul
C:\Windows\{99C5292B-5F47-44e4-BAB2-F196AD5BF7C2}.exe
C:\Windows\{99C5292B-5F47-44e4-BAB2-F196AD5BF7C2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EEC61~1.EXE > nul
C:\Windows\{C77A1454-F23A-4dc2-A284-7D800C7B708C}.exe
C:\Windows\{C77A1454-F23A-4dc2-A284-7D800C7B708C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{99C52~1.EXE > nul
C:\Windows\{213237EF-16EA-4f8e-B83E-CDDF85EE4139}.exe
C:\Windows\{213237EF-16EA-4f8e-B83E-CDDF85EE4139}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C77A1~1.EXE > nul
Network
Files
C:\Windows\{6958DF70-2E70-47fb-B333-8654538B68C7}.exe
| MD5 | ac1dbb4a6bc9fbf6357a9e9037d745bc |
| SHA1 | 35b31836d22f9b7c9add2589594e08339bda5e31 |
| SHA256 | 10e77337af218aee20dbe7b9edf37850df85d975fa07df0d5a81dc263d415384 |
| SHA512 | a0d4bd35f6f98590e78d546bca87c1bc2705d81c2fc6290bb1917e49cdad77b3473c484a380bb857f2e250de78ee5f25833db9649c5a605d3728695c7e3ab456 |
C:\Windows\{931C1CFE-D7D0-4efd-BAB5-3CB853A31BE5}.exe
| MD5 | 9c2f2f509f99f1c65ab5a6acb39577be |
| SHA1 | cc7b02403c6b64c5df1db5ec953d1f31ca2d92ac |
| SHA256 | df67aa8384d4a989519ad37a8db51bacfeb9c508bab62ab757606c68622ca043 |
| SHA512 | 3f538ecfce67675f4691a8bd6499927aff0e30e034d60fe6d9ac17192d5d59083c7f596babb32382ef610502b8d6cb44a2cbb5327359b4e14cbc5b2b9da77721 |
C:\Windows\{97BA95AD-07DD-4b72-8192-81D57F4EDD92}.exe
| MD5 | 48e9864c0274f38911f85897ece73dc7 |
| SHA1 | dca3299dbc9b90d970bb643533728074ddd34adf |
| SHA256 | 29995756ea34e4c7e95ca305a43e7ef7a657b0388b8a8accc5f85ced5305d2de |
| SHA512 | 54f681b97f9d7c240f4c059ef23a0fcf5088e3b2e776cf2abf8443f6d238f195a6afe35aac1af81b5d76055024f2a235258ee290890e7776fade1ebd2de78b0e |
C:\Windows\{CAF96995-C120-43da-9B5F-A1398B1DCF9E}.exe
| MD5 | 1a3463c86dc47b8e3b7a08415f17ba8f |
| SHA1 | cf522569ee19b9cbd01073c7f69b5eb401e68f7b |
| SHA256 | 92ecb194a1b6b69cd33b9df3550d01893c537f44b5b98cdd1692ec5d991760b6 |
| SHA512 | 7df35cdf3e7f7f689825fb459bf6b5180658d7caed0fc1c6dea580910047a35c31c451dfcc41d21c7bcfcb7b55b2dbb5196a18e168d9d7f57bb1bff9656d173a |
C:\Windows\{9DF3038B-1E0F-4c18-AEB7-7271AA6F39C9}.exe
| MD5 | 46659071465ad25003ca428108e8a1aa |
| SHA1 | e72089fd87126428f42a5c35a20803d5c6878fd4 |
| SHA256 | a9b88315fb44db2caf71a19558a307b6ef2a1fe7164a009b548c9bcdbddd0d9f |
| SHA512 | 4728873cd520fcf475fae94162e229422e81ba99c7c759e7b81094d28a5469ada238db78bda44eba01d1fc3eecb9fd4159f294e1ac210cd0b9f9952a1e7aa129 |
C:\Windows\{F682B477-5F40-4e5a-87DD-95E0AFCD0E28}.exe
| MD5 | 9d65985176fa7c7a73849b2dca00282a |
| SHA1 | 73e6a7e78e518dfc462a532f19fc330587f922a8 |
| SHA256 | c81c59e91a1a43222377f0c2d58df56574e60aef7358ab4f68d3f24be9ac840f |
| SHA512 | 985aeb80a929b783f9cf9de9a0bf2cc64e92b828ae14dc692060f2666f0e34204748f80fadac860171dcb14b0b7cf475f9fbc86c54751c41aca40b2759a45b74 |
C:\Windows\{EC54689C-C80C-4a22-9ACE-AFCA466F3050}.exe
| MD5 | b4a68855b2466caf6f589a8fd78fbe43 |
| SHA1 | 58dca2683abbfd5be7c85137af0ef95f35e83cdb |
| SHA256 | 49e7fb2b3e71ec31b6ab8a717375ec5fe4b7a9ca42b21dabfd80e4fd9c9ea1c3 |
| SHA512 | e8f1b33aec5c6fd9e16f14ee78bb899e6e4f8bbff207a8a6e412c474f202b3ac592070022239876b4b04ce8cd6e99db4320335a4bdc42c7ea123c4ccaa4c6c6b |
C:\Windows\{EEC619BF-6069-4dfb-AFF9-703CB71AD46D}.exe
| MD5 | ca0c0aaaa15bec83be9205e867c0dfd3 |
| SHA1 | 4f0545343a507f12c2427c0c67b0de4e04852b6a |
| SHA256 | 35dc19832fef9ddde93b696d8fbc4376ca428d536270b2343e778766d17ceefd |
| SHA512 | cfa984fc847ffea01d2c79b96a3cb8540bd5ba7efb11af33adfbc3176da38c2ec5e1745af62109e11b26b9ca3f4037a82136474825b5e2552e8b6feb66f1d2a8 |
C:\Windows\{99C5292B-5F47-44e4-BAB2-F196AD5BF7C2}.exe
| MD5 | 1a134122948bc0a143d270d9385b9991 |
| SHA1 | 86b3eb9eb7270719590583081f59e98df1c20270 |
| SHA256 | 78f71561a34333a3e5ffd68f081a240d2b372412f7bcac8c73d00596960a083a |
| SHA512 | cc7f9f3a6722ca178e0afea37d43d34dc9259502dea893651d499a5d42259b20cab07481c42313676f0bba1aa7a7fe5e007bbcd35021a788d8f0fd1f5c581896 |
C:\Windows\{C77A1454-F23A-4dc2-A284-7D800C7B708C}.exe
| MD5 | 3c5bc08e41d16bff58112fda5ac89c2a |
| SHA1 | b96a7f49223af9d81b94ffda515223deaa1bb6ae |
| SHA256 | 42c7345af68ad97ecf77420032c835b954ce146c857bc81d5455701f004844d3 |
| SHA512 | 761002131c0be192c331c9ba49f336268e9ad12ff56a92f0cf236874387ee60ad19be6542be88f4f34b22d23384676fcff88327f595b82a0d9611f4275cbf1a1 |
C:\Windows\{213237EF-16EA-4f8e-B83E-CDDF85EE4139}.exe
| MD5 | 077f99d63f0d55e0023f83dbb5d19fc7 |
| SHA1 | 28a7c1d934b78bd587f7fff48b93384b63c76519 |
| SHA256 | 5fd0624c7be6c38fbeadcdf4c4839f41d1c3771956d17eecb6f7a7c59541c222 |
| SHA512 | a305189b72c63560cc96d085dd4af7af63803e97e004fd322123800fe90ca8d8f4c5809caeb363920be71ba26df5c6c70d1304c64892b2db43b9e62a2cafeb3b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-04 13:37
Reported
2024-04-04 13:40
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
127s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A9FFED92-301C-48d4-B6B6-1B0BB2335FAC} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_63674177d321bd82d8149f48e69fd53a_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{49C48CEE-A853-4c9e-8DCF-F016D15D3A1C} | C:\Windows\{A9FFED92-301C-48d4-B6B6-1B0BB2335FAC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C6F85873-4E8C-4d26-B2CD-75526F5E50DA}\stubpath = "C:\\Windows\\{C6F85873-4E8C-4d26-B2CD-75526F5E50DA}.exe" | C:\Windows\{49C48CEE-A853-4c9e-8DCF-F016D15D3A1C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CFEEA11D-39D9-4441-B980-B7CBD9047A3F} | C:\Windows\{38BCAD47-C4BB-4d69-8FFB-F214A52D512D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E2CEC314-6E5D-4b12-8B61-8165BB8DB89C} | C:\Windows\{CFEEA11D-39D9-4441-B980-B7CBD9047A3F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E97B0985-0F06-4b52-992B-F31C88FB01B7}\stubpath = "C:\\Windows\\{E97B0985-0F06-4b52-992B-F31C88FB01B7}.exe" | C:\Windows\{E2CEC314-6E5D-4b12-8B61-8165BB8DB89C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{46D3F62D-3199-460e-9EEB-D130135ABDF1} | C:\Windows\{E97B0985-0F06-4b52-992B-F31C88FB01B7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{18CB1547-B572-45f8-9406-159F82C674BF} | C:\Windows\{3EA9E892-03F8-4e26-A4C5-F564798DACD9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B745DFA7-CC59-4f4e-8987-ABBDA38BE15B}\stubpath = "C:\\Windows\\{B745DFA7-CC59-4f4e-8987-ABBDA38BE15B}.exe" | C:\Windows\{18CB1547-B572-45f8-9406-159F82C674BF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{45D87DDD-EFFC-4ec0-96DA-B0A323A051F6} | C:\Windows\{C6F85873-4E8C-4d26-B2CD-75526F5E50DA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{38BCAD47-C4BB-4d69-8FFB-F214A52D512D} | C:\Windows\{45D87DDD-EFFC-4ec0-96DA-B0A323A051F6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{46D3F62D-3199-460e-9EEB-D130135ABDF1}\stubpath = "C:\\Windows\\{46D3F62D-3199-460e-9EEB-D130135ABDF1}.exe" | C:\Windows\{E97B0985-0F06-4b52-992B-F31C88FB01B7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3EA9E892-03F8-4e26-A4C5-F564798DACD9} | C:\Windows\{46D3F62D-3199-460e-9EEB-D130135ABDF1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3EA9E892-03F8-4e26-A4C5-F564798DACD9}\stubpath = "C:\\Windows\\{3EA9E892-03F8-4e26-A4C5-F564798DACD9}.exe" | C:\Windows\{46D3F62D-3199-460e-9EEB-D130135ABDF1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C6F85873-4E8C-4d26-B2CD-75526F5E50DA} | C:\Windows\{49C48CEE-A853-4c9e-8DCF-F016D15D3A1C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{45D87DDD-EFFC-4ec0-96DA-B0A323A051F6}\stubpath = "C:\\Windows\\{45D87DDD-EFFC-4ec0-96DA-B0A323A051F6}.exe" | C:\Windows\{C6F85873-4E8C-4d26-B2CD-75526F5E50DA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{38BCAD47-C4BB-4d69-8FFB-F214A52D512D}\stubpath = "C:\\Windows\\{38BCAD47-C4BB-4d69-8FFB-F214A52D512D}.exe" | C:\Windows\{45D87DDD-EFFC-4ec0-96DA-B0A323A051F6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CFEEA11D-39D9-4441-B980-B7CBD9047A3F}\stubpath = "C:\\Windows\\{CFEEA11D-39D9-4441-B980-B7CBD9047A3F}.exe" | C:\Windows\{38BCAD47-C4BB-4d69-8FFB-F214A52D512D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E2CEC314-6E5D-4b12-8B61-8165BB8DB89C}\stubpath = "C:\\Windows\\{E2CEC314-6E5D-4b12-8B61-8165BB8DB89C}.exe" | C:\Windows\{CFEEA11D-39D9-4441-B980-B7CBD9047A3F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E97B0985-0F06-4b52-992B-F31C88FB01B7} | C:\Windows\{E2CEC314-6E5D-4b12-8B61-8165BB8DB89C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{18CB1547-B572-45f8-9406-159F82C674BF}\stubpath = "C:\\Windows\\{18CB1547-B572-45f8-9406-159F82C674BF}.exe" | C:\Windows\{3EA9E892-03F8-4e26-A4C5-F564798DACD9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A9FFED92-301C-48d4-B6B6-1B0BB2335FAC}\stubpath = "C:\\Windows\\{A9FFED92-301C-48d4-B6B6-1B0BB2335FAC}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_63674177d321bd82d8149f48e69fd53a_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{49C48CEE-A853-4c9e-8DCF-F016D15D3A1C}\stubpath = "C:\\Windows\\{49C48CEE-A853-4c9e-8DCF-F016D15D3A1C}.exe" | C:\Windows\{A9FFED92-301C-48d4-B6B6-1B0BB2335FAC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B745DFA7-CC59-4f4e-8987-ABBDA38BE15B} | C:\Windows\{18CB1547-B572-45f8-9406-159F82C674BF}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{A9FFED92-301C-48d4-B6B6-1B0BB2335FAC}.exe | N/A |
| N/A | N/A | C:\Windows\{49C48CEE-A853-4c9e-8DCF-F016D15D3A1C}.exe | N/A |
| N/A | N/A | C:\Windows\{C6F85873-4E8C-4d26-B2CD-75526F5E50DA}.exe | N/A |
| N/A | N/A | C:\Windows\{45D87DDD-EFFC-4ec0-96DA-B0A323A051F6}.exe | N/A |
| N/A | N/A | C:\Windows\{38BCAD47-C4BB-4d69-8FFB-F214A52D512D}.exe | N/A |
| N/A | N/A | C:\Windows\{CFEEA11D-39D9-4441-B980-B7CBD9047A3F}.exe | N/A |
| N/A | N/A | C:\Windows\{E2CEC314-6E5D-4b12-8B61-8165BB8DB89C}.exe | N/A |
| N/A | N/A | C:\Windows\{E97B0985-0F06-4b52-992B-F31C88FB01B7}.exe | N/A |
| N/A | N/A | C:\Windows\{46D3F62D-3199-460e-9EEB-D130135ABDF1}.exe | N/A |
| N/A | N/A | C:\Windows\{3EA9E892-03F8-4e26-A4C5-F564798DACD9}.exe | N/A |
| N/A | N/A | C:\Windows\{18CB1547-B572-45f8-9406-159F82C674BF}.exe | N/A |
| N/A | N/A | C:\Windows\{B745DFA7-CC59-4f4e-8987-ABBDA38BE15B}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{CFEEA11D-39D9-4441-B980-B7CBD9047A3F}.exe | C:\Windows\{38BCAD47-C4BB-4d69-8FFB-F214A52D512D}.exe | N/A |
| File created | C:\Windows\{E97B0985-0F06-4b52-992B-F31C88FB01B7}.exe | C:\Windows\{E2CEC314-6E5D-4b12-8B61-8165BB8DB89C}.exe | N/A |
| File created | C:\Windows\{B745DFA7-CC59-4f4e-8987-ABBDA38BE15B}.exe | C:\Windows\{18CB1547-B572-45f8-9406-159F82C674BF}.exe | N/A |
| File created | C:\Windows\{A9FFED92-301C-48d4-B6B6-1B0BB2335FAC}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_63674177d321bd82d8149f48e69fd53a_goldeneye.exe | N/A |
| File created | C:\Windows\{49C48CEE-A853-4c9e-8DCF-F016D15D3A1C}.exe | C:\Windows\{A9FFED92-301C-48d4-B6B6-1B0BB2335FAC}.exe | N/A |
| File created | C:\Windows\{C6F85873-4E8C-4d26-B2CD-75526F5E50DA}.exe | C:\Windows\{49C48CEE-A853-4c9e-8DCF-F016D15D3A1C}.exe | N/A |
| File created | C:\Windows\{46D3F62D-3199-460e-9EEB-D130135ABDF1}.exe | C:\Windows\{E97B0985-0F06-4b52-992B-F31C88FB01B7}.exe | N/A |
| File created | C:\Windows\{3EA9E892-03F8-4e26-A4C5-F564798DACD9}.exe | C:\Windows\{46D3F62D-3199-460e-9EEB-D130135ABDF1}.exe | N/A |
| File created | C:\Windows\{18CB1547-B572-45f8-9406-159F82C674BF}.exe | C:\Windows\{3EA9E892-03F8-4e26-A4C5-F564798DACD9}.exe | N/A |
| File created | C:\Windows\{45D87DDD-EFFC-4ec0-96DA-B0A323A051F6}.exe | C:\Windows\{C6F85873-4E8C-4d26-B2CD-75526F5E50DA}.exe | N/A |
| File created | C:\Windows\{38BCAD47-C4BB-4d69-8FFB-F214A52D512D}.exe | C:\Windows\{45D87DDD-EFFC-4ec0-96DA-B0A323A051F6}.exe | N/A |
| File created | C:\Windows\{E2CEC314-6E5D-4b12-8B61-8165BB8DB89C}.exe | C:\Windows\{CFEEA11D-39D9-4441-B980-B7CBD9047A3F}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_63674177d321bd82d8149f48e69fd53a_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_63674177d321bd82d8149f48e69fd53a_goldeneye.exe"
C:\Windows\{A9FFED92-301C-48d4-B6B6-1B0BB2335FAC}.exe
C:\Windows\{A9FFED92-301C-48d4-B6B6-1B0BB2335FAC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{49C48CEE-A853-4c9e-8DCF-F016D15D3A1C}.exe
C:\Windows\{49C48CEE-A853-4c9e-8DCF-F016D15D3A1C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A9FFE~1.EXE > nul
C:\Windows\{C6F85873-4E8C-4d26-B2CD-75526F5E50DA}.exe
C:\Windows\{C6F85873-4E8C-4d26-B2CD-75526F5E50DA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{49C48~1.EXE > nul
C:\Windows\{45D87DDD-EFFC-4ec0-96DA-B0A323A051F6}.exe
C:\Windows\{45D87DDD-EFFC-4ec0-96DA-B0A323A051F6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C6F85~1.EXE > nul
C:\Windows\{38BCAD47-C4BB-4d69-8FFB-F214A52D512D}.exe
C:\Windows\{38BCAD47-C4BB-4d69-8FFB-F214A52D512D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{45D87~1.EXE > nul
C:\Windows\{CFEEA11D-39D9-4441-B980-B7CBD9047A3F}.exe
C:\Windows\{CFEEA11D-39D9-4441-B980-B7CBD9047A3F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{38BCA~1.EXE > nul
C:\Windows\{E2CEC314-6E5D-4b12-8B61-8165BB8DB89C}.exe
C:\Windows\{E2CEC314-6E5D-4b12-8B61-8165BB8DB89C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CFEEA~1.EXE > nul
C:\Windows\{E97B0985-0F06-4b52-992B-F31C88FB01B7}.exe
C:\Windows\{E97B0985-0F06-4b52-992B-F31C88FB01B7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E2CEC~1.EXE > nul
C:\Windows\{46D3F62D-3199-460e-9EEB-D130135ABDF1}.exe
C:\Windows\{46D3F62D-3199-460e-9EEB-D130135ABDF1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E97B0~1.EXE > nul
C:\Windows\{3EA9E892-03F8-4e26-A4C5-F564798DACD9}.exe
C:\Windows\{3EA9E892-03F8-4e26-A4C5-F564798DACD9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{46D3F~1.EXE > nul
C:\Windows\{18CB1547-B572-45f8-9406-159F82C674BF}.exe
C:\Windows\{18CB1547-B572-45f8-9406-159F82C674BF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3EA9E~1.EXE > nul
C:\Windows\{B745DFA7-CC59-4f4e-8987-ABBDA38BE15B}.exe
C:\Windows\{B745DFA7-CC59-4f4e-8987-ABBDA38BE15B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{18CB1~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
C:\Windows\{A9FFED92-301C-48d4-B6B6-1B0BB2335FAC}.exe
| MD5 | 55556e162fec5b2baac0e2b2abec3536 |
| SHA1 | 98cdec607f1be48561b4c3b8dd13fc5395c65fd5 |
| SHA256 | 3c2c0707201e587d6d3be7a88f8dd5395dfabe369202312adaf7d5ebe32ca1f2 |
| SHA512 | 2126cbf2805da9acc6f100701d4d87a72a69d91234749c353c2f882a1bbde5ec76689c93bb32322fd768acf7db897f5b966e725c4cc8c659730bbe64ed14144f |
C:\Windows\{49C48CEE-A853-4c9e-8DCF-F016D15D3A1C}.exe
| MD5 | 41abaddbe122caf9d89cf44b9faddd29 |
| SHA1 | ef97b0a981120981b7c1bcecd5505cb4406c73cd |
| SHA256 | f1b706c722e58810795a2e37d9bea13b20437dce9640438558843f72213277f0 |
| SHA512 | 69d097ae22815aed606cccdb227adc083129bb4fec3cf056b4faf02a1261ce81eee595a1b1beda38c00e7852c3819c0c649630c56552b7b9d23f60066c946e3f |
C:\Windows\{C6F85873-4E8C-4d26-B2CD-75526F5E50DA}.exe
| MD5 | ec37941a1f6f4c73308eec43bf5b2b63 |
| SHA1 | a84a804e0103dcc7fa31494a3c4d6bacc68bd197 |
| SHA256 | 52e01ac0e00af9cdad1ad05910ff7ac2a33c79e656a76fe1f37afaadcbad6447 |
| SHA512 | 30b6cb8d1adec4eddd36c7596a8504f03c0d1118d50872e1f67d5e5e592f933988c3c80cc88830658020316f5d3ca089f52ed8e173d3ef556506eb8c7279808f |
C:\Windows\{45D87DDD-EFFC-4ec0-96DA-B0A323A051F6}.exe
| MD5 | d96d6e0303a8b12143690387ab509f40 |
| SHA1 | 52cf0707b9466e592d8ecd2781517a1b7b26aa79 |
| SHA256 | f7bf77c8763af2f3af4919fd772895d57f31386dd9c5a7c7975ad9ddbb02cdbb |
| SHA512 | dd39e2443ffb810c0ce0f90d6b692bd96a074f650218deac413569a21c85dbae32a47fb02c2ac142b5b7d27d218339ce24ac018cc047ba819b5f49eb793d3543 |
C:\Windows\{38BCAD47-C4BB-4d69-8FFB-F214A52D512D}.exe
| MD5 | a586f376f66a51ce3a5df320aa88fe91 |
| SHA1 | 1999eab26f7a6341127ed6e834171ee2d94f5c10 |
| SHA256 | 23feb323c0690bb181cf9881bcf53b8599e981e83964191a76ac78083a767929 |
| SHA512 | c9971f38b7da2a6f5b58214466931dc814166d2c1c006b9b0588a007f7c94ec42db880c118833e4f93e981b688ae24d746e8259938b74dd2a4f664f5589e3054 |
C:\Windows\{CFEEA11D-39D9-4441-B980-B7CBD9047A3F}.exe
| MD5 | f641110b9e2a9d1ecf636d46ede57924 |
| SHA1 | 347e56cc4c368e4427b9ba6fc78fd82c7cf86b0d |
| SHA256 | 3aa89df73bd9f5736d21b382101f37debd1a510f08324a3110e7176fccd6186d |
| SHA512 | 00a55cefff25212f10e3d18944cec4fc712c38016be49e334709cd325e77ca5e90247a88628a8ba1dcdc30c24c623c8ec45c50564d3eee9ee06daaf0956150b6 |
C:\Windows\{E2CEC314-6E5D-4b12-8B61-8165BB8DB89C}.exe
| MD5 | c8360b1436c2b0047e2c25b7ad72870a |
| SHA1 | ca8330b9fd785edd2a6a0b16bd827b23fe0c2037 |
| SHA256 | ec85f8630387720b9682a3962b84ae0ef37313019a8ce596af352d24acaec793 |
| SHA512 | c0bd7a95061183a9d8a95340b839ef81794691e3ac53dfde7629a1d1c37a6fc1052d73e47c79c4a82d88a197caa7f052b1a7c6ef8f164bd86b35a04341de8e6e |
C:\Windows\{E97B0985-0F06-4b52-992B-F31C88FB01B7}.exe
| MD5 | d7ce8c90469ad670259beebebf291545 |
| SHA1 | f49cbb10de78b4aacbe6186b98224631b50e9059 |
| SHA256 | 7dc41607f57490a1b289fbcbdaa2e89c001497589a23ab545bb88815703438e6 |
| SHA512 | ef97a7aebe9c0d88269bd17c8490b5996cc9977c0bdaac1cbb7c7f89b6f98a7b208eb75ef6e73c9ef410b7fa0067bb92bfc208b793635a3a4dacba615fd70de0 |
C:\Windows\{46D3F62D-3199-460e-9EEB-D130135ABDF1}.exe
| MD5 | 35e03af470e05036187935b09d6872c2 |
| SHA1 | 2c0d880eb44475b8c82f3b65aab7c894028a308f |
| SHA256 | d58202711d6dc54f9dbca6c178033b59890ec7193b09774cc0bbc473dd1e3daa |
| SHA512 | 13e681a7aa6970ae52092ea978075582734c0519355ea1ef901a3bf1065c72f73ad5473e026a852761ca93731eccb7274af090037386a7280b1705da917ae2ed |
C:\Windows\{3EA9E892-03F8-4e26-A4C5-F564798DACD9}.exe
| MD5 | ed815b92164f512a165474248b68cbd5 |
| SHA1 | 6743c9a8095776e228270f297efee01a80d3ed7c |
| SHA256 | bffb20c14c55e6a6a502e512b97497d956d2131be4eee4f3303ac1be981c9b4a |
| SHA512 | d53af2f2739787c0f5b2bf5d7f68e66a133d7e74c060f9fdec7fdbcfbb5e9bb69b69fa1b014600be6d4e745c61340d20335bcf0d02f04ca15643cbdceda6ade8 |
C:\Windows\{18CB1547-B572-45f8-9406-159F82C674BF}.exe
| MD5 | 9015a189a2c9209eb3cac4c88bace808 |
| SHA1 | 88738743a2164dde6e3792ef7a12bdfe3bfd89f3 |
| SHA256 | 16bb6b6c39c58c7c977c71cdd5f25b73f1bb0a9c0e76a44db754d4f22f6dfa18 |
| SHA512 | 3acc57a9cd725d8d0e523e1fc64ebece16371ac2ea8916737d2b4d1cad56bd62a2bd96aaf01d84aaf78bea9ddf5a4fc3e16c604f2576f48f8ccef9d272f5c9eb |
C:\Windows\{B745DFA7-CC59-4f4e-8987-ABBDA38BE15B}.exe
| MD5 | 7b81fdee2b0ae4184841aa56bdc551da |
| SHA1 | 1e85ecac4fae1860a0e4397e0c5ac69d1d400b55 |
| SHA256 | b1d9f5a3137695c84051168e1b56d308989be8542e4821379151e68932088a36 |
| SHA512 | 7c74f39ed2ec6ef8a6cb51bcbb27a40e05d24f874d0bc53251d500bdca057f78afe2a20f96781db575d027b8304588b65e18e23e104f96ffd5bd7fbdac6104d1 |