Analysis Overview
SHA256
dc4d3c6adc73b6019c3836caeb4fb9c9591b51cf03cffe6f1d1008572ca0e603
Threat Level: Known bad
The file 2024-04-04_5f0dc811482238f0932c7529f94c2671_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-04 13:37
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-04 13:37
Reported
2024-04-04 13:39
Platform
win7-20240221-en
Max time kernel
144s
Max time network
123s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B16DEDCE-6FC7-411d-8EC8-37D92D5AD657} | C:\Windows\{D83A901F-7C57-4dbf-B16F-7951A9BDDC53}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B16DEDCE-6FC7-411d-8EC8-37D92D5AD657}\stubpath = "C:\\Windows\\{B16DEDCE-6FC7-411d-8EC8-37D92D5AD657}.exe" | C:\Windows\{D83A901F-7C57-4dbf-B16F-7951A9BDDC53}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B86FF227-920A-469d-91B6-5A0EEE0F28E6} | C:\Windows\{B16DEDCE-6FC7-411d-8EC8-37D92D5AD657}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6DEB249F-A5D9-4912-BF86-BB5BD2B85BA5}\stubpath = "C:\\Windows\\{6DEB249F-A5D9-4912-BF86-BB5BD2B85BA5}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_5f0dc811482238f0932c7529f94c2671_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FC2DD0E4-0A84-4d8d-BF7F-1F7AFB77A64B}\stubpath = "C:\\Windows\\{FC2DD0E4-0A84-4d8d-BF7F-1F7AFB77A64B}.exe" | C:\Windows\{6DEB249F-A5D9-4912-BF86-BB5BD2B85BA5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{26B8CDAC-4E04-41fd-8AEF-5EFC84D97AC0}\stubpath = "C:\\Windows\\{26B8CDAC-4E04-41fd-8AEF-5EFC84D97AC0}.exe" | C:\Windows\{2BE51290-E81F-4adc-8799-538FAC502141}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{97FF8615-255C-49df-A76D-6F048669F28E} | C:\Windows\{26B8CDAC-4E04-41fd-8AEF-5EFC84D97AC0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D1903E0E-7333-4b4a-9988-E385F1ED3DBB} | C:\Windows\{70600684-3492-475c-ADDB-A0522AD3C3C6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B86FF227-920A-469d-91B6-5A0EEE0F28E6}\stubpath = "C:\\Windows\\{B86FF227-920A-469d-91B6-5A0EEE0F28E6}.exe" | C:\Windows\{B16DEDCE-6FC7-411d-8EC8-37D92D5AD657}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6DEB249F-A5D9-4912-BF86-BB5BD2B85BA5} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_5f0dc811482238f0932c7529f94c2671_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FC2DD0E4-0A84-4d8d-BF7F-1F7AFB77A64B} | C:\Windows\{6DEB249F-A5D9-4912-BF86-BB5BD2B85BA5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2BE51290-E81F-4adc-8799-538FAC502141} | C:\Windows\{FC2DD0E4-0A84-4d8d-BF7F-1F7AFB77A64B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2BE51290-E81F-4adc-8799-538FAC502141}\stubpath = "C:\\Windows\\{2BE51290-E81F-4adc-8799-538FAC502141}.exe" | C:\Windows\{FC2DD0E4-0A84-4d8d-BF7F-1F7AFB77A64B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{70600684-3492-475c-ADDB-A0522AD3C3C6}\stubpath = "C:\\Windows\\{70600684-3492-475c-ADDB-A0522AD3C3C6}.exe" | C:\Windows\{8134AE22-F197-4a81-9DC4-3AFE6FC32B80}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D83A901F-7C57-4dbf-B16F-7951A9BDDC53} | C:\Windows\{D1903E0E-7333-4b4a-9988-E385F1ED3DBB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D83A901F-7C57-4dbf-B16F-7951A9BDDC53}\stubpath = "C:\\Windows\\{D83A901F-7C57-4dbf-B16F-7951A9BDDC53}.exe" | C:\Windows\{D1903E0E-7333-4b4a-9988-E385F1ED3DBB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{26B8CDAC-4E04-41fd-8AEF-5EFC84D97AC0} | C:\Windows\{2BE51290-E81F-4adc-8799-538FAC502141}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8134AE22-F197-4a81-9DC4-3AFE6FC32B80} | C:\Windows\{97FF8615-255C-49df-A76D-6F048669F28E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8134AE22-F197-4a81-9DC4-3AFE6FC32B80}\stubpath = "C:\\Windows\\{8134AE22-F197-4a81-9DC4-3AFE6FC32B80}.exe" | C:\Windows\{97FF8615-255C-49df-A76D-6F048669F28E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{70600684-3492-475c-ADDB-A0522AD3C3C6} | C:\Windows\{8134AE22-F197-4a81-9DC4-3AFE6FC32B80}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D1903E0E-7333-4b4a-9988-E385F1ED3DBB}\stubpath = "C:\\Windows\\{D1903E0E-7333-4b4a-9988-E385F1ED3DBB}.exe" | C:\Windows\{70600684-3492-475c-ADDB-A0522AD3C3C6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{97FF8615-255C-49df-A76D-6F048669F28E}\stubpath = "C:\\Windows\\{97FF8615-255C-49df-A76D-6F048669F28E}.exe" | C:\Windows\{26B8CDAC-4E04-41fd-8AEF-5EFC84D97AC0}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{6DEB249F-A5D9-4912-BF86-BB5BD2B85BA5}.exe | N/A |
| N/A | N/A | C:\Windows\{FC2DD0E4-0A84-4d8d-BF7F-1F7AFB77A64B}.exe | N/A |
| N/A | N/A | C:\Windows\{2BE51290-E81F-4adc-8799-538FAC502141}.exe | N/A |
| N/A | N/A | C:\Windows\{26B8CDAC-4E04-41fd-8AEF-5EFC84D97AC0}.exe | N/A |
| N/A | N/A | C:\Windows\{97FF8615-255C-49df-A76D-6F048669F28E}.exe | N/A |
| N/A | N/A | C:\Windows\{8134AE22-F197-4a81-9DC4-3AFE6FC32B80}.exe | N/A |
| N/A | N/A | C:\Windows\{70600684-3492-475c-ADDB-A0522AD3C3C6}.exe | N/A |
| N/A | N/A | C:\Windows\{D1903E0E-7333-4b4a-9988-E385F1ED3DBB}.exe | N/A |
| N/A | N/A | C:\Windows\{D83A901F-7C57-4dbf-B16F-7951A9BDDC53}.exe | N/A |
| N/A | N/A | C:\Windows\{B16DEDCE-6FC7-411d-8EC8-37D92D5AD657}.exe | N/A |
| N/A | N/A | C:\Windows\{B86FF227-920A-469d-91B6-5A0EEE0F28E6}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{6DEB249F-A5D9-4912-BF86-BB5BD2B85BA5}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_5f0dc811482238f0932c7529f94c2671_goldeneye.exe | N/A |
| File created | C:\Windows\{FC2DD0E4-0A84-4d8d-BF7F-1F7AFB77A64B}.exe | C:\Windows\{6DEB249F-A5D9-4912-BF86-BB5BD2B85BA5}.exe | N/A |
| File created | C:\Windows\{8134AE22-F197-4a81-9DC4-3AFE6FC32B80}.exe | C:\Windows\{97FF8615-255C-49df-A76D-6F048669F28E}.exe | N/A |
| File created | C:\Windows\{B16DEDCE-6FC7-411d-8EC8-37D92D5AD657}.exe | C:\Windows\{D83A901F-7C57-4dbf-B16F-7951A9BDDC53}.exe | N/A |
| File created | C:\Windows\{B86FF227-920A-469d-91B6-5A0EEE0F28E6}.exe | C:\Windows\{B16DEDCE-6FC7-411d-8EC8-37D92D5AD657}.exe | N/A |
| File created | C:\Windows\{2BE51290-E81F-4adc-8799-538FAC502141}.exe | C:\Windows\{FC2DD0E4-0A84-4d8d-BF7F-1F7AFB77A64B}.exe | N/A |
| File created | C:\Windows\{26B8CDAC-4E04-41fd-8AEF-5EFC84D97AC0}.exe | C:\Windows\{2BE51290-E81F-4adc-8799-538FAC502141}.exe | N/A |
| File created | C:\Windows\{97FF8615-255C-49df-A76D-6F048669F28E}.exe | C:\Windows\{26B8CDAC-4E04-41fd-8AEF-5EFC84D97AC0}.exe | N/A |
| File created | C:\Windows\{70600684-3492-475c-ADDB-A0522AD3C3C6}.exe | C:\Windows\{8134AE22-F197-4a81-9DC4-3AFE6FC32B80}.exe | N/A |
| File created | C:\Windows\{D1903E0E-7333-4b4a-9988-E385F1ED3DBB}.exe | C:\Windows\{70600684-3492-475c-ADDB-A0522AD3C3C6}.exe | N/A |
| File created | C:\Windows\{D83A901F-7C57-4dbf-B16F-7951A9BDDC53}.exe | C:\Windows\{D1903E0E-7333-4b4a-9988-E385F1ED3DBB}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_5f0dc811482238f0932c7529f94c2671_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_5f0dc811482238f0932c7529f94c2671_goldeneye.exe"
C:\Windows\{6DEB249F-A5D9-4912-BF86-BB5BD2B85BA5}.exe
C:\Windows\{6DEB249F-A5D9-4912-BF86-BB5BD2B85BA5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{FC2DD0E4-0A84-4d8d-BF7F-1F7AFB77A64B}.exe
C:\Windows\{FC2DD0E4-0A84-4d8d-BF7F-1F7AFB77A64B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6DEB2~1.EXE > nul
C:\Windows\{2BE51290-E81F-4adc-8799-538FAC502141}.exe
C:\Windows\{2BE51290-E81F-4adc-8799-538FAC502141}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FC2DD~1.EXE > nul
C:\Windows\{26B8CDAC-4E04-41fd-8AEF-5EFC84D97AC0}.exe
C:\Windows\{26B8CDAC-4E04-41fd-8AEF-5EFC84D97AC0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2BE51~1.EXE > nul
C:\Windows\{97FF8615-255C-49df-A76D-6F048669F28E}.exe
C:\Windows\{97FF8615-255C-49df-A76D-6F048669F28E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{26B8C~1.EXE > nul
C:\Windows\{8134AE22-F197-4a81-9DC4-3AFE6FC32B80}.exe
C:\Windows\{8134AE22-F197-4a81-9DC4-3AFE6FC32B80}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{97FF8~1.EXE > nul
C:\Windows\{70600684-3492-475c-ADDB-A0522AD3C3C6}.exe
C:\Windows\{70600684-3492-475c-ADDB-A0522AD3C3C6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8134A~1.EXE > nul
C:\Windows\{D1903E0E-7333-4b4a-9988-E385F1ED3DBB}.exe
C:\Windows\{D1903E0E-7333-4b4a-9988-E385F1ED3DBB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{70600~1.EXE > nul
C:\Windows\{D83A901F-7C57-4dbf-B16F-7951A9BDDC53}.exe
C:\Windows\{D83A901F-7C57-4dbf-B16F-7951A9BDDC53}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D1903~1.EXE > nul
C:\Windows\{B16DEDCE-6FC7-411d-8EC8-37D92D5AD657}.exe
C:\Windows\{B16DEDCE-6FC7-411d-8EC8-37D92D5AD657}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D83A9~1.EXE > nul
C:\Windows\{B86FF227-920A-469d-91B6-5A0EEE0F28E6}.exe
C:\Windows\{B86FF227-920A-469d-91B6-5A0EEE0F28E6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B16DE~1.EXE > nul
Network
Files
C:\Windows\{6DEB249F-A5D9-4912-BF86-BB5BD2B85BA5}.exe
| MD5 | 823c5e20a4681a5602878816daa59829 |
| SHA1 | fde1443471e9fac0a3a981af0c2dd39efd733900 |
| SHA256 | 9ba7d10d24df1dfcf27116e3dccac88396de0220609593d0cc7f7414300aa4ba |
| SHA512 | 57aea77323daa5ad9b966dc8d5725c4fc606cfd11384c33bf08a52fff9e07c83cf8deff937740c8bd92c35fe028219623e04cc0f4d48828e8b9eb58d6b7decde |
C:\Windows\{FC2DD0E4-0A84-4d8d-BF7F-1F7AFB77A64B}.exe
| MD5 | aeb2d598e5fd784dd5561cb2241cdd50 |
| SHA1 | 71a5b5cdde4382fc6bc681fba7845db5aa71d69d |
| SHA256 | d6fc2cd581787c92637bad8b0d96e02a4246a6c95fd60d8ae6371519728af390 |
| SHA512 | 02c1ca96f36012699169651b70a16651240dab315aa5f76505f7442fe49862b81a6dfbb5749107b4d75be07d44e986c58ac306f3731bc0e2b9a0a8ac7c3e7e9c |
C:\Windows\{2BE51290-E81F-4adc-8799-538FAC502141}.exe
| MD5 | da725d5820d7701b85259420e2c5d1be |
| SHA1 | 6c28b43d342ff99346c0cccde8cdcd6807dfdebf |
| SHA256 | 9ee69bc3cd7f5eafda81114450e5dde78fa49a706fc3fd1f928abfe664183edb |
| SHA512 | fa2c2b2afd2368283f5e15390c0f69e4cc0ca26399def9e828c90a36b44c64ddddb56b9fd65660383bfface7de4bcd901273d0687470dc6525a127ccdbd80070 |
C:\Windows\{26B8CDAC-4E04-41fd-8AEF-5EFC84D97AC0}.exe
| MD5 | 4bf78308bd1e33c5e1c074a09b9fb11d |
| SHA1 | 59ff47694d0af6e607f7034090ec3c3e7ffa62b1 |
| SHA256 | 9a08d6f358a51a009a70d50cc8c9938eb42146f7065872b814a315ad24274312 |
| SHA512 | c3191121a07daa4b3db1cdec931368ec44eed154ad33b0689ace6774f75c5a17b3851e0dc2e940b97492d6ce5e882e4a51857360346f5a23e9194eb9e2df1cc5 |
C:\Windows\{97FF8615-255C-49df-A76D-6F048669F28E}.exe
| MD5 | 286ab9b667d8074db6752d0c1355ab40 |
| SHA1 | 4d5fe0e2cb7665099223da5ea83ed9b4f5d20057 |
| SHA256 | 7ef0558fc551ce111f0199e5ac75f563f13a2989d1382f8fddb1a9434c683330 |
| SHA512 | 712915a6b311a6cd0a07bea844b5795e9095a305c16107a6acd91ea02673bb3e5b8d7c95c6e8ad5a3c3e117219d20565d57fe1067ae8075a1437a4546d4cd117 |
C:\Windows\{8134AE22-F197-4a81-9DC4-3AFE6FC32B80}.exe
| MD5 | 588285051dc56f5a5ec984e9ba7d02a4 |
| SHA1 | 9cb312a748d24c64bdddd2c18c825d1f93a3ef6e |
| SHA256 | 12a5f741a1208315534a47ea8f6ccf70d13b29731c20f5994b0be8ae104af8db |
| SHA512 | d99ad375277357efdfd1113ec62c570ca08ebe6fd62a63f3503a4b001a0f6d0a1a588605e559bcdc6e560ba78ff97a7d267c91c11e448f67816f6ac191d7a013 |
C:\Windows\{70600684-3492-475c-ADDB-A0522AD3C3C6}.exe
| MD5 | 7ea02d42125db7ee910d83d79bf156cf |
| SHA1 | d7926357bb6504f6d4587fbcc8d22ea3326eb041 |
| SHA256 | eb9b099fc3032894a4d11489514768319b17b926da7c7f498a193f929a024128 |
| SHA512 | 8cfbef2e511fa80cf392b630557cd57d095928908e32371c7c6b121579037186c8e2db507fceb42d62fcdce5170a5dd17ab6a90d458304681781d12ad1dc7376 |
C:\Windows\{D1903E0E-7333-4b4a-9988-E385F1ED3DBB}.exe
| MD5 | 7db792a83234830699c224538837fa11 |
| SHA1 | 4ed50f2469d62e783215e074e45aed5aea240309 |
| SHA256 | 63bb5463cf4cd5ff19007f62678207a3aa8d0616b817e32b41cffb8179e65a11 |
| SHA512 | 02eeee89253764be1c7fa86ee99dff149110a2f3c1ef5d06e02fef5af5a559064b6072e430eb3cc960abdd884fc37743dd3b5dbffe4f6814aceb5db0e76f851b |
C:\Windows\{D83A901F-7C57-4dbf-B16F-7951A9BDDC53}.exe
| MD5 | d3bc993d26367e8096229b164e19a83c |
| SHA1 | 1cd59af8fb0fdb571c6c56f765398d1f8ee0990b |
| SHA256 | f695d946ffc8335645e8c3abf6fef47acfb0b07dacd54af93724be713b6861ab |
| SHA512 | bd0e24beb6adb71852d520ac570b7b0117ebc0c3951581e5f7ad299c287919fa86c65f15f33734329e4d2c7ad3bb470f9be0db745dfa628d63076ba01c90b4f0 |
C:\Windows\{B16DEDCE-6FC7-411d-8EC8-37D92D5AD657}.exe
| MD5 | b40d8516cce15d0b25ded870dfe9b5f3 |
| SHA1 | 55fc7ca87901de75369828bccda5d9f36aede7f1 |
| SHA256 | 53924cf3d25ecdd57c4173a708d8380cb0ccc0965e53e30041b3af591d6f712b |
| SHA512 | 191e048d5833d84a57ebe977cfd655770a3099eabf83996d6464013261cb15e66cad742a956d4318f56ae37ac45b9543401e973eec84c8909c5ae993b6c3b125 |
C:\Windows\{B86FF227-920A-469d-91B6-5A0EEE0F28E6}.exe
| MD5 | 9d0c2979ff128d053dc04a36e72c10c9 |
| SHA1 | 85640199fd2e0f8760ff1f1c7fe0df40fe8af4db |
| SHA256 | 34120f7fe0f3bdaa60f23d3e72e7b223c39f9e284053906eb5fed67c8bc6565e |
| SHA512 | bfba589570a736ffc40c6fd54deb7c52bc08d4d4d25b2c935c884685b9ba83f111d962b07552db3a4b1409d26d80c9944253d95fa1ff1b8fe4209f9f71d79492 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-04 13:37
Reported
2024-04-04 13:39
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
143s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5746DB37-67C3-4e2e-9076-4C5FAC5C1C26} | C:\Windows\{F0028D2C-C8C8-48fc-B227-46F3007D79FC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F00AAA7D-4694-4436-9E58-B37222213553} | C:\Windows\{53404B33-473F-4be6-A7D1-D5DB573439F3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{04D65A68-DCF9-4abe-84BD-2E378B4D760E} | C:\Windows\{1918BBE8-CB09-4cc6-92E1-D0887A785C23}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{FF39B152-4D89-480e-B0E9-02C15422758B}\stubpath = "C:\\Windows\\{FF39B152-4D89-480e-B0E9-02C15422758B}.exe" | C:\Windows\{781E4282-4994-4391-B342-15B572088883}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5746DB37-67C3-4e2e-9076-4C5FAC5C1C26}\stubpath = "C:\\Windows\\{5746DB37-67C3-4e2e-9076-4C5FAC5C1C26}.exe" | C:\Windows\{F0028D2C-C8C8-48fc-B227-46F3007D79FC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{53404B33-473F-4be6-A7D1-D5DB573439F3} | C:\Windows\{A06BC06B-4F29-43c4-86C7-AA55F106565F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F00AAA7D-4694-4436-9E58-B37222213553}\stubpath = "C:\\Windows\\{F00AAA7D-4694-4436-9E58-B37222213553}.exe" | C:\Windows\{53404B33-473F-4be6-A7D1-D5DB573439F3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9D2B2551-0A85-4331-AAA6-B34BAD220293} | C:\Windows\{81B81674-4271-4b43-A106-7F75F63955D7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9D2B2551-0A85-4331-AAA6-B34BAD220293}\stubpath = "C:\\Windows\\{9D2B2551-0A85-4331-AAA6-B34BAD220293}.exe" | C:\Windows\{81B81674-4271-4b43-A106-7F75F63955D7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{FF39B152-4D89-480e-B0E9-02C15422758B} | C:\Windows\{781E4282-4994-4391-B342-15B572088883}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F0028D2C-C8C8-48fc-B227-46F3007D79FC}\stubpath = "C:\\Windows\\{F0028D2C-C8C8-48fc-B227-46F3007D79FC}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_5f0dc811482238f0932c7529f94c2671_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A06BC06B-4F29-43c4-86C7-AA55F106565F}\stubpath = "C:\\Windows\\{A06BC06B-4F29-43c4-86C7-AA55F106565F}.exe" | C:\Windows\{5746DB37-67C3-4e2e-9076-4C5FAC5C1C26}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9629E476-A30D-4cdd-A735-B579DD2A307D}\stubpath = "C:\\Windows\\{9629E476-A30D-4cdd-A735-B579DD2A307D}.exe" | C:\Windows\{F00AAA7D-4694-4436-9E58-B37222213553}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1918BBE8-CB09-4cc6-92E1-D0887A785C23}\stubpath = "C:\\Windows\\{1918BBE8-CB09-4cc6-92E1-D0887A785C23}.exe" | C:\Windows\{9629E476-A30D-4cdd-A735-B579DD2A307D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{81B81674-4271-4b43-A106-7F75F63955D7} | C:\Windows\{04D65A68-DCF9-4abe-84BD-2E378B4D760E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{781E4282-4994-4391-B342-15B572088883} | C:\Windows\{9D2B2551-0A85-4331-AAA6-B34BAD220293}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{781E4282-4994-4391-B342-15B572088883}\stubpath = "C:\\Windows\\{781E4282-4994-4391-B342-15B572088883}.exe" | C:\Windows\{9D2B2551-0A85-4331-AAA6-B34BAD220293}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F0028D2C-C8C8-48fc-B227-46F3007D79FC} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_5f0dc811482238f0932c7529f94c2671_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A06BC06B-4F29-43c4-86C7-AA55F106565F} | C:\Windows\{5746DB37-67C3-4e2e-9076-4C5FAC5C1C26}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{53404B33-473F-4be6-A7D1-D5DB573439F3}\stubpath = "C:\\Windows\\{53404B33-473F-4be6-A7D1-D5DB573439F3}.exe" | C:\Windows\{A06BC06B-4F29-43c4-86C7-AA55F106565F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9629E476-A30D-4cdd-A735-B579DD2A307D} | C:\Windows\{F00AAA7D-4694-4436-9E58-B37222213553}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1918BBE8-CB09-4cc6-92E1-D0887A785C23} | C:\Windows\{9629E476-A30D-4cdd-A735-B579DD2A307D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{04D65A68-DCF9-4abe-84BD-2E378B4D760E}\stubpath = "C:\\Windows\\{04D65A68-DCF9-4abe-84BD-2E378B4D760E}.exe" | C:\Windows\{1918BBE8-CB09-4cc6-92E1-D0887A785C23}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{81B81674-4271-4b43-A106-7F75F63955D7}\stubpath = "C:\\Windows\\{81B81674-4271-4b43-A106-7F75F63955D7}.exe" | C:\Windows\{04D65A68-DCF9-4abe-84BD-2E378B4D760E}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{F0028D2C-C8C8-48fc-B227-46F3007D79FC}.exe | N/A |
| N/A | N/A | C:\Windows\{5746DB37-67C3-4e2e-9076-4C5FAC5C1C26}.exe | N/A |
| N/A | N/A | C:\Windows\{A06BC06B-4F29-43c4-86C7-AA55F106565F}.exe | N/A |
| N/A | N/A | C:\Windows\{53404B33-473F-4be6-A7D1-D5DB573439F3}.exe | N/A |
| N/A | N/A | C:\Windows\{F00AAA7D-4694-4436-9E58-B37222213553}.exe | N/A |
| N/A | N/A | C:\Windows\{9629E476-A30D-4cdd-A735-B579DD2A307D}.exe | N/A |
| N/A | N/A | C:\Windows\{1918BBE8-CB09-4cc6-92E1-D0887A785C23}.exe | N/A |
| N/A | N/A | C:\Windows\{04D65A68-DCF9-4abe-84BD-2E378B4D760E}.exe | N/A |
| N/A | N/A | C:\Windows\{81B81674-4271-4b43-A106-7F75F63955D7}.exe | N/A |
| N/A | N/A | C:\Windows\{9D2B2551-0A85-4331-AAA6-B34BAD220293}.exe | N/A |
| N/A | N/A | C:\Windows\{781E4282-4994-4391-B342-15B572088883}.exe | N/A |
| N/A | N/A | C:\Windows\{FF39B152-4D89-480e-B0E9-02C15422758B}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{9D2B2551-0A85-4331-AAA6-B34BAD220293}.exe | C:\Windows\{81B81674-4271-4b43-A106-7F75F63955D7}.exe | N/A |
| File created | C:\Windows\{781E4282-4994-4391-B342-15B572088883}.exe | C:\Windows\{9D2B2551-0A85-4331-AAA6-B34BAD220293}.exe | N/A |
| File created | C:\Windows\{FF39B152-4D89-480e-B0E9-02C15422758B}.exe | C:\Windows\{781E4282-4994-4391-B342-15B572088883}.exe | N/A |
| File created | C:\Windows\{F0028D2C-C8C8-48fc-B227-46F3007D79FC}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_5f0dc811482238f0932c7529f94c2671_goldeneye.exe | N/A |
| File created | C:\Windows\{A06BC06B-4F29-43c4-86C7-AA55F106565F}.exe | C:\Windows\{5746DB37-67C3-4e2e-9076-4C5FAC5C1C26}.exe | N/A |
| File created | C:\Windows\{9629E476-A30D-4cdd-A735-B579DD2A307D}.exe | C:\Windows\{F00AAA7D-4694-4436-9E58-B37222213553}.exe | N/A |
| File created | C:\Windows\{1918BBE8-CB09-4cc6-92E1-D0887A785C23}.exe | C:\Windows\{9629E476-A30D-4cdd-A735-B579DD2A307D}.exe | N/A |
| File created | C:\Windows\{81B81674-4271-4b43-A106-7F75F63955D7}.exe | C:\Windows\{04D65A68-DCF9-4abe-84BD-2E378B4D760E}.exe | N/A |
| File created | C:\Windows\{5746DB37-67C3-4e2e-9076-4C5FAC5C1C26}.exe | C:\Windows\{F0028D2C-C8C8-48fc-B227-46F3007D79FC}.exe | N/A |
| File created | C:\Windows\{53404B33-473F-4be6-A7D1-D5DB573439F3}.exe | C:\Windows\{A06BC06B-4F29-43c4-86C7-AA55F106565F}.exe | N/A |
| File created | C:\Windows\{F00AAA7D-4694-4436-9E58-B37222213553}.exe | C:\Windows\{53404B33-473F-4be6-A7D1-D5DB573439F3}.exe | N/A |
| File created | C:\Windows\{04D65A68-DCF9-4abe-84BD-2E378B4D760E}.exe | C:\Windows\{1918BBE8-CB09-4cc6-92E1-D0887A785C23}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_5f0dc811482238f0932c7529f94c2671_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_5f0dc811482238f0932c7529f94c2671_goldeneye.exe"
C:\Windows\{F0028D2C-C8C8-48fc-B227-46F3007D79FC}.exe
C:\Windows\{F0028D2C-C8C8-48fc-B227-46F3007D79FC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{5746DB37-67C3-4e2e-9076-4C5FAC5C1C26}.exe
C:\Windows\{5746DB37-67C3-4e2e-9076-4C5FAC5C1C26}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F0028~1.EXE > nul
C:\Windows\{A06BC06B-4F29-43c4-86C7-AA55F106565F}.exe
C:\Windows\{A06BC06B-4F29-43c4-86C7-AA55F106565F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5746D~1.EXE > nul
C:\Windows\{53404B33-473F-4be6-A7D1-D5DB573439F3}.exe
C:\Windows\{53404B33-473F-4be6-A7D1-D5DB573439F3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A06BC~1.EXE > nul
C:\Windows\{F00AAA7D-4694-4436-9E58-B37222213553}.exe
C:\Windows\{F00AAA7D-4694-4436-9E58-B37222213553}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{53404~1.EXE > nul
C:\Windows\{9629E476-A30D-4cdd-A735-B579DD2A307D}.exe
C:\Windows\{9629E476-A30D-4cdd-A735-B579DD2A307D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F00AA~1.EXE > nul
C:\Windows\{1918BBE8-CB09-4cc6-92E1-D0887A785C23}.exe
C:\Windows\{1918BBE8-CB09-4cc6-92E1-D0887A785C23}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9629E~1.EXE > nul
C:\Windows\{04D65A68-DCF9-4abe-84BD-2E378B4D760E}.exe
C:\Windows\{04D65A68-DCF9-4abe-84BD-2E378B4D760E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1918B~1.EXE > nul
C:\Windows\{81B81674-4271-4b43-A106-7F75F63955D7}.exe
C:\Windows\{81B81674-4271-4b43-A106-7F75F63955D7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{04D65~1.EXE > nul
C:\Windows\{9D2B2551-0A85-4331-AAA6-B34BAD220293}.exe
C:\Windows\{9D2B2551-0A85-4331-AAA6-B34BAD220293}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{81B81~1.EXE > nul
C:\Windows\{781E4282-4994-4391-B342-15B572088883}.exe
C:\Windows\{781E4282-4994-4391-B342-15B572088883}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9D2B2~1.EXE > nul
C:\Windows\{FF39B152-4D89-480e-B0E9-02C15422758B}.exe
C:\Windows\{FF39B152-4D89-480e-B0E9-02C15422758B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{781E4~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.110.86.104.in-addr.arpa | udp |
Files
C:\Windows\{F0028D2C-C8C8-48fc-B227-46F3007D79FC}.exe
| MD5 | efd6d767e4f57454981d415a47670337 |
| SHA1 | 7f97b0423d120fc070667c33915227a4629d7008 |
| SHA256 | c1d2738cbe617f84cb3e47967e8cd8e9cb93f58b27acbbdd88fb76842f9e3095 |
| SHA512 | 47326d522833a0cdcda8f9e4226a101b3e120a0570ed075838bbdfa0619a56e54efdcab884ae3ab0049ce5e84273d5baccd62c40f433e5d6e83bba0772e0084d |
C:\Windows\{5746DB37-67C3-4e2e-9076-4C5FAC5C1C26}.exe
| MD5 | a2545b19f93d994754edf811546212f0 |
| SHA1 | 94de568cb62922fdb27a416ec2e15a627df3ca38 |
| SHA256 | 55f91a17e6455092ddf42e8c24d14e6678814e135194addcb1250dab0da2f729 |
| SHA512 | a51d50190283be94ef24b873cbe0909384a0d3bddcc45f37da7693272047ff145aa8cacce42efa904feb800b19a88242ea2f63d0d14e73231513af54541ae87d |
C:\Windows\{A06BC06B-4F29-43c4-86C7-AA55F106565F}.exe
| MD5 | 38edfa87fccb3960a152c36502cfc34d |
| SHA1 | a2f95c2795b0142da540b69f4b178b16a0e4acb9 |
| SHA256 | 09647d3d07fe8b9c813f924a5187a00f9e765a6620f5ee1112245aa375a0dfaf |
| SHA512 | ebdfa1fd858187c1b4a1a43d3c9c062fc7a890efe5bafd89d0bc24daa5a320d0aeb7759251d587e1152d3c5a425154a096ac079401abb6712c92ef4326e88050 |
C:\Windows\{53404B33-473F-4be6-A7D1-D5DB573439F3}.exe
| MD5 | b9f4480a11a2b2058c4518d0609a59e2 |
| SHA1 | 87c4fbb5a6e900104c5dd81709e951c6d27846b9 |
| SHA256 | f0cd7d0cd45762253e8df0b36c2a49dea9ab4931640f1f48bafce356b7e81202 |
| SHA512 | 5b0dcab864e75b5a9deb6a6f3fa0880fca39ae71e827e12b6bd3837fe8ebf627261dff1a580c66c025867a173079f39980c64b34b88732006fb1569e87c31b35 |
C:\Windows\{F00AAA7D-4694-4436-9E58-B37222213553}.exe
| MD5 | dd44912abde6bae5a8788a21ec18f32e |
| SHA1 | fd951d9cd432c6de0a64adac38d5802909a1903a |
| SHA256 | 728ca5b32a4f68d428dfc29a5be763c514f492da43ad0870e4f8f14d1b26d138 |
| SHA512 | 06ad759d8a94cffa8a9344083372a46219d6a19ac06da8b7b5f8db51ec5e997b23cba913ae2127912f6ea3fee5618768ffa84fbc8a5b16c396df630b402a394c |
C:\Windows\{9629E476-A30D-4cdd-A735-B579DD2A307D}.exe
| MD5 | 61b1e983912a7fb22b4e6bcc8a195514 |
| SHA1 | 35800dc9e1f91d6e007a6225e29cacf1c33e427a |
| SHA256 | de8849e03a90b14fdd402dba6caf6441cb08c0ffc546a2b31f792dbeeef5d290 |
| SHA512 | 65eb4246899a1b521ada3d0bb4eae173fd6ffdb8c6c954e4ff02e3f35d29b8aa91210a25503af421902c8f7bd576eb11f3ff2e7e1fda63856afff8c3c7539b14 |
C:\Windows\{1918BBE8-CB09-4cc6-92E1-D0887A785C23}.exe
| MD5 | 937db7ecd920cc71be64d74b68bc523f |
| SHA1 | 4049ca279f241ca6cb40e78af5765b32c8e79e42 |
| SHA256 | 5b30ded4e5c7192be22fab5c659ca2f6912801b5fb20db8714d6ade10a8127bb |
| SHA512 | e9f4dedaf5c7b18c72b23836fabced5123764728bbb6d4a69260dbca28dc4f107acf55f2af7dc9708987bfb2897a89126ede7e7455b30cd823d31eb524516d06 |
C:\Windows\{04D65A68-DCF9-4abe-84BD-2E378B4D760E}.exe
| MD5 | 5503d5f3700cf9ef57f377d4bc48722f |
| SHA1 | efea76922870236a26f1375ed07fbc1061193a6a |
| SHA256 | 69e599be5f867b97d069fe636bb9908b33518660f9bbd6904f16a209c92a20e2 |
| SHA512 | bb9a2a416bbba7f759e66ba0df6539c4d36d19228129d1ff848c1195a92e9b470ac64f4678dd3a8e4759e5eee562822ad97708e733cd8f8f4cde2302950b2f41 |
C:\Windows\{81B81674-4271-4b43-A106-7F75F63955D7}.exe
| MD5 | 16456c392ab1ac15cf3ea1eeb72b9227 |
| SHA1 | 71b72d4e3d395b9c7489011dd31ad89d949d803e |
| SHA256 | 0ed847e66ec013aa65e177093696f4e63745f882a19b859a27769b2fd8e9158a |
| SHA512 | ee069f6c7bc2b4514b981d9b60f7ef470bb04edd10b9f24619dc614868aeeebad0c50929ebe009296c2a25cec19c0d69448cdb9f26e5b6db078ec387f8e95132 |
C:\Windows\{9D2B2551-0A85-4331-AAA6-B34BAD220293}.exe
| MD5 | 61a20dece937e23d96f1aa516302ffb3 |
| SHA1 | 4a1881523e1532385369997a71073ff642f5f497 |
| SHA256 | 69bfe42ef18fac805f6dff8652732142196bda7fb9735eff25a309a803eb710e |
| SHA512 | 7b619e82f44ff0c19238a1ab21035826c9cd5bb2f652705878e2ad781a53955ed13a33f9c43bfce862159fe2821a98196fa7bd1bcd050d57681154d423181656 |
C:\Windows\{781E4282-4994-4391-B342-15B572088883}.exe
| MD5 | 23c8650632b111ac326025c4fa49be96 |
| SHA1 | 0561e1213302ee8242dc87069e8665aeb0bbb026 |
| SHA256 | 7d883f07b0f9833e21c3c0d8100eddc31731116c6256c85fe1eb93c788e82bc8 |
| SHA512 | ce9305f14b0e5dd0072b15b445838d333510762e1c0c676cb86f9e545573bf5b0992fd0712d2bcf0507e9dfe05b985407d263e2d2c9ad8b1229e96fd62e90649 |
C:\Windows\{FF39B152-4D89-480e-B0E9-02C15422758B}.exe
| MD5 | c7f39e8aea732518075331a8772c1c33 |
| SHA1 | 21719fa4700e734529936c598d9fcb0ae5afb43d |
| SHA256 | 1570ff7449c35e53b15e78481ffb88b5a6a1e93cb4a8444781c484a17e9a4a98 |
| SHA512 | 43fc2691f9fb08599a6828da92dcd8b83efdf325004a3a848c2009f5e75e24a5203998ee45ccae2bfabec08e65576edd9084d1ae5845c37e4b70f2794a5deafa |