Analysis Overview
SHA256
a640cd5774250fc10b40ac663eb8f85bac0d6fc61c3241bec84b210afbf774fc
Threat Level: Known bad
The file 2024-04-04_75d172b074cfb2f8092b21b0cb1417b8_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-04 13:39
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-04 13:39
Reported
2024-04-04 13:41
Platform
win7-20240221-en
Max time kernel
144s
Max time network
121s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6AFCEA01-5C4C-4f1f-9184-B473D11E4683}\stubpath = "C:\\Windows\\{6AFCEA01-5C4C-4f1f-9184-B473D11E4683}.exe" | C:\Windows\{B1B6B830-878E-461d-9A5D-979B7B9AFA72}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{65782627-3DC2-4ab2-9F09-78420C969855}\stubpath = "C:\\Windows\\{65782627-3DC2-4ab2-9F09-78420C969855}.exe" | C:\Windows\{4CF251A6-6B71-44d7-9C3C-0A31E7321906}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07902000-F022-491c-B968-7A01A8B7FDC3} | C:\Windows\{27A73443-9C5D-4728-9E0A-6A5116D8E9A2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F0DB803E-0673-47ab-8BE2-A9EF78FE34BB}\stubpath = "C:\\Windows\\{F0DB803E-0673-47ab-8BE2-A9EF78FE34BB}.exe" | C:\Windows\{F027BE9B-853C-47da-943B-B4E9B045E1C7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6C823AB3-D565-4b9d-80D0-BBB9D4B54F90} | C:\Windows\{5AAEBD8E-BBFA-4006-9F32-2913F96BCD02}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B1B6B830-878E-461d-9A5D-979B7B9AFA72}\stubpath = "C:\\Windows\\{B1B6B830-878E-461d-9A5D-979B7B9AFA72}.exe" | C:\Windows\{6C823AB3-D565-4b9d-80D0-BBB9D4B54F90}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6AFCEA01-5C4C-4f1f-9184-B473D11E4683} | C:\Windows\{B1B6B830-878E-461d-9A5D-979B7B9AFA72}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{23B4E215-D468-43e5-A7E8-EBD0D6A646E3} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_75d172b074cfb2f8092b21b0cb1417b8_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{23B4E215-D468-43e5-A7E8-EBD0D6A646E3}\stubpath = "C:\\Windows\\{23B4E215-D468-43e5-A7E8-EBD0D6A646E3}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_75d172b074cfb2f8092b21b0cb1417b8_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07902000-F022-491c-B968-7A01A8B7FDC3}\stubpath = "C:\\Windows\\{07902000-F022-491c-B968-7A01A8B7FDC3}.exe" | C:\Windows\{27A73443-9C5D-4728-9E0A-6A5116D8E9A2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F027BE9B-853C-47da-943B-B4E9B045E1C7}\stubpath = "C:\\Windows\\{F027BE9B-853C-47da-943B-B4E9B045E1C7}.exe" | C:\Windows\{07902000-F022-491c-B968-7A01A8B7FDC3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5AAEBD8E-BBFA-4006-9F32-2913F96BCD02}\stubpath = "C:\\Windows\\{5AAEBD8E-BBFA-4006-9F32-2913F96BCD02}.exe" | C:\Windows\{F0DB803E-0673-47ab-8BE2-A9EF78FE34BB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5AAEBD8E-BBFA-4006-9F32-2913F96BCD02} | C:\Windows\{F0DB803E-0673-47ab-8BE2-A9EF78FE34BB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6C823AB3-D565-4b9d-80D0-BBB9D4B54F90}\stubpath = "C:\\Windows\\{6C823AB3-D565-4b9d-80D0-BBB9D4B54F90}.exe" | C:\Windows\{5AAEBD8E-BBFA-4006-9F32-2913F96BCD02}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B1B6B830-878E-461d-9A5D-979B7B9AFA72} | C:\Windows\{6C823AB3-D565-4b9d-80D0-BBB9D4B54F90}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4CF251A6-6B71-44d7-9C3C-0A31E7321906} | C:\Windows\{23B4E215-D468-43e5-A7E8-EBD0D6A646E3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4CF251A6-6B71-44d7-9C3C-0A31E7321906}\stubpath = "C:\\Windows\\{4CF251A6-6B71-44d7-9C3C-0A31E7321906}.exe" | C:\Windows\{23B4E215-D468-43e5-A7E8-EBD0D6A646E3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{65782627-3DC2-4ab2-9F09-78420C969855} | C:\Windows\{4CF251A6-6B71-44d7-9C3C-0A31E7321906}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F027BE9B-853C-47da-943B-B4E9B045E1C7} | C:\Windows\{07902000-F022-491c-B968-7A01A8B7FDC3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F0DB803E-0673-47ab-8BE2-A9EF78FE34BB} | C:\Windows\{F027BE9B-853C-47da-943B-B4E9B045E1C7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{27A73443-9C5D-4728-9E0A-6A5116D8E9A2} | C:\Windows\{65782627-3DC2-4ab2-9F09-78420C969855}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{27A73443-9C5D-4728-9E0A-6A5116D8E9A2}\stubpath = "C:\\Windows\\{27A73443-9C5D-4728-9E0A-6A5116D8E9A2}.exe" | C:\Windows\{65782627-3DC2-4ab2-9F09-78420C969855}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{23B4E215-D468-43e5-A7E8-EBD0D6A646E3}.exe | N/A |
| N/A | N/A | C:\Windows\{4CF251A6-6B71-44d7-9C3C-0A31E7321906}.exe | N/A |
| N/A | N/A | C:\Windows\{65782627-3DC2-4ab2-9F09-78420C969855}.exe | N/A |
| N/A | N/A | C:\Windows\{27A73443-9C5D-4728-9E0A-6A5116D8E9A2}.exe | N/A |
| N/A | N/A | C:\Windows\{07902000-F022-491c-B968-7A01A8B7FDC3}.exe | N/A |
| N/A | N/A | C:\Windows\{F027BE9B-853C-47da-943B-B4E9B045E1C7}.exe | N/A |
| N/A | N/A | C:\Windows\{F0DB803E-0673-47ab-8BE2-A9EF78FE34BB}.exe | N/A |
| N/A | N/A | C:\Windows\{5AAEBD8E-BBFA-4006-9F32-2913F96BCD02}.exe | N/A |
| N/A | N/A | C:\Windows\{6C823AB3-D565-4b9d-80D0-BBB9D4B54F90}.exe | N/A |
| N/A | N/A | C:\Windows\{B1B6B830-878E-461d-9A5D-979B7B9AFA72}.exe | N/A |
| N/A | N/A | C:\Windows\{6AFCEA01-5C4C-4f1f-9184-B473D11E4683}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{23B4E215-D468-43e5-A7E8-EBD0D6A646E3}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_75d172b074cfb2f8092b21b0cb1417b8_goldeneye.exe | N/A |
| File created | C:\Windows\{F027BE9B-853C-47da-943B-B4E9B045E1C7}.exe | C:\Windows\{07902000-F022-491c-B968-7A01A8B7FDC3}.exe | N/A |
| File created | C:\Windows\{F0DB803E-0673-47ab-8BE2-A9EF78FE34BB}.exe | C:\Windows\{F027BE9B-853C-47da-943B-B4E9B045E1C7}.exe | N/A |
| File created | C:\Windows\{5AAEBD8E-BBFA-4006-9F32-2913F96BCD02}.exe | C:\Windows\{F0DB803E-0673-47ab-8BE2-A9EF78FE34BB}.exe | N/A |
| File created | C:\Windows\{6C823AB3-D565-4b9d-80D0-BBB9D4B54F90}.exe | C:\Windows\{5AAEBD8E-BBFA-4006-9F32-2913F96BCD02}.exe | N/A |
| File created | C:\Windows\{6AFCEA01-5C4C-4f1f-9184-B473D11E4683}.exe | C:\Windows\{B1B6B830-878E-461d-9A5D-979B7B9AFA72}.exe | N/A |
| File created | C:\Windows\{4CF251A6-6B71-44d7-9C3C-0A31E7321906}.exe | C:\Windows\{23B4E215-D468-43e5-A7E8-EBD0D6A646E3}.exe | N/A |
| File created | C:\Windows\{65782627-3DC2-4ab2-9F09-78420C969855}.exe | C:\Windows\{4CF251A6-6B71-44d7-9C3C-0A31E7321906}.exe | N/A |
| File created | C:\Windows\{27A73443-9C5D-4728-9E0A-6A5116D8E9A2}.exe | C:\Windows\{65782627-3DC2-4ab2-9F09-78420C969855}.exe | N/A |
| File created | C:\Windows\{07902000-F022-491c-B968-7A01A8B7FDC3}.exe | C:\Windows\{27A73443-9C5D-4728-9E0A-6A5116D8E9A2}.exe | N/A |
| File created | C:\Windows\{B1B6B830-878E-461d-9A5D-979B7B9AFA72}.exe | C:\Windows\{6C823AB3-D565-4b9d-80D0-BBB9D4B54F90}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_75d172b074cfb2f8092b21b0cb1417b8_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_75d172b074cfb2f8092b21b0cb1417b8_goldeneye.exe"
C:\Windows\{23B4E215-D468-43e5-A7E8-EBD0D6A646E3}.exe
C:\Windows\{23B4E215-D468-43e5-A7E8-EBD0D6A646E3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{4CF251A6-6B71-44d7-9C3C-0A31E7321906}.exe
C:\Windows\{4CF251A6-6B71-44d7-9C3C-0A31E7321906}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{23B4E~1.EXE > nul
C:\Windows\{65782627-3DC2-4ab2-9F09-78420C969855}.exe
C:\Windows\{65782627-3DC2-4ab2-9F09-78420C969855}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4CF25~1.EXE > nul
C:\Windows\{27A73443-9C5D-4728-9E0A-6A5116D8E9A2}.exe
C:\Windows\{27A73443-9C5D-4728-9E0A-6A5116D8E9A2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{65782~1.EXE > nul
C:\Windows\{07902000-F022-491c-B968-7A01A8B7FDC3}.exe
C:\Windows\{07902000-F022-491c-B968-7A01A8B7FDC3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{27A73~1.EXE > nul
C:\Windows\{F027BE9B-853C-47da-943B-B4E9B045E1C7}.exe
C:\Windows\{F027BE9B-853C-47da-943B-B4E9B045E1C7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{07902~1.EXE > nul
C:\Windows\{F0DB803E-0673-47ab-8BE2-A9EF78FE34BB}.exe
C:\Windows\{F0DB803E-0673-47ab-8BE2-A9EF78FE34BB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F027B~1.EXE > nul
C:\Windows\{5AAEBD8E-BBFA-4006-9F32-2913F96BCD02}.exe
C:\Windows\{5AAEBD8E-BBFA-4006-9F32-2913F96BCD02}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F0DB8~1.EXE > nul
C:\Windows\{6C823AB3-D565-4b9d-80D0-BBB9D4B54F90}.exe
C:\Windows\{6C823AB3-D565-4b9d-80D0-BBB9D4B54F90}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5AAEB~1.EXE > nul
C:\Windows\{B1B6B830-878E-461d-9A5D-979B7B9AFA72}.exe
C:\Windows\{B1B6B830-878E-461d-9A5D-979B7B9AFA72}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6C823~1.EXE > nul
C:\Windows\{6AFCEA01-5C4C-4f1f-9184-B473D11E4683}.exe
C:\Windows\{6AFCEA01-5C4C-4f1f-9184-B473D11E4683}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B1B6B~1.EXE > nul
Network
Files
C:\Windows\{23B4E215-D468-43e5-A7E8-EBD0D6A646E3}.exe
| MD5 | 36b79d330b1d71ada09236c47c67f8cf |
| SHA1 | d1939977766e962f336a21f61e5378cb9362f0cd |
| SHA256 | 73b2ba53274fcc5a5dd439e7789d4f5d9c0d153bd84d218d297da362cdb19b73 |
| SHA512 | 31d09766e14c48d99d76aeac802b89c63f8ef4caea63147f31e3179bb65a3aea6ba182920d13215cc7c00b582906b866332dd7312d33e546cfa0ae41b9cbcfde |
C:\Windows\{4CF251A6-6B71-44d7-9C3C-0A31E7321906}.exe
| MD5 | 7ca9dbc2743ebf88d6a047e019c94550 |
| SHA1 | 79f34246006be021ec01d7f087cb5a21b71c0c0a |
| SHA256 | d7a97f111875869d2e67811f7d19b7d9e5479fc47bd8f0988d29d5d19a8002a4 |
| SHA512 | 5884303716b423376a6ccb8526d290e872b4886f1fb70f14b99a0858cd566d71d75052ad95b30896947a29772a66583141b7204ca2a9b3139e07e2f5d04138fb |
C:\Windows\{65782627-3DC2-4ab2-9F09-78420C969855}.exe
| MD5 | d8082e1fb1ad8dfbad4444e90265c173 |
| SHA1 | 3c9cd35a4bd6eeb9875d3097fbce64c8628abb7d |
| SHA256 | 2d12105fa4f585b2106f8e9cfb7bb5be3fcda084f367437e69815dfa40519be5 |
| SHA512 | e681f70f6a6db6c7d9ad61a1ca606a674ee9cea75f3e9bf553b3e16da8549ecabbd42c421d6d75731e00aa2330ede1bd3376fbde75813be1c6819e2b5f2748d3 |
C:\Windows\{27A73443-9C5D-4728-9E0A-6A5116D8E9A2}.exe
| MD5 | c29e441448ba725cfe04f36dbe0270a0 |
| SHA1 | 947fa7cb93afb1e03424db044647587ae75abfc2 |
| SHA256 | f7b4d05b685fa0759a97cbd6180794da78c4e91d860e913e9ace5a7bef87b439 |
| SHA512 | 5603eddbf0e4b10620d8ce80551e153bc609193e0bddde27c6292884b3351da1e673049fae047a2b4e30e19f13cda1e02758a64f18fd00e47262541fe4023237 |
C:\Windows\{07902000-F022-491c-B968-7A01A8B7FDC3}.exe
| MD5 | 9368918784f91ff17d6b67c6d4f1e256 |
| SHA1 | 76d2e7554374fceb7c98e90835f48da3d0382ee4 |
| SHA256 | e732887af2a1cf0474280aa0cc79638549685bc133c5bed6bdeedb916a433908 |
| SHA512 | 0105010c8d6fecf22b5dfd99ba08bf8a73ff0c5218912941cfd9da573011f7154c6265580d5ec4995a77fb5ee85b6723ad6c099af96cf6a6169b8b144eebb398 |
C:\Windows\{F027BE9B-853C-47da-943B-B4E9B045E1C7}.exe
| MD5 | 1c9704de3a87a2fe157564ab75d5f8f6 |
| SHA1 | 23efcbae6bd563aaa9724e1895de374db8de8cca |
| SHA256 | b0d406d986cc8dea963670ba30d921f7e6a94aed2b0c45207fa0ddfc365ab2f5 |
| SHA512 | eb25996d6ccb1de29e238bdfbb484ca784afee15725394f9bc34b713726a51c7f75e9f0b866f81159737dd4e0e32cee02b4d04938eb5147f6d827baa5d5daed0 |
C:\Windows\{F0DB803E-0673-47ab-8BE2-A9EF78FE34BB}.exe
| MD5 | 9af7a6a0181cada47cda5572898e1f34 |
| SHA1 | 4dbcd378953937a6a1aa7bcd29eb8a51eca8af79 |
| SHA256 | 1f56cec93c7d22b67466bbb5931cf8045ab59410fff96d3f2134e5605354629d |
| SHA512 | ffce8cf660ac8476d5d2daa2bf3be7726174ae0fe314b5e8fbfac68b507b9eb2e919c7303ac4c71ac21c89ad802274f77ec4395a8e004a4bf344af299eea3d18 |
C:\Windows\{5AAEBD8E-BBFA-4006-9F32-2913F96BCD02}.exe
| MD5 | cba1ec6d6f4347665cda465a237a6d80 |
| SHA1 | e5177b45bce3c4ef78d51c4edfee766cf4739d0d |
| SHA256 | 77993e3659edc3a5e79fa66187d8c35b60a909241ebc8cfcf68141d62c29684e |
| SHA512 | bfdab196c942fd0a0847d98e39c03e5657d085d06599127ee589316e892e89059da455dac6eb4fc418f94aa0726def34991f8c5dac8630de775349b1df632127 |
C:\Windows\{6C823AB3-D565-4b9d-80D0-BBB9D4B54F90}.exe
| MD5 | cf131a7cfa7e3bebae4a9ba0ba54168a |
| SHA1 | 04d078bec5baff0b34825901f841821f009a26ed |
| SHA256 | dddb9316cb33e238711de14e2fd66ccce74936c4e101a18f1aa35a801c7fed45 |
| SHA512 | a10ea3bfd703328e8fe3a07204fa641e9c795cf7eaa46db44ebe832f077c366bd53c18f93f740cf6708d1b4404176eac9afb99812a9f2a9ef4dc256358a043ea |
C:\Windows\{B1B6B830-878E-461d-9A5D-979B7B9AFA72}.exe
| MD5 | e1658e689b8aaefaa4c0ce1b796b468d |
| SHA1 | 874a3058b8c2f83ef20fa91aee893538e64a652c |
| SHA256 | 6e31d80fb7bb8c07421895c3198379726c719e91143470bafc1c97cc3e749c1b |
| SHA512 | a171bb392ad7c4c3425f52821cfa9b70a5c71281eba26e9ddeefb1767a59c6d2b858480d1d4664b4bcede8591af1bddf36fafdddab0c3645c2bc5f7b04733cf5 |
C:\Windows\{6AFCEA01-5C4C-4f1f-9184-B473D11E4683}.exe
| MD5 | 74b93cb2a248b6694f252db76176d62a |
| SHA1 | 97b5d3acaaaf7af3f7ba9fe73a34cb931257d579 |
| SHA256 | 812c3fee92c96a0513677a64a0b123ac04ab8a9ee76623c32b5f66c6d300b682 |
| SHA512 | f745f8e55a3d6792290fa506136524a8e6906604dec6a9b4a8eb4b75d0e9270761eb90b5d81e52071a5d8eabdeef27e9cff3fc3b16a39360dd302bb6da8cfbe9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-04 13:39
Reported
2024-04-04 13:41
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{FABE5D89-D3C3-4e2e-9849-9FE6415E6493} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_75d172b074cfb2f8092b21b0cb1417b8_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89503AD9-6E16-4fab-B5CD-5405CBFFCD2B} | C:\Windows\{8B7BBF34-1979-4a8f-A7E7-073E461DBFD3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CC49627F-2E9A-4d49-BFAF-235B2C826019}\stubpath = "C:\\Windows\\{CC49627F-2E9A-4d49-BFAF-235B2C826019}.exe" | C:\Windows\{134EC873-14C7-4224-A6CE-00ACF8741AC0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{134EC873-14C7-4224-A6CE-00ACF8741AC0} | C:\Windows\{3273E874-44BD-4edd-B26C-2744E3FAB38F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{51CFBEF9-AE19-4f07-A4CA-7FB909FBC436}\stubpath = "C:\\Windows\\{51CFBEF9-AE19-4f07-A4CA-7FB909FBC436}.exe" | C:\Windows\{CC49627F-2E9A-4d49-BFAF-235B2C826019}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B2A7F5F6-7E5F-41d4-9F15-35797C80D352}\stubpath = "C:\\Windows\\{B2A7F5F6-7E5F-41d4-9F15-35797C80D352}.exe" | C:\Windows\{FABE5D89-D3C3-4e2e-9849-9FE6415E6493}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8B7BBF34-1979-4a8f-A7E7-073E461DBFD3} | C:\Windows\{58713D09-73AC-4eda-A452-AEC46CE74E13}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A6E48A4E-3B89-4fbf-ACDE-70925D5F65F8} | C:\Windows\{89503AD9-6E16-4fab-B5CD-5405CBFFCD2B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{312CEC6F-501D-48a4-9CF2-B8FB40EE42E0} | C:\Windows\{A6E48A4E-3B89-4fbf-ACDE-70925D5F65F8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B29A60B6-4A70-4c08-9EAB-9B89A863D987}\stubpath = "C:\\Windows\\{B29A60B6-4A70-4c08-9EAB-9B89A863D987}.exe" | C:\Windows\{312CEC6F-501D-48a4-9CF2-B8FB40EE42E0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{134EC873-14C7-4224-A6CE-00ACF8741AC0}\stubpath = "C:\\Windows\\{134EC873-14C7-4224-A6CE-00ACF8741AC0}.exe" | C:\Windows\{3273E874-44BD-4edd-B26C-2744E3FAB38F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CC49627F-2E9A-4d49-BFAF-235B2C826019} | C:\Windows\{134EC873-14C7-4224-A6CE-00ACF8741AC0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{51CFBEF9-AE19-4f07-A4CA-7FB909FBC436} | C:\Windows\{CC49627F-2E9A-4d49-BFAF-235B2C826019}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{FABE5D89-D3C3-4e2e-9849-9FE6415E6493}\stubpath = "C:\\Windows\\{FABE5D89-D3C3-4e2e-9849-9FE6415E6493}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_75d172b074cfb2f8092b21b0cb1417b8_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{58713D09-73AC-4eda-A452-AEC46CE74E13} | C:\Windows\{B2A7F5F6-7E5F-41d4-9F15-35797C80D352}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{58713D09-73AC-4eda-A452-AEC46CE74E13}\stubpath = "C:\\Windows\\{58713D09-73AC-4eda-A452-AEC46CE74E13}.exe" | C:\Windows\{B2A7F5F6-7E5F-41d4-9F15-35797C80D352}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{312CEC6F-501D-48a4-9CF2-B8FB40EE42E0}\stubpath = "C:\\Windows\\{312CEC6F-501D-48a4-9CF2-B8FB40EE42E0}.exe" | C:\Windows\{A6E48A4E-3B89-4fbf-ACDE-70925D5F65F8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3273E874-44BD-4edd-B26C-2744E3FAB38F} | C:\Windows\{B29A60B6-4A70-4c08-9EAB-9B89A863D987}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3273E874-44BD-4edd-B26C-2744E3FAB38F}\stubpath = "C:\\Windows\\{3273E874-44BD-4edd-B26C-2744E3FAB38F}.exe" | C:\Windows\{B29A60B6-4A70-4c08-9EAB-9B89A863D987}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B2A7F5F6-7E5F-41d4-9F15-35797C80D352} | C:\Windows\{FABE5D89-D3C3-4e2e-9849-9FE6415E6493}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8B7BBF34-1979-4a8f-A7E7-073E461DBFD3}\stubpath = "C:\\Windows\\{8B7BBF34-1979-4a8f-A7E7-073E461DBFD3}.exe" | C:\Windows\{58713D09-73AC-4eda-A452-AEC46CE74E13}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89503AD9-6E16-4fab-B5CD-5405CBFFCD2B}\stubpath = "C:\\Windows\\{89503AD9-6E16-4fab-B5CD-5405CBFFCD2B}.exe" | C:\Windows\{8B7BBF34-1979-4a8f-A7E7-073E461DBFD3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A6E48A4E-3B89-4fbf-ACDE-70925D5F65F8}\stubpath = "C:\\Windows\\{A6E48A4E-3B89-4fbf-ACDE-70925D5F65F8}.exe" | C:\Windows\{89503AD9-6E16-4fab-B5CD-5405CBFFCD2B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B29A60B6-4A70-4c08-9EAB-9B89A863D987} | C:\Windows\{312CEC6F-501D-48a4-9CF2-B8FB40EE42E0}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{FABE5D89-D3C3-4e2e-9849-9FE6415E6493}.exe | N/A |
| N/A | N/A | C:\Windows\{B2A7F5F6-7E5F-41d4-9F15-35797C80D352}.exe | N/A |
| N/A | N/A | C:\Windows\{58713D09-73AC-4eda-A452-AEC46CE74E13}.exe | N/A |
| N/A | N/A | C:\Windows\{8B7BBF34-1979-4a8f-A7E7-073E461DBFD3}.exe | N/A |
| N/A | N/A | C:\Windows\{89503AD9-6E16-4fab-B5CD-5405CBFFCD2B}.exe | N/A |
| N/A | N/A | C:\Windows\{A6E48A4E-3B89-4fbf-ACDE-70925D5F65F8}.exe | N/A |
| N/A | N/A | C:\Windows\{312CEC6F-501D-48a4-9CF2-B8FB40EE42E0}.exe | N/A |
| N/A | N/A | C:\Windows\{B29A60B6-4A70-4c08-9EAB-9B89A863D987}.exe | N/A |
| N/A | N/A | C:\Windows\{3273E874-44BD-4edd-B26C-2744E3FAB38F}.exe | N/A |
| N/A | N/A | C:\Windows\{134EC873-14C7-4224-A6CE-00ACF8741AC0}.exe | N/A |
| N/A | N/A | C:\Windows\{CC49627F-2E9A-4d49-BFAF-235B2C826019}.exe | N/A |
| N/A | N/A | C:\Windows\{51CFBEF9-AE19-4f07-A4CA-7FB909FBC436}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{FABE5D89-D3C3-4e2e-9849-9FE6415E6493}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_75d172b074cfb2f8092b21b0cb1417b8_goldeneye.exe | N/A |
| File created | C:\Windows\{B2A7F5F6-7E5F-41d4-9F15-35797C80D352}.exe | C:\Windows\{FABE5D89-D3C3-4e2e-9849-9FE6415E6493}.exe | N/A |
| File created | C:\Windows\{89503AD9-6E16-4fab-B5CD-5405CBFFCD2B}.exe | C:\Windows\{8B7BBF34-1979-4a8f-A7E7-073E461DBFD3}.exe | N/A |
| File created | C:\Windows\{312CEC6F-501D-48a4-9CF2-B8FB40EE42E0}.exe | C:\Windows\{A6E48A4E-3B89-4fbf-ACDE-70925D5F65F8}.exe | N/A |
| File created | C:\Windows\{134EC873-14C7-4224-A6CE-00ACF8741AC0}.exe | C:\Windows\{3273E874-44BD-4edd-B26C-2744E3FAB38F}.exe | N/A |
| File created | C:\Windows\{CC49627F-2E9A-4d49-BFAF-235B2C826019}.exe | C:\Windows\{134EC873-14C7-4224-A6CE-00ACF8741AC0}.exe | N/A |
| File created | C:\Windows\{51CFBEF9-AE19-4f07-A4CA-7FB909FBC436}.exe | C:\Windows\{CC49627F-2E9A-4d49-BFAF-235B2C826019}.exe | N/A |
| File created | C:\Windows\{58713D09-73AC-4eda-A452-AEC46CE74E13}.exe | C:\Windows\{B2A7F5F6-7E5F-41d4-9F15-35797C80D352}.exe | N/A |
| File created | C:\Windows\{8B7BBF34-1979-4a8f-A7E7-073E461DBFD3}.exe | C:\Windows\{58713D09-73AC-4eda-A452-AEC46CE74E13}.exe | N/A |
| File created | C:\Windows\{A6E48A4E-3B89-4fbf-ACDE-70925D5F65F8}.exe | C:\Windows\{89503AD9-6E16-4fab-B5CD-5405CBFFCD2B}.exe | N/A |
| File created | C:\Windows\{B29A60B6-4A70-4c08-9EAB-9B89A863D987}.exe | C:\Windows\{312CEC6F-501D-48a4-9CF2-B8FB40EE42E0}.exe | N/A |
| File created | C:\Windows\{3273E874-44BD-4edd-B26C-2744E3FAB38F}.exe | C:\Windows\{B29A60B6-4A70-4c08-9EAB-9B89A863D987}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_75d172b074cfb2f8092b21b0cb1417b8_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_75d172b074cfb2f8092b21b0cb1417b8_goldeneye.exe"
C:\Windows\{FABE5D89-D3C3-4e2e-9849-9FE6415E6493}.exe
C:\Windows\{FABE5D89-D3C3-4e2e-9849-9FE6415E6493}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{B2A7F5F6-7E5F-41d4-9F15-35797C80D352}.exe
C:\Windows\{B2A7F5F6-7E5F-41d4-9F15-35797C80D352}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FABE5~1.EXE > nul
C:\Windows\{58713D09-73AC-4eda-A452-AEC46CE74E13}.exe
C:\Windows\{58713D09-73AC-4eda-A452-AEC46CE74E13}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B2A7F~1.EXE > nul
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4120 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
C:\Windows\{8B7BBF34-1979-4a8f-A7E7-073E461DBFD3}.exe
C:\Windows\{8B7BBF34-1979-4a8f-A7E7-073E461DBFD3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{58713~1.EXE > nul
C:\Windows\{89503AD9-6E16-4fab-B5CD-5405CBFFCD2B}.exe
C:\Windows\{89503AD9-6E16-4fab-B5CD-5405CBFFCD2B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8B7BB~1.EXE > nul
C:\Windows\{A6E48A4E-3B89-4fbf-ACDE-70925D5F65F8}.exe
C:\Windows\{A6E48A4E-3B89-4fbf-ACDE-70925D5F65F8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{89503~1.EXE > nul
C:\Windows\{312CEC6F-501D-48a4-9CF2-B8FB40EE42E0}.exe
C:\Windows\{312CEC6F-501D-48a4-9CF2-B8FB40EE42E0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A6E48~1.EXE > nul
C:\Windows\{B29A60B6-4A70-4c08-9EAB-9B89A863D987}.exe
C:\Windows\{B29A60B6-4A70-4c08-9EAB-9B89A863D987}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{312CE~1.EXE > nul
C:\Windows\{3273E874-44BD-4edd-B26C-2744E3FAB38F}.exe
C:\Windows\{3273E874-44BD-4edd-B26C-2744E3FAB38F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B29A6~1.EXE > nul
C:\Windows\{134EC873-14C7-4224-A6CE-00ACF8741AC0}.exe
C:\Windows\{134EC873-14C7-4224-A6CE-00ACF8741AC0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3273E~1.EXE > nul
C:\Windows\{CC49627F-2E9A-4d49-BFAF-235B2C826019}.exe
C:\Windows\{CC49627F-2E9A-4d49-BFAF-235B2C826019}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{134EC~1.EXE > nul
C:\Windows\{51CFBEF9-AE19-4f07-A4CA-7FB909FBC436}.exe
C:\Windows\{51CFBEF9-AE19-4f07-A4CA-7FB909FBC436}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CC496~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.234:443 | tcp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.192.11.51.in-addr.arpa | udp |
Files
C:\Windows\{FABE5D89-D3C3-4e2e-9849-9FE6415E6493}.exe
| MD5 | 7fa99a1b13dcfdf38860fe66096360f5 |
| SHA1 | c5d6f11e99928902aa2efa8794ea0c7930809ae3 |
| SHA256 | 0f49c54332066c3fbbfa36e8c6e9561877ebb1c4076eb619172dd6120a5fdf60 |
| SHA512 | dc34abf652e104d42cdea2e8393f2d9d62e41410f92ce725541f378f26b1b1a7777de402c92ca3f143212591f64d857123e651b38d8113f20c336cde47c0ddff |
C:\Windows\{B2A7F5F6-7E5F-41d4-9F15-35797C80D352}.exe
| MD5 | a2b469acc741ff446ed07b19c9fe2086 |
| SHA1 | 9ebaca265e9a8079971731d103405817c96dc5f3 |
| SHA256 | 5c25a4e27277a720be1c29023447bec5bd576a2e34220a59680512a8f8f56afb |
| SHA512 | 12c24b7063f373aebd8456614806e8efad6f41be8b79daa641cf839a31596b172c9fcf906e07ec0078abf7e7d13167fe57dbbcc4ef3691d780f06aa1d5f5a8ed |
C:\Windows\{58713D09-73AC-4eda-A452-AEC46CE74E13}.exe
| MD5 | fb286c9ab84cea71bf8f7782df0c2786 |
| SHA1 | d27aeeb9165a88cddf33cd522ec24d8b17e50f39 |
| SHA256 | 4dcaf0464314cdacb6a0fc0329a01008e8acd9c8f4739add2d7efd76ef41630d |
| SHA512 | a7e2ccb4b6995c76eb83d92ae2b7a5e6ef2fc450cf239f1c93da8e92d80161e5f1cab9daec2c9f529ec6703cbd2a38fcbb6a51ad6a23333b0534b5bcadf86739 |
C:\Windows\{8B7BBF34-1979-4a8f-A7E7-073E461DBFD3}.exe
| MD5 | 9c23c000ff24d2de75f109d08b7b5717 |
| SHA1 | 9ccf169df18dd046e2140d13861eadbf6672fe9a |
| SHA256 | e10d42099f1f2162fc42d3212295334a3580a81ba9a9835208c40cf1cab8a235 |
| SHA512 | cc1fc7ee863521037eaed556b33f2d5df935485073d7112a3ded7fce848488ea191abc0f6fe10c0eb97298976a7defb3b2d13b44e8112def89eedd61371b2c32 |
C:\Windows\{89503AD9-6E16-4fab-B5CD-5405CBFFCD2B}.exe
| MD5 | 4ef4b1bb048e2366cca9888888845065 |
| SHA1 | fd90bca1781a8ab43827d38fb63b4104c0a38f85 |
| SHA256 | 8046e03a15521890fcfde48929dc5d1bcf42df6ec58ebb3eaf64c032b1a26c64 |
| SHA512 | 4b15f79cc7abb515975593ee701d6166e2feea69cec07dea7cf8a14569efeade836de844421c78c938267400ccec77a3b8322fc27f4d2033ed37e675ebd6d058 |
C:\Windows\{A6E48A4E-3B89-4fbf-ACDE-70925D5F65F8}.exe
| MD5 | efdd2ed4c8eb69b467fe63489da18f7c |
| SHA1 | d00006428cdd92377a94e7b3ddffb3efbc4a0720 |
| SHA256 | 07a130aad3469a8fe520a963409f04d0d2c741a1a2e0147a8efd775051f848be |
| SHA512 | ad6d8811c55c35d0c76d1ceb68e6d335503e83be7ea7231835cbe56ba62ff3381e582324ffc913c27ad5f7923abc19656368a2db00cba7568693025181a4be17 |
C:\Windows\{312CEC6F-501D-48a4-9CF2-B8FB40EE42E0}.exe
| MD5 | ec4af289c61c289d6098753668b2170f |
| SHA1 | 228774804e1f74a660dba9107f337448831e1df7 |
| SHA256 | 6475da04b8bbd6a0be87c4cc682b499f18f2c5bf32d2e0703b39f9f87c7296b2 |
| SHA512 | 7377b3c2adca235c404645d767c43b5427d9a06c3281745d4e1e75727a8bb2e0f47525264cb4abd9a29712ed38fe07e408606bfe0b80a80c53487fe9fe8a343e |
C:\Windows\{B29A60B6-4A70-4c08-9EAB-9B89A863D987}.exe
| MD5 | 54f891e79fb1113bfafb9a7920f58f7b |
| SHA1 | cad301e4ad54bd74facd6305b1346725e6a70500 |
| SHA256 | b664a416a29b36a123dd8e3a2c60c81dd7f5c6fed8fe47adcbea0625715f3f92 |
| SHA512 | 122edeb009466bb45036092da15a72765c8fa903e577516fac1e075cf24efd88aa566b0616c3ba8cf129af40497d87b8c53d47300365c37aabda6931d558d337 |
C:\Windows\{3273E874-44BD-4edd-B26C-2744E3FAB38F}.exe
| MD5 | 407110a478ef158962a99ad11c8b4a2a |
| SHA1 | 3af48962c5ecc0e2321ae388d0c8203ec13bfcda |
| SHA256 | 106c6c418a4ffcce6443c673994765c56b9713b79b4d18684ce8e7ebab6f7f05 |
| SHA512 | 465773220871c8b207bbc7c643eddafe52cbf717d603deaa3463577018e7f4f0563b89b61fb270964f8e08b3605010f55e2208f393f5bd1e5e8dcd63fd9fd42b |
C:\Windows\{134EC873-14C7-4224-A6CE-00ACF8741AC0}.exe
| MD5 | 67a9b676c2a33d31a29b44294e841505 |
| SHA1 | 768ef1b50fd193f1d1170e448da0139f1b964127 |
| SHA256 | c0bd39f11f9d3a568c107094a6804a5b0eca2274b079313c911593c9c205f8a2 |
| SHA512 | 9738ce91a09f65f433e2f459eb61cb189e4e1f709827c6a059a383794f5637d05a0c11ee94f5569b6c933bf72a57f985fa96fe07584b3e05e98aac6d52399fb6 |
C:\Windows\{CC49627F-2E9A-4d49-BFAF-235B2C826019}.exe
| MD5 | 1accfb19b813188153da23bf2eb1fd36 |
| SHA1 | 4bacc4e3faadff2dc8ed75a7e9cc87b185ced2ea |
| SHA256 | 60546a252eb2dbb75eee4c638236b8d743142519cfad6288b8bed3d383ec1177 |
| SHA512 | 04197b451cb32c357d60f2d82345912ec1d21aadae15826cef023e9b27b5056b7e9f54c249d2710470a5467315423e46d53f7d1cdda5abfd8702568335f9eb4b |
C:\Windows\{51CFBEF9-AE19-4f07-A4CA-7FB909FBC436}.exe
| MD5 | b328a2946e09bb4293f535fa4c86db4d |
| SHA1 | 6a29e7fdc13c2e799e70d311a2cd3fe393770325 |
| SHA256 | e83368b1da504eefb132b35b615b56fad788fc8dc0f55df2fc21d528a92b8770 |
| SHA512 | 5f6049be238773536e409566f7c69d202562a815a073271f19c8693cf9e9e2dba638949569e8f92d3ce39cde3df5436d1e79e0ea379662a9824b04934c906ac2 |