Analysis Overview
SHA256
8c74b39e1abe43c7e9774cdf80e1d441b320de635c37baa31c98f01586e57afc
Threat Level: Known bad
The file 2024-04-04_7797130fb4e98aab4021671402741353_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-04 13:39
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-04 13:39
Reported
2024-04-04 13:42
Platform
win7-20240221-en
Max time kernel
144s
Max time network
126s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF64B707-0AE1-41c4-B072-C6D308180806} | C:\Windows\{479ED959-8E57-4209-A82B-678A006E7D34}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{19C9C6B0-F2F2-4c3c-BDD7-C2651072E9F1}\stubpath = "C:\\Windows\\{19C9C6B0-F2F2-4c3c-BDD7-C2651072E9F1}.exe" | C:\Windows\{EF64B707-0AE1-41c4-B072-C6D308180806}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8BD19470-5747-4942-880A-EA1AC2780B88}\stubpath = "C:\\Windows\\{8BD19470-5747-4942-880A-EA1AC2780B88}.exe" | C:\Windows\{DDACB699-91B4-4a00-8E27-5CA6D3255798}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{701069A2-B2E9-4bd2-8190-740A89155C4A}\stubpath = "C:\\Windows\\{701069A2-B2E9-4bd2-8190-740A89155C4A}.exe" | C:\Windows\{15D6E019-9C27-43f2-A8E0-637AC6A88366}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{17AABC3A-24D2-4e6f-8C23-C2C8CD6D22DC}\stubpath = "C:\\Windows\\{17AABC3A-24D2-4e6f-8C23-C2C8CD6D22DC}.exe" | C:\Windows\{701069A2-B2E9-4bd2-8190-740A89155C4A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4B67B273-5D11-480d-8A63-C998AAC84425}\stubpath = "C:\\Windows\\{4B67B273-5D11-480d-8A63-C998AAC84425}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_7797130fb4e98aab4021671402741353_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF64B707-0AE1-41c4-B072-C6D308180806}\stubpath = "C:\\Windows\\{EF64B707-0AE1-41c4-B072-C6D308180806}.exe" | C:\Windows\{479ED959-8E57-4209-A82B-678A006E7D34}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{15D6E019-9C27-43f2-A8E0-637AC6A88366}\stubpath = "C:\\Windows\\{15D6E019-9C27-43f2-A8E0-637AC6A88366}.exe" | C:\Windows\{A404D399-FAD0-4ab6-9AD6-633443E263B2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{479ED959-8E57-4209-A82B-678A006E7D34} | C:\Windows\{4B67B273-5D11-480d-8A63-C998AAC84425}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{479ED959-8E57-4209-A82B-678A006E7D34}\stubpath = "C:\\Windows\\{479ED959-8E57-4209-A82B-678A006E7D34}.exe" | C:\Windows\{4B67B273-5D11-480d-8A63-C998AAC84425}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{DDACB699-91B4-4a00-8E27-5CA6D3255798} | C:\Windows\{19C9C6B0-F2F2-4c3c-BDD7-C2651072E9F1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{DDACB699-91B4-4a00-8E27-5CA6D3255798}\stubpath = "C:\\Windows\\{DDACB699-91B4-4a00-8E27-5CA6D3255798}.exe" | C:\Windows\{19C9C6B0-F2F2-4c3c-BDD7-C2651072E9F1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8BD19470-5747-4942-880A-EA1AC2780B88} | C:\Windows\{DDACB699-91B4-4a00-8E27-5CA6D3255798}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AB9396A-8D9A-4c86-9E64-00D4C2EACC65} | C:\Windows\{17AABC3A-24D2-4e6f-8C23-C2C8CD6D22DC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4B67B273-5D11-480d-8A63-C998AAC84425} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_7797130fb4e98aab4021671402741353_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{19C9C6B0-F2F2-4c3c-BDD7-C2651072E9F1} | C:\Windows\{EF64B707-0AE1-41c4-B072-C6D308180806}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A404D399-FAD0-4ab6-9AD6-633443E263B2} | C:\Windows\{8BD19470-5747-4942-880A-EA1AC2780B88}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A404D399-FAD0-4ab6-9AD6-633443E263B2}\stubpath = "C:\\Windows\\{A404D399-FAD0-4ab6-9AD6-633443E263B2}.exe" | C:\Windows\{8BD19470-5747-4942-880A-EA1AC2780B88}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{15D6E019-9C27-43f2-A8E0-637AC6A88366} | C:\Windows\{A404D399-FAD0-4ab6-9AD6-633443E263B2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{701069A2-B2E9-4bd2-8190-740A89155C4A} | C:\Windows\{15D6E019-9C27-43f2-A8E0-637AC6A88366}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{17AABC3A-24D2-4e6f-8C23-C2C8CD6D22DC} | C:\Windows\{701069A2-B2E9-4bd2-8190-740A89155C4A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AB9396A-8D9A-4c86-9E64-00D4C2EACC65}\stubpath = "C:\\Windows\\{8AB9396A-8D9A-4c86-9E64-00D4C2EACC65}.exe" | C:\Windows\{17AABC3A-24D2-4e6f-8C23-C2C8CD6D22DC}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{4B67B273-5D11-480d-8A63-C998AAC84425}.exe | N/A |
| N/A | N/A | C:\Windows\{479ED959-8E57-4209-A82B-678A006E7D34}.exe | N/A |
| N/A | N/A | C:\Windows\{EF64B707-0AE1-41c4-B072-C6D308180806}.exe | N/A |
| N/A | N/A | C:\Windows\{19C9C6B0-F2F2-4c3c-BDD7-C2651072E9F1}.exe | N/A |
| N/A | N/A | C:\Windows\{DDACB699-91B4-4a00-8E27-5CA6D3255798}.exe | N/A |
| N/A | N/A | C:\Windows\{8BD19470-5747-4942-880A-EA1AC2780B88}.exe | N/A |
| N/A | N/A | C:\Windows\{A404D399-FAD0-4ab6-9AD6-633443E263B2}.exe | N/A |
| N/A | N/A | C:\Windows\{15D6E019-9C27-43f2-A8E0-637AC6A88366}.exe | N/A |
| N/A | N/A | C:\Windows\{701069A2-B2E9-4bd2-8190-740A89155C4A}.exe | N/A |
| N/A | N/A | C:\Windows\{17AABC3A-24D2-4e6f-8C23-C2C8CD6D22DC}.exe | N/A |
| N/A | N/A | C:\Windows\{8AB9396A-8D9A-4c86-9E64-00D4C2EACC65}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{EF64B707-0AE1-41c4-B072-C6D308180806}.exe | C:\Windows\{479ED959-8E57-4209-A82B-678A006E7D34}.exe | N/A |
| File created | C:\Windows\{DDACB699-91B4-4a00-8E27-5CA6D3255798}.exe | C:\Windows\{19C9C6B0-F2F2-4c3c-BDD7-C2651072E9F1}.exe | N/A |
| File created | C:\Windows\{8BD19470-5747-4942-880A-EA1AC2780B88}.exe | C:\Windows\{DDACB699-91B4-4a00-8E27-5CA6D3255798}.exe | N/A |
| File created | C:\Windows\{17AABC3A-24D2-4e6f-8C23-C2C8CD6D22DC}.exe | C:\Windows\{701069A2-B2E9-4bd2-8190-740A89155C4A}.exe | N/A |
| File created | C:\Windows\{4B67B273-5D11-480d-8A63-C998AAC84425}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_7797130fb4e98aab4021671402741353_goldeneye.exe | N/A |
| File created | C:\Windows\{479ED959-8E57-4209-A82B-678A006E7D34}.exe | C:\Windows\{4B67B273-5D11-480d-8A63-C998AAC84425}.exe | N/A |
| File created | C:\Windows\{19C9C6B0-F2F2-4c3c-BDD7-C2651072E9F1}.exe | C:\Windows\{EF64B707-0AE1-41c4-B072-C6D308180806}.exe | N/A |
| File created | C:\Windows\{A404D399-FAD0-4ab6-9AD6-633443E263B2}.exe | C:\Windows\{8BD19470-5747-4942-880A-EA1AC2780B88}.exe | N/A |
| File created | C:\Windows\{15D6E019-9C27-43f2-A8E0-637AC6A88366}.exe | C:\Windows\{A404D399-FAD0-4ab6-9AD6-633443E263B2}.exe | N/A |
| File created | C:\Windows\{701069A2-B2E9-4bd2-8190-740A89155C4A}.exe | C:\Windows\{15D6E019-9C27-43f2-A8E0-637AC6A88366}.exe | N/A |
| File created | C:\Windows\{8AB9396A-8D9A-4c86-9E64-00D4C2EACC65}.exe | C:\Windows\{17AABC3A-24D2-4e6f-8C23-C2C8CD6D22DC}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_7797130fb4e98aab4021671402741353_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_7797130fb4e98aab4021671402741353_goldeneye.exe"
C:\Windows\{4B67B273-5D11-480d-8A63-C998AAC84425}.exe
C:\Windows\{4B67B273-5D11-480d-8A63-C998AAC84425}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{479ED959-8E57-4209-A82B-678A006E7D34}.exe
C:\Windows\{479ED959-8E57-4209-A82B-678A006E7D34}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4B67B~1.EXE > nul
C:\Windows\{EF64B707-0AE1-41c4-B072-C6D308180806}.exe
C:\Windows\{EF64B707-0AE1-41c4-B072-C6D308180806}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{479ED~1.EXE > nul
C:\Windows\{19C9C6B0-F2F2-4c3c-BDD7-C2651072E9F1}.exe
C:\Windows\{19C9C6B0-F2F2-4c3c-BDD7-C2651072E9F1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EF64B~1.EXE > nul
C:\Windows\{DDACB699-91B4-4a00-8E27-5CA6D3255798}.exe
C:\Windows\{DDACB699-91B4-4a00-8E27-5CA6D3255798}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{19C9C~1.EXE > nul
C:\Windows\{8BD19470-5747-4942-880A-EA1AC2780B88}.exe
C:\Windows\{8BD19470-5747-4942-880A-EA1AC2780B88}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{DDACB~1.EXE > nul
C:\Windows\{A404D399-FAD0-4ab6-9AD6-633443E263B2}.exe
C:\Windows\{A404D399-FAD0-4ab6-9AD6-633443E263B2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8BD19~1.EXE > nul
C:\Windows\{15D6E019-9C27-43f2-A8E0-637AC6A88366}.exe
C:\Windows\{15D6E019-9C27-43f2-A8E0-637AC6A88366}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A404D~1.EXE > nul
C:\Windows\{701069A2-B2E9-4bd2-8190-740A89155C4A}.exe
C:\Windows\{701069A2-B2E9-4bd2-8190-740A89155C4A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{15D6E~1.EXE > nul
C:\Windows\{17AABC3A-24D2-4e6f-8C23-C2C8CD6D22DC}.exe
C:\Windows\{17AABC3A-24D2-4e6f-8C23-C2C8CD6D22DC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{70106~1.EXE > nul
C:\Windows\{8AB9396A-8D9A-4c86-9E64-00D4C2EACC65}.exe
C:\Windows\{8AB9396A-8D9A-4c86-9E64-00D4C2EACC65}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{17AAB~1.EXE > nul
Network
Files
C:\Windows\{4B67B273-5D11-480d-8A63-C998AAC84425}.exe
| MD5 | e5be26c98ab05b627390bdf1c4dc7eee |
| SHA1 | dc0a24f3c7cb0762551733d9d9a878fcc0c4fe95 |
| SHA256 | f9a3eaf85706ed531951d363e7293b9eb6d4d4b9678e7cd080da987464417737 |
| SHA512 | 18be4041b48db30ee9d018186bd23e01a490c8bc43ddd04292cf8650be5996fe31450f3c84cdee94f0d6e647f1c8e046e87f518925c825d42264c899963e7722 |
C:\Windows\{479ED959-8E57-4209-A82B-678A006E7D34}.exe
| MD5 | 3226383af96f23ed6c15099615c53f2e |
| SHA1 | 19074d42fa06d5897a09f34790216041d85b7b48 |
| SHA256 | cc243bb910a30e569aa78090f17eeb091794f148676a2cc26f31c5a0b9661298 |
| SHA512 | a1167ad30577c1fcdf03520bf2c080d8668e194cefd25fb5a1a2ec629e40e6aab828cc8541a4e775921598377aa11cf63365d7c6b1f21adafa5faaf1126cf27b |
C:\Windows\{EF64B707-0AE1-41c4-B072-C6D308180806}.exe
| MD5 | d67fce81cdf2e9c98df448455fb14693 |
| SHA1 | c486e1ae5862356bf2df13b7f49301fc47048482 |
| SHA256 | 5d1376f9fa78cba076eeee18af7603f9a884bb9b56d2776e01effec66d961d27 |
| SHA512 | aefb677d5bad632f03cbf25ecc1971c5b47150ac3839a754ab3a149aa1c3efe1aea5e562ad78427af98b0fc3632f219d6243d0c90fbe374c4fc1fd16fa282ee4 |
C:\Windows\{19C9C6B0-F2F2-4c3c-BDD7-C2651072E9F1}.exe
| MD5 | 17dd7042325e488205f8d6ec8edc5b26 |
| SHA1 | 076354257e30e86b87f8883f07fe09a0202b85a3 |
| SHA256 | babd8dfdc4393202af084096a368352aedae3f0bf70d56858c4c8a99d0550cd3 |
| SHA512 | 30b44983057a547378ce4cc918afa64f7591bd3baac80ed72538c54e88a2eea2c9d65fe14acedcc0c9843956fbdcd8bcaf756df67760b39e693ad4a1ec5a9b38 |
C:\Windows\{DDACB699-91B4-4a00-8E27-5CA6D3255798}.exe
| MD5 | 68362305ab8d8f95f38f1ac17c440b4f |
| SHA1 | f80c550ad1116dbc13609d71a563e9a2374e8688 |
| SHA256 | 63c41319b2cdbfad7f48bd5052edeb6a955c44bd3b6a094b8acc18469e9d1556 |
| SHA512 | 079b0ad27aedc5d1885c59c9758bab140f07a7b46604617d7a9f5fe8d4116f30bdf762d054f1d101770b075ecb9158fa5c77d91e27cb97d05a8fe856cca16e54 |
C:\Windows\{8BD19470-5747-4942-880A-EA1AC2780B88}.exe
| MD5 | bff04c454bc7598a85700deb7d07aba9 |
| SHA1 | 69b68dcdcf17228eb97c5f17d274e3a9e29f20a5 |
| SHA256 | 1258eeb5244f97789ba8f421aa5abf9f2048140fbc462cc61023b572f11af7e3 |
| SHA512 | 7601dcf95f0decb45ac7c1b4411873b1f9f4e8558ade62b5e63fd6eaa100cdba256c132d3fed31de9ebaf534bbc02ad303da86a85d36989e8c3821cd9560b57c |
C:\Windows\{A404D399-FAD0-4ab6-9AD6-633443E263B2}.exe
| MD5 | cb0dac43f5a603260c0b9174bba3e51b |
| SHA1 | d466f9751c7d54a238f5bcb2c82ed70e68cc0472 |
| SHA256 | a3fdeedd035cd0fc19f11a9c749df3abdfa63a87d096300011417f18cc825ab4 |
| SHA512 | fd9ca3dabe46db69081ee4733fddad8c4997bc99231e826446c80c1f42955d6bbece14277acc9030ec4c9addc3779025fb2d14e89ee4b38fad607af011e771b1 |
C:\Windows\{15D6E019-9C27-43f2-A8E0-637AC6A88366}.exe
| MD5 | 631dcae8ee24c26f4d132915534ac58e |
| SHA1 | c8b74c0492b64cbdf930352c2f981c028a50606e |
| SHA256 | c0d7248458053162b770ad6288c9deba702c96a8db867e3b7191d3082f49bd21 |
| SHA512 | 29a7f5b0e40ae93544ae4ebeedca314ee1270719c7957a07628cd54a9bb2a0ef12218abee6a6f6099c8d67ffbbbd33f1a4afa95a56c764c63d3dc707260af71a |
C:\Windows\{701069A2-B2E9-4bd2-8190-740A89155C4A}.exe
| MD5 | 175762126b01ee2af13bc19992adca7f |
| SHA1 | 507283c6fcab8f2077d1b26edf172fbe85bbaa4d |
| SHA256 | 09ae4b444b5ef98429db90bb27ad97a431ef4054caf740d6db85aca19e2f3a24 |
| SHA512 | 48ccd3609849cc828ef5d38209a284c377e99b8a226e94354c78da261cba467a751094751ecfed4aa1ba420f7533c488c822bf4671a233d9f36ca99ee9d51a00 |
C:\Windows\{17AABC3A-24D2-4e6f-8C23-C2C8CD6D22DC}.exe
| MD5 | 3cc8b0be906cbfec30eaedad70b9e906 |
| SHA1 | 4684f270f371121426e3a69f1a2f1d6e0d0791ee |
| SHA256 | b81a031479a692272ae90d96433cf8d5fa8a8c78942e41372e4ad6ea17c3170e |
| SHA512 | 6ba765a4e9d95ef129b46b3729de62ee837aa01c662903f6e26e466437f4b042ff282a6434c92f19b731b0f692a21025646930eec2b4e51c8beed6304a540761 |
C:\Windows\{8AB9396A-8D9A-4c86-9E64-00D4C2EACC65}.exe
| MD5 | 2b28276f4fa8f5ef87731c1297055929 |
| SHA1 | cbcd9b340ffd3eefaab22de1ea8166c32416f194 |
| SHA256 | 60893155b1007113497698a212a05f9353fd395cf75549e040d3af852b14c88b |
| SHA512 | 32490c2ddc1969c21c758fa1bf5f0195201b95534274b0f0a11b9a1b14e88715365478b233ec68f4a5829795d34893de37867a2a2b51574b07345d49378c15bb |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-04 13:39
Reported
2024-04-04 13:42
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8AECBE3B-7A34-4c19-A6C1-19EBE3FF15A9}\stubpath = "C:\\Windows\\{8AECBE3B-7A34-4c19-A6C1-19EBE3FF15A9}.exe" | C:\Windows\{943DE360-9E0A-4ce1-947A-CB6C9B63413D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AE68C556-2AA5-435d-A805-A18ACEA765AB}\stubpath = "C:\\Windows\\{AE68C556-2AA5-435d-A805-A18ACEA765AB}.exe" | C:\Windows\{98A3EBC1-5FA4-4bb6-8E22-3F02B0DF7D83}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{ED177511-98E0-4335-9B3F-E7A560115E6E}\stubpath = "C:\\Windows\\{ED177511-98E0-4335-9B3F-E7A560115E6E}.exe" | C:\Windows\{6E3F9756-6101-4e5d-92B0-A173F53D34DB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2BA95F16-C0F1-4419-AD52-EC1BE237A4CF}\stubpath = "C:\\Windows\\{2BA95F16-C0F1-4419-AD52-EC1BE237A4CF}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_7797130fb4e98aab4021671402741353_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8AECBE3B-7A34-4c19-A6C1-19EBE3FF15A9} | C:\Windows\{943DE360-9E0A-4ce1-947A-CB6C9B63413D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6C30CCD9-7F29-4062-A0A4-DA5203A7DE07}\stubpath = "C:\\Windows\\{6C30CCD9-7F29-4062-A0A4-DA5203A7DE07}.exe" | C:\Windows\{ED177511-98E0-4335-9B3F-E7A560115E6E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EF6DFE17-54C2-4fa2-A5C8-CCC1DAF8A2AA}\stubpath = "C:\\Windows\\{EF6DFE17-54C2-4fa2-A5C8-CCC1DAF8A2AA}.exe" | C:\Windows\{6C30CCD9-7F29-4062-A0A4-DA5203A7DE07}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3E95282A-F3ED-4c24-86C6-D9CBFA6CE17E} | C:\Windows\{EF6DFE17-54C2-4fa2-A5C8-CCC1DAF8A2AA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4B8DB74C-D0FF-4507-86A2-350678FFB2C9} | C:\Windows\{3E95282A-F3ED-4c24-86C6-D9CBFA6CE17E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{943DE360-9E0A-4ce1-947A-CB6C9B63413D} | C:\Windows\{2BA95F16-C0F1-4419-AD52-EC1BE237A4CF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6C30CCD9-7F29-4062-A0A4-DA5203A7DE07} | C:\Windows\{ED177511-98E0-4335-9B3F-E7A560115E6E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{98A3EBC1-5FA4-4bb6-8E22-3F02B0DF7D83} | C:\Windows\{8AECBE3B-7A34-4c19-A6C1-19EBE3FF15A9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{98A3EBC1-5FA4-4bb6-8E22-3F02B0DF7D83}\stubpath = "C:\\Windows\\{98A3EBC1-5FA4-4bb6-8E22-3F02B0DF7D83}.exe" | C:\Windows\{8AECBE3B-7A34-4c19-A6C1-19EBE3FF15A9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AE68C556-2AA5-435d-A805-A18ACEA765AB} | C:\Windows\{98A3EBC1-5FA4-4bb6-8E22-3F02B0DF7D83}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B80B0CB7-6FE6-4650-B1C8-766FB1754837} | C:\Windows\{AE68C556-2AA5-435d-A805-A18ACEA765AB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B80B0CB7-6FE6-4650-B1C8-766FB1754837}\stubpath = "C:\\Windows\\{B80B0CB7-6FE6-4650-B1C8-766FB1754837}.exe" | C:\Windows\{AE68C556-2AA5-435d-A805-A18ACEA765AB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{ED177511-98E0-4335-9B3F-E7A560115E6E} | C:\Windows\{6E3F9756-6101-4e5d-92B0-A173F53D34DB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2BA95F16-C0F1-4419-AD52-EC1BE237A4CF} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_7797130fb4e98aab4021671402741353_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{943DE360-9E0A-4ce1-947A-CB6C9B63413D}\stubpath = "C:\\Windows\\{943DE360-9E0A-4ce1-947A-CB6C9B63413D}.exe" | C:\Windows\{2BA95F16-C0F1-4419-AD52-EC1BE237A4CF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3E95282A-F3ED-4c24-86C6-D9CBFA6CE17E}\stubpath = "C:\\Windows\\{3E95282A-F3ED-4c24-86C6-D9CBFA6CE17E}.exe" | C:\Windows\{EF6DFE17-54C2-4fa2-A5C8-CCC1DAF8A2AA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EF6DFE17-54C2-4fa2-A5C8-CCC1DAF8A2AA} | C:\Windows\{6C30CCD9-7F29-4062-A0A4-DA5203A7DE07}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4B8DB74C-D0FF-4507-86A2-350678FFB2C9}\stubpath = "C:\\Windows\\{4B8DB74C-D0FF-4507-86A2-350678FFB2C9}.exe" | C:\Windows\{3E95282A-F3ED-4c24-86C6-D9CBFA6CE17E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6E3F9756-6101-4e5d-92B0-A173F53D34DB} | C:\Windows\{B80B0CB7-6FE6-4650-B1C8-766FB1754837}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6E3F9756-6101-4e5d-92B0-A173F53D34DB}\stubpath = "C:\\Windows\\{6E3F9756-6101-4e5d-92B0-A173F53D34DB}.exe" | C:\Windows\{B80B0CB7-6FE6-4650-B1C8-766FB1754837}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{2BA95F16-C0F1-4419-AD52-EC1BE237A4CF}.exe | N/A |
| N/A | N/A | C:\Windows\{943DE360-9E0A-4ce1-947A-CB6C9B63413D}.exe | N/A |
| N/A | N/A | C:\Windows\{8AECBE3B-7A34-4c19-A6C1-19EBE3FF15A9}.exe | N/A |
| N/A | N/A | C:\Windows\{98A3EBC1-5FA4-4bb6-8E22-3F02B0DF7D83}.exe | N/A |
| N/A | N/A | C:\Windows\{AE68C556-2AA5-435d-A805-A18ACEA765AB}.exe | N/A |
| N/A | N/A | C:\Windows\{B80B0CB7-6FE6-4650-B1C8-766FB1754837}.exe | N/A |
| N/A | N/A | C:\Windows\{6E3F9756-6101-4e5d-92B0-A173F53D34DB}.exe | N/A |
| N/A | N/A | C:\Windows\{ED177511-98E0-4335-9B3F-E7A560115E6E}.exe | N/A |
| N/A | N/A | C:\Windows\{6C30CCD9-7F29-4062-A0A4-DA5203A7DE07}.exe | N/A |
| N/A | N/A | C:\Windows\{EF6DFE17-54C2-4fa2-A5C8-CCC1DAF8A2AA}.exe | N/A |
| N/A | N/A | C:\Windows\{3E95282A-F3ED-4c24-86C6-D9CBFA6CE17E}.exe | N/A |
| N/A | N/A | C:\Windows\{4B8DB74C-D0FF-4507-86A2-350678FFB2C9}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{EF6DFE17-54C2-4fa2-A5C8-CCC1DAF8A2AA}.exe | C:\Windows\{6C30CCD9-7F29-4062-A0A4-DA5203A7DE07}.exe | N/A |
| File created | C:\Windows\{943DE360-9E0A-4ce1-947A-CB6C9B63413D}.exe | C:\Windows\{2BA95F16-C0F1-4419-AD52-EC1BE237A4CF}.exe | N/A |
| File created | C:\Windows\{8AECBE3B-7A34-4c19-A6C1-19EBE3FF15A9}.exe | C:\Windows\{943DE360-9E0A-4ce1-947A-CB6C9B63413D}.exe | N/A |
| File created | C:\Windows\{98A3EBC1-5FA4-4bb6-8E22-3F02B0DF7D83}.exe | C:\Windows\{8AECBE3B-7A34-4c19-A6C1-19EBE3FF15A9}.exe | N/A |
| File created | C:\Windows\{6C30CCD9-7F29-4062-A0A4-DA5203A7DE07}.exe | C:\Windows\{ED177511-98E0-4335-9B3F-E7A560115E6E}.exe | N/A |
| File created | C:\Windows\{ED177511-98E0-4335-9B3F-E7A560115E6E}.exe | C:\Windows\{6E3F9756-6101-4e5d-92B0-A173F53D34DB}.exe | N/A |
| File created | C:\Windows\{3E95282A-F3ED-4c24-86C6-D9CBFA6CE17E}.exe | C:\Windows\{EF6DFE17-54C2-4fa2-A5C8-CCC1DAF8A2AA}.exe | N/A |
| File created | C:\Windows\{4B8DB74C-D0FF-4507-86A2-350678FFB2C9}.exe | C:\Windows\{3E95282A-F3ED-4c24-86C6-D9CBFA6CE17E}.exe | N/A |
| File created | C:\Windows\{2BA95F16-C0F1-4419-AD52-EC1BE237A4CF}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_7797130fb4e98aab4021671402741353_goldeneye.exe | N/A |
| File created | C:\Windows\{AE68C556-2AA5-435d-A805-A18ACEA765AB}.exe | C:\Windows\{98A3EBC1-5FA4-4bb6-8E22-3F02B0DF7D83}.exe | N/A |
| File created | C:\Windows\{B80B0CB7-6FE6-4650-B1C8-766FB1754837}.exe | C:\Windows\{AE68C556-2AA5-435d-A805-A18ACEA765AB}.exe | N/A |
| File created | C:\Windows\{6E3F9756-6101-4e5d-92B0-A173F53D34DB}.exe | C:\Windows\{B80B0CB7-6FE6-4650-B1C8-766FB1754837}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_7797130fb4e98aab4021671402741353_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_7797130fb4e98aab4021671402741353_goldeneye.exe"
C:\Windows\{2BA95F16-C0F1-4419-AD52-EC1BE237A4CF}.exe
C:\Windows\{2BA95F16-C0F1-4419-AD52-EC1BE237A4CF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{943DE360-9E0A-4ce1-947A-CB6C9B63413D}.exe
C:\Windows\{943DE360-9E0A-4ce1-947A-CB6C9B63413D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2BA95~1.EXE > nul
C:\Windows\{8AECBE3B-7A34-4c19-A6C1-19EBE3FF15A9}.exe
C:\Windows\{8AECBE3B-7A34-4c19-A6C1-19EBE3FF15A9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{943DE~1.EXE > nul
C:\Windows\{98A3EBC1-5FA4-4bb6-8E22-3F02B0DF7D83}.exe
C:\Windows\{98A3EBC1-5FA4-4bb6-8E22-3F02B0DF7D83}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8AECB~1.EXE > nul
C:\Windows\{AE68C556-2AA5-435d-A805-A18ACEA765AB}.exe
C:\Windows\{AE68C556-2AA5-435d-A805-A18ACEA765AB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{98A3E~1.EXE > nul
C:\Windows\{B80B0CB7-6FE6-4650-B1C8-766FB1754837}.exe
C:\Windows\{B80B0CB7-6FE6-4650-B1C8-766FB1754837}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{AE68C~1.EXE > nul
C:\Windows\{6E3F9756-6101-4e5d-92B0-A173F53D34DB}.exe
C:\Windows\{6E3F9756-6101-4e5d-92B0-A173F53D34DB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B80B0~1.EXE > nul
C:\Windows\{ED177511-98E0-4335-9B3F-E7A560115E6E}.exe
C:\Windows\{ED177511-98E0-4335-9B3F-E7A560115E6E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6E3F9~1.EXE > nul
C:\Windows\{6C30CCD9-7F29-4062-A0A4-DA5203A7DE07}.exe
C:\Windows\{6C30CCD9-7F29-4062-A0A4-DA5203A7DE07}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{ED177~1.EXE > nul
C:\Windows\{EF6DFE17-54C2-4fa2-A5C8-CCC1DAF8A2AA}.exe
C:\Windows\{EF6DFE17-54C2-4fa2-A5C8-CCC1DAF8A2AA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6C30C~1.EXE > nul
C:\Windows\{3E95282A-F3ED-4c24-86C6-D9CBFA6CE17E}.exe
C:\Windows\{3E95282A-F3ED-4c24-86C6-D9CBFA6CE17E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EF6DF~1.EXE > nul
C:\Windows\{4B8DB74C-D0FF-4507-86A2-350678FFB2C9}.exe
C:\Windows\{4B8DB74C-D0FF-4507-86A2-350678FFB2C9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3E952~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
Files
C:\Windows\{2BA95F16-C0F1-4419-AD52-EC1BE237A4CF}.exe
| MD5 | 66eecf4d401cc2718de59b9e225f164d |
| SHA1 | 20a421429315b8d67b7b516b82e1471f695063f9 |
| SHA256 | 3037e2178f243b78f299e4b5f75781ec819a285c94c0562c641c1d30ce2716e3 |
| SHA512 | 1c1934155138418667f456c4a89a1845284c0816faafabaf6613e16471206000cf5993599b8da8d0f204ad6c69d3931c90f0433beff52cb254eb5efd0daebfd8 |
C:\Windows\{943DE360-9E0A-4ce1-947A-CB6C9B63413D}.exe
| MD5 | af44ceec6e77a99373e44367a12a160c |
| SHA1 | e898d18f9097495ed274dc9f33822de8175d2b29 |
| SHA256 | 3df5dec7b25321840d6e85577c7a5bb72ddf206b43f3fc04dea9c90547967fbf |
| SHA512 | 1d01a2ce45edeaeff86c74bf4df520bbfad450638132597b3fc777888c6468d633609112641f2ec511e9c008385b33a6221d31ccba00a1cf6170b4381f2a96c4 |
C:\Windows\{8AECBE3B-7A34-4c19-A6C1-19EBE3FF15A9}.exe
| MD5 | e30828cefcb9c56b1c483c9bdaf13b34 |
| SHA1 | 7fcfa18e0b17cd7046248a641158ef0a1da25c65 |
| SHA256 | 227c87434478730831fc4b648cfe1cc3acd33bd97241025a1f8572dfd12b4b17 |
| SHA512 | 0e04dedf1772715d5fe7ff96a024de1f3eb96d2c03974022825741e976f6ee9b862926a2e0b61cf6e7f8da1dcbc487386d3152ac2853408c7ce24783fe61d810 |
C:\Windows\{98A3EBC1-5FA4-4bb6-8E22-3F02B0DF7D83}.exe
| MD5 | cdffa5a0ded1161dd098fb6ea3702e37 |
| SHA1 | 367b5561f2341c162bc1b3e14074f935f580b4a0 |
| SHA256 | f3697e35376252d73c4b701d79a98521ec8a6e2f7d1483c814f2fe6daf376c26 |
| SHA512 | 622920ebf0202557e61027c5ee464a6727518a5919914769c63474724fc210e900b606ae2cb34d4dabd5b0a220ed1a8ad527f85400fe8a4135c48702ef037790 |
C:\Windows\{AE68C556-2AA5-435d-A805-A18ACEA765AB}.exe
| MD5 | 111162c84d901bc212885dc8f249cf4e |
| SHA1 | 9208a50843e3912ec6d85ca169bbb85e27d04f92 |
| SHA256 | 69832c4561393c61ee8e18838c196ad28c17aceda0b98d2f26dafd5f4c2f85bd |
| SHA512 | 1e7974f7e35c98ef99d22ecd7f932d8edfe39511dd17e64cc2d2889a81a5ef589fa25dce2aa7e5b9d7f4ee9cc976fd934e9ebce5ab0e19ce9c59889dd1be4bb9 |
C:\Windows\{B80B0CB7-6FE6-4650-B1C8-766FB1754837}.exe
| MD5 | b6088433a1e8736b2b36cc234083d9a0 |
| SHA1 | a8da3b01587d46be5fa37f05756da964cb9f098f |
| SHA256 | f0d13d6787d356e68963a958c65975c39896496c951eff14548f8ebb650abbdb |
| SHA512 | 083f4a48073c3aed476d1eee438cde4567d22b41635b110a4b525cecd9061de6f5a419e65ce05e5dcb540129fa1bd0580417a79af915c4d7b89e4b093d462083 |
C:\Windows\{6E3F9756-6101-4e5d-92B0-A173F53D34DB}.exe
| MD5 | d18737345fb01022d0a7eaae66263216 |
| SHA1 | a52d9a2b0cb5a58df0489fb39ff9c7df0e6142e1 |
| SHA256 | 3344280daba79487c6994273cf4f66f46a11b11d4993383507d721370ad79435 |
| SHA512 | af826e2d6d2b1329a468c4bdd507e0a10b0b399424ec6cede32972c504fb1772f5e2d0d38b3d562db31700eb35ceb1583e187c3341ac735d2afc6824754d62f3 |
C:\Windows\{ED177511-98E0-4335-9B3F-E7A560115E6E}.exe
| MD5 | 3ae4ebd7b33f8eafb4ea748023eadd55 |
| SHA1 | 4f9d0f146f707acb7af22dfe67579a9a9fc78af3 |
| SHA256 | 9bd6c4e20f92720a9dd433b9ea370e9e3cddb939d8fed79692b64c12afc72037 |
| SHA512 | 7eac2da62a105c16fbc905405766e813cf76a083a0916c2f58508ee6717d296926d4fb54d017616aa16a567e42755e10a1c47929c6ae9391587c8f8e6d2c69f7 |
C:\Windows\{6C30CCD9-7F29-4062-A0A4-DA5203A7DE07}.exe
| MD5 | a8d036e89feb6b0765a27ac67325dc03 |
| SHA1 | 31b3d343f53b2e98fbfced37d2875d6baa9e21f5 |
| SHA256 | d3a46413b6406856a57d1a70aa5a1c58e64073057bd8327869dc05504324f9fd |
| SHA512 | 8df5769ccfecf6fab534f9188d3df089c6a3e35eb1308ae4a8d805cbeaa586a96bc222f7d50b92310fa644bfd1ca351a62775a0de45627cf021fcb81fe67def6 |
C:\Windows\{EF6DFE17-54C2-4fa2-A5C8-CCC1DAF8A2AA}.exe
| MD5 | 47b667981450518d2c8e9f0ff892c062 |
| SHA1 | 504897c7fd300c4e466b684a8d53500aeb74eefd |
| SHA256 | e5e921c38f39004b7d39312d0eb83753ef3558fcebde3e32eae656ddd8cfe742 |
| SHA512 | a3991942177ca9100aa0dd2eef0d16c1a6e52b219d482c7d4124fdc25208c65a6751569d8bc9c378e649147f955c1b51c0f717d008dc2da8b56170acf095b909 |
C:\Windows\{3E95282A-F3ED-4c24-86C6-D9CBFA6CE17E}.exe
| MD5 | e307704289028fb784de1db813f66783 |
| SHA1 | 34e3932ed4153bebae990430b1003ed8e8d23beb |
| SHA256 | 3e1c608abb879529464271e94b5112b424fce00e803a6b3237f91ae4acc3bd7e |
| SHA512 | 369780a57f5f4b40aa6f3f553d59a250ae14571425ad1f1d6712b09c71626624f0b451ca4ae1978ad41a8f1fb782cec4000b444aecd54578253b606d3c454f2a |
C:\Windows\{4B8DB74C-D0FF-4507-86A2-350678FFB2C9}.exe
| MD5 | 2531d19880f913c9921642937494bf0a |
| SHA1 | d942afb92c4d29a91cc592e4fe79e590a788bdac |
| SHA256 | 485b6c9b4f4a3f4f05400905fdc4b401eba9ed143585a8dde92495006b8531f1 |
| SHA512 | 21f38c05cb466e2127eaf4a1926253ee67f84a724d8205b8e7ab9d9c9ea23875fe3fd59d9fd6ec93cddd49762f128467924a2466d384ab02035d0e4dfbbde6e2 |