Analysis Overview
SHA256
9f5cb290f246ab711516464b106d16d714c9b940d450a6efe4d4ae3d170be7cd
Threat Level: Known bad
The file 2024-04-04_7ab09cf27c3f40c2dda8d177614af4df_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-04 13:40
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-04 13:40
Reported
2024-04-04 13:42
Platform
win7-20240221-en
Max time kernel
144s
Max time network
127s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BA6B6362-46DB-4512-A5A8-7D07E4C49501} | C:\Windows\{2B151C70-8844-460c-A4F5-47EA5CC04EEC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{971A2958-2AF4-4aa0-A8B7-3AFD30568A2A}\stubpath = "C:\\Windows\\{971A2958-2AF4-4aa0-A8B7-3AFD30568A2A}.exe" | C:\Windows\{BA6B6362-46DB-4512-A5A8-7D07E4C49501}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{032110C9-AC34-422d-A53A-441348EEEA94} | C:\Windows\{FE4C5BF4-74A4-44f1-9466-F7D8DFDF93C2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EA9327B0-5A9B-41f9-BA25-00C1FEA138F0} | C:\Windows\{032110C9-AC34-422d-A53A-441348EEEA94}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E3DAB201-DA90-4aac-8F9A-DE64E104D72A}\stubpath = "C:\\Windows\\{E3DAB201-DA90-4aac-8F9A-DE64E104D72A}.exe" | C:\Windows\{EA9327B0-5A9B-41f9-BA25-00C1FEA138F0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07204088-DD8A-4b39-9959-77ABA5B0EC3D} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_7ab09cf27c3f40c2dda8d177614af4df_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8195CC8F-512C-464f-A280-437245459717}\stubpath = "C:\\Windows\\{8195CC8F-512C-464f-A280-437245459717}.exe" | C:\Windows\{07204088-DD8A-4b39-9959-77ABA5B0EC3D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FE4C5BF4-74A4-44f1-9466-F7D8DFDF93C2} | C:\Windows\{971A2958-2AF4-4aa0-A8B7-3AFD30568A2A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FE4C5BF4-74A4-44f1-9466-F7D8DFDF93C2}\stubpath = "C:\\Windows\\{FE4C5BF4-74A4-44f1-9466-F7D8DFDF93C2}.exe" | C:\Windows\{971A2958-2AF4-4aa0-A8B7-3AFD30568A2A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FF789B63-7607-476a-83CB-91E1DC5E07E9}\stubpath = "C:\\Windows\\{FF789B63-7607-476a-83CB-91E1DC5E07E9}.exe" | C:\Windows\{E3DAB201-DA90-4aac-8F9A-DE64E104D72A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8195CC8F-512C-464f-A280-437245459717} | C:\Windows\{07204088-DD8A-4b39-9959-77ABA5B0EC3D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{ACAB25F2-117E-4d2e-A5E4-72D0A08DD8E8} | C:\Windows\{8195CC8F-512C-464f-A280-437245459717}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2B151C70-8844-460c-A4F5-47EA5CC04EEC} | C:\Windows\{ACAB25F2-117E-4d2e-A5E4-72D0A08DD8E8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2B151C70-8844-460c-A4F5-47EA5CC04EEC}\stubpath = "C:\\Windows\\{2B151C70-8844-460c-A4F5-47EA5CC04EEC}.exe" | C:\Windows\{ACAB25F2-117E-4d2e-A5E4-72D0A08DD8E8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{971A2958-2AF4-4aa0-A8B7-3AFD30568A2A} | C:\Windows\{BA6B6362-46DB-4512-A5A8-7D07E4C49501}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E3DAB201-DA90-4aac-8F9A-DE64E104D72A} | C:\Windows\{EA9327B0-5A9B-41f9-BA25-00C1FEA138F0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FF789B63-7607-476a-83CB-91E1DC5E07E9} | C:\Windows\{E3DAB201-DA90-4aac-8F9A-DE64E104D72A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07204088-DD8A-4b39-9959-77ABA5B0EC3D}\stubpath = "C:\\Windows\\{07204088-DD8A-4b39-9959-77ABA5B0EC3D}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_7ab09cf27c3f40c2dda8d177614af4df_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{ACAB25F2-117E-4d2e-A5E4-72D0A08DD8E8}\stubpath = "C:\\Windows\\{ACAB25F2-117E-4d2e-A5E4-72D0A08DD8E8}.exe" | C:\Windows\{8195CC8F-512C-464f-A280-437245459717}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BA6B6362-46DB-4512-A5A8-7D07E4C49501}\stubpath = "C:\\Windows\\{BA6B6362-46DB-4512-A5A8-7D07E4C49501}.exe" | C:\Windows\{2B151C70-8844-460c-A4F5-47EA5CC04EEC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{032110C9-AC34-422d-A53A-441348EEEA94}\stubpath = "C:\\Windows\\{032110C9-AC34-422d-A53A-441348EEEA94}.exe" | C:\Windows\{FE4C5BF4-74A4-44f1-9466-F7D8DFDF93C2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EA9327B0-5A9B-41f9-BA25-00C1FEA138F0}\stubpath = "C:\\Windows\\{EA9327B0-5A9B-41f9-BA25-00C1FEA138F0}.exe" | C:\Windows\{032110C9-AC34-422d-A53A-441348EEEA94}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{07204088-DD8A-4b39-9959-77ABA5B0EC3D}.exe | N/A |
| N/A | N/A | C:\Windows\{8195CC8F-512C-464f-A280-437245459717}.exe | N/A |
| N/A | N/A | C:\Windows\{ACAB25F2-117E-4d2e-A5E4-72D0A08DD8E8}.exe | N/A |
| N/A | N/A | C:\Windows\{2B151C70-8844-460c-A4F5-47EA5CC04EEC}.exe | N/A |
| N/A | N/A | C:\Windows\{BA6B6362-46DB-4512-A5A8-7D07E4C49501}.exe | N/A |
| N/A | N/A | C:\Windows\{971A2958-2AF4-4aa0-A8B7-3AFD30568A2A}.exe | N/A |
| N/A | N/A | C:\Windows\{FE4C5BF4-74A4-44f1-9466-F7D8DFDF93C2}.exe | N/A |
| N/A | N/A | C:\Windows\{032110C9-AC34-422d-A53A-441348EEEA94}.exe | N/A |
| N/A | N/A | C:\Windows\{EA9327B0-5A9B-41f9-BA25-00C1FEA138F0}.exe | N/A |
| N/A | N/A | C:\Windows\{E3DAB201-DA90-4aac-8F9A-DE64E104D72A}.exe | N/A |
| N/A | N/A | C:\Windows\{FF789B63-7607-476a-83CB-91E1DC5E07E9}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{2B151C70-8844-460c-A4F5-47EA5CC04EEC}.exe | C:\Windows\{ACAB25F2-117E-4d2e-A5E4-72D0A08DD8E8}.exe | N/A |
| File created | C:\Windows\{BA6B6362-46DB-4512-A5A8-7D07E4C49501}.exe | C:\Windows\{2B151C70-8844-460c-A4F5-47EA5CC04EEC}.exe | N/A |
| File created | C:\Windows\{971A2958-2AF4-4aa0-A8B7-3AFD30568A2A}.exe | C:\Windows\{BA6B6362-46DB-4512-A5A8-7D07E4C49501}.exe | N/A |
| File created | C:\Windows\{FE4C5BF4-74A4-44f1-9466-F7D8DFDF93C2}.exe | C:\Windows\{971A2958-2AF4-4aa0-A8B7-3AFD30568A2A}.exe | N/A |
| File created | C:\Windows\{E3DAB201-DA90-4aac-8F9A-DE64E104D72A}.exe | C:\Windows\{EA9327B0-5A9B-41f9-BA25-00C1FEA138F0}.exe | N/A |
| File created | C:\Windows\{FF789B63-7607-476a-83CB-91E1DC5E07E9}.exe | C:\Windows\{E3DAB201-DA90-4aac-8F9A-DE64E104D72A}.exe | N/A |
| File created | C:\Windows\{07204088-DD8A-4b39-9959-77ABA5B0EC3D}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_7ab09cf27c3f40c2dda8d177614af4df_goldeneye.exe | N/A |
| File created | C:\Windows\{8195CC8F-512C-464f-A280-437245459717}.exe | C:\Windows\{07204088-DD8A-4b39-9959-77ABA5B0EC3D}.exe | N/A |
| File created | C:\Windows\{ACAB25F2-117E-4d2e-A5E4-72D0A08DD8E8}.exe | C:\Windows\{8195CC8F-512C-464f-A280-437245459717}.exe | N/A |
| File created | C:\Windows\{032110C9-AC34-422d-A53A-441348EEEA94}.exe | C:\Windows\{FE4C5BF4-74A4-44f1-9466-F7D8DFDF93C2}.exe | N/A |
| File created | C:\Windows\{EA9327B0-5A9B-41f9-BA25-00C1FEA138F0}.exe | C:\Windows\{032110C9-AC34-422d-A53A-441348EEEA94}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_7ab09cf27c3f40c2dda8d177614af4df_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_7ab09cf27c3f40c2dda8d177614af4df_goldeneye.exe"
C:\Windows\{07204088-DD8A-4b39-9959-77ABA5B0EC3D}.exe
C:\Windows\{07204088-DD8A-4b39-9959-77ABA5B0EC3D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{8195CC8F-512C-464f-A280-437245459717}.exe
C:\Windows\{8195CC8F-512C-464f-A280-437245459717}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{07204~1.EXE > nul
C:\Windows\{ACAB25F2-117E-4d2e-A5E4-72D0A08DD8E8}.exe
C:\Windows\{ACAB25F2-117E-4d2e-A5E4-72D0A08DD8E8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8195C~1.EXE > nul
C:\Windows\{2B151C70-8844-460c-A4F5-47EA5CC04EEC}.exe
C:\Windows\{2B151C70-8844-460c-A4F5-47EA5CC04EEC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{ACAB2~1.EXE > nul
C:\Windows\{BA6B6362-46DB-4512-A5A8-7D07E4C49501}.exe
C:\Windows\{BA6B6362-46DB-4512-A5A8-7D07E4C49501}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2B151~1.EXE > nul
C:\Windows\{971A2958-2AF4-4aa0-A8B7-3AFD30568A2A}.exe
C:\Windows\{971A2958-2AF4-4aa0-A8B7-3AFD30568A2A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BA6B6~1.EXE > nul
C:\Windows\{FE4C5BF4-74A4-44f1-9466-F7D8DFDF93C2}.exe
C:\Windows\{FE4C5BF4-74A4-44f1-9466-F7D8DFDF93C2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{971A2~1.EXE > nul
C:\Windows\{032110C9-AC34-422d-A53A-441348EEEA94}.exe
C:\Windows\{032110C9-AC34-422d-A53A-441348EEEA94}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FE4C5~1.EXE > nul
C:\Windows\{EA9327B0-5A9B-41f9-BA25-00C1FEA138F0}.exe
C:\Windows\{EA9327B0-5A9B-41f9-BA25-00C1FEA138F0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{03211~1.EXE > nul
C:\Windows\{E3DAB201-DA90-4aac-8F9A-DE64E104D72A}.exe
C:\Windows\{E3DAB201-DA90-4aac-8F9A-DE64E104D72A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EA932~1.EXE > nul
C:\Windows\{FF789B63-7607-476a-83CB-91E1DC5E07E9}.exe
C:\Windows\{FF789B63-7607-476a-83CB-91E1DC5E07E9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E3DAB~1.EXE > nul
Network
Files
C:\Windows\{07204088-DD8A-4b39-9959-77ABA5B0EC3D}.exe
| MD5 | 963b5dc76b1b4c16f68140a011aed4ab |
| SHA1 | 95540dba9559a75acaf966ed900d121d1b4c3cca |
| SHA256 | ef7413a58bc735271a01bf015bd7666dd596204ff8c49e0bc971a5e70152e5a4 |
| SHA512 | c59e1dad07ab745a6cacb86c22b20a64126df4fd736649d39a26d4ea11d8635f1701d12b8f03dca83217c48ea89d403d22c28ece4460584638c0aa5e46818eb4 |
C:\Windows\{8195CC8F-512C-464f-A280-437245459717}.exe
| MD5 | 0aa94af94d012a22ae41312b6c2bcc69 |
| SHA1 | 57ae17c93fa21de75635e4a45a0d01bbc443b8fa |
| SHA256 | bfc9fdca8daf9c381adee8edfc80a4b2ccdadf279a8c06ad23b2e561d6c88e16 |
| SHA512 | 7ea5875cbce0d599dd91cc8f95f4679d5b8aa955ac27981d3ba211a0d2d683d6bcc23a51994660578635550819423c4c92cf3c39536817d4840f80225db9d1f0 |
C:\Windows\{ACAB25F2-117E-4d2e-A5E4-72D0A08DD8E8}.exe
| MD5 | 03a12ae6282b1e6f80df6e4d7fcca052 |
| SHA1 | 1cb71fb9d95c7ea6a5e5ba1cbdc4bbbad7473120 |
| SHA256 | e865dbdc781f578bfde9a348b97fff4682f95a078d9046fd1e9e1eefa894e344 |
| SHA512 | d81bc92cba5f1d2353f44d90e5950cbd1181db6da1df338e75207d741d81a001a2c4f4199e4efc744d66067dfb2ebc1adda7016df97f150d7e313049580c3173 |
C:\Windows\{2B151C70-8844-460c-A4F5-47EA5CC04EEC}.exe
| MD5 | fad57d1e905fefe6ac0c37099b0e5035 |
| SHA1 | 52f834e71236b90a1c98b503df70bd2295454d1b |
| SHA256 | 96714883ff0d6266e7fc89e8ffea671063925b6426a167e5b7ea449bda0587d4 |
| SHA512 | c00a5501f441090f2d86b41cdbb87ff73e1f30946f8a6d590694cfec70e3f016206ebd64a469e2b469470f5297f7a5dcca4b57673467306fe6d0235463e1d09b |
C:\Windows\{BA6B6362-46DB-4512-A5A8-7D07E4C49501}.exe
| MD5 | 307747ef145264a084aabce28e773320 |
| SHA1 | 1ebe63d1aa17e81f2c2a5578a5d0c53601a6cfab |
| SHA256 | 24b0e9be63b304dc63235ee25ca908d1ed53cf485179d63b9f062262168c15d3 |
| SHA512 | 7406d32df73fdfce25ecd8d84aee1f9f1e194f6bcaec9b1a32a39e06c82572ff362e3aaab1a28499967bdaf5e25844546100f1aa876f3d24570b078bc5d93551 |
C:\Windows\{971A2958-2AF4-4aa0-A8B7-3AFD30568A2A}.exe
| MD5 | 804ad540f377206941cc9105f3efec5a |
| SHA1 | 1c31b87f5709a448e6b815f32cbc4dbdcbf6da75 |
| SHA256 | 532b252746365237e77f0d0ea6a81eee4c0dd3ce9bed72ab996e8e876e8058b6 |
| SHA512 | 96cc5c04f0a9cc53bbae70d957b166fa170ed099cee07263415accfe50e5f4270d5a987f9d0b0bfbe2cf4ce90c9d1b25f6d62479eb7f6d3b3bc45d2607728941 |
C:\Windows\{FE4C5BF4-74A4-44f1-9466-F7D8DFDF93C2}.exe
| MD5 | 78ad46e48ef853943d75be4b87bb1fe1 |
| SHA1 | 679ce0f8263d96ea3937d0e012a591100cc6ee71 |
| SHA256 | 74cf7eee28d84d01dbe11080b1c10e6b73b95080bd4c046b397f31b01bf8d77f |
| SHA512 | 94cae19aa382500f2a8d82d3f26370f1a8ee9f687f65d83a8775fcca38282d38846d991cd7c3cf57e9f25c5e950ba60056ecdc2909efd95dd59b0677604cfc55 |
C:\Windows\{032110C9-AC34-422d-A53A-441348EEEA94}.exe
| MD5 | 03b73687c220828e2d0ae75311d0eeab |
| SHA1 | caaeec20a473e1582fd358ad52c5c931ab11cb57 |
| SHA256 | 3e980cf7e9b4ec71c6dc9bac75063b2d4533176dea4f7ea6a375874c678f6ce2 |
| SHA512 | 394335769434865218d7c5e6f12fcac338cb0a41de34af19a63b3e0177109b7dc84fd83da46f4a6c40732afe88d171572d6fb7eaa55577f4eda23a47f1a32084 |
C:\Windows\{EA9327B0-5A9B-41f9-BA25-00C1FEA138F0}.exe
| MD5 | 11cd1945fddc484ee65da0d2f0d375b3 |
| SHA1 | 9f316915b5480e5223d2bf6fb53dd8f01140d390 |
| SHA256 | 8ee9a81fbcd8012befcdf6fb50948bc6e84d7781ae3443fa34a8a58a8206179c |
| SHA512 | 81c7f408066d67d646e013026eef97b8ac88b8e2e22da2d6190ead13c0ec93dc53701041bad4a073b0def8e97689d1de1e2089ebd33c8f6eafa6a62c48a52012 |
C:\Windows\{E3DAB201-DA90-4aac-8F9A-DE64E104D72A}.exe
| MD5 | 0a6aa30f9ba14b7adfe5bd6e9daa7897 |
| SHA1 | f6183d3ebba58a3715c266f0f9ca41f675839abc |
| SHA256 | 58a5ec88709001ed7b6eabc17e9c2432708cb35220fa3d081b0a75bd2c15005e |
| SHA512 | e0a1ef8c6978da2b0a4c5fa9ae625d812ebfc188a05a01af527c2f3138b1d356c2616c74fc0adcfcee9aa8e18f616ec3e3664e6bb07d12e12172f03de29a6cfb |
C:\Windows\{FF789B63-7607-476a-83CB-91E1DC5E07E9}.exe
| MD5 | 04a1b0b472cc08050a8fe4ce5bd8ea0c |
| SHA1 | bb77aa24d45d944bb2ceb3e9624997e0e599b005 |
| SHA256 | 23a9f3e2467a3a5b4121809e4d7079f10c869331702f3d39d04abb5b95ef2b0e |
| SHA512 | 5ca62b9722bb56a808fd89a44a9d7251ff988e8ff5b5527e4a800d834e5452a4644befa75538524f0a49c4e308c2b919d7ecbe22a7eb9040fc12739e7eb65b61 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-04 13:40
Reported
2024-04-04 13:42
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
96s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B7F74C34-5E87-47d2-81C2-BC939C416253}\stubpath = "C:\\Windows\\{B7F74C34-5E87-47d2-81C2-BC939C416253}.exe" | C:\Windows\{4A02DF97-FF65-4909-A883-144C95653DBE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4E005216-E643-48f2-97EE-350E040BC522} | C:\Windows\{032952EE-4F0E-4c62-BBA7-1E84A56CF5AF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4E005216-E643-48f2-97EE-350E040BC522}\stubpath = "C:\\Windows\\{4E005216-E643-48f2-97EE-350E040BC522}.exe" | C:\Windows\{032952EE-4F0E-4c62-BBA7-1E84A56CF5AF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9FF67798-A358-4aaf-9B7D-6D50B04D3D4F} | C:\Windows\{D6E145EC-617A-4364-8079-41BA74D37EFA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CC762C9F-B672-45eb-B51B-C46ABF197EF6} | C:\Windows\{57E366FC-EB05-4056-8BF6-AC4B5290932C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0CBC99A7-0D2A-4500-B867-6273722B2ADA}\stubpath = "C:\\Windows\\{0CBC99A7-0D2A-4500-B867-6273722B2ADA}.exe" | C:\Windows\{CC762C9F-B672-45eb-B51B-C46ABF197EF6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6D7E978B-B0E1-4a6f-87D2-13EFFD515E41} | C:\Windows\{0CBC99A7-0D2A-4500-B867-6273722B2ADA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AC90A403-C3EC-4c4e-83F8-204E07142636} | C:\Windows\{6D7E978B-B0E1-4a6f-87D2-13EFFD515E41}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CF42C359-D683-4e51-B245-1A35A7545B1F}\stubpath = "C:\\Windows\\{CF42C359-D683-4e51-B245-1A35A7545B1F}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_7ab09cf27c3f40c2dda8d177614af4df_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6D7E978B-B0E1-4a6f-87D2-13EFFD515E41}\stubpath = "C:\\Windows\\{6D7E978B-B0E1-4a6f-87D2-13EFFD515E41}.exe" | C:\Windows\{0CBC99A7-0D2A-4500-B867-6273722B2ADA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B7F74C34-5E87-47d2-81C2-BC939C416253} | C:\Windows\{4A02DF97-FF65-4909-A883-144C95653DBE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D6E145EC-617A-4364-8079-41BA74D37EFA}\stubpath = "C:\\Windows\\{D6E145EC-617A-4364-8079-41BA74D37EFA}.exe" | C:\Windows\{4E005216-E643-48f2-97EE-350E040BC522}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4A02DF97-FF65-4909-A883-144C95653DBE} | C:\Windows\{AC90A403-C3EC-4c4e-83F8-204E07142636}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CF42C359-D683-4e51-B245-1A35A7545B1F} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_7ab09cf27c3f40c2dda8d177614af4df_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{57E366FC-EB05-4056-8BF6-AC4B5290932C} | C:\Windows\{CF42C359-D683-4e51-B245-1A35A7545B1F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{57E366FC-EB05-4056-8BF6-AC4B5290932C}\stubpath = "C:\\Windows\\{57E366FC-EB05-4056-8BF6-AC4B5290932C}.exe" | C:\Windows\{CF42C359-D683-4e51-B245-1A35A7545B1F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AC90A403-C3EC-4c4e-83F8-204E07142636}\stubpath = "C:\\Windows\\{AC90A403-C3EC-4c4e-83F8-204E07142636}.exe" | C:\Windows\{6D7E978B-B0E1-4a6f-87D2-13EFFD515E41}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{032952EE-4F0E-4c62-BBA7-1E84A56CF5AF}\stubpath = "C:\\Windows\\{032952EE-4F0E-4c62-BBA7-1E84A56CF5AF}.exe" | C:\Windows\{B7F74C34-5E87-47d2-81C2-BC939C416253}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D6E145EC-617A-4364-8079-41BA74D37EFA} | C:\Windows\{4E005216-E643-48f2-97EE-350E040BC522}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9FF67798-A358-4aaf-9B7D-6D50B04D3D4F}\stubpath = "C:\\Windows\\{9FF67798-A358-4aaf-9B7D-6D50B04D3D4F}.exe" | C:\Windows\{D6E145EC-617A-4364-8079-41BA74D37EFA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CC762C9F-B672-45eb-B51B-C46ABF197EF6}\stubpath = "C:\\Windows\\{CC762C9F-B672-45eb-B51B-C46ABF197EF6}.exe" | C:\Windows\{57E366FC-EB05-4056-8BF6-AC4B5290932C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0CBC99A7-0D2A-4500-B867-6273722B2ADA} | C:\Windows\{CC762C9F-B672-45eb-B51B-C46ABF197EF6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4A02DF97-FF65-4909-A883-144C95653DBE}\stubpath = "C:\\Windows\\{4A02DF97-FF65-4909-A883-144C95653DBE}.exe" | C:\Windows\{AC90A403-C3EC-4c4e-83F8-204E07142636}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{032952EE-4F0E-4c62-BBA7-1E84A56CF5AF} | C:\Windows\{B7F74C34-5E87-47d2-81C2-BC939C416253}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{CF42C359-D683-4e51-B245-1A35A7545B1F}.exe | N/A |
| N/A | N/A | C:\Windows\{57E366FC-EB05-4056-8BF6-AC4B5290932C}.exe | N/A |
| N/A | N/A | C:\Windows\{CC762C9F-B672-45eb-B51B-C46ABF197EF6}.exe | N/A |
| N/A | N/A | C:\Windows\{0CBC99A7-0D2A-4500-B867-6273722B2ADA}.exe | N/A |
| N/A | N/A | C:\Windows\{6D7E978B-B0E1-4a6f-87D2-13EFFD515E41}.exe | N/A |
| N/A | N/A | C:\Windows\{AC90A403-C3EC-4c4e-83F8-204E07142636}.exe | N/A |
| N/A | N/A | C:\Windows\{4A02DF97-FF65-4909-A883-144C95653DBE}.exe | N/A |
| N/A | N/A | C:\Windows\{B7F74C34-5E87-47d2-81C2-BC939C416253}.exe | N/A |
| N/A | N/A | C:\Windows\{032952EE-4F0E-4c62-BBA7-1E84A56CF5AF}.exe | N/A |
| N/A | N/A | C:\Windows\{4E005216-E643-48f2-97EE-350E040BC522}.exe | N/A |
| N/A | N/A | C:\Windows\{D6E145EC-617A-4364-8079-41BA74D37EFA}.exe | N/A |
| N/A | N/A | C:\Windows\{9FF67798-A358-4aaf-9B7D-6D50B04D3D4F}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{4E005216-E643-48f2-97EE-350E040BC522}.exe | C:\Windows\{032952EE-4F0E-4c62-BBA7-1E84A56CF5AF}.exe | N/A |
| File created | C:\Windows\{CF42C359-D683-4e51-B245-1A35A7545B1F}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_7ab09cf27c3f40c2dda8d177614af4df_goldeneye.exe | N/A |
| File created | C:\Windows\{57E366FC-EB05-4056-8BF6-AC4B5290932C}.exe | C:\Windows\{CF42C359-D683-4e51-B245-1A35A7545B1F}.exe | N/A |
| File created | C:\Windows\{CC762C9F-B672-45eb-B51B-C46ABF197EF6}.exe | C:\Windows\{57E366FC-EB05-4056-8BF6-AC4B5290932C}.exe | N/A |
| File created | C:\Windows\{0CBC99A7-0D2A-4500-B867-6273722B2ADA}.exe | C:\Windows\{CC762C9F-B672-45eb-B51B-C46ABF197EF6}.exe | N/A |
| File created | C:\Windows\{AC90A403-C3EC-4c4e-83F8-204E07142636}.exe | C:\Windows\{6D7E978B-B0E1-4a6f-87D2-13EFFD515E41}.exe | N/A |
| File created | C:\Windows\{4A02DF97-FF65-4909-A883-144C95653DBE}.exe | C:\Windows\{AC90A403-C3EC-4c4e-83F8-204E07142636}.exe | N/A |
| File created | C:\Windows\{032952EE-4F0E-4c62-BBA7-1E84A56CF5AF}.exe | C:\Windows\{B7F74C34-5E87-47d2-81C2-BC939C416253}.exe | N/A |
| File created | C:\Windows\{D6E145EC-617A-4364-8079-41BA74D37EFA}.exe | C:\Windows\{4E005216-E643-48f2-97EE-350E040BC522}.exe | N/A |
| File created | C:\Windows\{9FF67798-A358-4aaf-9B7D-6D50B04D3D4F}.exe | C:\Windows\{D6E145EC-617A-4364-8079-41BA74D37EFA}.exe | N/A |
| File created | C:\Windows\{6D7E978B-B0E1-4a6f-87D2-13EFFD515E41}.exe | C:\Windows\{0CBC99A7-0D2A-4500-B867-6273722B2ADA}.exe | N/A |
| File created | C:\Windows\{B7F74C34-5E87-47d2-81C2-BC939C416253}.exe | C:\Windows\{4A02DF97-FF65-4909-A883-144C95653DBE}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_7ab09cf27c3f40c2dda8d177614af4df_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_7ab09cf27c3f40c2dda8d177614af4df_goldeneye.exe"
C:\Windows\{CF42C359-D683-4e51-B245-1A35A7545B1F}.exe
C:\Windows\{CF42C359-D683-4e51-B245-1A35A7545B1F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{57E366FC-EB05-4056-8BF6-AC4B5290932C}.exe
C:\Windows\{57E366FC-EB05-4056-8BF6-AC4B5290932C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CF42C~1.EXE > nul
C:\Windows\{CC762C9F-B672-45eb-B51B-C46ABF197EF6}.exe
C:\Windows\{CC762C9F-B672-45eb-B51B-C46ABF197EF6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{57E36~1.EXE > nul
C:\Windows\{0CBC99A7-0D2A-4500-B867-6273722B2ADA}.exe
C:\Windows\{0CBC99A7-0D2A-4500-B867-6273722B2ADA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CC762~1.EXE > nul
C:\Windows\{6D7E978B-B0E1-4a6f-87D2-13EFFD515E41}.exe
C:\Windows\{6D7E978B-B0E1-4a6f-87D2-13EFFD515E41}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0CBC9~1.EXE > nul
C:\Windows\{AC90A403-C3EC-4c4e-83F8-204E07142636}.exe
C:\Windows\{AC90A403-C3EC-4c4e-83F8-204E07142636}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6D7E9~1.EXE > nul
C:\Windows\{4A02DF97-FF65-4909-A883-144C95653DBE}.exe
C:\Windows\{4A02DF97-FF65-4909-A883-144C95653DBE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{AC90A~1.EXE > nul
C:\Windows\{B7F74C34-5E87-47d2-81C2-BC939C416253}.exe
C:\Windows\{B7F74C34-5E87-47d2-81C2-BC939C416253}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4A02D~1.EXE > nul
C:\Windows\{032952EE-4F0E-4c62-BBA7-1E84A56CF5AF}.exe
C:\Windows\{032952EE-4F0E-4c62-BBA7-1E84A56CF5AF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B7F74~1.EXE > nul
C:\Windows\{4E005216-E643-48f2-97EE-350E040BC522}.exe
C:\Windows\{4E005216-E643-48f2-97EE-350E040BC522}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{03295~1.EXE > nul
C:\Windows\{D6E145EC-617A-4364-8079-41BA74D37EFA}.exe
C:\Windows\{D6E145EC-617A-4364-8079-41BA74D37EFA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4E005~1.EXE > nul
C:\Windows\{9FF67798-A358-4aaf-9B7D-6D50B04D3D4F}.exe
C:\Windows\{9FF67798-A358-4aaf-9B7D-6D50B04D3D4F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D6E14~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Windows\{CF42C359-D683-4e51-B245-1A35A7545B1F}.exe
| MD5 | bf2aca766e2fd0efb855d0c20db24e77 |
| SHA1 | b5770f95e66ee1d59fb6281bd4d9c6aeb80e0bed |
| SHA256 | 42d07d11e7736abc37f9b4d172ff182a6ef6a9b37a1235d34307f821d087015d |
| SHA512 | 6e69285aaa032ad96e64395540eb147fc4fb6fdb23d3224c336eeeae93a551b90817288fc301dee8174af0f64a14098283ef2849097bba71320f7bb49663acfb |
C:\Windows\{57E366FC-EB05-4056-8BF6-AC4B5290932C}.exe
| MD5 | de9628a5389c09fa3456d7c9eb2279f6 |
| SHA1 | 50b8f3cc0218f46e94228a6ecfb9b55022e17450 |
| SHA256 | b772303edda7d7ce24b77328fc0e24632333561fedfba2d4187a4afe17f87e08 |
| SHA512 | 41c6745fd120fce89db2f6b7c653ce561472086a3e377acb0d9f95807c2997aa6a14f2d3f85ff0ccbf9d20213241817667978833cf865beb863d9b02ff517f96 |
C:\Windows\{CC762C9F-B672-45eb-B51B-C46ABF197EF6}.exe
| MD5 | e3c957f7d6edf60e7dd9b00c7f739e57 |
| SHA1 | c3e5bf5c41334167c290b54af29c207837695e76 |
| SHA256 | 67a380c9044e30c6a084f6ef86c8e1d6fca4fad8b791e4fe4d6d898d020050a3 |
| SHA512 | 342ffc2333f43bd4e22ec3ddc443af51f0058ed8df83e466dec120d743b46203fb03782855f3605473dc9a738b6ee1761cab662885ccfeb34660d62c9f1de873 |
C:\Windows\{0CBC99A7-0D2A-4500-B867-6273722B2ADA}.exe
| MD5 | 73161a6d1079fde1e41dac6eeee25af8 |
| SHA1 | 7ff92e3401a82219538c4796cd2b3958f22d9c41 |
| SHA256 | 61f0334531ffa3ea7fb69fbf6759537b84dc445d484fb02b4149126d82aecc98 |
| SHA512 | 0e0f4f7c1a15ff791bde019d9336649d42c2397839f5104b9351f333357cf161dbe62aa5db4b2c39a1dee8139f2cfb29172e6e38be9b54b2fa34e2be98d4eee0 |
C:\Windows\{6D7E978B-B0E1-4a6f-87D2-13EFFD515E41}.exe
| MD5 | be27b62d4c28f50ac0d884dcbc59bdb6 |
| SHA1 | 2159d172a71470cd4cc30ed878e679ea53bcd507 |
| SHA256 | 7d6238257a54d453c18d19f77196193c29190affe292e002312f54725e9ebdd8 |
| SHA512 | e749006b5c74ef3e89952de7842ec6d77cd691d2c8adb781b71a53bf1671b0c4ba39477eee1042d54e44152c4b464199199b388b3a26af14204e0312c1652637 |
C:\Windows\{AC90A403-C3EC-4c4e-83F8-204E07142636}.exe
| MD5 | ee35f6f09751ffe038424c2bf4b257ef |
| SHA1 | 9b97846314a4f425f17e477fe9921347b7944da4 |
| SHA256 | aa9b172ce361b78fcf3be4a3701878efad0522527ac8f7eb6dce3e0383ef211d |
| SHA512 | 357a28e8f659326188768af7a9a785f09ded536a56d5532eff506595718f577234c86209eee6f833aeafebaf39387217665a3d62f549bce60abdd59fd07764c4 |
C:\Windows\{4A02DF97-FF65-4909-A883-144C95653DBE}.exe
| MD5 | e62dc7dadab2112540e858782dd19f3e |
| SHA1 | 81442942cfaad4e200da3039877e29382bbd20b7 |
| SHA256 | 2f0dc54ef2c912d479d9325ee6c81c2a79d2ca13e1268588f0f611e338b02844 |
| SHA512 | 7afecf91a4f726cd07b239e35692c2fce3dce184a8b4d4b2551388516ac329c0218e508b82b3a374eadbc7980d985a27c415631030b322db33c6d61f17d8bca6 |
C:\Windows\{B7F74C34-5E87-47d2-81C2-BC939C416253}.exe
| MD5 | 9142706754f7c376f04a289ce74658b8 |
| SHA1 | f2e440548b6e5de69ec0256f4c126a593c5a3d59 |
| SHA256 | 8495f01f4b13c00ff0bfc97375278533454407860364b60f91e475ca1dcd4a17 |
| SHA512 | ed3a90c768e9b04c63a39e6f2e43993ee5149fa24026a3b4a93d1cac581f89cc6594e2a51e8957daee62e6ca04c0ae86432b2f8adcf2733c75d001d0e6505681 |
C:\Windows\{032952EE-4F0E-4c62-BBA7-1E84A56CF5AF}.exe
| MD5 | 22c1485c6fc717ead99f12b5f324a805 |
| SHA1 | 7dd4aad0516ffb0006615251eb072798fb4a7363 |
| SHA256 | ecaeb6925371736ddec78c2c89f5e34773a83f977800e18bd78302ac19c6a031 |
| SHA512 | f2fcde8c2666bcd01c58c9f8e5f42f1461c71c0f1bee98adb3852b90070d29eb5ee2fc8ed679fb89c87baa0ef9b5d87c26b3de541794b35f8297d803f4bb7de1 |
C:\Windows\{4E005216-E643-48f2-97EE-350E040BC522}.exe
| MD5 | 1738696c634dcfc09e5a0ae2d69523fe |
| SHA1 | 3951dae4354b03633e64d0d0639f9f699b4db50a |
| SHA256 | 271d15e1c7ece342ab79a92c4134432eca8a57bbe017451009967b30d03b6e46 |
| SHA512 | a33c805d7ee42cf1ec85108dfed0eb80df8c15763068d3b0d45995188b0de34b859c0b782eda35d364c90918fad4639615ea7f1029507a34a9055d93d733dfc1 |
C:\Windows\{D6E145EC-617A-4364-8079-41BA74D37EFA}.exe
| MD5 | 7923f6dd4a07f9c8f83e5d82316e6048 |
| SHA1 | cb898f6b588f970fe271a7b571064f757900d157 |
| SHA256 | 313b3cf4d51d1dc664fab4ce7b1bcb6359fbf0bf68626bd4231014245998e168 |
| SHA512 | 9665594602a129b7280521dcb654b5cf80368896b310e4ea723df147d2e4aef970af4b00a595566156240cfefa8e979c9c7814c88c5f423dc6e21e404a5b6e7b |
C:\Windows\{9FF67798-A358-4aaf-9B7D-6D50B04D3D4F}.exe
| MD5 | 2da41137f2853677c6f5a9c92772f9aa |
| SHA1 | a8773c29957e049c31c8618993be3bdf1bdf0ade |
| SHA256 | ac2f27fb695d6516f22dc3f6f1be11766cc1d64c682a274410fdcc0ae1ce9a5b |
| SHA512 | a377f5e977e0d17bac3878e0c17e2494533d486325b7eb245027778c70ac856c1e281469b5845a5ef05f63400277d84bd5770a7f0bc2dc605fa7b1ff85c7c1c1 |