Analysis Overview
SHA256
8bd06ed0f125f4b50da63906bfecb187873bd82cb3d6ed64c5190e17642a23a6
Threat Level: Known bad
The file 2024-04-04_7c79d857b718bf5a5838505d3dbb615d_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Executes dropped EXE
Deletes itself
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-04 17:33
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-04 17:33
Reported
2024-04-04 17:36
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E7C9C5FF-1503-4c9d-B779-F8BF771B9182} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_7c79d857b718bf5a5838505d3dbb615d_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6A4E25A3-21D7-4ea3-BC64-346FEEA12F1E} | C:\Windows\{057ACFB1-9401-4e4c-A1FE-ED340A38F90F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EE9B1EA3-258E-47e9-9482-F33E461A8426} | C:\Windows\{6A4E25A3-21D7-4ea3-BC64-346FEEA12F1E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CE3CE716-1338-4ca2-A9AF-56151A556E65} | C:\Windows\{5D979789-F38F-4b5b-BC2D-19478E84D207}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{667D4632-5CD2-41af-8AE4-C3431B1C70D5}\stubpath = "C:\\Windows\\{667D4632-5CD2-41af-8AE4-C3431B1C70D5}.exe" | C:\Windows\{CE3CE716-1338-4ca2-A9AF-56151A556E65}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B8E10020-54FE-4ef2-82AA-528F280B51B9} | C:\Windows\{AE339AEE-CDC9-4a63-B253-BEA89D3FAEDA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{057ACFB1-9401-4e4c-A1FE-ED340A38F90F} | C:\Windows\{93B49C12-D985-40ae-87EF-8C9DB894EB6E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{057ACFB1-9401-4e4c-A1FE-ED340A38F90F}\stubpath = "C:\\Windows\\{057ACFB1-9401-4e4c-A1FE-ED340A38F90F}.exe" | C:\Windows\{93B49C12-D985-40ae-87EF-8C9DB894EB6E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6A4E25A3-21D7-4ea3-BC64-346FEEA12F1E}\stubpath = "C:\\Windows\\{6A4E25A3-21D7-4ea3-BC64-346FEEA12F1E}.exe" | C:\Windows\{057ACFB1-9401-4e4c-A1FE-ED340A38F90F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EE9B1EA3-258E-47e9-9482-F33E461A8426}\stubpath = "C:\\Windows\\{EE9B1EA3-258E-47e9-9482-F33E461A8426}.exe" | C:\Windows\{6A4E25A3-21D7-4ea3-BC64-346FEEA12F1E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5D979789-F38F-4b5b-BC2D-19478E84D207} | C:\Windows\{EE9B1EA3-258E-47e9-9482-F33E461A8426}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{667D4632-5CD2-41af-8AE4-C3431B1C70D5} | C:\Windows\{CE3CE716-1338-4ca2-A9AF-56151A556E65}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AE339AEE-CDC9-4a63-B253-BEA89D3FAEDA}\stubpath = "C:\\Windows\\{AE339AEE-CDC9-4a63-B253-BEA89D3FAEDA}.exe" | C:\Windows\{667D4632-5CD2-41af-8AE4-C3431B1C70D5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{66AC986D-ECF3-45be-B750-D3D1110EDD66} | C:\Windows\{B8E10020-54FE-4ef2-82AA-528F280B51B9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{66AC986D-ECF3-45be-B750-D3D1110EDD66}\stubpath = "C:\\Windows\\{66AC986D-ECF3-45be-B750-D3D1110EDD66}.exe" | C:\Windows\{B8E10020-54FE-4ef2-82AA-528F280B51B9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{092E74B0-8CA1-453b-9474-C9849FDD04D6} | C:\Windows\{66AC986D-ECF3-45be-B750-D3D1110EDD66}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{092E74B0-8CA1-453b-9474-C9849FDD04D6}\stubpath = "C:\\Windows\\{092E74B0-8CA1-453b-9474-C9849FDD04D6}.exe" | C:\Windows\{66AC986D-ECF3-45be-B750-D3D1110EDD66}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E7C9C5FF-1503-4c9d-B779-F8BF771B9182}\stubpath = "C:\\Windows\\{E7C9C5FF-1503-4c9d-B779-F8BF771B9182}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_7c79d857b718bf5a5838505d3dbb615d_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{93B49C12-D985-40ae-87EF-8C9DB894EB6E} | C:\Windows\{E7C9C5FF-1503-4c9d-B779-F8BF771B9182}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{93B49C12-D985-40ae-87EF-8C9DB894EB6E}\stubpath = "C:\\Windows\\{93B49C12-D985-40ae-87EF-8C9DB894EB6E}.exe" | C:\Windows\{E7C9C5FF-1503-4c9d-B779-F8BF771B9182}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5D979789-F38F-4b5b-BC2D-19478E84D207}\stubpath = "C:\\Windows\\{5D979789-F38F-4b5b-BC2D-19478E84D207}.exe" | C:\Windows\{EE9B1EA3-258E-47e9-9482-F33E461A8426}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CE3CE716-1338-4ca2-A9AF-56151A556E65}\stubpath = "C:\\Windows\\{CE3CE716-1338-4ca2-A9AF-56151A556E65}.exe" | C:\Windows\{5D979789-F38F-4b5b-BC2D-19478E84D207}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AE339AEE-CDC9-4a63-B253-BEA89D3FAEDA} | C:\Windows\{667D4632-5CD2-41af-8AE4-C3431B1C70D5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B8E10020-54FE-4ef2-82AA-528F280B51B9}\stubpath = "C:\\Windows\\{B8E10020-54FE-4ef2-82AA-528F280B51B9}.exe" | C:\Windows\{AE339AEE-CDC9-4a63-B253-BEA89D3FAEDA}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{E7C9C5FF-1503-4c9d-B779-F8BF771B9182}.exe | N/A |
| N/A | N/A | C:\Windows\{93B49C12-D985-40ae-87EF-8C9DB894EB6E}.exe | N/A |
| N/A | N/A | C:\Windows\{057ACFB1-9401-4e4c-A1FE-ED340A38F90F}.exe | N/A |
| N/A | N/A | C:\Windows\{6A4E25A3-21D7-4ea3-BC64-346FEEA12F1E}.exe | N/A |
| N/A | N/A | C:\Windows\{EE9B1EA3-258E-47e9-9482-F33E461A8426}.exe | N/A |
| N/A | N/A | C:\Windows\{5D979789-F38F-4b5b-BC2D-19478E84D207}.exe | N/A |
| N/A | N/A | C:\Windows\{CE3CE716-1338-4ca2-A9AF-56151A556E65}.exe | N/A |
| N/A | N/A | C:\Windows\{667D4632-5CD2-41af-8AE4-C3431B1C70D5}.exe | N/A |
| N/A | N/A | C:\Windows\{AE339AEE-CDC9-4a63-B253-BEA89D3FAEDA}.exe | N/A |
| N/A | N/A | C:\Windows\{B8E10020-54FE-4ef2-82AA-528F280B51B9}.exe | N/A |
| N/A | N/A | C:\Windows\{66AC986D-ECF3-45be-B750-D3D1110EDD66}.exe | N/A |
| N/A | N/A | C:\Windows\{092E74B0-8CA1-453b-9474-C9849FDD04D6}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{092E74B0-8CA1-453b-9474-C9849FDD04D6}.exe | C:\Windows\{66AC986D-ECF3-45be-B750-D3D1110EDD66}.exe | N/A |
| File created | C:\Windows\{6A4E25A3-21D7-4ea3-BC64-346FEEA12F1E}.exe | C:\Windows\{057ACFB1-9401-4e4c-A1FE-ED340A38F90F}.exe | N/A |
| File created | C:\Windows\{66AC986D-ECF3-45be-B750-D3D1110EDD66}.exe | C:\Windows\{B8E10020-54FE-4ef2-82AA-528F280B51B9}.exe | N/A |
| File created | C:\Windows\{057ACFB1-9401-4e4c-A1FE-ED340A38F90F}.exe | C:\Windows\{93B49C12-D985-40ae-87EF-8C9DB894EB6E}.exe | N/A |
| File created | C:\Windows\{EE9B1EA3-258E-47e9-9482-F33E461A8426}.exe | C:\Windows\{6A4E25A3-21D7-4ea3-BC64-346FEEA12F1E}.exe | N/A |
| File created | C:\Windows\{5D979789-F38F-4b5b-BC2D-19478E84D207}.exe | C:\Windows\{EE9B1EA3-258E-47e9-9482-F33E461A8426}.exe | N/A |
| File created | C:\Windows\{CE3CE716-1338-4ca2-A9AF-56151A556E65}.exe | C:\Windows\{5D979789-F38F-4b5b-BC2D-19478E84D207}.exe | N/A |
| File created | C:\Windows\{667D4632-5CD2-41af-8AE4-C3431B1C70D5}.exe | C:\Windows\{CE3CE716-1338-4ca2-A9AF-56151A556E65}.exe | N/A |
| File created | C:\Windows\{AE339AEE-CDC9-4a63-B253-BEA89D3FAEDA}.exe | C:\Windows\{667D4632-5CD2-41af-8AE4-C3431B1C70D5}.exe | N/A |
| File created | C:\Windows\{E7C9C5FF-1503-4c9d-B779-F8BF771B9182}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_7c79d857b718bf5a5838505d3dbb615d_goldeneye.exe | N/A |
| File created | C:\Windows\{93B49C12-D985-40ae-87EF-8C9DB894EB6E}.exe | C:\Windows\{E7C9C5FF-1503-4c9d-B779-F8BF771B9182}.exe | N/A |
| File created | C:\Windows\{B8E10020-54FE-4ef2-82AA-528F280B51B9}.exe | C:\Windows\{AE339AEE-CDC9-4a63-B253-BEA89D3FAEDA}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_7c79d857b718bf5a5838505d3dbb615d_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_7c79d857b718bf5a5838505d3dbb615d_goldeneye.exe"
C:\Windows\{E7C9C5FF-1503-4c9d-B779-F8BF771B9182}.exe
C:\Windows\{E7C9C5FF-1503-4c9d-B779-F8BF771B9182}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{93B49C12-D985-40ae-87EF-8C9DB894EB6E}.exe
C:\Windows\{93B49C12-D985-40ae-87EF-8C9DB894EB6E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E7C9C~1.EXE > nul
C:\Windows\{057ACFB1-9401-4e4c-A1FE-ED340A38F90F}.exe
C:\Windows\{057ACFB1-9401-4e4c-A1FE-ED340A38F90F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{93B49~1.EXE > nul
C:\Windows\{6A4E25A3-21D7-4ea3-BC64-346FEEA12F1E}.exe
C:\Windows\{6A4E25A3-21D7-4ea3-BC64-346FEEA12F1E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{057AC~1.EXE > nul
C:\Windows\{EE9B1EA3-258E-47e9-9482-F33E461A8426}.exe
C:\Windows\{EE9B1EA3-258E-47e9-9482-F33E461A8426}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6A4E2~1.EXE > nul
C:\Windows\{5D979789-F38F-4b5b-BC2D-19478E84D207}.exe
C:\Windows\{5D979789-F38F-4b5b-BC2D-19478E84D207}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EE9B1~1.EXE > nul
C:\Windows\{CE3CE716-1338-4ca2-A9AF-56151A556E65}.exe
C:\Windows\{CE3CE716-1338-4ca2-A9AF-56151A556E65}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5D979~1.EXE > nul
C:\Windows\{667D4632-5CD2-41af-8AE4-C3431B1C70D5}.exe
C:\Windows\{667D4632-5CD2-41af-8AE4-C3431B1C70D5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CE3CE~1.EXE > nul
C:\Windows\{AE339AEE-CDC9-4a63-B253-BEA89D3FAEDA}.exe
C:\Windows\{AE339AEE-CDC9-4a63-B253-BEA89D3FAEDA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{667D4~1.EXE > nul
C:\Windows\{B8E10020-54FE-4ef2-82AA-528F280B51B9}.exe
C:\Windows\{B8E10020-54FE-4ef2-82AA-528F280B51B9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{AE339~1.EXE > nul
C:\Windows\{66AC986D-ECF3-45be-B750-D3D1110EDD66}.exe
C:\Windows\{66AC986D-ECF3-45be-B750-D3D1110EDD66}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B8E10~1.EXE > nul
C:\Windows\{092E74B0-8CA1-453b-9474-C9849FDD04D6}.exe
C:\Windows\{092E74B0-8CA1-453b-9474-C9849FDD04D6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{66AC9~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.162.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.192.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.173.189.20.in-addr.arpa | udp |
Files
C:\Windows\{E7C9C5FF-1503-4c9d-B779-F8BF771B9182}.exe
| MD5 | 955ca86c0b5ebf9a90e7af5aa77918ff |
| SHA1 | 3a59ec0452d0e4e60b376c3a74281a2d214f15c3 |
| SHA256 | 84f1f15d00a4dfe6c7575f1eefb3373b8462f855ed85a159547d7850668454d4 |
| SHA512 | edb78c2fd0a6393a474ad92fc22364dcb36b76fc87f04a01873febbcf4a5226b369e051ff6db28157d08b34cc1cbcfe93094c0990dcaf8905258b7d2011c1d08 |
C:\Windows\{93B49C12-D985-40ae-87EF-8C9DB894EB6E}.exe
| MD5 | b26f9d0cc20f089e6a1dd999b421c11e |
| SHA1 | d44204abc6c5e8e38ce25de210b0ebfa58f36123 |
| SHA256 | 39595f1d295f80908905a670a20252cd621e123455614dd367d6c1ec5756eb97 |
| SHA512 | 7d10856eef38524a06348701ebf494079849865f2af2ccfa4e07313f49f6e9a321d43f9b7e14b20341d4a764ec1aad0c4e7a23ac3eaae901d09cdb62ca7079e5 |
C:\Windows\{057ACFB1-9401-4e4c-A1FE-ED340A38F90F}.exe
| MD5 | b812e8c07891bcf8e6705946fa913d71 |
| SHA1 | c5b3b5ca65024da265a08dfbd5f459f37d45d55b |
| SHA256 | bf05ce008809de972af858d4b64500f910da2aabfc93b97f1d81e7ff1d7a3978 |
| SHA512 | c2b0522d2a784151c21b6e930caf0d65bdfb483e0e4aea6f40325a0e363ccff2d0e331abe941e011f6309ae9689fd7e255b05a8dfa7541fff26201efe7e243fd |
C:\Windows\{6A4E25A3-21D7-4ea3-BC64-346FEEA12F1E}.exe
| MD5 | 0e49ca9b2454e613cb41cde232c23b32 |
| SHA1 | 10e8f4ca83f66e85fc14492d9fceb3dda37190f8 |
| SHA256 | cca1e922da4c1a962a275d39dc5410a2a0f14382f40da40ef497d78180159d44 |
| SHA512 | 0da03b67de79a6f67efd7d567092949bb8fe33485f43e18f679fc27b8ec2c5df81e2e79266c0ffbc519140b1f525d6e3e3126721395ff9dd42f970262b96e136 |
C:\Windows\{EE9B1EA3-258E-47e9-9482-F33E461A8426}.exe
| MD5 | 2db6cdfb9b530e7f031d2d559c812d6e |
| SHA1 | f94b2d82c451fe7bc0e4136efbe059a1ea689b3d |
| SHA256 | f5520f710cb388d1e8113c359e8377f427454eb51630735982285ea3806985cb |
| SHA512 | 79160371e35bab305822b3204ebb1f0882dad8cdb1c7309c42b701539933d19d7862b07c4ad470bc2d785f821a1364f7e7a2a6eb4dff08a1ac9dec163fa955f0 |
C:\Windows\{5D979789-F38F-4b5b-BC2D-19478E84D207}.exe
| MD5 | 4dc2ea789329ad2178234de573bbef84 |
| SHA1 | a71e9af490b9e4439d3e1058fabcafb2b39fac0b |
| SHA256 | 25331edfbccf181ea520d2c986808f5515c85e176429f2f10498bdedf2ea9582 |
| SHA512 | aea055da68103b41f868e6416035d3e6965d9fe8f70880fe58f846fc152755ec134882474bef572039ef02f8d9241d7179c0c88d16c57aa5c581b773f5daf06f |
C:\Windows\{CE3CE716-1338-4ca2-A9AF-56151A556E65}.exe
| MD5 | 80244c62aae49a587c36d162434a8faf |
| SHA1 | 2c9c0ee44ca9b047825a2ec72cfddcd49f6e3a21 |
| SHA256 | 3c804664cf2ad066e0c4e809b6011f8c71c0065bcc3b03f00ca8c512fe7f7553 |
| SHA512 | e461fef0fa32e12e398b1e8bc499d81522ce44a0c00be32bc6e0b45af7dc7b994dadfbb3dc3ba9c3e44f4b9db98bc24c05f4f025e5c3ff6214364901597539a5 |
C:\Windows\{667D4632-5CD2-41af-8AE4-C3431B1C70D5}.exe
| MD5 | 817cc53b342c9a1ec5fd9fb343d3ce8c |
| SHA1 | e429828629e60325dd34e9356dba54f52d8ad0d1 |
| SHA256 | 4f1930a2e1365fbf02528f3451062647333384394dee2dffe0e2544bf56f4a49 |
| SHA512 | a2a029ccdef36704cabfb2aea835bdce2ba2eeabd65baa24fe7adca14a021f8323a8230ca0cffb683261da7cb188bb549098e661052808fde6546e8e6a0e605d |
C:\Windows\{AE339AEE-CDC9-4a63-B253-BEA89D3FAEDA}.exe
| MD5 | aefc4e8ce9a560a9b3f7be7cb8a5ed9f |
| SHA1 | 336ebcc8e16e5ff458879f0e5e1e6273688e2fd0 |
| SHA256 | 43c7ab22ed6db1c732cb02112473a323b1f713d1c12786036e0cb24740e565c0 |
| SHA512 | 80da9337350a1b2804cbef69f0a3612fd5fe3ac4c683bc95ee4b39524e2abab735508cd83cd326d767ac1cc6f420742eb870ca4ecdb24a96ae4f2b2d782e5485 |
C:\Windows\{B8E10020-54FE-4ef2-82AA-528F280B51B9}.exe
| MD5 | 140ea78a1743d77d052a2b424df28335 |
| SHA1 | ad2ab35bcec072709eb9cb2648c7628c9dad47b7 |
| SHA256 | b2815ef9ae13c1494a68dcbf7bc99863c423980109c970f938e0b0422a89d869 |
| SHA512 | a313676fe14dcb1b4435b18eacba68cad8492591d1ca9b08f378d24e0b8e722a0903f073f222a85180c35de095376e7ce6baa80933bca4a6f4dd938d58ecbda9 |
C:\Windows\{66AC986D-ECF3-45be-B750-D3D1110EDD66}.exe
| MD5 | a4d3e2ee12857b7b662be60653af74e9 |
| SHA1 | 11e1ae4ab46a9890bb58f374c41750edb812cfe2 |
| SHA256 | f3e36653fe43082bde45f0c7b511e793d4ff73c8fa5ced1d1f5f53a744b15d29 |
| SHA512 | e236e1cf707f3ea03b88e30b199768fdbd744ce4c4d37a4faeec3a4a792913ad9a0487546e4785f6ce77eeed617709151a3e831e4426c98dfb1f4799951cf907 |
C:\Windows\{092E74B0-8CA1-453b-9474-C9849FDD04D6}.exe
| MD5 | e3e4ca8fb903d13c21b49504eaf95157 |
| SHA1 | 4357b3d701f20f7657c71e775a31d00229b05a22 |
| SHA256 | 6dee847731881d5e9298879cd535f7758862e28b67530a81675f4991b69a3f76 |
| SHA512 | 1b6a9d5fbb965dcc96bf32de25c66acbf63e823d892f2ce76ac961c7555041dd276e46a25e021f398830639ce889c23af57f06158c24c00810e515eccd32b733 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-04 17:33
Reported
2024-04-04 17:36
Platform
win7-20240215-en
Max time kernel
144s
Max time network
122s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7F6C4D75-DCF3-48af-9FE7-4BF63DBB592C} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_7c79d857b718bf5a5838505d3dbb615d_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{64B80B20-68D9-4baf-BFA1-3094EBC29D2D}\stubpath = "C:\\Windows\\{64B80B20-68D9-4baf-BFA1-3094EBC29D2D}.exe" | C:\Windows\{7F6C4D75-DCF3-48af-9FE7-4BF63DBB592C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D3CBC41E-A6C7-4827-91B7-FDC0EE81EC20}\stubpath = "C:\\Windows\\{D3CBC41E-A6C7-4827-91B7-FDC0EE81EC20}.exe" | C:\Windows\{64B80B20-68D9-4baf-BFA1-3094EBC29D2D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E8E0A43C-986F-462e-B69A-CAA8537BA389} | C:\Windows\{E83D0614-1609-401c-A06E-0DA0917E7D45}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E48547A3-BA90-424e-BE10-1FEB3C1C1DC4} | C:\Windows\{1F7E2A90-4EB4-4893-990E-F02213A61194}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{64B80B20-68D9-4baf-BFA1-3094EBC29D2D} | C:\Windows\{7F6C4D75-DCF3-48af-9FE7-4BF63DBB592C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D3CBC41E-A6C7-4827-91B7-FDC0EE81EC20} | C:\Windows\{64B80B20-68D9-4baf-BFA1-3094EBC29D2D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E83D0614-1609-401c-A06E-0DA0917E7D45} | C:\Windows\{D3CBC41E-A6C7-4827-91B7-FDC0EE81EC20}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FBEDDDD9-2739-4781-9F87-94AF1EE4804A}\stubpath = "C:\\Windows\\{FBEDDDD9-2739-4781-9F87-94AF1EE4804A}.exe" | C:\Windows\{0519F1B9-D84D-4363-8E04-A3E6DB66A217}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{758F56F4-711C-4465-B5FE-A8771FB66D9A}\stubpath = "C:\\Windows\\{758F56F4-711C-4465-B5FE-A8771FB66D9A}.exe" | C:\Windows\{FBEDDDD9-2739-4781-9F87-94AF1EE4804A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6F0C872A-FD4D-496f-B7BA-76FE6335A9A3} | C:\Windows\{758F56F4-711C-4465-B5FE-A8771FB66D9A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E8E0A43C-986F-462e-B69A-CAA8537BA389}\stubpath = "C:\\Windows\\{E8E0A43C-986F-462e-B69A-CAA8537BA389}.exe" | C:\Windows\{E83D0614-1609-401c-A06E-0DA0917E7D45}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1F7E2A90-4EB4-4893-990E-F02213A61194} | C:\Windows\{E8E0A43C-986F-462e-B69A-CAA8537BA389}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E48547A3-BA90-424e-BE10-1FEB3C1C1DC4}\stubpath = "C:\\Windows\\{E48547A3-BA90-424e-BE10-1FEB3C1C1DC4}.exe" | C:\Windows\{1F7E2A90-4EB4-4893-990E-F02213A61194}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0519F1B9-D84D-4363-8E04-A3E6DB66A217} | C:\Windows\{E48547A3-BA90-424e-BE10-1FEB3C1C1DC4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0519F1B9-D84D-4363-8E04-A3E6DB66A217}\stubpath = "C:\\Windows\\{0519F1B9-D84D-4363-8E04-A3E6DB66A217}.exe" | C:\Windows\{E48547A3-BA90-424e-BE10-1FEB3C1C1DC4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{758F56F4-711C-4465-B5FE-A8771FB66D9A} | C:\Windows\{FBEDDDD9-2739-4781-9F87-94AF1EE4804A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7F6C4D75-DCF3-48af-9FE7-4BF63DBB592C}\stubpath = "C:\\Windows\\{7F6C4D75-DCF3-48af-9FE7-4BF63DBB592C}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_7c79d857b718bf5a5838505d3dbb615d_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E83D0614-1609-401c-A06E-0DA0917E7D45}\stubpath = "C:\\Windows\\{E83D0614-1609-401c-A06E-0DA0917E7D45}.exe" | C:\Windows\{D3CBC41E-A6C7-4827-91B7-FDC0EE81EC20}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1F7E2A90-4EB4-4893-990E-F02213A61194}\stubpath = "C:\\Windows\\{1F7E2A90-4EB4-4893-990E-F02213A61194}.exe" | C:\Windows\{E8E0A43C-986F-462e-B69A-CAA8537BA389}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FBEDDDD9-2739-4781-9F87-94AF1EE4804A} | C:\Windows\{0519F1B9-D84D-4363-8E04-A3E6DB66A217}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6F0C872A-FD4D-496f-B7BA-76FE6335A9A3}\stubpath = "C:\\Windows\\{6F0C872A-FD4D-496f-B7BA-76FE6335A9A3}.exe" | C:\Windows\{758F56F4-711C-4465-B5FE-A8771FB66D9A}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{7F6C4D75-DCF3-48af-9FE7-4BF63DBB592C}.exe | N/A |
| N/A | N/A | C:\Windows\{64B80B20-68D9-4baf-BFA1-3094EBC29D2D}.exe | N/A |
| N/A | N/A | C:\Windows\{D3CBC41E-A6C7-4827-91B7-FDC0EE81EC20}.exe | N/A |
| N/A | N/A | C:\Windows\{E83D0614-1609-401c-A06E-0DA0917E7D45}.exe | N/A |
| N/A | N/A | C:\Windows\{E8E0A43C-986F-462e-B69A-CAA8537BA389}.exe | N/A |
| N/A | N/A | C:\Windows\{1F7E2A90-4EB4-4893-990E-F02213A61194}.exe | N/A |
| N/A | N/A | C:\Windows\{E48547A3-BA90-424e-BE10-1FEB3C1C1DC4}.exe | N/A |
| N/A | N/A | C:\Windows\{0519F1B9-D84D-4363-8E04-A3E6DB66A217}.exe | N/A |
| N/A | N/A | C:\Windows\{FBEDDDD9-2739-4781-9F87-94AF1EE4804A}.exe | N/A |
| N/A | N/A | C:\Windows\{758F56F4-711C-4465-B5FE-A8771FB66D9A}.exe | N/A |
| N/A | N/A | C:\Windows\{6F0C872A-FD4D-496f-B7BA-76FE6335A9A3}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{7F6C4D75-DCF3-48af-9FE7-4BF63DBB592C}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_7c79d857b718bf5a5838505d3dbb615d_goldeneye.exe | N/A |
| File created | C:\Windows\{D3CBC41E-A6C7-4827-91B7-FDC0EE81EC20}.exe | C:\Windows\{64B80B20-68D9-4baf-BFA1-3094EBC29D2D}.exe | N/A |
| File created | C:\Windows\{E8E0A43C-986F-462e-B69A-CAA8537BA389}.exe | C:\Windows\{E83D0614-1609-401c-A06E-0DA0917E7D45}.exe | N/A |
| File created | C:\Windows\{1F7E2A90-4EB4-4893-990E-F02213A61194}.exe | C:\Windows\{E8E0A43C-986F-462e-B69A-CAA8537BA389}.exe | N/A |
| File created | C:\Windows\{E48547A3-BA90-424e-BE10-1FEB3C1C1DC4}.exe | C:\Windows\{1F7E2A90-4EB4-4893-990E-F02213A61194}.exe | N/A |
| File created | C:\Windows\{64B80B20-68D9-4baf-BFA1-3094EBC29D2D}.exe | C:\Windows\{7F6C4D75-DCF3-48af-9FE7-4BF63DBB592C}.exe | N/A |
| File created | C:\Windows\{E83D0614-1609-401c-A06E-0DA0917E7D45}.exe | C:\Windows\{D3CBC41E-A6C7-4827-91B7-FDC0EE81EC20}.exe | N/A |
| File created | C:\Windows\{0519F1B9-D84D-4363-8E04-A3E6DB66A217}.exe | C:\Windows\{E48547A3-BA90-424e-BE10-1FEB3C1C1DC4}.exe | N/A |
| File created | C:\Windows\{FBEDDDD9-2739-4781-9F87-94AF1EE4804A}.exe | C:\Windows\{0519F1B9-D84D-4363-8E04-A3E6DB66A217}.exe | N/A |
| File created | C:\Windows\{758F56F4-711C-4465-B5FE-A8771FB66D9A}.exe | C:\Windows\{FBEDDDD9-2739-4781-9F87-94AF1EE4804A}.exe | N/A |
| File created | C:\Windows\{6F0C872A-FD4D-496f-B7BA-76FE6335A9A3}.exe | C:\Windows\{758F56F4-711C-4465-B5FE-A8771FB66D9A}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_7c79d857b718bf5a5838505d3dbb615d_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_7c79d857b718bf5a5838505d3dbb615d_goldeneye.exe"
C:\Windows\{7F6C4D75-DCF3-48af-9FE7-4BF63DBB592C}.exe
C:\Windows\{7F6C4D75-DCF3-48af-9FE7-4BF63DBB592C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{64B80B20-68D9-4baf-BFA1-3094EBC29D2D}.exe
C:\Windows\{64B80B20-68D9-4baf-BFA1-3094EBC29D2D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7F6C4~1.EXE > nul
C:\Windows\{D3CBC41E-A6C7-4827-91B7-FDC0EE81EC20}.exe
C:\Windows\{D3CBC41E-A6C7-4827-91B7-FDC0EE81EC20}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{64B80~1.EXE > nul
C:\Windows\{E83D0614-1609-401c-A06E-0DA0917E7D45}.exe
C:\Windows\{E83D0614-1609-401c-A06E-0DA0917E7D45}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D3CBC~1.EXE > nul
C:\Windows\{E8E0A43C-986F-462e-B69A-CAA8537BA389}.exe
C:\Windows\{E8E0A43C-986F-462e-B69A-CAA8537BA389}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E83D0~1.EXE > nul
C:\Windows\{1F7E2A90-4EB4-4893-990E-F02213A61194}.exe
C:\Windows\{1F7E2A90-4EB4-4893-990E-F02213A61194}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E8E0A~1.EXE > nul
C:\Windows\{E48547A3-BA90-424e-BE10-1FEB3C1C1DC4}.exe
C:\Windows\{E48547A3-BA90-424e-BE10-1FEB3C1C1DC4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1F7E2~1.EXE > nul
C:\Windows\{0519F1B9-D84D-4363-8E04-A3E6DB66A217}.exe
C:\Windows\{0519F1B9-D84D-4363-8E04-A3E6DB66A217}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E4854~1.EXE > nul
C:\Windows\{FBEDDDD9-2739-4781-9F87-94AF1EE4804A}.exe
C:\Windows\{FBEDDDD9-2739-4781-9F87-94AF1EE4804A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0519F~1.EXE > nul
C:\Windows\{758F56F4-711C-4465-B5FE-A8771FB66D9A}.exe
C:\Windows\{758F56F4-711C-4465-B5FE-A8771FB66D9A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FBEDD~1.EXE > nul
C:\Windows\{6F0C872A-FD4D-496f-B7BA-76FE6335A9A3}.exe
C:\Windows\{6F0C872A-FD4D-496f-B7BA-76FE6335A9A3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{758F5~1.EXE > nul
Network
Files
C:\Windows\{7F6C4D75-DCF3-48af-9FE7-4BF63DBB592C}.exe
| MD5 | 3f01a96b6ebc755ad8b7644b760fc764 |
| SHA1 | bc2b89e57d46362a5c2a49e1791de6bf6200b9df |
| SHA256 | 9b92706254858b8f7fc4f3f88daf15ba86853e998f082fa844ce38626a8f5169 |
| SHA512 | 8b3a3e9b5432a4ff9162d50714540b5e419e772ffc45efdeca333622d53af9ad92e7d95b24c47c87ebaca844d40971492869980c9a7f079435c139ab085ef7af |
C:\Windows\{64B80B20-68D9-4baf-BFA1-3094EBC29D2D}.exe
| MD5 | 65f3c3b3fe7b806c668a3af05c1e3c44 |
| SHA1 | be8a500768aa774a995291b75816292def1d8a79 |
| SHA256 | 3db9a4496db7506362261a7693158a6432975f490f969726ef2960181167d8e2 |
| SHA512 | 1092facd80067f0471f65baefd81eb0eafc518e54b7cfe5654987810b4b9bfa129c4e12eabf6d42d806efbcb6099224e2e9d23aee3516524ebd2442531551694 |
C:\Windows\{D3CBC41E-A6C7-4827-91B7-FDC0EE81EC20}.exe
| MD5 | a60b04d447e00af3f92f38e078be0917 |
| SHA1 | 41a4892a6bc8902d36cfe16039b6e9a8d7f513d3 |
| SHA256 | fe698b8fe395bcdf7f03bf267114b6664cc5717d8faac2944d8c86c08c93cdac |
| SHA512 | 848dcfc190b6a4c723f7bb10ace0497c1cb4317de909307ed447414a4f2e16589c1a5bf2f241f624b9a670a83ecf253ca97c4f734c7f71469912f6b1e5c78b24 |
C:\Windows\{E83D0614-1609-401c-A06E-0DA0917E7D45}.exe
| MD5 | 1cbe4a0e2ce6871092134ed317cb531b |
| SHA1 | 52adb2591c0a5e5a3598adfd50ad978f7e61c5c3 |
| SHA256 | 2fc5d7dafd068fb676a6f3ad30d5cc6488e97a8457623e2fc30db06863ad0053 |
| SHA512 | a6b2815f520b3b019e93f2c1a9033e348025b0fe75946c1171fd697438629ace38f9acd1df6f1b74d59c0879ce7cbaf794213d8a89a226101a530905f1b616de |
C:\Windows\{E8E0A43C-986F-462e-B69A-CAA8537BA389}.exe
| MD5 | e8565404476a8525c1f31e0978ff77ef |
| SHA1 | 2fbb72315619ac27282d5c7f6d11317e1138098b |
| SHA256 | fdce23f2ec65c90162aded8948ebbac507946b7b1e399b59bfc7c27f9436cdee |
| SHA512 | c53ba42a5f50ffee06aadce6e3fce9a81509ce0e7dcee0cd00d28970f30094b6e2b98f1bea5a282841079439af1948e98fa291d21a2ca7ea75a58c94778de28d |
C:\Windows\{1F7E2A90-4EB4-4893-990E-F02213A61194}.exe
| MD5 | 663954763a906b6c594f6e371adca4e2 |
| SHA1 | 015ca656705548d487960118b75ca2ca8c074663 |
| SHA256 | 8d715a26a955946593d1a6d1d4654fa2c27816a29cfbaf26ed8ed6dd275d7483 |
| SHA512 | 260b71e15811c2d2eabe237877594789ce88f7a011885f68d317ab1a6f1b98f019d51df494b1a3ed3ef6dfddea824a7a97b1bc9011e6732b2132a7f50910814e |
C:\Windows\{E48547A3-BA90-424e-BE10-1FEB3C1C1DC4}.exe
| MD5 | c8589c8f4b8a62ff9c64ef60de7ed761 |
| SHA1 | b39d592fc3f95b09baa27dbeb4935e2e23bfc7bd |
| SHA256 | f1add54aa081fc67e36669e2387e40a62b490a87801a2211325bd3a84f5dd07e |
| SHA512 | 8a7d331784aa0d721a6c5c5ac89def1e0774284f900627af57f8c60f6306561034fdfdcf65e55c634f22286617e8f1453b7ee03eafdbd959429714c45ed503a9 |
C:\Windows\{0519F1B9-D84D-4363-8E04-A3E6DB66A217}.exe
| MD5 | 55612e29a628c1191295c3b0a046ea87 |
| SHA1 | fa4ac4b192d99fcb5122e6b3dfb704b920872c61 |
| SHA256 | 7dc772877c3a07e24986850b21d8a9e9e55e17e2283fd84fb9e2abacca06805d |
| SHA512 | b687b3948eb96f345dae64b7183e306844bad5ac2b99ce8a7a4ed7a38ba80a7e008ab8979fc12b096f406a37e62018bdc57578eb34fc4aa347c0907e4622a88c |
C:\Windows\{FBEDDDD9-2739-4781-9F87-94AF1EE4804A}.exe
| MD5 | 56399d0f5d937db9505dfdd0b48e6462 |
| SHA1 | 272823c72609121ebfefc4d1a39de8bfe30c5a69 |
| SHA256 | c908df214df08465e8010b890e37a74e76560e4a54ff2bb1a1c48e6652580af4 |
| SHA512 | ec98e2fd42af99b0fd4d9d30a6d4ab4ce4518a4405c57b2eb486760b011b513c7bf48f42bc3c949cbe19b53b93cc65b1fa19be5cfa4dd3aa1b4479c2cc299000 |
C:\Windows\{758F56F4-711C-4465-B5FE-A8771FB66D9A}.exe
| MD5 | 2d915cdf9398d6e3845d08de15a7a75a |
| SHA1 | e7dea7b0f2cda9d2a851eb4546c360c71ca4c72e |
| SHA256 | 1f1dab1527e1a192fc628dd692ab35d7677e12d275e3c0b79cba9715f70daaa2 |
| SHA512 | d4d54dbf173b6f7b347c356abac0c3c4d933acf99362a6a80a0016aead3670046e60d7caac92021145f9858145aaedc7cbee5a0f07d6a6f0d214245c9c2c3ccb |
C:\Windows\{6F0C872A-FD4D-496f-B7BA-76FE6335A9A3}.exe
| MD5 | ef667aa1ca198307a663f8607179f9f1 |
| SHA1 | 925c4473fa65e1ca5bc352644a9ba150d2580bbf |
| SHA256 | 39ae2142c5e2676c7f0e55c8a38fb2a3f0be14a5fc94c63b26f806e1283f4177 |
| SHA512 | 10de51d608544da2de08b6d6614efcc024f12009a22d96bc642a7a2b9081322fe426e2b9a403e48c80904836e1ccdf7b609b0583697912a0671b5e664767e960 |