Analysis Overview
SHA256
dd45da4ac9e71a521959ca58a588567054e9cdcb884a15dfb0699bf81045c02e
Threat Level: Known bad
The file 2024-04-04_8ea0dd1a711c9c10168735d32e4aa174_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-04 17:36
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-04 17:36
Reported
2024-04-04 17:38
Platform
win7-20240221-en
Max time kernel
144s
Max time network
124s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{46A6E562-BEA2-45f9-AA93-FBF38D8D1554}\stubpath = "C:\\Windows\\{46A6E562-BEA2-45f9-AA93-FBF38D8D1554}.exe" | C:\Windows\{8DC76868-8834-43c2-8005-D056C7D53FD0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{75B262A6-8634-4111-B6C1-706529378260}\stubpath = "C:\\Windows\\{75B262A6-8634-4111-B6C1-706529378260}.exe" | C:\Windows\{738898C5-E120-4eb7-A4F5-6CAB93E402FA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{34944F5B-185C-4f6e-9C70-054FC4FFF07A} | C:\Windows\{75B262A6-8634-4111-B6C1-706529378260}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2B095A86-877A-41fe-9020-5B202D6BD5C2} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_8ea0dd1a711c9c10168735d32e4aa174_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8DC76868-8834-43c2-8005-D056C7D53FD0}\stubpath = "C:\\Windows\\{8DC76868-8834-43c2-8005-D056C7D53FD0}.exe" | C:\Windows\{4567CF87-DF3D-4d46-87D7-C3F6A5A7EF78}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{75B262A6-8634-4111-B6C1-706529378260} | C:\Windows\{738898C5-E120-4eb7-A4F5-6CAB93E402FA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{34944F5B-185C-4f6e-9C70-054FC4FFF07A}\stubpath = "C:\\Windows\\{34944F5B-185C-4f6e-9C70-054FC4FFF07A}.exe" | C:\Windows\{75B262A6-8634-4111-B6C1-706529378260}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4A47EAC2-52C9-4dff-B166-CB9FD167CF17} | C:\Windows\{DEFF01D9-908D-4d74-929B-1ED6243A5585}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{46A6E562-BEA2-45f9-AA93-FBF38D8D1554} | C:\Windows\{8DC76868-8834-43c2-8005-D056C7D53FD0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8B30212D-1F06-44a4-A49A-983A53730C27} | C:\Windows\{02236274-6E38-4e40-B216-244B4A5A7C62}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{02236274-6E38-4e40-B216-244B4A5A7C62}\stubpath = "C:\\Windows\\{02236274-6E38-4e40-B216-244B4A5A7C62}.exe" | C:\Windows\{46A6E562-BEA2-45f9-AA93-FBF38D8D1554}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4A47EAC2-52C9-4dff-B166-CB9FD167CF17}\stubpath = "C:\\Windows\\{4A47EAC2-52C9-4dff-B166-CB9FD167CF17}.exe" | C:\Windows\{DEFF01D9-908D-4d74-929B-1ED6243A5585}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4567CF87-DF3D-4d46-87D7-C3F6A5A7EF78}\stubpath = "C:\\Windows\\{4567CF87-DF3D-4d46-87D7-C3F6A5A7EF78}.exe" | C:\Windows\{2B095A86-877A-41fe-9020-5B202D6BD5C2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8DC76868-8834-43c2-8005-D056C7D53FD0} | C:\Windows\{4567CF87-DF3D-4d46-87D7-C3F6A5A7EF78}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{02236274-6E38-4e40-B216-244B4A5A7C62} | C:\Windows\{46A6E562-BEA2-45f9-AA93-FBF38D8D1554}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8B30212D-1F06-44a4-A49A-983A53730C27}\stubpath = "C:\\Windows\\{8B30212D-1F06-44a4-A49A-983A53730C27}.exe" | C:\Windows\{02236274-6E38-4e40-B216-244B4A5A7C62}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{738898C5-E120-4eb7-A4F5-6CAB93E402FA} | C:\Windows\{8B30212D-1F06-44a4-A49A-983A53730C27}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{738898C5-E120-4eb7-A4F5-6CAB93E402FA}\stubpath = "C:\\Windows\\{738898C5-E120-4eb7-A4F5-6CAB93E402FA}.exe" | C:\Windows\{8B30212D-1F06-44a4-A49A-983A53730C27}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{DEFF01D9-908D-4d74-929B-1ED6243A5585} | C:\Windows\{34944F5B-185C-4f6e-9C70-054FC4FFF07A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{DEFF01D9-908D-4d74-929B-1ED6243A5585}\stubpath = "C:\\Windows\\{DEFF01D9-908D-4d74-929B-1ED6243A5585}.exe" | C:\Windows\{34944F5B-185C-4f6e-9C70-054FC4FFF07A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2B095A86-877A-41fe-9020-5B202D6BD5C2}\stubpath = "C:\\Windows\\{2B095A86-877A-41fe-9020-5B202D6BD5C2}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_8ea0dd1a711c9c10168735d32e4aa174_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4567CF87-DF3D-4d46-87D7-C3F6A5A7EF78} | C:\Windows\{2B095A86-877A-41fe-9020-5B202D6BD5C2}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{2B095A86-877A-41fe-9020-5B202D6BD5C2}.exe | N/A |
| N/A | N/A | C:\Windows\{4567CF87-DF3D-4d46-87D7-C3F6A5A7EF78}.exe | N/A |
| N/A | N/A | C:\Windows\{8DC76868-8834-43c2-8005-D056C7D53FD0}.exe | N/A |
| N/A | N/A | C:\Windows\{46A6E562-BEA2-45f9-AA93-FBF38D8D1554}.exe | N/A |
| N/A | N/A | C:\Windows\{02236274-6E38-4e40-B216-244B4A5A7C62}.exe | N/A |
| N/A | N/A | C:\Windows\{8B30212D-1F06-44a4-A49A-983A53730C27}.exe | N/A |
| N/A | N/A | C:\Windows\{738898C5-E120-4eb7-A4F5-6CAB93E402FA}.exe | N/A |
| N/A | N/A | C:\Windows\{75B262A6-8634-4111-B6C1-706529378260}.exe | N/A |
| N/A | N/A | C:\Windows\{34944F5B-185C-4f6e-9C70-054FC4FFF07A}.exe | N/A |
| N/A | N/A | C:\Windows\{DEFF01D9-908D-4d74-929B-1ED6243A5585}.exe | N/A |
| N/A | N/A | C:\Windows\{4A47EAC2-52C9-4dff-B166-CB9FD167CF17}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{738898C5-E120-4eb7-A4F5-6CAB93E402FA}.exe | C:\Windows\{8B30212D-1F06-44a4-A49A-983A53730C27}.exe | N/A |
| File created | C:\Windows\{75B262A6-8634-4111-B6C1-706529378260}.exe | C:\Windows\{738898C5-E120-4eb7-A4F5-6CAB93E402FA}.exe | N/A |
| File created | C:\Windows\{2B095A86-877A-41fe-9020-5B202D6BD5C2}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_8ea0dd1a711c9c10168735d32e4aa174_goldeneye.exe | N/A |
| File created | C:\Windows\{8DC76868-8834-43c2-8005-D056C7D53FD0}.exe | C:\Windows\{4567CF87-DF3D-4d46-87D7-C3F6A5A7EF78}.exe | N/A |
| File created | C:\Windows\{8B30212D-1F06-44a4-A49A-983A53730C27}.exe | C:\Windows\{02236274-6E38-4e40-B216-244B4A5A7C62}.exe | N/A |
| File created | C:\Windows\{34944F5B-185C-4f6e-9C70-054FC4FFF07A}.exe | C:\Windows\{75B262A6-8634-4111-B6C1-706529378260}.exe | N/A |
| File created | C:\Windows\{DEFF01D9-908D-4d74-929B-1ED6243A5585}.exe | C:\Windows\{34944F5B-185C-4f6e-9C70-054FC4FFF07A}.exe | N/A |
| File created | C:\Windows\{4A47EAC2-52C9-4dff-B166-CB9FD167CF17}.exe | C:\Windows\{DEFF01D9-908D-4d74-929B-1ED6243A5585}.exe | N/A |
| File created | C:\Windows\{4567CF87-DF3D-4d46-87D7-C3F6A5A7EF78}.exe | C:\Windows\{2B095A86-877A-41fe-9020-5B202D6BD5C2}.exe | N/A |
| File created | C:\Windows\{46A6E562-BEA2-45f9-AA93-FBF38D8D1554}.exe | C:\Windows\{8DC76868-8834-43c2-8005-D056C7D53FD0}.exe | N/A |
| File created | C:\Windows\{02236274-6E38-4e40-B216-244B4A5A7C62}.exe | C:\Windows\{46A6E562-BEA2-45f9-AA93-FBF38D8D1554}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_8ea0dd1a711c9c10168735d32e4aa174_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_8ea0dd1a711c9c10168735d32e4aa174_goldeneye.exe"
C:\Windows\{2B095A86-877A-41fe-9020-5B202D6BD5C2}.exe
C:\Windows\{2B095A86-877A-41fe-9020-5B202D6BD5C2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{4567CF87-DF3D-4d46-87D7-C3F6A5A7EF78}.exe
C:\Windows\{4567CF87-DF3D-4d46-87D7-C3F6A5A7EF78}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2B095~1.EXE > nul
C:\Windows\{8DC76868-8834-43c2-8005-D056C7D53FD0}.exe
C:\Windows\{8DC76868-8834-43c2-8005-D056C7D53FD0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4567C~1.EXE > nul
C:\Windows\{46A6E562-BEA2-45f9-AA93-FBF38D8D1554}.exe
C:\Windows\{46A6E562-BEA2-45f9-AA93-FBF38D8D1554}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8DC76~1.EXE > nul
C:\Windows\{02236274-6E38-4e40-B216-244B4A5A7C62}.exe
C:\Windows\{02236274-6E38-4e40-B216-244B4A5A7C62}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{46A6E~1.EXE > nul
C:\Windows\{8B30212D-1F06-44a4-A49A-983A53730C27}.exe
C:\Windows\{8B30212D-1F06-44a4-A49A-983A53730C27}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{02236~1.EXE > nul
C:\Windows\{738898C5-E120-4eb7-A4F5-6CAB93E402FA}.exe
C:\Windows\{738898C5-E120-4eb7-A4F5-6CAB93E402FA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8B302~1.EXE > nul
C:\Windows\{75B262A6-8634-4111-B6C1-706529378260}.exe
C:\Windows\{75B262A6-8634-4111-B6C1-706529378260}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{73889~1.EXE > nul
C:\Windows\{34944F5B-185C-4f6e-9C70-054FC4FFF07A}.exe
C:\Windows\{34944F5B-185C-4f6e-9C70-054FC4FFF07A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{75B26~1.EXE > nul
C:\Windows\{DEFF01D9-908D-4d74-929B-1ED6243A5585}.exe
C:\Windows\{DEFF01D9-908D-4d74-929B-1ED6243A5585}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{34944~1.EXE > nul
C:\Windows\{4A47EAC2-52C9-4dff-B166-CB9FD167CF17}.exe
C:\Windows\{4A47EAC2-52C9-4dff-B166-CB9FD167CF17}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{DEFF0~1.EXE > nul
Network
Files
C:\Windows\{2B095A86-877A-41fe-9020-5B202D6BD5C2}.exe
| MD5 | b4052f6bca4d0d07a4dba0233a716079 |
| SHA1 | 032806afae10b1b931c2f8aae1ab05fc22e8c498 |
| SHA256 | d0a3aff2789173f2ede3e4c9692c15857f977002cc07baf8bb8d87105172a62f |
| SHA512 | 989f48f0680e3c51fdcc6fc46bdaf5b452ec91f8b24d5e85413f854622e6ef6217cd9c69901848d4dce22cdccaf263062465b1aad37a0b1963d0a97b8613b24e |
C:\Windows\{4567CF87-DF3D-4d46-87D7-C3F6A5A7EF78}.exe
| MD5 | bccc7ded669aca828b12a44dba6be6b0 |
| SHA1 | c140018ac283e6c5d850fe0e5c61c85866c856ff |
| SHA256 | 8779e9b180439baf0d60ac827902bbfcb05d2a774b34462680efe0d94af4d540 |
| SHA512 | 10d8ee365b1cd14a0f40dd3bf642ed8d67b388d355dd957387efacfb8d38dbbf300fb07a3defd1dda1f20c98514290e11fce1437b0fdee00d69ddf6270abd824 |
C:\Windows\{8DC76868-8834-43c2-8005-D056C7D53FD0}.exe
| MD5 | 027a2afe743b8e7f302d9e17a6dc64ff |
| SHA1 | 150bdb9c4637fe6bca00199a0a893f1ade95d5eb |
| SHA256 | d93fb31739b96b22b7fadb11922f663a8490c8ad1c78e16f676ba716c70b61a8 |
| SHA512 | b69603b28b363edb66687ea4a755fa9ceb9bfdb8ffccb36c2fe6f22554222fbc7c3257c556c3b67fb11f48ea24139293e7e880e4422ade1d55c94cc911ba61bc |
C:\Windows\{46A6E562-BEA2-45f9-AA93-FBF38D8D1554}.exe
| MD5 | 7ff9394f03b533ee3db7378e06c54918 |
| SHA1 | b7bc39151306c7aceef08ce93c4942d3f4dd8a31 |
| SHA256 | cbb52e589977b0e5ec3188d4593e2551f854d520ed247d5496f19dc6c2889eff |
| SHA512 | 88482e4145953082545b0ca4ae66b5a963b9dcde782ceebc0fbd7344677e88352aa421318eecced653c1be22381155a016e96a3684cb4f406f2a7be69c31f14c |
C:\Windows\{02236274-6E38-4e40-B216-244B4A5A7C62}.exe
| MD5 | 929399e0342830bf0710ebd803092f5c |
| SHA1 | 678181bdbcb31c21fd8ac38cf3c8ff470ad2ff96 |
| SHA256 | 4324afa1c74105c6516de8e7a907d64a6af927dafa48e3cddbb3f74fa36ff7b2 |
| SHA512 | 38d2def89e5039743545c6b09d35292bea29579fed26c04497b497e3d4ff5dc10bc1d1920fe2ff7141e1c9947111ee5dbb103e44174a9e1ce080ab937bbe6416 |
C:\Windows\{8B30212D-1F06-44a4-A49A-983A53730C27}.exe
| MD5 | 30a2f91ad1d532477b22a47d54d69be0 |
| SHA1 | edc6b3eb02a27af5dddc1148ba9992aa08a7a15c |
| SHA256 | 910e3bc9a16b96236718ce3c35af19974042cc602cd0d01b67837b9d0741bbb2 |
| SHA512 | 9056ba4c6e242caa2265aa3064a2ef16e6c2d4e84e3d5d362640ff5bbe440d7c60b5860c6c7ea4206f252724996c1921d3bf1a266086ce4c397ee965dec9c304 |
C:\Windows\{738898C5-E120-4eb7-A4F5-6CAB93E402FA}.exe
| MD5 | 37c10b9ad027b9f642830a5927c8a327 |
| SHA1 | 9cc7c72390c1d3bb69867a7dce963ca7e94d8ad0 |
| SHA256 | 9ac04aa56ae35a387d6f9dd785c5df73e07d9699b7e67c9974a878f6630481ae |
| SHA512 | 9c0788cb226d31b25f071cebeacdd3af332387fc0373416f3fa8fed88df06efeb0779cd6db7b184c56f54dfb73f82b9a7d6428bd2abd6705e9a064d9f84aa21b |
C:\Windows\{75B262A6-8634-4111-B6C1-706529378260}.exe
| MD5 | 4e161548adfffc7bef81913932eea4e2 |
| SHA1 | bfdd5db3fbd9e99f34bccd20acb26ee8f23cb5e1 |
| SHA256 | 0581234d311cf46ee829722a5d52605a67cbeb70a088680941e2367cc46670c6 |
| SHA512 | 743b582e88e29b1669d44237a4ba8de1a2646e35a6106aa0f5ca08f90ecd26c137f87c5624605a2716874ca8f1aad4936cd4095a81077e8defc7ad756eb1e9f5 |
C:\Windows\{34944F5B-185C-4f6e-9C70-054FC4FFF07A}.exe
| MD5 | 334a5ebc11ef198a66e6c55bdb215269 |
| SHA1 | 009373c7c99f5e4e92e7725c93a95552207d0d91 |
| SHA256 | 314a69a6fce784517c7c48b99e909eeeb321cdc3ae260e7744ecbbd689145908 |
| SHA512 | cbf9381edb7e876810d7f29f87045aec180be6c31e43c3b0d58a300b1076fe5eace1133b6f19cfba8f967f6a7084c2348227228d56f48f22a2ba4e3750f55bac |
C:\Windows\{DEFF01D9-908D-4d74-929B-1ED6243A5585}.exe
| MD5 | 441dcab9ac8c081f081e4258f8ab256d |
| SHA1 | 98664e10bea5f76c5ae9fdd849854c37d8082750 |
| SHA256 | a3d1ae74990868fb93970728253c097ad65707c9ebcdaba999139bacc5a11fde |
| SHA512 | 015cec3befd29c27c05097c1790b87037b28666cc85636bf46dfccb69d09cdbe0a5ee1dfaf4cefa9ae60c01f20d7b6f5630d14dd846a365bbabbb09b05b4a7af |
C:\Windows\{4A47EAC2-52C9-4dff-B166-CB9FD167CF17}.exe
| MD5 | 519c3ed5a34169bdd1832f7284044806 |
| SHA1 | 46bd7a2c52e807c36570c92c573dce520c29aa42 |
| SHA256 | f2bf7323239830e55984150592f66da362f31bbaaa52f55c9e7718817d80e798 |
| SHA512 | 8feafa1e7ff9ff8bd3617019ffd06121b3c0934f55d49e0d3055028c522a4c4502846d37410cc0ff9e45c8efab1f4ec9c983254a075f77e276f52715384b7f54 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-04 17:36
Reported
2024-04-04 17:38
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B97CE493-16F8-4140-884F-15FB1B237A16} | C:\Windows\{80D812A7-C614-4f51-9C74-610C39DBF4F3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2DD4A9AB-3883-4bd3-81C3-7B636D56728D} | C:\Windows\{9BA15531-A12A-4272-AA7C-2956CD817667}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D63F22D9-9ED5-4316-8767-821075F36FAF}\stubpath = "C:\\Windows\\{D63F22D9-9ED5-4316-8767-821075F36FAF}.exe" | C:\Windows\{2DD4A9AB-3883-4bd3-81C3-7B636D56728D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A45AC08A-24A6-4f07-8BD6-F0ADD00BC5F9}\stubpath = "C:\\Windows\\{A45AC08A-24A6-4f07-8BD6-F0ADD00BC5F9}.exe" | C:\Windows\{918FB280-112E-4283-97CF-5681231EA6BF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A25A01A7-2E01-4d23-87C9-C2FEE46290DE} | C:\Windows\{12C40225-1013-4415-A568-FB02DB725901}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A45AC08A-24A6-4f07-8BD6-F0ADD00BC5F9} | C:\Windows\{918FB280-112E-4283-97CF-5681231EA6BF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BB533CCD-0C97-4751-BC4C-F246376E0600}\stubpath = "C:\\Windows\\{BB533CCD-0C97-4751-BC4C-F246376E0600}.exe" | C:\Windows\{A45AC08A-24A6-4f07-8BD6-F0ADD00BC5F9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{74B5EE71-1CDD-48d4-8B11-F68767E5EF8A}\stubpath = "C:\\Windows\\{74B5EE71-1CDD-48d4-8B11-F68767E5EF8A}.exe" | C:\Windows\{A25A01A7-2E01-4d23-87C9-C2FEE46290DE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{80D812A7-C614-4f51-9C74-610C39DBF4F3} | C:\Windows\{74B5EE71-1CDD-48d4-8B11-F68767E5EF8A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9BA15531-A12A-4272-AA7C-2956CD817667} | C:\Windows\{B97CE493-16F8-4140-884F-15FB1B237A16}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4EE23A6F-85C7-41f0-A344-CA8116409042} | C:\Windows\{D63F22D9-9ED5-4316-8767-821075F36FAF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{918FB280-112E-4283-97CF-5681231EA6BF} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_8ea0dd1a711c9c10168735d32e4aa174_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{918FB280-112E-4283-97CF-5681231EA6BF}\stubpath = "C:\\Windows\\{918FB280-112E-4283-97CF-5681231EA6BF}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_8ea0dd1a711c9c10168735d32e4aa174_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B97CE493-16F8-4140-884F-15FB1B237A16}\stubpath = "C:\\Windows\\{B97CE493-16F8-4140-884F-15FB1B237A16}.exe" | C:\Windows\{80D812A7-C614-4f51-9C74-610C39DBF4F3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D63F22D9-9ED5-4316-8767-821075F36FAF} | C:\Windows\{2DD4A9AB-3883-4bd3-81C3-7B636D56728D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4EE23A6F-85C7-41f0-A344-CA8116409042}\stubpath = "C:\\Windows\\{4EE23A6F-85C7-41f0-A344-CA8116409042}.exe" | C:\Windows\{D63F22D9-9ED5-4316-8767-821075F36FAF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BB533CCD-0C97-4751-BC4C-F246376E0600} | C:\Windows\{A45AC08A-24A6-4f07-8BD6-F0ADD00BC5F9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{12C40225-1013-4415-A568-FB02DB725901} | C:\Windows\{BB533CCD-0C97-4751-BC4C-F246376E0600}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{74B5EE71-1CDD-48d4-8B11-F68767E5EF8A} | C:\Windows\{A25A01A7-2E01-4d23-87C9-C2FEE46290DE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{80D812A7-C614-4f51-9C74-610C39DBF4F3}\stubpath = "C:\\Windows\\{80D812A7-C614-4f51-9C74-610C39DBF4F3}.exe" | C:\Windows\{74B5EE71-1CDD-48d4-8B11-F68767E5EF8A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9BA15531-A12A-4272-AA7C-2956CD817667}\stubpath = "C:\\Windows\\{9BA15531-A12A-4272-AA7C-2956CD817667}.exe" | C:\Windows\{B97CE493-16F8-4140-884F-15FB1B237A16}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2DD4A9AB-3883-4bd3-81C3-7B636D56728D}\stubpath = "C:\\Windows\\{2DD4A9AB-3883-4bd3-81C3-7B636D56728D}.exe" | C:\Windows\{9BA15531-A12A-4272-AA7C-2956CD817667}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{12C40225-1013-4415-A568-FB02DB725901}\stubpath = "C:\\Windows\\{12C40225-1013-4415-A568-FB02DB725901}.exe" | C:\Windows\{BB533CCD-0C97-4751-BC4C-F246376E0600}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A25A01A7-2E01-4d23-87C9-C2FEE46290DE}\stubpath = "C:\\Windows\\{A25A01A7-2E01-4d23-87C9-C2FEE46290DE}.exe" | C:\Windows\{12C40225-1013-4415-A568-FB02DB725901}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{918FB280-112E-4283-97CF-5681231EA6BF}.exe | N/A |
| N/A | N/A | C:\Windows\{A45AC08A-24A6-4f07-8BD6-F0ADD00BC5F9}.exe | N/A |
| N/A | N/A | C:\Windows\{BB533CCD-0C97-4751-BC4C-F246376E0600}.exe | N/A |
| N/A | N/A | C:\Windows\{12C40225-1013-4415-A568-FB02DB725901}.exe | N/A |
| N/A | N/A | C:\Windows\{A25A01A7-2E01-4d23-87C9-C2FEE46290DE}.exe | N/A |
| N/A | N/A | C:\Windows\{74B5EE71-1CDD-48d4-8B11-F68767E5EF8A}.exe | N/A |
| N/A | N/A | C:\Windows\{80D812A7-C614-4f51-9C74-610C39DBF4F3}.exe | N/A |
| N/A | N/A | C:\Windows\{B97CE493-16F8-4140-884F-15FB1B237A16}.exe | N/A |
| N/A | N/A | C:\Windows\{9BA15531-A12A-4272-AA7C-2956CD817667}.exe | N/A |
| N/A | N/A | C:\Windows\{2DD4A9AB-3883-4bd3-81C3-7B636D56728D}.exe | N/A |
| N/A | N/A | C:\Windows\{D63F22D9-9ED5-4316-8767-821075F36FAF}.exe | N/A |
| N/A | N/A | C:\Windows\{4EE23A6F-85C7-41f0-A344-CA8116409042}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{BB533CCD-0C97-4751-BC4C-F246376E0600}.exe | C:\Windows\{A45AC08A-24A6-4f07-8BD6-F0ADD00BC5F9}.exe | N/A |
| File created | C:\Windows\{12C40225-1013-4415-A568-FB02DB725901}.exe | C:\Windows\{BB533CCD-0C97-4751-BC4C-F246376E0600}.exe | N/A |
| File created | C:\Windows\{A25A01A7-2E01-4d23-87C9-C2FEE46290DE}.exe | C:\Windows\{12C40225-1013-4415-A568-FB02DB725901}.exe | N/A |
| File created | C:\Windows\{B97CE493-16F8-4140-884F-15FB1B237A16}.exe | C:\Windows\{80D812A7-C614-4f51-9C74-610C39DBF4F3}.exe | N/A |
| File created | C:\Windows\{9BA15531-A12A-4272-AA7C-2956CD817667}.exe | C:\Windows\{B97CE493-16F8-4140-884F-15FB1B237A16}.exe | N/A |
| File created | C:\Windows\{D63F22D9-9ED5-4316-8767-821075F36FAF}.exe | C:\Windows\{2DD4A9AB-3883-4bd3-81C3-7B636D56728D}.exe | N/A |
| File created | C:\Windows\{4EE23A6F-85C7-41f0-A344-CA8116409042}.exe | C:\Windows\{D63F22D9-9ED5-4316-8767-821075F36FAF}.exe | N/A |
| File created | C:\Windows\{A45AC08A-24A6-4f07-8BD6-F0ADD00BC5F9}.exe | C:\Windows\{918FB280-112E-4283-97CF-5681231EA6BF}.exe | N/A |
| File created | C:\Windows\{74B5EE71-1CDD-48d4-8B11-F68767E5EF8A}.exe | C:\Windows\{A25A01A7-2E01-4d23-87C9-C2FEE46290DE}.exe | N/A |
| File created | C:\Windows\{80D812A7-C614-4f51-9C74-610C39DBF4F3}.exe | C:\Windows\{74B5EE71-1CDD-48d4-8B11-F68767E5EF8A}.exe | N/A |
| File created | C:\Windows\{2DD4A9AB-3883-4bd3-81C3-7B636D56728D}.exe | C:\Windows\{9BA15531-A12A-4272-AA7C-2956CD817667}.exe | N/A |
| File created | C:\Windows\{918FB280-112E-4283-97CF-5681231EA6BF}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_8ea0dd1a711c9c10168735d32e4aa174_goldeneye.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_8ea0dd1a711c9c10168735d32e4aa174_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_8ea0dd1a711c9c10168735d32e4aa174_goldeneye.exe"
C:\Windows\{918FB280-112E-4283-97CF-5681231EA6BF}.exe
C:\Windows\{918FB280-112E-4283-97CF-5681231EA6BF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{A45AC08A-24A6-4f07-8BD6-F0ADD00BC5F9}.exe
C:\Windows\{A45AC08A-24A6-4f07-8BD6-F0ADD00BC5F9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{918FB~1.EXE > nul
C:\Windows\{BB533CCD-0C97-4751-BC4C-F246376E0600}.exe
C:\Windows\{BB533CCD-0C97-4751-BC4C-F246376E0600}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A45AC~1.EXE > nul
C:\Windows\{12C40225-1013-4415-A568-FB02DB725901}.exe
C:\Windows\{12C40225-1013-4415-A568-FB02DB725901}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BB533~1.EXE > nul
C:\Windows\{A25A01A7-2E01-4d23-87C9-C2FEE46290DE}.exe
C:\Windows\{A25A01A7-2E01-4d23-87C9-C2FEE46290DE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{12C40~1.EXE > nul
C:\Windows\{74B5EE71-1CDD-48d4-8B11-F68767E5EF8A}.exe
C:\Windows\{74B5EE71-1CDD-48d4-8B11-F68767E5EF8A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A25A0~1.EXE > nul
C:\Windows\{80D812A7-C614-4f51-9C74-610C39DBF4F3}.exe
C:\Windows\{80D812A7-C614-4f51-9C74-610C39DBF4F3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{74B5E~1.EXE > nul
C:\Windows\{B97CE493-16F8-4140-884F-15FB1B237A16}.exe
C:\Windows\{B97CE493-16F8-4140-884F-15FB1B237A16}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{80D81~1.EXE > nul
C:\Windows\{9BA15531-A12A-4272-AA7C-2956CD817667}.exe
C:\Windows\{9BA15531-A12A-4272-AA7C-2956CD817667}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B97CE~1.EXE > nul
C:\Windows\{2DD4A9AB-3883-4bd3-81C3-7B636D56728D}.exe
C:\Windows\{2DD4A9AB-3883-4bd3-81C3-7B636D56728D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9BA15~1.EXE > nul
C:\Windows\{D63F22D9-9ED5-4316-8767-821075F36FAF}.exe
C:\Windows\{D63F22D9-9ED5-4316-8767-821075F36FAF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2DD4A~1.EXE > nul
C:\Windows\{4EE23A6F-85C7-41f0-A344-CA8116409042}.exe
C:\Windows\{4EE23A6F-85C7-41f0-A344-CA8116409042}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D63F2~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Windows\{918FB280-112E-4283-97CF-5681231EA6BF}.exe
| MD5 | cf085e698cb7b788bfb5cedacefe0257 |
| SHA1 | 7af13fead39d1826f6daea7132ed1badaff46447 |
| SHA256 | 99715c049e6336d7f2d9ed8b4921bb6e04d529bbc3332ff8f02a345a1fdec323 |
| SHA512 | 1e5984877c22d225ef2c7097599980b7f0589a5fa06ab410878cac7ecbded4d9682d007e0f6cc1094819dcb69f1325844363e3ee8be5a08c005983cae25ec0ce |
C:\Windows\{A45AC08A-24A6-4f07-8BD6-F0ADD00BC5F9}.exe
| MD5 | dc588700cb292a8ad17c88f572b97dc5 |
| SHA1 | 5006a6dde1252f87f1cd2cb3b0d2013eaac448d2 |
| SHA256 | fc0bef8ef2348fde23cfd4bd301a7adae9a40e87a21b61e1655931f90f886ee6 |
| SHA512 | 4067c53d1d0ecc97dd1ad83177bb3e34de03ba467f01203f654607d7d639313ab3953f81c484b10f3b735b9bc0409abd78a925fbee0c30d3b0c2f0e89f933f10 |
C:\Windows\{BB533CCD-0C97-4751-BC4C-F246376E0600}.exe
| MD5 | c19eefde76eeb805a99f9ef9971f6483 |
| SHA1 | 83757c1587687cd7ea30802d52c1d5578ce8a996 |
| SHA256 | d4193ef8d13817bb4a15f2500372c39bca26771fd26834bfd7d6bea43d36c282 |
| SHA512 | c17facf5f765dcca748b2b65e3123d36931ea9b184b530881772db7588bdb4784a499e3644af170be6f5518eb883ea5d843911a07836db44337dae946130e257 |
C:\Windows\{12C40225-1013-4415-A568-FB02DB725901}.exe
| MD5 | 543893a0a858923956e345f39ee6b4cd |
| SHA1 | fae3f9e9617a4624b0ebb360fc432480e85bafd1 |
| SHA256 | b883cd5714ea5d62f99bd498662407c7e26636631be5ef052e2364499a18ed02 |
| SHA512 | b34192ccabb1e9364916546b9526401461d2331398ebe19f275950f87cf49b8334fa1ee9b28d642d2fee948895062e4a57a7b74b9e3476a013fcce11f4a94078 |
C:\Windows\{A25A01A7-2E01-4d23-87C9-C2FEE46290DE}.exe
| MD5 | 2f29dcd67ab25a1d8b66f256e08a0ded |
| SHA1 | b82cdf48cc058b387f0b9649f83ee0fdfaeb97e1 |
| SHA256 | 9dd1fcbf1040e2fd54ce547064d0bff3c1202c2195acdfe29f558fb3666e4589 |
| SHA512 | 610a77a11582cd3724de5a0e49fbf55e6e1b7cd28ef64c3543a252782352fae346c4c696b37828e30a1afa1d8a2de81310f739ac76c95db452776287788cd7cb |
C:\Windows\{74B5EE71-1CDD-48d4-8B11-F68767E5EF8A}.exe
| MD5 | 6366bf3fc3e0af6785e1d8c6227d95f4 |
| SHA1 | 59184270f232e71a531f23ddce24b644256aff57 |
| SHA256 | 7267b9f9eb0b2fceb21a29e1d02a592c5229e63f103f2e98223d4091bf8ccd33 |
| SHA512 | 68851e88870322242d73b28299b852d03c3efa9f9c220762e94c11cd8c4d151e5a0dfb235347f18c89f05a2796d99d95df1f81d64329140729d2ca1a909eba80 |
C:\Windows\{80D812A7-C614-4f51-9C74-610C39DBF4F3}.exe
| MD5 | b113dd50ed62f2aa70f0cfd611994d54 |
| SHA1 | 677b424659d090d1835671b58c745721b742b07e |
| SHA256 | a0db00408000e8d03d34550f1208a50f1d5fa28a8374f397d30c6faf0f00e795 |
| SHA512 | e7677f57f494919a4f7f1b65f8c8561f7b1241ccf5964254801d1b87ef3e1c0afb198f6594f6aadf3162890c1fbfd0ab6b8c7f1fa3176a851a955079005f74ee |
C:\Windows\{B97CE493-16F8-4140-884F-15FB1B237A16}.exe
| MD5 | b0cadd284e6475b0da7670031c563dc2 |
| SHA1 | cab84a6856a5b94af73972ad9338d94d43e01dcd |
| SHA256 | 5afa4c830ef87b7d0436448918353e33a53ce524a2f03556f1f21fcfb43a3f93 |
| SHA512 | d24ad3f7acd090a7ecc1deab194fec5165a299b65e85bee0a4745b7bfcacdc9fc6a69fdd49f2ea7c7f86b481700b22bd7cee14cf62bb743da31b6d4d8256351f |
C:\Windows\{9BA15531-A12A-4272-AA7C-2956CD817667}.exe
| MD5 | ac9fa2a4221bd749f9a6bca8ab88d62c |
| SHA1 | 9bfc78a4d4ef8155080e1691c65162a35f15d6ea |
| SHA256 | 12138fbde420804b2b037190fa83532b8a711e49fdaf5d18c4cba5a1aebc94da |
| SHA512 | 560058ba482712ac3704c7bdf16354f6fdb8a4f1bcab553dc5cdead85550c3a8ee9cfb5053e7de0d8dca9abd33a4e3baa9f47b68123e1c01fab1bf4a62d9dfc7 |
C:\Windows\{2DD4A9AB-3883-4bd3-81C3-7B636D56728D}.exe
| MD5 | 2455b9dfa3240f88e4cbd906dba88ef9 |
| SHA1 | 0f3b2dca4bf8ec6b0134560ab0ad7fb4f248b6cc |
| SHA256 | c232d63ec482c0eba0b58a3e661c36c7136e599400ff1ce05c9089353c3f16d4 |
| SHA512 | ae8d03b44698761f868e67e3eae557c07b2e04e4ad735c6c6244f7099bc7b8e32f8c165fd7d6bf4428af85cc35ab366e62b0067609a4734efb827059af428bce |
C:\Windows\{D63F22D9-9ED5-4316-8767-821075F36FAF}.exe
| MD5 | 96da12da75a15b3f6b308bdc66f535c9 |
| SHA1 | 89e8e5fd6e0b1fa378fb844919d94adbc05645b3 |
| SHA256 | c7fd2d257f25b00a5b6177ddff56fa33d6e49006289bb5e854c4875cf8351a0a |
| SHA512 | c09bfecfe3464618cc6e173e2744b0ae633af80b21349512e48105b1ab8323dfdce4099b4a9dc02aceca564b7e2594b32119e04135958115933853e4fead26db |
C:\Windows\{4EE23A6F-85C7-41f0-A344-CA8116409042}.exe
| MD5 | 55c75934c745647e28b938043b65779e |
| SHA1 | 856d147aa1951aac8922f44c3a12891fd582caef |
| SHA256 | aac89ad9247e50b74f968f5789f7a8c783e85b4dc49951ac730a2f6341fbb247 |
| SHA512 | 2c87a626c0f2fb12be9a4be2a6b2057a0717423eef739637b1f658c52af3ef5a8628697316744713d9a3d7acbf7e9a194673549284612bbee5b5f7066c80a61b |