Analysis Overview
SHA256
21a531c3306520a16e04aa7a4f24c5aab801c790525e46256fbaaf7665da9291
Threat Level: Known bad
The file 2024-04-04_b74120f39986ebaf4507dd39d76c5a14_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-04 17:41
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-04 17:41
Reported
2024-04-04 17:44
Platform
win7-20231129-en
Max time kernel
144s
Max time network
120s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{078E77AC-14C6-4977-AB96-835408A2F49B}\stubpath = "C:\\Windows\\{078E77AC-14C6-4977-AB96-835408A2F49B}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_b74120f39986ebaf4507dd39d76c5a14_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A464C467-8DB9-4705-88A7-DD0F667D776E} | C:\Windows\{4AAAD155-C541-4c02-8E2A-90946FA4CDE8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{556B17AF-DA13-406f-B180-5B1CE1EDF7F8}\stubpath = "C:\\Windows\\{556B17AF-DA13-406f-B180-5B1CE1EDF7F8}.exe" | C:\Windows\{461A4BCB-1FE3-4e37-8159-3E032AF404D3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2DCF1DAA-E6D8-445e-8185-6F35CFF8695D} | C:\Windows\{426B868C-88CF-4092-A3DF-94BE950B904C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BA52E9F0-3EB2-4534-B398-8B14364E48F6} | C:\Windows\{06D84438-6AFF-4fc3-9B0B-3FBF5DB8DAB5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BA52E9F0-3EB2-4534-B398-8B14364E48F6}\stubpath = "C:\\Windows\\{BA52E9F0-3EB2-4534-B398-8B14364E48F6}.exe" | C:\Windows\{06D84438-6AFF-4fc3-9B0B-3FBF5DB8DAB5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{078E77AC-14C6-4977-AB96-835408A2F49B} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_b74120f39986ebaf4507dd39d76c5a14_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4AAAD155-C541-4c02-8E2A-90946FA4CDE8} | C:\Windows\{078E77AC-14C6-4977-AB96-835408A2F49B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4AAAD155-C541-4c02-8E2A-90946FA4CDE8}\stubpath = "C:\\Windows\\{4AAAD155-C541-4c02-8E2A-90946FA4CDE8}.exe" | C:\Windows\{078E77AC-14C6-4977-AB96-835408A2F49B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{556B17AF-DA13-406f-B180-5B1CE1EDF7F8} | C:\Windows\{461A4BCB-1FE3-4e37-8159-3E032AF404D3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{426B868C-88CF-4092-A3DF-94BE950B904C}\stubpath = "C:\\Windows\\{426B868C-88CF-4092-A3DF-94BE950B904C}.exe" | C:\Windows\{556B17AF-DA13-406f-B180-5B1CE1EDF7F8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2DCF1DAA-E6D8-445e-8185-6F35CFF8695D}\stubpath = "C:\\Windows\\{2DCF1DAA-E6D8-445e-8185-6F35CFF8695D}.exe" | C:\Windows\{426B868C-88CF-4092-A3DF-94BE950B904C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A464C467-8DB9-4705-88A7-DD0F667D776E}\stubpath = "C:\\Windows\\{A464C467-8DB9-4705-88A7-DD0F667D776E}.exe" | C:\Windows\{4AAAD155-C541-4c02-8E2A-90946FA4CDE8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{461A4BCB-1FE3-4e37-8159-3E032AF404D3} | C:\Windows\{A464C467-8DB9-4705-88A7-DD0F667D776E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{461A4BCB-1FE3-4e37-8159-3E032AF404D3}\stubpath = "C:\\Windows\\{461A4BCB-1FE3-4e37-8159-3E032AF404D3}.exe" | C:\Windows\{A464C467-8DB9-4705-88A7-DD0F667D776E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{27C34729-1D2F-4bdf-A242-3CC3E23B0618}\stubpath = "C:\\Windows\\{27C34729-1D2F-4bdf-A242-3CC3E23B0618}.exe" | C:\Windows\{2DCF1DAA-E6D8-445e-8185-6F35CFF8695D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{497601ED-FB01-40e0-AC8D-053166A61BD0} | C:\Windows\{27C34729-1D2F-4bdf-A242-3CC3E23B0618}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{06D84438-6AFF-4fc3-9B0B-3FBF5DB8DAB5} | C:\Windows\{497601ED-FB01-40e0-AC8D-053166A61BD0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{426B868C-88CF-4092-A3DF-94BE950B904C} | C:\Windows\{556B17AF-DA13-406f-B180-5B1CE1EDF7F8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{27C34729-1D2F-4bdf-A242-3CC3E23B0618} | C:\Windows\{2DCF1DAA-E6D8-445e-8185-6F35CFF8695D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{497601ED-FB01-40e0-AC8D-053166A61BD0}\stubpath = "C:\\Windows\\{497601ED-FB01-40e0-AC8D-053166A61BD0}.exe" | C:\Windows\{27C34729-1D2F-4bdf-A242-3CC3E23B0618}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{06D84438-6AFF-4fc3-9B0B-3FBF5DB8DAB5}\stubpath = "C:\\Windows\\{06D84438-6AFF-4fc3-9B0B-3FBF5DB8DAB5}.exe" | C:\Windows\{497601ED-FB01-40e0-AC8D-053166A61BD0}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{078E77AC-14C6-4977-AB96-835408A2F49B}.exe | N/A |
| N/A | N/A | C:\Windows\{4AAAD155-C541-4c02-8E2A-90946FA4CDE8}.exe | N/A |
| N/A | N/A | C:\Windows\{A464C467-8DB9-4705-88A7-DD0F667D776E}.exe | N/A |
| N/A | N/A | C:\Windows\{461A4BCB-1FE3-4e37-8159-3E032AF404D3}.exe | N/A |
| N/A | N/A | C:\Windows\{556B17AF-DA13-406f-B180-5B1CE1EDF7F8}.exe | N/A |
| N/A | N/A | C:\Windows\{426B868C-88CF-4092-A3DF-94BE950B904C}.exe | N/A |
| N/A | N/A | C:\Windows\{2DCF1DAA-E6D8-445e-8185-6F35CFF8695D}.exe | N/A |
| N/A | N/A | C:\Windows\{27C34729-1D2F-4bdf-A242-3CC3E23B0618}.exe | N/A |
| N/A | N/A | C:\Windows\{497601ED-FB01-40e0-AC8D-053166A61BD0}.exe | N/A |
| N/A | N/A | C:\Windows\{06D84438-6AFF-4fc3-9B0B-3FBF5DB8DAB5}.exe | N/A |
| N/A | N/A | C:\Windows\{BA52E9F0-3EB2-4534-B398-8B14364E48F6}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{06D84438-6AFF-4fc3-9B0B-3FBF5DB8DAB5}.exe | C:\Windows\{497601ED-FB01-40e0-AC8D-053166A61BD0}.exe | N/A |
| File created | C:\Windows\{BA52E9F0-3EB2-4534-B398-8B14364E48F6}.exe | C:\Windows\{06D84438-6AFF-4fc3-9B0B-3FBF5DB8DAB5}.exe | N/A |
| File created | C:\Windows\{078E77AC-14C6-4977-AB96-835408A2F49B}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_b74120f39986ebaf4507dd39d76c5a14_goldeneye.exe | N/A |
| File created | C:\Windows\{4AAAD155-C541-4c02-8E2A-90946FA4CDE8}.exe | C:\Windows\{078E77AC-14C6-4977-AB96-835408A2F49B}.exe | N/A |
| File created | C:\Windows\{461A4BCB-1FE3-4e37-8159-3E032AF404D3}.exe | C:\Windows\{A464C467-8DB9-4705-88A7-DD0F667D776E}.exe | N/A |
| File created | C:\Windows\{2DCF1DAA-E6D8-445e-8185-6F35CFF8695D}.exe | C:\Windows\{426B868C-88CF-4092-A3DF-94BE950B904C}.exe | N/A |
| File created | C:\Windows\{497601ED-FB01-40e0-AC8D-053166A61BD0}.exe | C:\Windows\{27C34729-1D2F-4bdf-A242-3CC3E23B0618}.exe | N/A |
| File created | C:\Windows\{A464C467-8DB9-4705-88A7-DD0F667D776E}.exe | C:\Windows\{4AAAD155-C541-4c02-8E2A-90946FA4CDE8}.exe | N/A |
| File created | C:\Windows\{556B17AF-DA13-406f-B180-5B1CE1EDF7F8}.exe | C:\Windows\{461A4BCB-1FE3-4e37-8159-3E032AF404D3}.exe | N/A |
| File created | C:\Windows\{426B868C-88CF-4092-A3DF-94BE950B904C}.exe | C:\Windows\{556B17AF-DA13-406f-B180-5B1CE1EDF7F8}.exe | N/A |
| File created | C:\Windows\{27C34729-1D2F-4bdf-A242-3CC3E23B0618}.exe | C:\Windows\{2DCF1DAA-E6D8-445e-8185-6F35CFF8695D}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_b74120f39986ebaf4507dd39d76c5a14_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_b74120f39986ebaf4507dd39d76c5a14_goldeneye.exe"
C:\Windows\{078E77AC-14C6-4977-AB96-835408A2F49B}.exe
C:\Windows\{078E77AC-14C6-4977-AB96-835408A2F49B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{4AAAD155-C541-4c02-8E2A-90946FA4CDE8}.exe
C:\Windows\{4AAAD155-C541-4c02-8E2A-90946FA4CDE8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{078E7~1.EXE > nul
C:\Windows\{A464C467-8DB9-4705-88A7-DD0F667D776E}.exe
C:\Windows\{A464C467-8DB9-4705-88A7-DD0F667D776E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4AAAD~1.EXE > nul
C:\Windows\{461A4BCB-1FE3-4e37-8159-3E032AF404D3}.exe
C:\Windows\{461A4BCB-1FE3-4e37-8159-3E032AF404D3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A464C~1.EXE > nul
C:\Windows\{556B17AF-DA13-406f-B180-5B1CE1EDF7F8}.exe
C:\Windows\{556B17AF-DA13-406f-B180-5B1CE1EDF7F8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{461A4~1.EXE > nul
C:\Windows\{426B868C-88CF-4092-A3DF-94BE950B904C}.exe
C:\Windows\{426B868C-88CF-4092-A3DF-94BE950B904C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{556B1~1.EXE > nul
C:\Windows\{2DCF1DAA-E6D8-445e-8185-6F35CFF8695D}.exe
C:\Windows\{2DCF1DAA-E6D8-445e-8185-6F35CFF8695D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{426B8~1.EXE > nul
C:\Windows\{27C34729-1D2F-4bdf-A242-3CC3E23B0618}.exe
C:\Windows\{27C34729-1D2F-4bdf-A242-3CC3E23B0618}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2DCF1~1.EXE > nul
C:\Windows\{497601ED-FB01-40e0-AC8D-053166A61BD0}.exe
C:\Windows\{497601ED-FB01-40e0-AC8D-053166A61BD0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{27C34~1.EXE > nul
C:\Windows\{06D84438-6AFF-4fc3-9B0B-3FBF5DB8DAB5}.exe
C:\Windows\{06D84438-6AFF-4fc3-9B0B-3FBF5DB8DAB5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{49760~1.EXE > nul
C:\Windows\{BA52E9F0-3EB2-4534-B398-8B14364E48F6}.exe
C:\Windows\{BA52E9F0-3EB2-4534-B398-8B14364E48F6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{06D84~1.EXE > nul
Network
Files
C:\Windows\{078E77AC-14C6-4977-AB96-835408A2F49B}.exe
| MD5 | 3e5cdf2b1be42d81596aeb4e91e154d9 |
| SHA1 | e4a3a3ee8bda4e5cd610dee18b31766abcb04bbd |
| SHA256 | c8e23a7be403cc2a8d94385f5f4a325fa0f58dd4a7be617074f4e159f7498d4e |
| SHA512 | 4ee5eb36f2300f7705f5f07d24b3e476b94be3f2d7d5186520c927e2dc02a576f32a315f176bacc0be33c7cb18f14c20c6239573c5a3007b088658147c546b1a |
C:\Windows\{4AAAD155-C541-4c02-8E2A-90946FA4CDE8}.exe
| MD5 | d2c1bbefcefadaa5f80bab8646873e7a |
| SHA1 | 5636f70dc73aa2532c0b5438d85061a0d3a2859c |
| SHA256 | e1023be86c224af7f96e39fc1609e448c1ef5c619659daab1144054d66214dc0 |
| SHA512 | 2217ec114c74bcc760b69d7b1997d1f88b62f8765b184d3db84588da80e9426bf8e751ae528bb51572b5a74ce9094120b5b49569816584c4e5de5237e71548a9 |
C:\Windows\{A464C467-8DB9-4705-88A7-DD0F667D776E}.exe
| MD5 | a08864dc9265974a3d169a3d711a999a |
| SHA1 | 49fc19f76c8933ad3ac08f267a2539b8879a5fcc |
| SHA256 | fb269aa32b7948763e28019218556940ed97af49c4659c7f7549502ee22c77f6 |
| SHA512 | 5b5a1f5716284d38ec2924124503c2d76f5fea3000f4bfa25f951c426c92e7e94803c92914cdc7c26a16ca5ed0c174c148ea5c1157aa95e43c37c1ce395dcf5c |
C:\Windows\{461A4BCB-1FE3-4e37-8159-3E032AF404D3}.exe
| MD5 | 23af495fbbf57e341b05688705e8e7d9 |
| SHA1 | 1ef0fb494ea902bf566265de3530b120e320bffe |
| SHA256 | 16352ebfb83f274195f05009d22a5dc0830e37899660c49a5bc62a631dc91144 |
| SHA512 | 31762f04c5dbc6736f315dc2999a2b1206f571b3a41936630e7fde6161f6a10040b2de4d680e5730daef2eee9ea4049b68065c6f72972a0827f510a33df904bc |
C:\Windows\{556B17AF-DA13-406f-B180-5B1CE1EDF7F8}.exe
| MD5 | b144b003083472a8b14fbdfc4fcf1472 |
| SHA1 | d03ebedb4fd39aac378d491619bb8a2862941301 |
| SHA256 | 9f14ce9edbfdf9ab8a72fa001638c921fc42bee1005f78ac853789fc31091e9d |
| SHA512 | 04f3467509c025aff2a62226091d0615bb34b23d7e0c14d0d267cba242ad91c2681f1a15f878ef833962a67aef2190aa3765ea790d255573bfbecc2f9435e49b |
C:\Windows\{426B868C-88CF-4092-A3DF-94BE950B904C}.exe
| MD5 | d5f150ad055a2d39a8cb84f745024991 |
| SHA1 | 8c06abea5e76cf724b6b0ffd2f4df0e098f7b147 |
| SHA256 | 70260cef0842348f30967cd833ba5f2b94f1e659877717bde18bf9faaebb2514 |
| SHA512 | ab68d25375136e193d54db9c573c2c26a715eb0d5dbd649bb33d98b32069c79241ef5c0b9c200968dbd53576ee39c21a233b747bf3748347022788bec80f8c4d |
C:\Windows\{2DCF1DAA-E6D8-445e-8185-6F35CFF8695D}.exe
| MD5 | 3e0d718c6b48d70737bb51bb96a8ed3b |
| SHA1 | 0fe5a1f26cb13493d79da8151575dd9dd4bc5e81 |
| SHA256 | d496cbbace86f240d9c16a7b07022eb0da2b59a3915603acd8660abc8cad12d4 |
| SHA512 | dfcbe215c615f5f3c43ccf20da89527eb6c31856bea0f16d45a28f5a9f7ae3be810e3a94fc526511c4b5b42bf0c21d9219a8d897c755337c60bd94cfe454445d |
C:\Windows\{27C34729-1D2F-4bdf-A242-3CC3E23B0618}.exe
| MD5 | 5b95d81b0d47521462f516f22ec8f75a |
| SHA1 | f9f7d614cc6232ff1b80891d5c139d07d1c4a547 |
| SHA256 | 49eff79a1b566c7c6d1ea3de1117eb2a4f1acd794c817e34617b39ca792b8324 |
| SHA512 | 8c688001c04239cf10491079ac01a3d6a3d74232bbe9fff6d6f8d7005d5faf9f2f11de167f7bfbea4a1ee7ae320fbe39d4a8d740e6c0bb3d275c5cf489c1d58d |
C:\Windows\{497601ED-FB01-40e0-AC8D-053166A61BD0}.exe
| MD5 | e74102eb2963cbd5c6715bf037901107 |
| SHA1 | 616ce399ac8c200cb332dd7fcffa92f8b2f9249a |
| SHA256 | b8b9a101ffde55e3fa403c3757c1af3c57e633f2f60609dc34b5b9488a47f108 |
| SHA512 | 4c0aa40e6726cba5df7b1f68c564ba7e8c09f64af91ab7ec85b493597e5328c5d235e36b7af3acd8bc2eaa5b8fa0d03e3e84cbc00004c69f029b25b39b540cfe |
C:\Windows\{06D84438-6AFF-4fc3-9B0B-3FBF5DB8DAB5}.exe
| MD5 | 0b5c2a17b230d2b014b1e156f1ee1835 |
| SHA1 | 101b97d540dab9139789b506a9421d5e129b0e28 |
| SHA256 | e6b174135585b04bd19d2f5baf6224569fc960efbc51350c6984da9d60327b46 |
| SHA512 | ba367728f9698d355b348938b8623e5878822775fe51e251c034ce662baff2a47c20d55e299e6e325aa4b4957604dddb79d0ed6b3508f42b646880ac78a91092 |
C:\Windows\{BA52E9F0-3EB2-4534-B398-8B14364E48F6}.exe
| MD5 | e40a5e92c1c54b56656c3051b17f4c86 |
| SHA1 | d5744f3bb346b5c75ffb2b2d85195c267c540d36 |
| SHA256 | b1233d05aa56c6e6f48b02498036009e8b66e16731730629430664badbcd78e2 |
| SHA512 | caadfceeb200631570712c10ac785a3a8707245dfb989fe319058d80b8c210a203ee9370c14babd2a46bc528d49c6ae374335fd40e4cdda9d168f2998cb095ca |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-04 17:41
Reported
2024-04-04 17:44
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
92s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{03EF51D4-610B-4cda-9DBF-C369D2CB81BD}\stubpath = "C:\\Windows\\{03EF51D4-610B-4cda-9DBF-C369D2CB81BD}.exe" | C:\Windows\{75034D37-7304-4983-AFAD-141DC02D1E5A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0E5B952C-BE16-4f99-BE36-ADCB87F925AE} | C:\Windows\{1913E57F-A12B-4755-A932-D2AA5FE221C9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{651C47C8-01D7-4345-91BE-DB021417A092}\stubpath = "C:\\Windows\\{651C47C8-01D7-4345-91BE-DB021417A092}.exe" | C:\Windows\{42723B1C-F75B-4464-931B-718D61F1FA72}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BB7991E4-3E51-43a6-ACEF-2DEC9C75BE72} | C:\Windows\{651C47C8-01D7-4345-91BE-DB021417A092}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AB18EE09-3F82-41eb-993E-4301F2707232}\stubpath = "C:\\Windows\\{AB18EE09-3F82-41eb-993E-4301F2707232}.exe" | C:\Windows\{34A09CA8-12FE-437f-AB8F-5037A14D8DE0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1913E57F-A12B-4755-A932-D2AA5FE221C9} | C:\Windows\{EF82682E-7377-4a09-948D-0DB6CD97A905}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1913E57F-A12B-4755-A932-D2AA5FE221C9}\stubpath = "C:\\Windows\\{1913E57F-A12B-4755-A932-D2AA5FE221C9}.exe" | C:\Windows\{EF82682E-7377-4a09-948D-0DB6CD97A905}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{42723B1C-F75B-4464-931B-718D61F1FA72} | C:\Windows\{F6916BB1-1AF2-482d-A48F-866F5CF633AC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{223B197D-6314-4ab8-8D61-AE16B275A698} | C:\Windows\{BB7991E4-3E51-43a6-ACEF-2DEC9C75BE72}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{34A09CA8-12FE-437f-AB8F-5037A14D8DE0} | C:\Windows\{223B197D-6314-4ab8-8D61-AE16B275A698}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{03EF51D4-610B-4cda-9DBF-C369D2CB81BD} | C:\Windows\{75034D37-7304-4983-AFAD-141DC02D1E5A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EF82682E-7377-4a09-948D-0DB6CD97A905} | C:\Windows\{03EF51D4-610B-4cda-9DBF-C369D2CB81BD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0E5B952C-BE16-4f99-BE36-ADCB87F925AE}\stubpath = "C:\\Windows\\{0E5B952C-BE16-4f99-BE36-ADCB87F925AE}.exe" | C:\Windows\{1913E57F-A12B-4755-A932-D2AA5FE221C9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F6916BB1-1AF2-482d-A48F-866F5CF633AC} | C:\Windows\{0E5B952C-BE16-4f99-BE36-ADCB87F925AE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F6916BB1-1AF2-482d-A48F-866F5CF633AC}\stubpath = "C:\\Windows\\{F6916BB1-1AF2-482d-A48F-866F5CF633AC}.exe" | C:\Windows\{0E5B952C-BE16-4f99-BE36-ADCB87F925AE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{42723B1C-F75B-4464-931B-718D61F1FA72}\stubpath = "C:\\Windows\\{42723B1C-F75B-4464-931B-718D61F1FA72}.exe" | C:\Windows\{F6916BB1-1AF2-482d-A48F-866F5CF633AC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{651C47C8-01D7-4345-91BE-DB021417A092} | C:\Windows\{42723B1C-F75B-4464-931B-718D61F1FA72}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AB18EE09-3F82-41eb-993E-4301F2707232} | C:\Windows\{34A09CA8-12FE-437f-AB8F-5037A14D8DE0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{75034D37-7304-4983-AFAD-141DC02D1E5A} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_b74120f39986ebaf4507dd39d76c5a14_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{75034D37-7304-4983-AFAD-141DC02D1E5A}\stubpath = "C:\\Windows\\{75034D37-7304-4983-AFAD-141DC02D1E5A}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_b74120f39986ebaf4507dd39d76c5a14_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EF82682E-7377-4a09-948D-0DB6CD97A905}\stubpath = "C:\\Windows\\{EF82682E-7377-4a09-948D-0DB6CD97A905}.exe" | C:\Windows\{03EF51D4-610B-4cda-9DBF-C369D2CB81BD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BB7991E4-3E51-43a6-ACEF-2DEC9C75BE72}\stubpath = "C:\\Windows\\{BB7991E4-3E51-43a6-ACEF-2DEC9C75BE72}.exe" | C:\Windows\{651C47C8-01D7-4345-91BE-DB021417A092}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{223B197D-6314-4ab8-8D61-AE16B275A698}\stubpath = "C:\\Windows\\{223B197D-6314-4ab8-8D61-AE16B275A698}.exe" | C:\Windows\{BB7991E4-3E51-43a6-ACEF-2DEC9C75BE72}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{34A09CA8-12FE-437f-AB8F-5037A14D8DE0}\stubpath = "C:\\Windows\\{34A09CA8-12FE-437f-AB8F-5037A14D8DE0}.exe" | C:\Windows\{223B197D-6314-4ab8-8D61-AE16B275A698}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{75034D37-7304-4983-AFAD-141DC02D1E5A}.exe | N/A |
| N/A | N/A | C:\Windows\{03EF51D4-610B-4cda-9DBF-C369D2CB81BD}.exe | N/A |
| N/A | N/A | C:\Windows\{EF82682E-7377-4a09-948D-0DB6CD97A905}.exe | N/A |
| N/A | N/A | C:\Windows\{1913E57F-A12B-4755-A932-D2AA5FE221C9}.exe | N/A |
| N/A | N/A | C:\Windows\{0E5B952C-BE16-4f99-BE36-ADCB87F925AE}.exe | N/A |
| N/A | N/A | C:\Windows\{F6916BB1-1AF2-482d-A48F-866F5CF633AC}.exe | N/A |
| N/A | N/A | C:\Windows\{42723B1C-F75B-4464-931B-718D61F1FA72}.exe | N/A |
| N/A | N/A | C:\Windows\{651C47C8-01D7-4345-91BE-DB021417A092}.exe | N/A |
| N/A | N/A | C:\Windows\{BB7991E4-3E51-43a6-ACEF-2DEC9C75BE72}.exe | N/A |
| N/A | N/A | C:\Windows\{223B197D-6314-4ab8-8D61-AE16B275A698}.exe | N/A |
| N/A | N/A | C:\Windows\{34A09CA8-12FE-437f-AB8F-5037A14D8DE0}.exe | N/A |
| N/A | N/A | C:\Windows\{AB18EE09-3F82-41eb-993E-4301F2707232}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{42723B1C-F75B-4464-931B-718D61F1FA72}.exe | C:\Windows\{F6916BB1-1AF2-482d-A48F-866F5CF633AC}.exe | N/A |
| File created | C:\Windows\{BB7991E4-3E51-43a6-ACEF-2DEC9C75BE72}.exe | C:\Windows\{651C47C8-01D7-4345-91BE-DB021417A092}.exe | N/A |
| File created | C:\Windows\{34A09CA8-12FE-437f-AB8F-5037A14D8DE0}.exe | C:\Windows\{223B197D-6314-4ab8-8D61-AE16B275A698}.exe | N/A |
| File created | C:\Windows\{AB18EE09-3F82-41eb-993E-4301F2707232}.exe | C:\Windows\{34A09CA8-12FE-437f-AB8F-5037A14D8DE0}.exe | N/A |
| File created | C:\Windows\{03EF51D4-610B-4cda-9DBF-C369D2CB81BD}.exe | C:\Windows\{75034D37-7304-4983-AFAD-141DC02D1E5A}.exe | N/A |
| File created | C:\Windows\{1913E57F-A12B-4755-A932-D2AA5FE221C9}.exe | C:\Windows\{EF82682E-7377-4a09-948D-0DB6CD97A905}.exe | N/A |
| File created | C:\Windows\{0E5B952C-BE16-4f99-BE36-ADCB87F925AE}.exe | C:\Windows\{1913E57F-A12B-4755-A932-D2AA5FE221C9}.exe | N/A |
| File created | C:\Windows\{651C47C8-01D7-4345-91BE-DB021417A092}.exe | C:\Windows\{42723B1C-F75B-4464-931B-718D61F1FA72}.exe | N/A |
| File created | C:\Windows\{223B197D-6314-4ab8-8D61-AE16B275A698}.exe | C:\Windows\{BB7991E4-3E51-43a6-ACEF-2DEC9C75BE72}.exe | N/A |
| File created | C:\Windows\{75034D37-7304-4983-AFAD-141DC02D1E5A}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_b74120f39986ebaf4507dd39d76c5a14_goldeneye.exe | N/A |
| File created | C:\Windows\{EF82682E-7377-4a09-948D-0DB6CD97A905}.exe | C:\Windows\{03EF51D4-610B-4cda-9DBF-C369D2CB81BD}.exe | N/A |
| File created | C:\Windows\{F6916BB1-1AF2-482d-A48F-866F5CF633AC}.exe | C:\Windows\{0E5B952C-BE16-4f99-BE36-ADCB87F925AE}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_b74120f39986ebaf4507dd39d76c5a14_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_b74120f39986ebaf4507dd39d76c5a14_goldeneye.exe"
C:\Windows\{75034D37-7304-4983-AFAD-141DC02D1E5A}.exe
C:\Windows\{75034D37-7304-4983-AFAD-141DC02D1E5A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{03EF51D4-610B-4cda-9DBF-C369D2CB81BD}.exe
C:\Windows\{03EF51D4-610B-4cda-9DBF-C369D2CB81BD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{75034~1.EXE > nul
C:\Windows\{EF82682E-7377-4a09-948D-0DB6CD97A905}.exe
C:\Windows\{EF82682E-7377-4a09-948D-0DB6CD97A905}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{03EF5~1.EXE > nul
C:\Windows\{1913E57F-A12B-4755-A932-D2AA5FE221C9}.exe
C:\Windows\{1913E57F-A12B-4755-A932-D2AA5FE221C9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EF826~1.EXE > nul
C:\Windows\{0E5B952C-BE16-4f99-BE36-ADCB87F925AE}.exe
C:\Windows\{0E5B952C-BE16-4f99-BE36-ADCB87F925AE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1913E~1.EXE > nul
C:\Windows\{F6916BB1-1AF2-482d-A48F-866F5CF633AC}.exe
C:\Windows\{F6916BB1-1AF2-482d-A48F-866F5CF633AC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0E5B9~1.EXE > nul
C:\Windows\{42723B1C-F75B-4464-931B-718D61F1FA72}.exe
C:\Windows\{42723B1C-F75B-4464-931B-718D61F1FA72}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F6916~1.EXE > nul
C:\Windows\{651C47C8-01D7-4345-91BE-DB021417A092}.exe
C:\Windows\{651C47C8-01D7-4345-91BE-DB021417A092}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{42723~1.EXE > nul
C:\Windows\{BB7991E4-3E51-43a6-ACEF-2DEC9C75BE72}.exe
C:\Windows\{BB7991E4-3E51-43a6-ACEF-2DEC9C75BE72}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{651C4~1.EXE > nul
C:\Windows\{223B197D-6314-4ab8-8D61-AE16B275A698}.exe
C:\Windows\{223B197D-6314-4ab8-8D61-AE16B275A698}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BB799~1.EXE > nul
C:\Windows\{34A09CA8-12FE-437f-AB8F-5037A14D8DE0}.exe
C:\Windows\{34A09CA8-12FE-437f-AB8F-5037A14D8DE0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{223B1~1.EXE > nul
C:\Windows\{AB18EE09-3F82-41eb-993E-4301F2707232}.exe
C:\Windows\{AB18EE09-3F82-41eb-993E-4301F2707232}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{34A09~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.66.18.2.in-addr.arpa | udp |
Files
C:\Windows\{75034D37-7304-4983-AFAD-141DC02D1E5A}.exe
| MD5 | 694c9e86cd85f7362dd7e6dc514ec0b9 |
| SHA1 | 0ad1fe62854aa38c5539c2e7b667cebe44371823 |
| SHA256 | 8fc2bb0cf6eab93b131f16bdf0180f61b580375333cafcdc4d26e0a1db8704a4 |
| SHA512 | 286dec890858a91b0fc06cd31eceba0ae6c2cf96faf637e3fb0685ef25cebf682dae916e40d4f8416588aece5ac533fff733652d9594cd35c2a733cd81f6ce91 |
C:\Windows\{03EF51D4-610B-4cda-9DBF-C369D2CB81BD}.exe
| MD5 | 632f5de6ddb7cbc1e82fe3da2ade607f |
| SHA1 | 31fce5224d4856f7ee5bccf3a6132fd069b5d92a |
| SHA256 | 54209f59ab57303331dbd9a99b489ef09d3d32654fcb1ef87add45a34642ba39 |
| SHA512 | 096ab142941158f4f78f28f5a3761b7a5787838251e32af2aee8b09fdfec569f9a8d6d35919cf8a1ec1f5d7027093164b90e364fbb9c115b70a39de253abdd8f |
C:\Windows\{EF82682E-7377-4a09-948D-0DB6CD97A905}.exe
| MD5 | 226cfbc1f59376911d164a505733cc9b |
| SHA1 | 2eeba35d1c79d21d5da6ec75d6c11f09b5bb3fdc |
| SHA256 | df2690b448d26da7ba3c6a691e61efa49224034bf290e26ac7be28ed5b640ce4 |
| SHA512 | 534b9685d4c94eb458b086634b90beeea85b8bb179a28db8dd036fc3e084cb7181c19f5d624fc2aaf90a2ae59310bcd230c93fd0fa7f4d0f7d4fd863693a3c80 |
C:\Windows\{1913E57F-A12B-4755-A932-D2AA5FE221C9}.exe
| MD5 | d4cf6e476c25122f0ee3761484378300 |
| SHA1 | 4d0c6b096d1217efc8a7dd06c7ae0ccb117303e6 |
| SHA256 | 37f78c040f4cefa089991f19482978c6eb9ed513286eb1a66096c7ccd93193e9 |
| SHA512 | 8756a473ac49ea04207e33f1d551e2248b822948dd8b61521a3dff566a858bf16e43a4c3a74029641633343deb0d2721a5318d4728ca893fab5c93209119c744 |
C:\Windows\{0E5B952C-BE16-4f99-BE36-ADCB87F925AE}.exe
| MD5 | a61a7b5724d714d412c42ef5fb25486e |
| SHA1 | 42050b0cc2efaebefb7d90e3a4998ba07eef4c0c |
| SHA256 | 9e920232f3d385fde2f4a58d63291cf240a5ef3a4a72103af901a050c700f62a |
| SHA512 | ba63403c11aac59bc96874e2d73a4d91a9af7698bea3c7c513582313f7df4b69c9ed9b739d08d2544ca732b834a7c1d4f335c3d7d4eba2c1b9e7028b6b8ce68d |
C:\Windows\{F6916BB1-1AF2-482d-A48F-866F5CF633AC}.exe
| MD5 | f3d37850bdd8a7e308af3129584aed7d |
| SHA1 | e5bbd744d06f6bbf9b6c75652f60f3ffa7df504f |
| SHA256 | 7f31fbbc2d9f61fb0871aca95ea4a1ce048f788ad8c7001417afb71837debaf6 |
| SHA512 | 1441a8c9bd0b3c74e4ec2e395700717964ecf7cac5fa7209e28021baecca30389823eac581060ca2259eefa5ff9479a1b7582f8a1f5892025bbc55014f5861f3 |
C:\Windows\{42723B1C-F75B-4464-931B-718D61F1FA72}.exe
| MD5 | 4e3dc5fe20190afdad7d051e0e422306 |
| SHA1 | 02e55184b6662327e0e6af6c6a8be8cc4746420f |
| SHA256 | dcbc5ee52f9589526e9ec5a2f8057a8260586f3105e05c44d9cfce9f8eefabb9 |
| SHA512 | f5e1fb2ad3adc47c52fadcee8d42059bbfe0018b66d01f86bed97f1ee37b05aacd40c7641ec26fbdd8de26ad17c2df8fdbc44f9ad50a5476f44abe26d8438556 |
C:\Windows\{651C47C8-01D7-4345-91BE-DB021417A092}.exe
| MD5 | 8a6dce3283331245a56854c6e67cbb06 |
| SHA1 | 47bb21c6e5b54f0dabca3acb4001c6f172f06a25 |
| SHA256 | bcbbd2793472c371106195af3e31df5706bcc437392a4e999e6f6a68820928e2 |
| SHA512 | 6141031aee3d9cad3118cb5df2de257a765a762d4576e44f381d3f54c8426774cee5c23652f2900b4e7a3289c5519e49cb9daa7c5a150dfa30aa79fedfa75303 |
C:\Windows\{BB7991E4-3E51-43a6-ACEF-2DEC9C75BE72}.exe
| MD5 | ebb98166aae649d0dd74f655b105b9a3 |
| SHA1 | e35846e2addabba2926922bad1c30a13a7068e1d |
| SHA256 | 15d72c234daa065e8cecc0d78473d504ecbe6bad2a7c2862aa8507fedd090d48 |
| SHA512 | a9aa41d3721aa6d5eb0eef2dad636471e5f1b0154f8f38d5e7fde1b388108e1cdbe42ab48f22f9be5e21dff1a99f485fae020099e58677900c445227883e04a3 |
C:\Windows\{223B197D-6314-4ab8-8D61-AE16B275A698}.exe
| MD5 | 595b4204ed87a8db4c3623006798240b |
| SHA1 | 437b00e026289aefa36fb53c4801cf3bae0846f3 |
| SHA256 | ee9b9a46652351e3b596975c845d59c051468ad2b4514096c7a843e3767632cc |
| SHA512 | dc2860bec17b724164a433cdd6b60fcba5cd2848adac3f504dfe6be38c0ac3f9c2a1e34929c0557e944de337b7f7290f4bdc26e7f5c08d868dea507f6bd45d52 |
C:\Windows\{34A09CA8-12FE-437f-AB8F-5037A14D8DE0}.exe
| MD5 | 04e541aad12a58dc156a1bce222e5bc6 |
| SHA1 | 42380d837f4e5a1dafefaa75fd7f0ce766b62001 |
| SHA256 | b39a7c41df2ca1281b103baa0f237bf0a2d86a4fa696cea3a386bdfdaaf653e4 |
| SHA512 | c84cf5b5cb62095a3797b9fca6da18198ac56f2dd62dc241e1adc6516d25d342e6dbe02588b4302017bb3c13e9f594f9d01aa8d91191e6881be26ac4100fae2f |
C:\Windows\{AB18EE09-3F82-41eb-993E-4301F2707232}.exe
| MD5 | 9ee357d65edc8a7c3ae4f39cfbf89ac3 |
| SHA1 | 2a988363797ad20b9805de80d376be4481f48304 |
| SHA256 | 76aba62559a520c35fdc2614ba5b2bdedd236e18671dae0537b8f47201a5c222 |
| SHA512 | fe80712d34e53b1dcd4dadaa57ab7c7728f39a18ea35e179a33f7d5d0db51497e5be003d4f4a40b73d426aadb16d8290454d3181e685ff3766b57af169e92134 |