Analysis Overview
SHA256
f7e5eaf69fbc116974ea24609d5d6bd6848e9c0f99189287eacfac2adf37c68b
Threat Level: Known bad
The file 2024-04-06_6f29dcdc7a7f53d474224d34ee51fa0f_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 21:40
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 21:40
Reported
2024-04-06 21:43
Platform
win7-20240221-en
Max time kernel
163s
Max time network
130s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A7573E6A-AA59-48b6-83C9-7270C1D9F8EA} | C:\Windows\{0510C931-7787-43f5-86D2-F76C23F61058}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A7573E6A-AA59-48b6-83C9-7270C1D9F8EA}\stubpath = "C:\\Windows\\{A7573E6A-AA59-48b6-83C9-7270C1D9F8EA}.exe" | C:\Windows\{0510C931-7787-43f5-86D2-F76C23F61058}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B9863AAC-F9EB-4ca6-93CB-6C97771A3852} | C:\Windows\{A7573E6A-AA59-48b6-83C9-7270C1D9F8EA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D30BD1FB-9454-4021-BC8A-807F2B48262E} | C:\Windows\{31EDCB23-44F4-4da3-B945-B35B3D0236B4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{289F9504-EBFC-49d1-B678-6B78A87086CA} | C:\Windows\{78484906-3E05-4eb6-B854-DF5D89173846}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AC01FDFD-E4A1-41f8-9C34-E1FED628E8C0} | C:\Windows\{289F9504-EBFC-49d1-B678-6B78A87086CA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D39C0DB2-CCC3-4243-A40F-3448C59DB9C0} | C:\Windows\{AC01FDFD-E4A1-41f8-9C34-E1FED628E8C0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0510C931-7787-43f5-86D2-F76C23F61058} | C:\Windows\{1419DB5D-EA81-42e4-939A-0C03F53CA380}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D39C0DB2-CCC3-4243-A40F-3448C59DB9C0}\stubpath = "C:\\Windows\\{D39C0DB2-CCC3-4243-A40F-3448C59DB9C0}.exe" | C:\Windows\{AC01FDFD-E4A1-41f8-9C34-E1FED628E8C0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1419DB5D-EA81-42e4-939A-0C03F53CA380}\stubpath = "C:\\Windows\\{1419DB5D-EA81-42e4-939A-0C03F53CA380}.exe" | C:\Windows\{D39C0DB2-CCC3-4243-A40F-3448C59DB9C0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B9863AAC-F9EB-4ca6-93CB-6C97771A3852}\stubpath = "C:\\Windows\\{B9863AAC-F9EB-4ca6-93CB-6C97771A3852}.exe" | C:\Windows\{A7573E6A-AA59-48b6-83C9-7270C1D9F8EA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2E766309-DD79-40b5-9A84-6EE9AE596652}\stubpath = "C:\\Windows\\{2E766309-DD79-40b5-9A84-6EE9AE596652}.exe" | C:\Windows\{4D208725-A94E-4af5-8FD3-D4F616AD043A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2E766309-DD79-40b5-9A84-6EE9AE596652} | C:\Windows\{4D208725-A94E-4af5-8FD3-D4F616AD043A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{31EDCB23-44F4-4da3-B945-B35B3D0236B4} | C:\Users\Admin\AppData\Local\Temp\2024-04-06_6f29dcdc7a7f53d474224d34ee51fa0f_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{289F9504-EBFC-49d1-B678-6B78A87086CA}\stubpath = "C:\\Windows\\{289F9504-EBFC-49d1-B678-6B78A87086CA}.exe" | C:\Windows\{78484906-3E05-4eb6-B854-DF5D89173846}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1419DB5D-EA81-42e4-939A-0C03F53CA380} | C:\Windows\{D39C0DB2-CCC3-4243-A40F-3448C59DB9C0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0510C931-7787-43f5-86D2-F76C23F61058}\stubpath = "C:\\Windows\\{0510C931-7787-43f5-86D2-F76C23F61058}.exe" | C:\Windows\{1419DB5D-EA81-42e4-939A-0C03F53CA380}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4D208725-A94E-4af5-8FD3-D4F616AD043A} | C:\Windows\{B9863AAC-F9EB-4ca6-93CB-6C97771A3852}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4D208725-A94E-4af5-8FD3-D4F616AD043A}\stubpath = "C:\\Windows\\{4D208725-A94E-4af5-8FD3-D4F616AD043A}.exe" | C:\Windows\{B9863AAC-F9EB-4ca6-93CB-6C97771A3852}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{31EDCB23-44F4-4da3-B945-B35B3D0236B4}\stubpath = "C:\\Windows\\{31EDCB23-44F4-4da3-B945-B35B3D0236B4}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-06_6f29dcdc7a7f53d474224d34ee51fa0f_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D30BD1FB-9454-4021-BC8A-807F2B48262E}\stubpath = "C:\\Windows\\{D30BD1FB-9454-4021-BC8A-807F2B48262E}.exe" | C:\Windows\{31EDCB23-44F4-4da3-B945-B35B3D0236B4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{78484906-3E05-4eb6-B854-DF5D89173846} | C:\Windows\{D30BD1FB-9454-4021-BC8A-807F2B48262E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{78484906-3E05-4eb6-B854-DF5D89173846}\stubpath = "C:\\Windows\\{78484906-3E05-4eb6-B854-DF5D89173846}.exe" | C:\Windows\{D30BD1FB-9454-4021-BC8A-807F2B48262E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AC01FDFD-E4A1-41f8-9C34-E1FED628E8C0}\stubpath = "C:\\Windows\\{AC01FDFD-E4A1-41f8-9C34-E1FED628E8C0}.exe" | C:\Windows\{289F9504-EBFC-49d1-B678-6B78A87086CA}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{31EDCB23-44F4-4da3-B945-B35B3D0236B4}.exe | N/A |
| N/A | N/A | C:\Windows\{D30BD1FB-9454-4021-BC8A-807F2B48262E}.exe | N/A |
| N/A | N/A | C:\Windows\{78484906-3E05-4eb6-B854-DF5D89173846}.exe | N/A |
| N/A | N/A | C:\Windows\{289F9504-EBFC-49d1-B678-6B78A87086CA}.exe | N/A |
| N/A | N/A | C:\Windows\{AC01FDFD-E4A1-41f8-9C34-E1FED628E8C0}.exe | N/A |
| N/A | N/A | C:\Windows\{D39C0DB2-CCC3-4243-A40F-3448C59DB9C0}.exe | N/A |
| N/A | N/A | C:\Windows\{1419DB5D-EA81-42e4-939A-0C03F53CA380}.exe | N/A |
| N/A | N/A | C:\Windows\{0510C931-7787-43f5-86D2-F76C23F61058}.exe | N/A |
| N/A | N/A | C:\Windows\{A7573E6A-AA59-48b6-83C9-7270C1D9F8EA}.exe | N/A |
| N/A | N/A | C:\Windows\{B9863AAC-F9EB-4ca6-93CB-6C97771A3852}.exe | N/A |
| N/A | N/A | C:\Windows\{4D208725-A94E-4af5-8FD3-D4F616AD043A}.exe | N/A |
| N/A | N/A | C:\Windows\{2E766309-DD79-40b5-9A84-6EE9AE596652}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{AC01FDFD-E4A1-41f8-9C34-E1FED628E8C0}.exe | C:\Windows\{289F9504-EBFC-49d1-B678-6B78A87086CA}.exe | N/A |
| File created | C:\Windows\{D39C0DB2-CCC3-4243-A40F-3448C59DB9C0}.exe | C:\Windows\{AC01FDFD-E4A1-41f8-9C34-E1FED628E8C0}.exe | N/A |
| File created | C:\Windows\{1419DB5D-EA81-42e4-939A-0C03F53CA380}.exe | C:\Windows\{D39C0DB2-CCC3-4243-A40F-3448C59DB9C0}.exe | N/A |
| File created | C:\Windows\{4D208725-A94E-4af5-8FD3-D4F616AD043A}.exe | C:\Windows\{B9863AAC-F9EB-4ca6-93CB-6C97771A3852}.exe | N/A |
| File created | C:\Windows\{2E766309-DD79-40b5-9A84-6EE9AE596652}.exe | C:\Windows\{4D208725-A94E-4af5-8FD3-D4F616AD043A}.exe | N/A |
| File created | C:\Windows\{78484906-3E05-4eb6-B854-DF5D89173846}.exe | C:\Windows\{D30BD1FB-9454-4021-BC8A-807F2B48262E}.exe | N/A |
| File created | C:\Windows\{289F9504-EBFC-49d1-B678-6B78A87086CA}.exe | C:\Windows\{78484906-3E05-4eb6-B854-DF5D89173846}.exe | N/A |
| File created | C:\Windows\{0510C931-7787-43f5-86D2-F76C23F61058}.exe | C:\Windows\{1419DB5D-EA81-42e4-939A-0C03F53CA380}.exe | N/A |
| File created | C:\Windows\{A7573E6A-AA59-48b6-83C9-7270C1D9F8EA}.exe | C:\Windows\{0510C931-7787-43f5-86D2-F76C23F61058}.exe | N/A |
| File created | C:\Windows\{B9863AAC-F9EB-4ca6-93CB-6C97771A3852}.exe | C:\Windows\{A7573E6A-AA59-48b6-83C9-7270C1D9F8EA}.exe | N/A |
| File created | C:\Windows\{31EDCB23-44F4-4da3-B945-B35B3D0236B4}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-06_6f29dcdc7a7f53d474224d34ee51fa0f_goldeneye.exe | N/A |
| File created | C:\Windows\{D30BD1FB-9454-4021-BC8A-807F2B48262E}.exe | C:\Windows\{31EDCB23-44F4-4da3-B945-B35B3D0236B4}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-06_6f29dcdc7a7f53d474224d34ee51fa0f_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-06_6f29dcdc7a7f53d474224d34ee51fa0f_goldeneye.exe"
C:\Windows\{31EDCB23-44F4-4da3-B945-B35B3D0236B4}.exe
C:\Windows\{31EDCB23-44F4-4da3-B945-B35B3D0236B4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{D30BD1FB-9454-4021-BC8A-807F2B48262E}.exe
C:\Windows\{D30BD1FB-9454-4021-BC8A-807F2B48262E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{31EDC~1.EXE > nul
C:\Windows\{78484906-3E05-4eb6-B854-DF5D89173846}.exe
C:\Windows\{78484906-3E05-4eb6-B854-DF5D89173846}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D30BD~1.EXE > nul
C:\Windows\{289F9504-EBFC-49d1-B678-6B78A87086CA}.exe
C:\Windows\{289F9504-EBFC-49d1-B678-6B78A87086CA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{78484~1.EXE > nul
C:\Windows\{AC01FDFD-E4A1-41f8-9C34-E1FED628E8C0}.exe
C:\Windows\{AC01FDFD-E4A1-41f8-9C34-E1FED628E8C0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{289F9~1.EXE > nul
C:\Windows\{D39C0DB2-CCC3-4243-A40F-3448C59DB9C0}.exe
C:\Windows\{D39C0DB2-CCC3-4243-A40F-3448C59DB9C0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{AC01F~1.EXE > nul
C:\Windows\{1419DB5D-EA81-42e4-939A-0C03F53CA380}.exe
C:\Windows\{1419DB5D-EA81-42e4-939A-0C03F53CA380}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D39C0~1.EXE > nul
C:\Windows\{0510C931-7787-43f5-86D2-F76C23F61058}.exe
C:\Windows\{0510C931-7787-43f5-86D2-F76C23F61058}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1419D~1.EXE > nul
C:\Windows\{A7573E6A-AA59-48b6-83C9-7270C1D9F8EA}.exe
C:\Windows\{A7573E6A-AA59-48b6-83C9-7270C1D9F8EA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0510C~1.EXE > nul
C:\Windows\{B9863AAC-F9EB-4ca6-93CB-6C97771A3852}.exe
C:\Windows\{B9863AAC-F9EB-4ca6-93CB-6C97771A3852}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A7573~1.EXE > nul
C:\Windows\{4D208725-A94E-4af5-8FD3-D4F616AD043A}.exe
C:\Windows\{4D208725-A94E-4af5-8FD3-D4F616AD043A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B9863~1.EXE > nul
C:\Windows\{2E766309-DD79-40b5-9A84-6EE9AE596652}.exe
C:\Windows\{2E766309-DD79-40b5-9A84-6EE9AE596652}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4D208~1.EXE > nul
Network
Files
C:\Windows\{31EDCB23-44F4-4da3-B945-B35B3D0236B4}.exe
| MD5 | 7689595531ea672dbb29fac6fc052269 |
| SHA1 | 8fb0df82a8e0faa68a63b6052e794e4dc981bd56 |
| SHA256 | 5fb6ad8d732b2940743f5cddf5f1051e15220671034191c858190f868306e582 |
| SHA512 | 482ac7cbc2db29a39c9469a9fa1de57f0e874ec5f21e5926ed9059ac9ca66b9fc2daaff92411cdafa3d4ff9fb698f189faff4eb8859403c25cdfa50cd0e6451a |
C:\Windows\{D30BD1FB-9454-4021-BC8A-807F2B48262E}.exe
| MD5 | 0fe3c75beadd952595bf8c8a70d22c72 |
| SHA1 | 9854e9640bf1aa0e536f7754afabefe94743bf7f |
| SHA256 | 11ec3f7804e0c156266614a38543c6c8f39388b9b817ed882679d1b5c0d7fedd |
| SHA512 | 396a975fe11a2c3794103f44bd2c4029657a7323bd0737891c5f98b24777ac50e2f01bb6c60be3e389c56c8ef401ef284deeb561a49dee35152ed81e936624ce |
C:\Windows\{78484906-3E05-4eb6-B854-DF5D89173846}.exe
| MD5 | 7b50aaa143a9c4498534114e1f56e450 |
| SHA1 | 351f12aadcf0ee7fbffd57f659fd2c3b81c75b95 |
| SHA256 | f5c33997049d86571e3d695fbeab04ed9413f927a3f412badf0cd601e8ce377e |
| SHA512 | ced64ee9780770e4300e8e21494ad345d0d537d2a3f01ecaa9342ac12a915a624d33c1bbf1d2da54afdeb351bd6d6c5fe96fd05a1db71ed9f5c1525e49128400 |
C:\Windows\{289F9504-EBFC-49d1-B678-6B78A87086CA}.exe
| MD5 | 383e2866d8cc201072cdc493ed1a02ca |
| SHA1 | ef1556be60261314b0780daf445c62a4b85f3180 |
| SHA256 | 0838341c9fadd825f2e67576c17881b48f407636513ec708272de0edd31e173c |
| SHA512 | 02ec7e662b2279a4525f46805d9f9c25d06e9ca512a764758b3cd557ec6339c8df73a3c343f7c1ca7330ed4055b29b95103c3a959e2cb65421649a133edc5e31 |
C:\Windows\{AC01FDFD-E4A1-41f8-9C34-E1FED628E8C0}.exe
| MD5 | 62d4a4a8d65ff93857cfc66b7b6c679d |
| SHA1 | 8f5aa31fedaba9233253bb898d7e0fa9e736c42b |
| SHA256 | b4d7c0f451d67c85f0b5108d0ee6b9163853092e708db3234e579aa8db4daaf7 |
| SHA512 | 6594cd104181029febcf8fcb8a27f4f081cf6491aaf2ae4fdf03e768577ff17f2a79347a2bb27c6346bc214887f9b95cedf31625e3744ebf0fdde36b54d81d45 |
C:\Windows\{D39C0DB2-CCC3-4243-A40F-3448C59DB9C0}.exe
| MD5 | b09eeb1d16ceba63be8408082137da1c |
| SHA1 | 4b81fc0809084593e377bc4a068742e458714d84 |
| SHA256 | 17bc719d37008d954d6080a8cc6ef8718012314b23272164f4157e8c651cfe95 |
| SHA512 | 22e1cd90af383d5e627fe7b2114dc78832e99303b59452619da3f0175e87d45884b3d3b462f56dc96e59ba50bc8f6b6c22c22d8b42310e876bbb6a2f02c5a06e |
C:\Windows\{1419DB5D-EA81-42e4-939A-0C03F53CA380}.exe
| MD5 | 0524e94e140a4f10ae9208f42b9790b3 |
| SHA1 | 626aedde7aef8026797980014c33429a7a97b27a |
| SHA256 | f711af600968c46e924dc61d4a8c11315b8ffc753d1abfba2d25b58a587efe3a |
| SHA512 | 461d0b8aae01da5b9fcf0dd491ceebb93e47054ab736a104de692c700b99acfb74a15e1da18795ac11da8648e61c114b12b382063f1de6b5c57213be57c2f656 |
C:\Windows\{0510C931-7787-43f5-86D2-F76C23F61058}.exe
| MD5 | 962982c8da1afd70ef63c7cd2d731695 |
| SHA1 | 669316b28babfaeab874f4612380df9110fd04cd |
| SHA256 | 08775147dd00f2d1376a759d71d7705b425762b0138b274ea640f26787ad16dd |
| SHA512 | 88b7152438e571e6fedb018fd301acfd55719a5b704434750c32ee449eff5008843257f96f6e183e1184d8d91ce52218d127dca481a1c0efe01def5ac86e5765 |
C:\Windows\{A7573E6A-AA59-48b6-83C9-7270C1D9F8EA}.exe
| MD5 | 23c6942b3c53d4e39c196efad9662465 |
| SHA1 | 80134f769f3db41ba293a18ca5f79a6a5b0fb412 |
| SHA256 | 2859b788901e2dc8af921a99a01df3b87d9bf825935de556208e45a26a5db3d6 |
| SHA512 | 0a45d736ab500d95cfb4465c7a6322110118fc29f6049fd452eca1636653791fe15b85d9f952bdaaac884fac41ea0fde716da3b113d8b2ae7013ea4529177265 |
C:\Windows\{B9863AAC-F9EB-4ca6-93CB-6C97771A3852}.exe
| MD5 | 1ab6781c23aaaa88997d67176b7c52fd |
| SHA1 | 69cea32e4839fe91ddc69181050a0bc920094d3c |
| SHA256 | eda45470074110f80234f19ff7974f35e8d014197dac9429bf7e4582467fb4be |
| SHA512 | 4f0fa06266886658e66ea4fa854d18ac726c1e3194f90ba7f37a359ad7a852abe0e23ad96e0f2cdf653827595ed66503343edfe78d7e7aa40f75d576973d2d06 |
C:\Windows\{4D208725-A94E-4af5-8FD3-D4F616AD043A}.exe
| MD5 | fad800facc29938f76e1ee926a25407f |
| SHA1 | 83fd88182035f6408001177bef87cfee78534a54 |
| SHA256 | ead50335570b7bdf3de932b15a0aedecad8dad344a799d93de5d03d25cda4116 |
| SHA512 | 9006260d88f8594aa4aa29b6cc42be667fae9e758317c6593f0f9d4c1760b2ded3a82ab43264c428d68e66a6db809ef93d2813c075038b6da7c41e62c93758d2 |
C:\Windows\{2E766309-DD79-40b5-9A84-6EE9AE596652}.exe
| MD5 | 977ef1cdbcb78e597ce72b239dbd08df |
| SHA1 | 40413f9afc2eed244a0c736cde105bbfcc85ff0d |
| SHA256 | ea22d994b8471e7796cf4435ca4d12102a0cd76d8f572ea8e9f8766acd083e15 |
| SHA512 | 3eb2f15dc1f4fa8ad9761b32212ea815ce371394365e9b3963aa6e3647df20f3433349bc0c0d9a7a5eccd6793b301c144800d4f55f758191a0c28c4c6ca6ec7d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 21:40
Reported
2024-04-06 21:42
Platform
win10v2004-20231215-en
Max time kernel
149s
Max time network
121s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{430C0D23-6441-441f-908E-103B561E44D7}\stubpath = "C:\\Windows\\{430C0D23-6441-441f-908E-103B561E44D7}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-06_6f29dcdc7a7f53d474224d34ee51fa0f_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6434B841-0202-4607-A9E8-7C037F2850E7}\stubpath = "C:\\Windows\\{6434B841-0202-4607-A9E8-7C037F2850E7}.exe" | C:\Windows\{C12F5EF4-26A5-404d-8E8F-8DBEF50626AA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1C36DDC1-5C71-4d47-ADD7-2989BC02BC3E}\stubpath = "C:\\Windows\\{1C36DDC1-5C71-4d47-ADD7-2989BC02BC3E}.exe" | C:\Windows\{6434B841-0202-4607-A9E8-7C037F2850E7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EB1241D1-F7D7-4ca2-9FF2-B8EBE7395CD0} | C:\Windows\{1C36DDC1-5C71-4d47-ADD7-2989BC02BC3E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C12F5EF4-26A5-404d-8E8F-8DBEF50626AA}\stubpath = "C:\\Windows\\{C12F5EF4-26A5-404d-8E8F-8DBEF50626AA}.exe" | C:\Windows\{430C0D23-6441-441f-908E-103B561E44D7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1C36DDC1-5C71-4d47-ADD7-2989BC02BC3E} | C:\Windows\{6434B841-0202-4607-A9E8-7C037F2850E7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D3462F47-0247-4ac6-8E5B-45AEA6C5F749}\stubpath = "C:\\Windows\\{D3462F47-0247-4ac6-8E5B-45AEA6C5F749}.exe" | C:\Windows\{15C66E93-6B3D-49ec-B317-0430026ADE94}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D54A8DF5-6FD3-4588-A326-7B20F770469B}\stubpath = "C:\\Windows\\{D54A8DF5-6FD3-4588-A326-7B20F770469B}.exe" | C:\Windows\{D3462F47-0247-4ac6-8E5B-45AEA6C5F749}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7587AF25-E249-451d-BF08-00CDB8CF0F2A} | C:\Windows\{D54A8DF5-6FD3-4588-A326-7B20F770469B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{430C0D23-6441-441f-908E-103B561E44D7} | C:\Users\Admin\AppData\Local\Temp\2024-04-06_6f29dcdc7a7f53d474224d34ee51fa0f_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6434B841-0202-4607-A9E8-7C037F2850E7} | C:\Windows\{C12F5EF4-26A5-404d-8E8F-8DBEF50626AA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{88181780-0C18-4c7d-97DC-59C8EAC165FB} | C:\Windows\{0413D311-79DF-4b3a-A516-83117C660534}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{15C66E93-6B3D-49ec-B317-0430026ADE94} | C:\Windows\{88181780-0C18-4c7d-97DC-59C8EAC165FB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D3462F47-0247-4ac6-8E5B-45AEA6C5F749} | C:\Windows\{15C66E93-6B3D-49ec-B317-0430026ADE94}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C125DA88-4BDD-4e68-ACB0-5247BFA937E2}\stubpath = "C:\\Windows\\{C125DA88-4BDD-4e68-ACB0-5247BFA937E2}.exe" | C:\Windows\{7587AF25-E249-451d-BF08-00CDB8CF0F2A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{15C66E93-6B3D-49ec-B317-0430026ADE94}\stubpath = "C:\\Windows\\{15C66E93-6B3D-49ec-B317-0430026ADE94}.exe" | C:\Windows\{88181780-0C18-4c7d-97DC-59C8EAC165FB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D54A8DF5-6FD3-4588-A326-7B20F770469B} | C:\Windows\{D3462F47-0247-4ac6-8E5B-45AEA6C5F749}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7587AF25-E249-451d-BF08-00CDB8CF0F2A}\stubpath = "C:\\Windows\\{7587AF25-E249-451d-BF08-00CDB8CF0F2A}.exe" | C:\Windows\{D54A8DF5-6FD3-4588-A326-7B20F770469B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C12F5EF4-26A5-404d-8E8F-8DBEF50626AA} | C:\Windows\{430C0D23-6441-441f-908E-103B561E44D7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EB1241D1-F7D7-4ca2-9FF2-B8EBE7395CD0}\stubpath = "C:\\Windows\\{EB1241D1-F7D7-4ca2-9FF2-B8EBE7395CD0}.exe" | C:\Windows\{1C36DDC1-5C71-4d47-ADD7-2989BC02BC3E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0413D311-79DF-4b3a-A516-83117C660534} | C:\Windows\{EB1241D1-F7D7-4ca2-9FF2-B8EBE7395CD0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0413D311-79DF-4b3a-A516-83117C660534}\stubpath = "C:\\Windows\\{0413D311-79DF-4b3a-A516-83117C660534}.exe" | C:\Windows\{EB1241D1-F7D7-4ca2-9FF2-B8EBE7395CD0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{88181780-0C18-4c7d-97DC-59C8EAC165FB}\stubpath = "C:\\Windows\\{88181780-0C18-4c7d-97DC-59C8EAC165FB}.exe" | C:\Windows\{0413D311-79DF-4b3a-A516-83117C660534}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C125DA88-4BDD-4e68-ACB0-5247BFA937E2} | C:\Windows\{7587AF25-E249-451d-BF08-00CDB8CF0F2A}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{430C0D23-6441-441f-908E-103B561E44D7}.exe | N/A |
| N/A | N/A | C:\Windows\{C12F5EF4-26A5-404d-8E8F-8DBEF50626AA}.exe | N/A |
| N/A | N/A | C:\Windows\{6434B841-0202-4607-A9E8-7C037F2850E7}.exe | N/A |
| N/A | N/A | C:\Windows\{1C36DDC1-5C71-4d47-ADD7-2989BC02BC3E}.exe | N/A |
| N/A | N/A | C:\Windows\{EB1241D1-F7D7-4ca2-9FF2-B8EBE7395CD0}.exe | N/A |
| N/A | N/A | C:\Windows\{0413D311-79DF-4b3a-A516-83117C660534}.exe | N/A |
| N/A | N/A | C:\Windows\{88181780-0C18-4c7d-97DC-59C8EAC165FB}.exe | N/A |
| N/A | N/A | C:\Windows\{15C66E93-6B3D-49ec-B317-0430026ADE94}.exe | N/A |
| N/A | N/A | C:\Windows\{D3462F47-0247-4ac6-8E5B-45AEA6C5F749}.exe | N/A |
| N/A | N/A | C:\Windows\{D54A8DF5-6FD3-4588-A326-7B20F770469B}.exe | N/A |
| N/A | N/A | C:\Windows\{C125DA88-4BDD-4e68-ACB0-5247BFA937E2}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{D3462F47-0247-4ac6-8E5B-45AEA6C5F749}.exe | C:\Windows\{15C66E93-6B3D-49ec-B317-0430026ADE94}.exe | N/A |
| File created | C:\Windows\{D54A8DF5-6FD3-4588-A326-7B20F770469B}.exe | C:\Windows\{D3462F47-0247-4ac6-8E5B-45AEA6C5F749}.exe | N/A |
| File created | C:\Windows\{430C0D23-6441-441f-908E-103B561E44D7}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-06_6f29dcdc7a7f53d474224d34ee51fa0f_goldeneye.exe | N/A |
| File created | C:\Windows\{C12F5EF4-26A5-404d-8E8F-8DBEF50626AA}.exe | C:\Windows\{430C0D23-6441-441f-908E-103B561E44D7}.exe | N/A |
| File created | C:\Windows\{6434B841-0202-4607-A9E8-7C037F2850E7}.exe | C:\Windows\{C12F5EF4-26A5-404d-8E8F-8DBEF50626AA}.exe | N/A |
| File created | C:\Windows\{EB1241D1-F7D7-4ca2-9FF2-B8EBE7395CD0}.exe | C:\Windows\{1C36DDC1-5C71-4d47-ADD7-2989BC02BC3E}.exe | N/A |
| File created | C:\Windows\{0413D311-79DF-4b3a-A516-83117C660534}.exe | C:\Windows\{EB1241D1-F7D7-4ca2-9FF2-B8EBE7395CD0}.exe | N/A |
| File created | C:\Windows\{88181780-0C18-4c7d-97DC-59C8EAC165FB}.exe | C:\Windows\{0413D311-79DF-4b3a-A516-83117C660534}.exe | N/A |
| File created | C:\Windows\{C125DA88-4BDD-4e68-ACB0-5247BFA937E2}.exe | C:\Windows\{7587AF25-E249-451d-BF08-00CDB8CF0F2A}.exe | N/A |
| File created | C:\Windows\{1C36DDC1-5C71-4d47-ADD7-2989BC02BC3E}.exe | C:\Windows\{6434B841-0202-4607-A9E8-7C037F2850E7}.exe | N/A |
| File created | C:\Windows\{15C66E93-6B3D-49ec-B317-0430026ADE94}.exe | C:\Windows\{88181780-0C18-4c7d-97DC-59C8EAC165FB}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-06_6f29dcdc7a7f53d474224d34ee51fa0f_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-06_6f29dcdc7a7f53d474224d34ee51fa0f_goldeneye.exe"
C:\Windows\{430C0D23-6441-441f-908E-103B561E44D7}.exe
C:\Windows\{430C0D23-6441-441f-908E-103B561E44D7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{C12F5EF4-26A5-404d-8E8F-8DBEF50626AA}.exe
C:\Windows\{C12F5EF4-26A5-404d-8E8F-8DBEF50626AA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{430C0~1.EXE > nul
C:\Windows\{6434B841-0202-4607-A9E8-7C037F2850E7}.exe
C:\Windows\{6434B841-0202-4607-A9E8-7C037F2850E7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C12F5~1.EXE > nul
C:\Windows\{1C36DDC1-5C71-4d47-ADD7-2989BC02BC3E}.exe
C:\Windows\{1C36DDC1-5C71-4d47-ADD7-2989BC02BC3E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6434B~1.EXE > nul
C:\Windows\{EB1241D1-F7D7-4ca2-9FF2-B8EBE7395CD0}.exe
C:\Windows\{EB1241D1-F7D7-4ca2-9FF2-B8EBE7395CD0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1C36D~1.EXE > nul
C:\Windows\{0413D311-79DF-4b3a-A516-83117C660534}.exe
C:\Windows\{0413D311-79DF-4b3a-A516-83117C660534}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EB124~1.EXE > nul
C:\Windows\{88181780-0C18-4c7d-97DC-59C8EAC165FB}.exe
C:\Windows\{88181780-0C18-4c7d-97DC-59C8EAC165FB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0413D~1.EXE > nul
C:\Windows\{15C66E93-6B3D-49ec-B317-0430026ADE94}.exe
C:\Windows\{15C66E93-6B3D-49ec-B317-0430026ADE94}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{88181~1.EXE > nul
C:\Windows\{D3462F47-0247-4ac6-8E5B-45AEA6C5F749}.exe
C:\Windows\{D3462F47-0247-4ac6-8E5B-45AEA6C5F749}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{15C66~1.EXE > nul
C:\Windows\{D54A8DF5-6FD3-4588-A326-7B20F770469B}.exe
C:\Windows\{D54A8DF5-6FD3-4588-A326-7B20F770469B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D3462~1.EXE > nul
C:\Windows\{7587AF25-E249-451d-BF08-00CDB8CF0F2A}.exe
C:\Windows\{7587AF25-E249-451d-BF08-00CDB8CF0F2A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D54A8~1.EXE > nul
C:\Windows\{C125DA88-4BDD-4e68-ACB0-5247BFA937E2}.exe
C:\Windows\{C125DA88-4BDD-4e68-ACB0-5247BFA937E2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7587A~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
C:\Windows\{430C0D23-6441-441f-908E-103B561E44D7}.exe
| MD5 | c97f744563f30f2cff976e20081defe6 |
| SHA1 | a4f58ee0e54e0127e91d0e699117c722e2167f35 |
| SHA256 | 0fcca0dc8400e420cbdc7db070f9a611f7567b18f2d71fb8f89d32527edeffdb |
| SHA512 | e7c077613bc05ed7a75aa5ee38f0e8c17ed5732b5125d21841224c68757effacb4334b18cc99e65b032943bcbf1f510f650ac37ebcd4fc7b71154a1d6991db68 |
C:\Windows\{C12F5EF4-26A5-404d-8E8F-8DBEF50626AA}.exe
| MD5 | f265abb664ef4aa60c0f4078ff0be588 |
| SHA1 | ce6077253b8d5ff646428af05d8378d436512a99 |
| SHA256 | 20f70f72f4ad740061c0e4c517c01b5b3693166517a8d1805dd1b55942e146d3 |
| SHA512 | ea2f02146e228299cf3c3b96858a9afca9481a7380f0cd5109c35cbe846d8087c7661f71872a10c29e43a2c4e6689a0b56d6012a8c09b0413c66446e8b359fc3 |
C:\Windows\{6434B841-0202-4607-A9E8-7C037F2850E7}.exe
| MD5 | f03ea52bea24c3a0d1a198cf81de8092 |
| SHA1 | 0e6b5d171389f5327d9990becf623c59ab754b0f |
| SHA256 | f27034159c845de8f32061bebe252063eaade31a8366883a6a8c95803fd5dcfb |
| SHA512 | ef1c87dc9bd9c5394ed9336a05cc36f0375930c75ef7911f8ac4baa20cf6cfa238785f572b1fd3982f56b2da161b8dc0505175a7d139255edd8c33e553945680 |
C:\Windows\{1C36DDC1-5C71-4d47-ADD7-2989BC02BC3E}.exe
| MD5 | e6e51094eca4bedd2f1b13ef454742e7 |
| SHA1 | ea4b92e5978de3b7bff9ae8690b5c210fe18f0ca |
| SHA256 | 4c3702b1416be1933faacde794ee9f03e8b2e27bfad410ad6024048ac5320193 |
| SHA512 | d92aa36823aedcb0a35cafad4fe088780fc0edeb0ac46a3508f945c89a7a41a394fae5e5eac3a36553c04979f860e3c02076ed657c952b11079438d70e2523a3 |
C:\Windows\{EB1241D1-F7D7-4ca2-9FF2-B8EBE7395CD0}.exe
| MD5 | fcd8d8bbaa1f5855a41c6fd8ceacad22 |
| SHA1 | c1baaa1cd66315929754756ea800b2fc8f4fbd5d |
| SHA256 | 342f98550d67769a421208462a929687da787109d4b9866e0e87e5be88ec661a |
| SHA512 | 7443fdfbc7ee7016c0edd373f396bc01a0df7c4052cdb8e775a193647d792c25b2a1231b1a095c45e4556692b40d2e55a1f6f7e9c525c5b30b2a8c646ea86030 |
C:\Windows\{0413D311-79DF-4b3a-A516-83117C660534}.exe
| MD5 | a39610067739f57b48e06ee2c5f34a8b |
| SHA1 | 20e12a6e21abaf6b95aa9bfb9bb86bc091107e84 |
| SHA256 | 4cc0271100a268d1c2143804a5fcf311a676fad922214740fd8023eaba0ffd06 |
| SHA512 | 0c7a5ab84d11fd57820c91d25853168ceeb28837f2680009ae06a61bf70e3eef731236d8df0f25b7e1b2a383dbb09fa60602a2cc455b63ccc2fa1037e5272e36 |
C:\Windows\{88181780-0C18-4c7d-97DC-59C8EAC165FB}.exe
| MD5 | 531304c7fdb0bc8146f104a4adad9675 |
| SHA1 | d3875494d4a02c85e5a8632672511fd6425f594d |
| SHA256 | cfa3ce881589ad94b0f0ae036c1c7336e9486adcf62e75dd8e68aa03e6000cd1 |
| SHA512 | efb1880f5262204bd516b46b5c7ef3b0ab4efbe2f60364d476d2c4758349236285ba89092cfa2535417ad9f32b418ecfddd87edf722b57d46fbcae88cfce2cbe |
C:\Windows\{15C66E93-6B3D-49ec-B317-0430026ADE94}.exe
| MD5 | 6ec5b5d358618dedf62e751bf3890bfc |
| SHA1 | 28ba1d595367c90c92d1723e9d1bf3d757fb4cf7 |
| SHA256 | bd14821c89f79e9493eb5d05292b6148478e899a6032a2e4e9d65efdbdea174f |
| SHA512 | 4cdd674e0043e75facc512f2b9a27598249701bd0403ece77b9746ecc73a828ba7b6574aa22a883280c8259ae2583a5763cfe47dcf9987791041cd434b7570a8 |
C:\Windows\{D3462F47-0247-4ac6-8E5B-45AEA6C5F749}.exe
| MD5 | 4ff75fbdc64938bcd263958fa0849402 |
| SHA1 | 514edef1ecd7a1ac5309762e8b347647e701b3c3 |
| SHA256 | d7521de6bfa8716a0038671cf2ad885f7443a4c0c9b82045298f1d88f17090da |
| SHA512 | 0324cfed26ab15f715f53bd5936fe2dabe67440e4991d6c83bc23b84558947d4dc4d9124ac78641969f14c91bbf25276c5d1c290f273341aa8de83a88073988d |
C:\Windows\{D54A8DF5-6FD3-4588-A326-7B20F770469B}.exe
| MD5 | d8fd1cb7d56ac0a840dc966f4cbbeef8 |
| SHA1 | 00f097c0072e79955342cfd60c250bce455bba0e |
| SHA256 | 328496c062585ad67b235829978f827d8ca4fa56208b4f3fa4d1abc3cb96bb86 |
| SHA512 | cee9d68c81ba051ae9a4ea043433b4ec715de374d51607f0f6da7b2f57eb2750a913f6e4f9596d2a9844f0e6b91161c9c10e21959910b72410300a83ac64278b |
C:\Windows\{C125DA88-4BDD-4e68-ACB0-5247BFA937E2}.exe
| MD5 | 13d0abda867b2401b429e7ce80bed628 |
| SHA1 | be63fbcb6ae198892fa576bcefee57d9fc24a653 |
| SHA256 | 364dcc64baa86c6bfcf85acbfc6c5f0c3d4887351e864b350916b5a14c743acc |
| SHA512 | 8faf821ec28ccce6c9241ecd76d1458ba86cdfcd615dafd3f15d6aec36eb69fcb1c0492078aa5bd51e9041b488ce50057261c04bb6c4dc41e10abf3f4d099a0d |