Analysis Overview
SHA256
3c8f713770473a68fa2f70b65f1c2298547b78ca26462e0d7db89518b8fbe950
Threat Level: Known bad
The file 2024-04-06_6030608dbda6f24061302a8b96132583_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 21:38
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 21:38
Reported
2024-04-06 21:41
Platform
win7-20240221-en
Max time kernel
144s
Max time network
123s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E10E4A0B-590F-437c-905E-3C783C71CDA1}\stubpath = "C:\\Windows\\{E10E4A0B-590F-437c-905E-3C783C71CDA1}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-06_6030608dbda6f24061302a8b96132583_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{264F2785-FCDD-43e0-9391-59585FD2D279}\stubpath = "C:\\Windows\\{264F2785-FCDD-43e0-9391-59585FD2D279}.exe" | C:\Windows\{881AFE50-BC32-4b7a-B555-0CE23EAB06F1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3B859A2B-4CBF-4780-B9B8-741BDECC7CD2} | C:\Windows\{5150B930-5E72-4a46-B950-332CBB906302}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B37BB6C0-DEAF-40ef-BCF2-E4FDC05B640E} | C:\Windows\{3B859A2B-4CBF-4780-B9B8-741BDECC7CD2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8EF93032-56DC-4257-B6BC-A36CA443290A} | C:\Windows\{B856CE78-B9D7-4af9-A331-19E9FAAED1AB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E10E4A0B-590F-437c-905E-3C783C71CDA1} | C:\Users\Admin\AppData\Local\Temp\2024-04-06_6030608dbda6f24061302a8b96132583_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{881AFE50-BC32-4b7a-B555-0CE23EAB06F1} | C:\Windows\{E10E4A0B-590F-437c-905E-3C783C71CDA1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B1186066-2F68-49c8-AD03-A226BCBAF6F7}\stubpath = "C:\\Windows\\{B1186066-2F68-49c8-AD03-A226BCBAF6F7}.exe" | C:\Windows\{55DF49BB-C557-48a3-AC23-D1507FB4642B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B856CE78-B9D7-4af9-A331-19E9FAAED1AB} | C:\Windows\{B1186066-2F68-49c8-AD03-A226BCBAF6F7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5150B930-5E72-4a46-B950-332CBB906302} | C:\Windows\{0B4C961A-EED7-4a39-9D5D-C5168275DF5E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B1186066-2F68-49c8-AD03-A226BCBAF6F7} | C:\Windows\{55DF49BB-C557-48a3-AC23-D1507FB4642B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B856CE78-B9D7-4af9-A331-19E9FAAED1AB}\stubpath = "C:\\Windows\\{B856CE78-B9D7-4af9-A331-19E9FAAED1AB}.exe" | C:\Windows\{B1186066-2F68-49c8-AD03-A226BCBAF6F7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{881AFE50-BC32-4b7a-B555-0CE23EAB06F1}\stubpath = "C:\\Windows\\{881AFE50-BC32-4b7a-B555-0CE23EAB06F1}.exe" | C:\Windows\{E10E4A0B-590F-437c-905E-3C783C71CDA1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{264F2785-FCDD-43e0-9391-59585FD2D279} | C:\Windows\{881AFE50-BC32-4b7a-B555-0CE23EAB06F1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0B4C961A-EED7-4a39-9D5D-C5168275DF5E} | C:\Windows\{264F2785-FCDD-43e0-9391-59585FD2D279}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0B4C961A-EED7-4a39-9D5D-C5168275DF5E}\stubpath = "C:\\Windows\\{0B4C961A-EED7-4a39-9D5D-C5168275DF5E}.exe" | C:\Windows\{264F2785-FCDD-43e0-9391-59585FD2D279}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5150B930-5E72-4a46-B950-332CBB906302}\stubpath = "C:\\Windows\\{5150B930-5E72-4a46-B950-332CBB906302}.exe" | C:\Windows\{0B4C961A-EED7-4a39-9D5D-C5168275DF5E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3B859A2B-4CBF-4780-B9B8-741BDECC7CD2}\stubpath = "C:\\Windows\\{3B859A2B-4CBF-4780-B9B8-741BDECC7CD2}.exe" | C:\Windows\{5150B930-5E72-4a46-B950-332CBB906302}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B37BB6C0-DEAF-40ef-BCF2-E4FDC05B640E}\stubpath = "C:\\Windows\\{B37BB6C0-DEAF-40ef-BCF2-E4FDC05B640E}.exe" | C:\Windows\{3B859A2B-4CBF-4780-B9B8-741BDECC7CD2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{55DF49BB-C557-48a3-AC23-D1507FB4642B} | C:\Windows\{B37BB6C0-DEAF-40ef-BCF2-E4FDC05B640E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{55DF49BB-C557-48a3-AC23-D1507FB4642B}\stubpath = "C:\\Windows\\{55DF49BB-C557-48a3-AC23-D1507FB4642B}.exe" | C:\Windows\{B37BB6C0-DEAF-40ef-BCF2-E4FDC05B640E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8EF93032-56DC-4257-B6BC-A36CA443290A}\stubpath = "C:\\Windows\\{8EF93032-56DC-4257-B6BC-A36CA443290A}.exe" | C:\Windows\{B856CE78-B9D7-4af9-A331-19E9FAAED1AB}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{E10E4A0B-590F-437c-905E-3C783C71CDA1}.exe | N/A |
| N/A | N/A | C:\Windows\{881AFE50-BC32-4b7a-B555-0CE23EAB06F1}.exe | N/A |
| N/A | N/A | C:\Windows\{264F2785-FCDD-43e0-9391-59585FD2D279}.exe | N/A |
| N/A | N/A | C:\Windows\{0B4C961A-EED7-4a39-9D5D-C5168275DF5E}.exe | N/A |
| N/A | N/A | C:\Windows\{5150B930-5E72-4a46-B950-332CBB906302}.exe | N/A |
| N/A | N/A | C:\Windows\{3B859A2B-4CBF-4780-B9B8-741BDECC7CD2}.exe | N/A |
| N/A | N/A | C:\Windows\{B37BB6C0-DEAF-40ef-BCF2-E4FDC05B640E}.exe | N/A |
| N/A | N/A | C:\Windows\{55DF49BB-C557-48a3-AC23-D1507FB4642B}.exe | N/A |
| N/A | N/A | C:\Windows\{B1186066-2F68-49c8-AD03-A226BCBAF6F7}.exe | N/A |
| N/A | N/A | C:\Windows\{B856CE78-B9D7-4af9-A331-19E9FAAED1AB}.exe | N/A |
| N/A | N/A | C:\Windows\{8EF93032-56DC-4257-B6BC-A36CA443290A}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{E10E4A0B-590F-437c-905E-3C783C71CDA1}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-06_6030608dbda6f24061302a8b96132583_goldeneye.exe | N/A |
| File created | C:\Windows\{881AFE50-BC32-4b7a-B555-0CE23EAB06F1}.exe | C:\Windows\{E10E4A0B-590F-437c-905E-3C783C71CDA1}.exe | N/A |
| File created | C:\Windows\{B37BB6C0-DEAF-40ef-BCF2-E4FDC05B640E}.exe | C:\Windows\{3B859A2B-4CBF-4780-B9B8-741BDECC7CD2}.exe | N/A |
| File created | C:\Windows\{B1186066-2F68-49c8-AD03-A226BCBAF6F7}.exe | C:\Windows\{55DF49BB-C557-48a3-AC23-D1507FB4642B}.exe | N/A |
| File created | C:\Windows\{B856CE78-B9D7-4af9-A331-19E9FAAED1AB}.exe | C:\Windows\{B1186066-2F68-49c8-AD03-A226BCBAF6F7}.exe | N/A |
| File created | C:\Windows\{8EF93032-56DC-4257-B6BC-A36CA443290A}.exe | C:\Windows\{B856CE78-B9D7-4af9-A331-19E9FAAED1AB}.exe | N/A |
| File created | C:\Windows\{264F2785-FCDD-43e0-9391-59585FD2D279}.exe | C:\Windows\{881AFE50-BC32-4b7a-B555-0CE23EAB06F1}.exe | N/A |
| File created | C:\Windows\{0B4C961A-EED7-4a39-9D5D-C5168275DF5E}.exe | C:\Windows\{264F2785-FCDD-43e0-9391-59585FD2D279}.exe | N/A |
| File created | C:\Windows\{5150B930-5E72-4a46-B950-332CBB906302}.exe | C:\Windows\{0B4C961A-EED7-4a39-9D5D-C5168275DF5E}.exe | N/A |
| File created | C:\Windows\{3B859A2B-4CBF-4780-B9B8-741BDECC7CD2}.exe | C:\Windows\{5150B930-5E72-4a46-B950-332CBB906302}.exe | N/A |
| File created | C:\Windows\{55DF49BB-C557-48a3-AC23-D1507FB4642B}.exe | C:\Windows\{B37BB6C0-DEAF-40ef-BCF2-E4FDC05B640E}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-06_6030608dbda6f24061302a8b96132583_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-06_6030608dbda6f24061302a8b96132583_goldeneye.exe"
C:\Windows\{E10E4A0B-590F-437c-905E-3C783C71CDA1}.exe
C:\Windows\{E10E4A0B-590F-437c-905E-3C783C71CDA1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{881AFE50-BC32-4b7a-B555-0CE23EAB06F1}.exe
C:\Windows\{881AFE50-BC32-4b7a-B555-0CE23EAB06F1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E10E4~1.EXE > nul
C:\Windows\{264F2785-FCDD-43e0-9391-59585FD2D279}.exe
C:\Windows\{264F2785-FCDD-43e0-9391-59585FD2D279}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{881AF~1.EXE > nul
C:\Windows\{0B4C961A-EED7-4a39-9D5D-C5168275DF5E}.exe
C:\Windows\{0B4C961A-EED7-4a39-9D5D-C5168275DF5E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{264F2~1.EXE > nul
C:\Windows\{5150B930-5E72-4a46-B950-332CBB906302}.exe
C:\Windows\{5150B930-5E72-4a46-B950-332CBB906302}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0B4C9~1.EXE > nul
C:\Windows\{3B859A2B-4CBF-4780-B9B8-741BDECC7CD2}.exe
C:\Windows\{3B859A2B-4CBF-4780-B9B8-741BDECC7CD2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5150B~1.EXE > nul
C:\Windows\{B37BB6C0-DEAF-40ef-BCF2-E4FDC05B640E}.exe
C:\Windows\{B37BB6C0-DEAF-40ef-BCF2-E4FDC05B640E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3B859~1.EXE > nul
C:\Windows\{55DF49BB-C557-48a3-AC23-D1507FB4642B}.exe
C:\Windows\{55DF49BB-C557-48a3-AC23-D1507FB4642B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B37BB~1.EXE > nul
C:\Windows\{B1186066-2F68-49c8-AD03-A226BCBAF6F7}.exe
C:\Windows\{B1186066-2F68-49c8-AD03-A226BCBAF6F7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{55DF4~1.EXE > nul
C:\Windows\{B856CE78-B9D7-4af9-A331-19E9FAAED1AB}.exe
C:\Windows\{B856CE78-B9D7-4af9-A331-19E9FAAED1AB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B1186~1.EXE > nul
C:\Windows\{8EF93032-56DC-4257-B6BC-A36CA443290A}.exe
C:\Windows\{8EF93032-56DC-4257-B6BC-A36CA443290A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B856C~1.EXE > nul
Network
Files
C:\Windows\{E10E4A0B-590F-437c-905E-3C783C71CDA1}.exe
| MD5 | 4014ee03f77db1a15d6f5e8cc36be755 |
| SHA1 | 5eb203ae6e495b8a481cb4e9eb3e99fa38c21bca |
| SHA256 | bb7da3229ce37a17d13f83c978a56da1e8bcbbf37f7311b9a52dcdd5ca4b32de |
| SHA512 | 90a8f8dd327b030318ed05ed44b436a32e05bff30efa42a85f7081b627c516895eaa02a93f99e5d158c78b6316fcc94c57d68f8020b25bbdb1a57eb3ef725cdf |
C:\Windows\{881AFE50-BC32-4b7a-B555-0CE23EAB06F1}.exe
| MD5 | d5dfc78fbb73d6edc7c19703fabf77d0 |
| SHA1 | 095c2933296358889b6e10d1f43c51a73b2808a7 |
| SHA256 | 8063779302b9bcc34e6d29c7224fb30fa477fc39e672a4c9b2bf783b3a54e3dd |
| SHA512 | a0c64d5cd0fb5fc5c6d2dd0d4a40336485f12da1f66610747450b9b45816ffcc0124fbce6b8ac6830d7c6962589b9ea003594f270a1cadb3d0aa292537b89b55 |
C:\Windows\{264F2785-FCDD-43e0-9391-59585FD2D279}.exe
| MD5 | 949d98d35e97b835f28f078d72b69aca |
| SHA1 | d30326be9bbc81eb790305396723dcaf8e437334 |
| SHA256 | 781fbe67a844a1d559fe4074e29a7905db24227d43acb037a98f13dcbb3f4251 |
| SHA512 | dcf17491f6fe5f65c8ef933c09916477eb640ec80c47ac9f8cc113c55cef637fd4c043af815535fbe87afc064c6b12ed4e25aab2508eed2bcffad5c7cf86b021 |
C:\Windows\{0B4C961A-EED7-4a39-9D5D-C5168275DF5E}.exe
| MD5 | 36f02598c6d56eee278b9f9cbb72d619 |
| SHA1 | 1c088df7d7b2d6a121ac4982ed15e6b98d7208e4 |
| SHA256 | bb112bf0e18ead7674a99c86639645ee7d9bdd2b27eba718ca563cd031d01f57 |
| SHA512 | 0efa2578240a2c58310e6aaa89547c8224a33544784d07199bf751f1995461f89b9076559ac5c5589dd559039ff9cd89dbc706106bab7d1a2e39c5362f715869 |
C:\Windows\{5150B930-5E72-4a46-B950-332CBB906302}.exe
| MD5 | b082d0ff4877e40a9bfdfe9095343976 |
| SHA1 | 8ec80b079bd4ccd4328ff396b784826c1e5b9c5e |
| SHA256 | 65888e3d4bcfff0ed93ec0dcb43c7ff16ad4efa0c9d5b635e0cdb3a7b26570fc |
| SHA512 | 1a930232afb7e35bf2491cec6e67c6998b9ad916da699b1031ee62f5289c829190293e7dd321b38eff19aaf4d6ac02ab53be23a6d218dbd2e506d6bd82fca964 |
C:\Windows\{3B859A2B-4CBF-4780-B9B8-741BDECC7CD2}.exe
| MD5 | e26a794d2045114c83298d8d5875c7a0 |
| SHA1 | 93bb6506be8b5c338f821b93b8b59821837ab5d6 |
| SHA256 | d6a33b1f57e29064eb24893b7a277cf86e741fa9dfc39fd3a1ba286dafafbe98 |
| SHA512 | a769f85d8036d072a3060452f3ccce781a41a2359c81ae60c8cdeddfcf21f3fcbe487cf02c7be854bf45b8c2c7c5b8f5280b87f98b11bde6c75e2a70e6062a87 |
C:\Windows\{B37BB6C0-DEAF-40ef-BCF2-E4FDC05B640E}.exe
| MD5 | f1df4cee614b9fc836baff4035c6336a |
| SHA1 | 9ff7f16f8f42d70ac77106df11363279ecbc5cab |
| SHA256 | 5a2e8dc2799f9e0f485b6120d7134945b63f4a0319556cd6c249114b3f97ec3b |
| SHA512 | 1227393d1fd94ec42e37b98464021bd028e7ce3e86bd93d3ecd1952fc2b62105d30a7946ae98b04005957e43a5a7182d187579456bdff26068cca901f4723d00 |
C:\Windows\{55DF49BB-C557-48a3-AC23-D1507FB4642B}.exe
| MD5 | aaa61632abfb10c830613246cc942e7d |
| SHA1 | 36b129240db280b7258b61265d5e289b92cb53a8 |
| SHA256 | c7c14b18c0c34f3e5529077079d5e72cb213f260e856eccf349712cda1ea7a0b |
| SHA512 | ab0bb8f6da304feb85e72722ae1b200307d1ab83a69c185f2b70ffa884001a416747345eb35d109be82a26c45955b9494db067e461cca66c0f6b5851cbaef333 |
C:\Windows\{B1186066-2F68-49c8-AD03-A226BCBAF6F7}.exe
| MD5 | f60190a92486c66674a30a333a4260ee |
| SHA1 | e2b9ac2507f6ae85677ca3afd0b6f081a9c8abd2 |
| SHA256 | 4537a0bde08f4e89cab3c9207605386372710f51a5412a37d42d7407e9a89e00 |
| SHA512 | 5a2146e7a9bba075ea9fb192cae3ab0ee3abc3fff3c3bcd25bb680991a09191339a2db984e8b0019eb27296601c80d509f7986767a7e1491d9ae66a2405f0c5c |
C:\Windows\{B856CE78-B9D7-4af9-A331-19E9FAAED1AB}.exe
| MD5 | 9b866c5f58afe88e9fa73e459457f5f8 |
| SHA1 | dfd0b14b459bd1b358da13b99eacf484d928eb5e |
| SHA256 | a5adf49280dd4ec4307da85f48e5471ece791d26f192dd7977c8f670eb4343bf |
| SHA512 | 54c6cee3298a3f1c0a21387ff491cc6a90dbe79e6fba35e3cf9797e773b90f9463251477d10d938a99a90cea6cb5ec85ebe50e12e63d0027596c8d40717ee2d2 |
C:\Windows\{8EF93032-56DC-4257-B6BC-A36CA443290A}.exe
| MD5 | f40535bdf5fe9ea5e925c63184b35c70 |
| SHA1 | b87bbe67df2126d9790e605eeaaa9523ecaba931 |
| SHA256 | 335b6786a780f2a5d625286b68820df1d196f90111618456f967e163f5b8a5d1 |
| SHA512 | 18b2c452ba5fca45980a81b9f54af2f9f7e179bd16e25ebcd67234912e54f012ce5ab0bed8c3e3afaba7602562e16f9543863f2501400335d73675c41b8d5315 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 21:38
Reported
2024-04-06 21:41
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
94s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89E72E84-049C-44e8-A114-B65F8736614D}\stubpath = "C:\\Windows\\{89E72E84-049C-44e8-A114-B65F8736614D}.exe" | C:\Windows\{F41E8FEE-6043-4bc4-9B6F-3F012F3E1EC4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DD620C2A-9F46-4605-8F8C-FE9952BB8272} | C:\Windows\{89E72E84-049C-44e8-A114-B65F8736614D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C18F7DBC-3272-4fee-A2AC-9CCC2E4829C2} | C:\Windows\{DD620C2A-9F46-4605-8F8C-FE9952BB8272}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9A975883-4A2A-4c58-AEB1-C4D279630A26}\stubpath = "C:\\Windows\\{9A975883-4A2A-4c58-AEB1-C4D279630A26}.exe" | C:\Windows\{C18F7DBC-3272-4fee-A2AC-9CCC2E4829C2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8A045D2E-FFEB-4ee5-809B-12A0B2483B5F}\stubpath = "C:\\Windows\\{8A045D2E-FFEB-4ee5-809B-12A0B2483B5F}.exe" | C:\Windows\{9A975883-4A2A-4c58-AEB1-C4D279630A26}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{082CC7B7-F50D-4c02-9ADD-3FC61038A49A}\stubpath = "C:\\Windows\\{082CC7B7-F50D-4c02-9ADD-3FC61038A49A}.exe" | C:\Windows\{8A416E20-9B36-4346-9E43-D3823FDBADEF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6499CC57-06F0-48d9-B4ED-A8C2B311B531} | C:\Windows\{082CC7B7-F50D-4c02-9ADD-3FC61038A49A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F41E8FEE-6043-4bc4-9B6F-3F012F3E1EC4}\stubpath = "C:\\Windows\\{F41E8FEE-6043-4bc4-9B6F-3F012F3E1EC4}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-06_6030608dbda6f24061302a8b96132583_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89E72E84-049C-44e8-A114-B65F8736614D} | C:\Windows\{F41E8FEE-6043-4bc4-9B6F-3F012F3E1EC4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DD620C2A-9F46-4605-8F8C-FE9952BB8272}\stubpath = "C:\\Windows\\{DD620C2A-9F46-4605-8F8C-FE9952BB8272}.exe" | C:\Windows\{89E72E84-049C-44e8-A114-B65F8736614D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8A045D2E-FFEB-4ee5-809B-12A0B2483B5F} | C:\Windows\{9A975883-4A2A-4c58-AEB1-C4D279630A26}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{108134B4-B6AF-4668-8F16-CAED54D980FB}\stubpath = "C:\\Windows\\{108134B4-B6AF-4668-8F16-CAED54D980FB}.exe" | C:\Windows\{8A045D2E-FFEB-4ee5-809B-12A0B2483B5F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4596DCFF-B727-41d9-8C06-38B209A66420} | C:\Windows\{108134B4-B6AF-4668-8F16-CAED54D980FB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CB26D8AA-4CA9-4653-B66E-65145673825A} | C:\Windows\{4596DCFF-B727-41d9-8C06-38B209A66420}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8A416E20-9B36-4346-9E43-D3823FDBADEF} | C:\Windows\{CB26D8AA-4CA9-4653-B66E-65145673825A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F41E8FEE-6043-4bc4-9B6F-3F012F3E1EC4} | C:\Users\Admin\AppData\Local\Temp\2024-04-06_6030608dbda6f24061302a8b96132583_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8A416E20-9B36-4346-9E43-D3823FDBADEF}\stubpath = "C:\\Windows\\{8A416E20-9B36-4346-9E43-D3823FDBADEF}.exe" | C:\Windows\{CB26D8AA-4CA9-4653-B66E-65145673825A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{082CC7B7-F50D-4c02-9ADD-3FC61038A49A} | C:\Windows\{8A416E20-9B36-4346-9E43-D3823FDBADEF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4596DCFF-B727-41d9-8C06-38B209A66420}\stubpath = "C:\\Windows\\{4596DCFF-B727-41d9-8C06-38B209A66420}.exe" | C:\Windows\{108134B4-B6AF-4668-8F16-CAED54D980FB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9A975883-4A2A-4c58-AEB1-C4D279630A26} | C:\Windows\{C18F7DBC-3272-4fee-A2AC-9CCC2E4829C2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{108134B4-B6AF-4668-8F16-CAED54D980FB} | C:\Windows\{8A045D2E-FFEB-4ee5-809B-12A0B2483B5F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CB26D8AA-4CA9-4653-B66E-65145673825A}\stubpath = "C:\\Windows\\{CB26D8AA-4CA9-4653-B66E-65145673825A}.exe" | C:\Windows\{4596DCFF-B727-41d9-8C06-38B209A66420}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6499CC57-06F0-48d9-B4ED-A8C2B311B531}\stubpath = "C:\\Windows\\{6499CC57-06F0-48d9-B4ED-A8C2B311B531}.exe" | C:\Windows\{082CC7B7-F50D-4c02-9ADD-3FC61038A49A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C18F7DBC-3272-4fee-A2AC-9CCC2E4829C2}\stubpath = "C:\\Windows\\{C18F7DBC-3272-4fee-A2AC-9CCC2E4829C2}.exe" | C:\Windows\{DD620C2A-9F46-4605-8F8C-FE9952BB8272}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{F41E8FEE-6043-4bc4-9B6F-3F012F3E1EC4}.exe | N/A |
| N/A | N/A | C:\Windows\{89E72E84-049C-44e8-A114-B65F8736614D}.exe | N/A |
| N/A | N/A | C:\Windows\{DD620C2A-9F46-4605-8F8C-FE9952BB8272}.exe | N/A |
| N/A | N/A | C:\Windows\{C18F7DBC-3272-4fee-A2AC-9CCC2E4829C2}.exe | N/A |
| N/A | N/A | C:\Windows\{9A975883-4A2A-4c58-AEB1-C4D279630A26}.exe | N/A |
| N/A | N/A | C:\Windows\{8A045D2E-FFEB-4ee5-809B-12A0B2483B5F}.exe | N/A |
| N/A | N/A | C:\Windows\{108134B4-B6AF-4668-8F16-CAED54D980FB}.exe | N/A |
| N/A | N/A | C:\Windows\{4596DCFF-B727-41d9-8C06-38B209A66420}.exe | N/A |
| N/A | N/A | C:\Windows\{CB26D8AA-4CA9-4653-B66E-65145673825A}.exe | N/A |
| N/A | N/A | C:\Windows\{8A416E20-9B36-4346-9E43-D3823FDBADEF}.exe | N/A |
| N/A | N/A | C:\Windows\{082CC7B7-F50D-4c02-9ADD-3FC61038A49A}.exe | N/A |
| N/A | N/A | C:\Windows\{6499CC57-06F0-48d9-B4ED-A8C2B311B531}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{C18F7DBC-3272-4fee-A2AC-9CCC2E4829C2}.exe | C:\Windows\{DD620C2A-9F46-4605-8F8C-FE9952BB8272}.exe | N/A |
| File created | C:\Windows\{9A975883-4A2A-4c58-AEB1-C4D279630A26}.exe | C:\Windows\{C18F7DBC-3272-4fee-A2AC-9CCC2E4829C2}.exe | N/A |
| File created | C:\Windows\{108134B4-B6AF-4668-8F16-CAED54D980FB}.exe | C:\Windows\{8A045D2E-FFEB-4ee5-809B-12A0B2483B5F}.exe | N/A |
| File created | C:\Windows\{4596DCFF-B727-41d9-8C06-38B209A66420}.exe | C:\Windows\{108134B4-B6AF-4668-8F16-CAED54D980FB}.exe | N/A |
| File created | C:\Windows\{6499CC57-06F0-48d9-B4ED-A8C2B311B531}.exe | C:\Windows\{082CC7B7-F50D-4c02-9ADD-3FC61038A49A}.exe | N/A |
| File created | C:\Windows\{082CC7B7-F50D-4c02-9ADD-3FC61038A49A}.exe | C:\Windows\{8A416E20-9B36-4346-9E43-D3823FDBADEF}.exe | N/A |
| File created | C:\Windows\{F41E8FEE-6043-4bc4-9B6F-3F012F3E1EC4}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-06_6030608dbda6f24061302a8b96132583_goldeneye.exe | N/A |
| File created | C:\Windows\{89E72E84-049C-44e8-A114-B65F8736614D}.exe | C:\Windows\{F41E8FEE-6043-4bc4-9B6F-3F012F3E1EC4}.exe | N/A |
| File created | C:\Windows\{DD620C2A-9F46-4605-8F8C-FE9952BB8272}.exe | C:\Windows\{89E72E84-049C-44e8-A114-B65F8736614D}.exe | N/A |
| File created | C:\Windows\{8A045D2E-FFEB-4ee5-809B-12A0B2483B5F}.exe | C:\Windows\{9A975883-4A2A-4c58-AEB1-C4D279630A26}.exe | N/A |
| File created | C:\Windows\{CB26D8AA-4CA9-4653-B66E-65145673825A}.exe | C:\Windows\{4596DCFF-B727-41d9-8C06-38B209A66420}.exe | N/A |
| File created | C:\Windows\{8A416E20-9B36-4346-9E43-D3823FDBADEF}.exe | C:\Windows\{CB26D8AA-4CA9-4653-B66E-65145673825A}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-06_6030608dbda6f24061302a8b96132583_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-06_6030608dbda6f24061302a8b96132583_goldeneye.exe"
C:\Windows\{F41E8FEE-6043-4bc4-9B6F-3F012F3E1EC4}.exe
C:\Windows\{F41E8FEE-6043-4bc4-9B6F-3F012F3E1EC4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{89E72E84-049C-44e8-A114-B65F8736614D}.exe
C:\Windows\{89E72E84-049C-44e8-A114-B65F8736614D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F41E8~1.EXE > nul
C:\Windows\{DD620C2A-9F46-4605-8F8C-FE9952BB8272}.exe
C:\Windows\{DD620C2A-9F46-4605-8F8C-FE9952BB8272}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{89E72~1.EXE > nul
C:\Windows\{C18F7DBC-3272-4fee-A2AC-9CCC2E4829C2}.exe
C:\Windows\{C18F7DBC-3272-4fee-A2AC-9CCC2E4829C2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{DD620~1.EXE > nul
C:\Windows\{9A975883-4A2A-4c58-AEB1-C4D279630A26}.exe
C:\Windows\{9A975883-4A2A-4c58-AEB1-C4D279630A26}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C18F7~1.EXE > nul
C:\Windows\{8A045D2E-FFEB-4ee5-809B-12A0B2483B5F}.exe
C:\Windows\{8A045D2E-FFEB-4ee5-809B-12A0B2483B5F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9A975~1.EXE > nul
C:\Windows\{108134B4-B6AF-4668-8F16-CAED54D980FB}.exe
C:\Windows\{108134B4-B6AF-4668-8F16-CAED54D980FB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8A045~1.EXE > nul
C:\Windows\{4596DCFF-B727-41d9-8C06-38B209A66420}.exe
C:\Windows\{4596DCFF-B727-41d9-8C06-38B209A66420}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{10813~1.EXE > nul
C:\Windows\{CB26D8AA-4CA9-4653-B66E-65145673825A}.exe
C:\Windows\{CB26D8AA-4CA9-4653-B66E-65145673825A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4596D~1.EXE > nul
C:\Windows\{8A416E20-9B36-4346-9E43-D3823FDBADEF}.exe
C:\Windows\{8A416E20-9B36-4346-9E43-D3823FDBADEF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CB26D~1.EXE > nul
C:\Windows\{082CC7B7-F50D-4c02-9ADD-3FC61038A49A}.exe
C:\Windows\{082CC7B7-F50D-4c02-9ADD-3FC61038A49A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8A416~1.EXE > nul
C:\Windows\{6499CC57-06F0-48d9-B4ED-A8C2B311B531}.exe
C:\Windows\{6499CC57-06F0-48d9-B4ED-A8C2B311B531}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{082CC~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 23.53.113.159:80 | tcp | |
| US | 138.91.171.81:80 | tcp |
Files
C:\Windows\{F41E8FEE-6043-4bc4-9B6F-3F012F3E1EC4}.exe
| MD5 | e21404cd1c8330379b22f9d13c6bb04d |
| SHA1 | 43777f6486305c5fdf6c2ef39c4d0df1aabef2b9 |
| SHA256 | f1b6c0e1bca8d2b9918c7bf32795e8775635f8de57c0189b6ba2a3271865b5a0 |
| SHA512 | dc81a4d2f071cfb4ddb0aaa39d031151cb16809415ababec95157fdbc1588156bda8d6d1655d7b980176b7e0d282962cd97c2ac4aba51fe1b6c722b3197a3401 |
C:\Windows\{89E72E84-049C-44e8-A114-B65F8736614D}.exe
| MD5 | 886bbffa5313033a4177396260837d0c |
| SHA1 | 23e5c987c4b01c5bdb7aa9fef8df34a738f5bb6a |
| SHA256 | 1a06d9971881570242f1740d03249e3f0400494554d87a7966e82b42fce63578 |
| SHA512 | 95bdc57eb5a4e45ed50195a19d2794bbb22618b99146a163b75aae6017757e834f1fda73ffd6bcd79009c36471172c946985169d16910bc94bca6079b5749bc1 |
C:\Windows\{DD620C2A-9F46-4605-8F8C-FE9952BB8272}.exe
| MD5 | 4c49fa65433da4f6b772058f0e6be866 |
| SHA1 | ecd01ad428ca4431ab2ec87bca5dd33296b74a9a |
| SHA256 | 640c49575250a404eeec21f3671a0eab4b8ed92c7f21e092e2fcb522d4261062 |
| SHA512 | 9b79bd0c4f00476f30cd73fc9d44c25187140fba06b39caad097255ce60c161ddfcb6de40f1b446e41a94ab7a021727cdfffc4877764917a81881779ac221b3c |
C:\Windows\{C18F7DBC-3272-4fee-A2AC-9CCC2E4829C2}.exe
| MD5 | 1bae2fc1c8da90401a0f6620f58acd47 |
| SHA1 | 32815dd1e885ad7a0b4716598460be6650757eb7 |
| SHA256 | 91a9ca8a3ade3d6b8d26e10f962fa1b07680064841f4c116479db81b7d7530f1 |
| SHA512 | f73ab1292e2deb0975ed5b71a473aef900a4d5961eaaa82a35cea22d9a3d1a9bcbc2bc5de982205e18fb817be6e5ec381b56c03bf6ad2cd2c941abd175ee03fc |
C:\Windows\{9A975883-4A2A-4c58-AEB1-C4D279630A26}.exe
| MD5 | ee14e0fa5db5b055e9cde495316644e0 |
| SHA1 | 881e32d948202edbceb623741da70b8a2a0509cb |
| SHA256 | 45d1d81dbfd13d82b1f677fa90f105b52b668d3ea4c4dd14d0a65b9cb820b90e |
| SHA512 | c35fe92546bec22b48f3fc832a8a7d01e551b71693be675cd530d2a6351d61ef2fdb15a06efd83efa44fd732389606a73c6f1cade40fdcda18da8222b099d4b5 |
C:\Windows\{8A045D2E-FFEB-4ee5-809B-12A0B2483B5F}.exe
| MD5 | c64dcffa33ebb2b6ec9179a3a31ee84e |
| SHA1 | 61d17e94a2f8dbadce8a7d6c2fb03b27ff5b8eb3 |
| SHA256 | 358ca50c302361c1390d0511834c3f6b8686084f5c3256d48c17ee5c27ae2af5 |
| SHA512 | add92f5c99a729c6bf0e8b4f60247fa06886fe9b4aacec749603ebe974e57cfc8bdd092aded76dc3fc747ca470eb3c61ef073526d16a7f2cf6c028bc004aecb8 |
C:\Windows\{108134B4-B6AF-4668-8F16-CAED54D980FB}.exe
| MD5 | 98b22da199f32b1242533c603d23480a |
| SHA1 | 4d5636cb728dafb9fa8843984a79dcd882dc36e8 |
| SHA256 | cf0cb716ebc31f66d6311aab6e06d5e4bc8faed8edb7653593f27cc53c1b3491 |
| SHA512 | f669a6a48897118d022cc3f8833ecf7e8bf74c3ce612188c06daa9ed2c937c041fae2abc7295cc0dd2850e51c179ab660504b11b2fd5b6f580ebe8622e60b217 |
C:\Windows\{4596DCFF-B727-41d9-8C06-38B209A66420}.exe
| MD5 | de223f4d099942c112d3a2218d995ba5 |
| SHA1 | 25aedd8015623450d0cb0198d6f69dee39af4962 |
| SHA256 | d4b19bebf9df83612ac5a34e2589c5f1fefc73bf5f0524f003d4cdeaf552d3e6 |
| SHA512 | a65ffc56ca4dfd98bf0473e7416b6b65cbd38e393a1866f7f3628db718cd160e4b8fb1645284e189cb1e11cbf865b7fd275b515976e2c4e20cb3f842359dda28 |
C:\Windows\{CB26D8AA-4CA9-4653-B66E-65145673825A}.exe
| MD5 | 537b9e76bcd13b39721537decba86e0e |
| SHA1 | 1a8c74c548e1046a463b26af9f69851cc47e372b |
| SHA256 | 66d32fe1aac97e377ae0af7c5e23fdd60645896d07f3ff75d9c3a88d5bb99308 |
| SHA512 | bf2b024dd66685bf729980d2a8f82e883845c92d744a27f574c24c9ab8ea477f223aff3283ba664818f925e35a127725913cc7cab44be11317bf71972538f63f |
C:\Windows\{8A416E20-9B36-4346-9E43-D3823FDBADEF}.exe
| MD5 | 242bce61c35ed833f5f25b0d62929b4f |
| SHA1 | 2b967228b72e4e647d476263fdbd5d7cf7429e82 |
| SHA256 | 4566f674bbf504569e983859d4bee1d54abf3083c3ba9221819daa248c7a51db |
| SHA512 | 76a47e605d7f12fb88f7cc6bc7c26f7487cdea6cfe35e2913d3e45b78540df789f533c60ee5be998e1d6931c4e3af3dde0ccfffe4fbff25a413790b3e369e4cf |
C:\Windows\{082CC7B7-F50D-4c02-9ADD-3FC61038A49A}.exe
| MD5 | 2f55271c1f7fa228f2e407fae7431fea |
| SHA1 | 373a078cee52df2dcf0a6501deb2b994a4ec856c |
| SHA256 | 4746a30301d6521a6a93536d41db4c19576d3c871528f987bb086720fcabdefa |
| SHA512 | f1cd427c73d2500cf051068bdc23d48ad10bac0487d617bacaca37357aa990070b9e3f268e49829f84b54255922626b479ef22d556a97f67ce6e9e67a5a641f5 |
C:\Windows\{6499CC57-06F0-48d9-B4ED-A8C2B311B531}.exe
| MD5 | 7631ce79fd0f38d9532aaa38f8b8b487 |
| SHA1 | 3db3d7acfc243e196a7961fed61a0424b6e7198c |
| SHA256 | 89594b34419287d6f4e38c4913026a9741842d9776c07d3edbee9181266779b1 |
| SHA512 | 7a3244276878e6bc39922cd1dfd1bc410707aadfed56442e83ea9dd25804d956690b31e5391cc5fd1f65c5fea614f219429a6e95d5fd3c5cedaf85bf71fe535d |