Analysis Overview
SHA256
ff779869f3ec1748be4fed69aeb5618d518d546933c61efd728b64f751adba1c
Threat Level: Known bad
The file 2024-04-06_837c0fd552356df3d2305046cc7d3d4b_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Executes dropped EXE
Deletes itself
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 21:42
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 21:42
Reported
2024-04-06 21:44
Platform
win7-20240221-en
Max time kernel
144s
Max time network
123s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76BB640B-575A-428a-BE82-C5786FAD51B9} | C:\Windows\{D09BEC34-7243-435f-8B72-74C5DBC25840}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A1D1AD90-5180-40ab-BFC7-3E4EFDF903D1} | C:\Windows\{7B755DF5-4E59-4cca-897E-FB39F787FD9F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6B8BF25E-AF64-4106-B440-CB9B7D25E01F}\stubpath = "C:\\Windows\\{6B8BF25E-AF64-4106-B440-CB9B7D25E01F}.exe" | C:\Windows\{A1D1AD90-5180-40ab-BFC7-3E4EFDF903D1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{77CD1F87-2DF1-423f-AC4C-DA4FBCCAF966}\stubpath = "C:\\Windows\\{77CD1F87-2DF1-423f-AC4C-DA4FBCCAF966}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-06_837c0fd552356df3d2305046cc7d3d4b_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CDBC6046-A1E5-46cd-AE0F-E45A3334504B}\stubpath = "C:\\Windows\\{CDBC6046-A1E5-46cd-AE0F-E45A3334504B}.exe" | C:\Windows\{77CD1F87-2DF1-423f-AC4C-DA4FBCCAF966}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{552C4C99-FF3B-465b-BA8D-2677E978339B} | C:\Windows\{CDBC6046-A1E5-46cd-AE0F-E45A3334504B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5084DCD7-41FB-4d2d-9FAC-44C558D9FCB4} | C:\Windows\{552C4C99-FF3B-465b-BA8D-2677E978339B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D09BEC34-7243-435f-8B72-74C5DBC25840}\stubpath = "C:\\Windows\\{D09BEC34-7243-435f-8B72-74C5DBC25840}.exe" | C:\Windows\{5084DCD7-41FB-4d2d-9FAC-44C558D9FCB4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{27DEC9A1-8DAC-4882-91DE-FDFF851DFF6E} | C:\Windows\{6B8BF25E-AF64-4106-B440-CB9B7D25E01F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{77CD1F87-2DF1-423f-AC4C-DA4FBCCAF966} | C:\Users\Admin\AppData\Local\Temp\2024-04-06_837c0fd552356df3d2305046cc7d3d4b_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CDBC6046-A1E5-46cd-AE0F-E45A3334504B} | C:\Windows\{77CD1F87-2DF1-423f-AC4C-DA4FBCCAF966}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{552C4C99-FF3B-465b-BA8D-2677E978339B}\stubpath = "C:\\Windows\\{552C4C99-FF3B-465b-BA8D-2677E978339B}.exe" | C:\Windows\{CDBC6046-A1E5-46cd-AE0F-E45A3334504B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7B755DF5-4E59-4cca-897E-FB39F787FD9F}\stubpath = "C:\\Windows\\{7B755DF5-4E59-4cca-897E-FB39F787FD9F}.exe" | C:\Windows\{76BB640B-575A-428a-BE82-C5786FAD51B9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6B8BF25E-AF64-4106-B440-CB9B7D25E01F} | C:\Windows\{A1D1AD90-5180-40ab-BFC7-3E4EFDF903D1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D09BEC34-7243-435f-8B72-74C5DBC25840} | C:\Windows\{5084DCD7-41FB-4d2d-9FAC-44C558D9FCB4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76BB640B-575A-428a-BE82-C5786FAD51B9}\stubpath = "C:\\Windows\\{76BB640B-575A-428a-BE82-C5786FAD51B9}.exe" | C:\Windows\{D09BEC34-7243-435f-8B72-74C5DBC25840}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7B755DF5-4E59-4cca-897E-FB39F787FD9F} | C:\Windows\{76BB640B-575A-428a-BE82-C5786FAD51B9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{27DEC9A1-8DAC-4882-91DE-FDFF851DFF6E}\stubpath = "C:\\Windows\\{27DEC9A1-8DAC-4882-91DE-FDFF851DFF6E}.exe" | C:\Windows\{6B8BF25E-AF64-4106-B440-CB9B7D25E01F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A4D4A3D3-B8BD-4026-9893-456F0CB3161F} | C:\Windows\{27DEC9A1-8DAC-4882-91DE-FDFF851DFF6E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5084DCD7-41FB-4d2d-9FAC-44C558D9FCB4}\stubpath = "C:\\Windows\\{5084DCD7-41FB-4d2d-9FAC-44C558D9FCB4}.exe" | C:\Windows\{552C4C99-FF3B-465b-BA8D-2677E978339B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A1D1AD90-5180-40ab-BFC7-3E4EFDF903D1}\stubpath = "C:\\Windows\\{A1D1AD90-5180-40ab-BFC7-3E4EFDF903D1}.exe" | C:\Windows\{7B755DF5-4E59-4cca-897E-FB39F787FD9F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A4D4A3D3-B8BD-4026-9893-456F0CB3161F}\stubpath = "C:\\Windows\\{A4D4A3D3-B8BD-4026-9893-456F0CB3161F}.exe" | C:\Windows\{27DEC9A1-8DAC-4882-91DE-FDFF851DFF6E}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{77CD1F87-2DF1-423f-AC4C-DA4FBCCAF966}.exe | N/A |
| N/A | N/A | C:\Windows\{CDBC6046-A1E5-46cd-AE0F-E45A3334504B}.exe | N/A |
| N/A | N/A | C:\Windows\{552C4C99-FF3B-465b-BA8D-2677E978339B}.exe | N/A |
| N/A | N/A | C:\Windows\{5084DCD7-41FB-4d2d-9FAC-44C558D9FCB4}.exe | N/A |
| N/A | N/A | C:\Windows\{D09BEC34-7243-435f-8B72-74C5DBC25840}.exe | N/A |
| N/A | N/A | C:\Windows\{76BB640B-575A-428a-BE82-C5786FAD51B9}.exe | N/A |
| N/A | N/A | C:\Windows\{7B755DF5-4E59-4cca-897E-FB39F787FD9F}.exe | N/A |
| N/A | N/A | C:\Windows\{A1D1AD90-5180-40ab-BFC7-3E4EFDF903D1}.exe | N/A |
| N/A | N/A | C:\Windows\{6B8BF25E-AF64-4106-B440-CB9B7D25E01F}.exe | N/A |
| N/A | N/A | C:\Windows\{27DEC9A1-8DAC-4882-91DE-FDFF851DFF6E}.exe | N/A |
| N/A | N/A | C:\Windows\{A4D4A3D3-B8BD-4026-9893-456F0CB3161F}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{27DEC9A1-8DAC-4882-91DE-FDFF851DFF6E}.exe | C:\Windows\{6B8BF25E-AF64-4106-B440-CB9B7D25E01F}.exe | N/A |
| File created | C:\Windows\{A4D4A3D3-B8BD-4026-9893-456F0CB3161F}.exe | C:\Windows\{27DEC9A1-8DAC-4882-91DE-FDFF851DFF6E}.exe | N/A |
| File created | C:\Windows\{77CD1F87-2DF1-423f-AC4C-DA4FBCCAF966}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-06_837c0fd552356df3d2305046cc7d3d4b_goldeneye.exe | N/A |
| File created | C:\Windows\{552C4C99-FF3B-465b-BA8D-2677E978339B}.exe | C:\Windows\{CDBC6046-A1E5-46cd-AE0F-E45A3334504B}.exe | N/A |
| File created | C:\Windows\{D09BEC34-7243-435f-8B72-74C5DBC25840}.exe | C:\Windows\{5084DCD7-41FB-4d2d-9FAC-44C558D9FCB4}.exe | N/A |
| File created | C:\Windows\{76BB640B-575A-428a-BE82-C5786FAD51B9}.exe | C:\Windows\{D09BEC34-7243-435f-8B72-74C5DBC25840}.exe | N/A |
| File created | C:\Windows\{A1D1AD90-5180-40ab-BFC7-3E4EFDF903D1}.exe | C:\Windows\{7B755DF5-4E59-4cca-897E-FB39F787FD9F}.exe | N/A |
| File created | C:\Windows\{6B8BF25E-AF64-4106-B440-CB9B7D25E01F}.exe | C:\Windows\{A1D1AD90-5180-40ab-BFC7-3E4EFDF903D1}.exe | N/A |
| File created | C:\Windows\{CDBC6046-A1E5-46cd-AE0F-E45A3334504B}.exe | C:\Windows\{77CD1F87-2DF1-423f-AC4C-DA4FBCCAF966}.exe | N/A |
| File created | C:\Windows\{5084DCD7-41FB-4d2d-9FAC-44C558D9FCB4}.exe | C:\Windows\{552C4C99-FF3B-465b-BA8D-2677E978339B}.exe | N/A |
| File created | C:\Windows\{7B755DF5-4E59-4cca-897E-FB39F787FD9F}.exe | C:\Windows\{76BB640B-575A-428a-BE82-C5786FAD51B9}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-06_837c0fd552356df3d2305046cc7d3d4b_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-06_837c0fd552356df3d2305046cc7d3d4b_goldeneye.exe"
C:\Windows\{77CD1F87-2DF1-423f-AC4C-DA4FBCCAF966}.exe
C:\Windows\{77CD1F87-2DF1-423f-AC4C-DA4FBCCAF966}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{CDBC6046-A1E5-46cd-AE0F-E45A3334504B}.exe
C:\Windows\{CDBC6046-A1E5-46cd-AE0F-E45A3334504B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{77CD1~1.EXE > nul
C:\Windows\{552C4C99-FF3B-465b-BA8D-2677E978339B}.exe
C:\Windows\{552C4C99-FF3B-465b-BA8D-2677E978339B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CDBC6~1.EXE > nul
C:\Windows\{5084DCD7-41FB-4d2d-9FAC-44C558D9FCB4}.exe
C:\Windows\{5084DCD7-41FB-4d2d-9FAC-44C558D9FCB4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{552C4~1.EXE > nul
C:\Windows\{D09BEC34-7243-435f-8B72-74C5DBC25840}.exe
C:\Windows\{D09BEC34-7243-435f-8B72-74C5DBC25840}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5084D~1.EXE > nul
C:\Windows\{76BB640B-575A-428a-BE82-C5786FAD51B9}.exe
C:\Windows\{76BB640B-575A-428a-BE82-C5786FAD51B9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D09BE~1.EXE > nul
C:\Windows\{7B755DF5-4E59-4cca-897E-FB39F787FD9F}.exe
C:\Windows\{7B755DF5-4E59-4cca-897E-FB39F787FD9F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{76BB6~1.EXE > nul
C:\Windows\{A1D1AD90-5180-40ab-BFC7-3E4EFDF903D1}.exe
C:\Windows\{A1D1AD90-5180-40ab-BFC7-3E4EFDF903D1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7B755~1.EXE > nul
C:\Windows\{6B8BF25E-AF64-4106-B440-CB9B7D25E01F}.exe
C:\Windows\{6B8BF25E-AF64-4106-B440-CB9B7D25E01F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A1D1A~1.EXE > nul
C:\Windows\{27DEC9A1-8DAC-4882-91DE-FDFF851DFF6E}.exe
C:\Windows\{27DEC9A1-8DAC-4882-91DE-FDFF851DFF6E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6B8BF~1.EXE > nul
C:\Windows\{A4D4A3D3-B8BD-4026-9893-456F0CB3161F}.exe
C:\Windows\{A4D4A3D3-B8BD-4026-9893-456F0CB3161F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{27DEC~1.EXE > nul
Network
Files
C:\Windows\{77CD1F87-2DF1-423f-AC4C-DA4FBCCAF966}.exe
| MD5 | 8119276d91f4b40b60adce6c21f71219 |
| SHA1 | b63287e100b2cfa3116a0d3ef2db616f691cdcbf |
| SHA256 | cf6f4ce7e613fcae276d50ca2f69f367ddd8f02b65c97cb973b6024579293e95 |
| SHA512 | 11ea2c286f28e0252e89aaa0927f7b439a86fcfbd68ff31b01c0f62f951019ea14a4b2dd063d310a4a8a540a1952a9ec437ee21d4543ea37c485217b90ed0d2b |
C:\Windows\{CDBC6046-A1E5-46cd-AE0F-E45A3334504B}.exe
| MD5 | 1ba8316b339c048e713544a6e277a9f4 |
| SHA1 | 24c01ecfdb09578bd776bf1a45775766465531cf |
| SHA256 | fefa335cf3babb286be5cf274fd1696729ba30013dea193a62d6a7de2d19f0a6 |
| SHA512 | 3d34278b5968cb560808662510ffc408aeae5ead12beda3ee321e93ba5c51021551d0f323cf210479d5136f470a841a1782cb9f70b6d72cb431a097f40b6bcfb |
C:\Windows\{552C4C99-FF3B-465b-BA8D-2677E978339B}.exe
| MD5 | 2777fa5e1be5c605e5fd6f9440d0baa4 |
| SHA1 | e0fba6a706320d4f170c5d696ba30eee8aee7351 |
| SHA256 | b76a14689b09ce1bd70d2dd550da3f3a512f1f87636deba606ae1847b9b9cdb3 |
| SHA512 | e31cae8fa14a6224d1527d3d03fbbfb36caf6cc567bc1bf67575c437b51e4b99c64f77e928be1a157e28da98041d442be6fd84b4a5941d9e6d650901381a3cdd |
C:\Windows\{5084DCD7-41FB-4d2d-9FAC-44C558D9FCB4}.exe
| MD5 | 606ec459a4b6e3bd1207bd9f95b5e6cb |
| SHA1 | 2f1b89e60ba4c6eaa489b2913807e64b436bb0f5 |
| SHA256 | 2b7dd6a4f0c21c7a3d1a7510497696062d88904510d7494b73d6627764776722 |
| SHA512 | 093d41a0ba1325288a5136ea7b7bddc04b3f8e6e08710203899b280ecad91de908d9e895e2adcafe65e9cfdc3d1b2c0572f9722d667ae1c648fb64dc4509eaa2 |
C:\Windows\{D09BEC34-7243-435f-8B72-74C5DBC25840}.exe
| MD5 | 3456312515fc86c9e6c61185dfe845b1 |
| SHA1 | d38203b6777979800a19ec64e7070d0c0c89f337 |
| SHA256 | c7270ee7923058514b091f8d35b433884581702aa1646ec2c93afebcba755471 |
| SHA512 | d6844cc0026409abc52ee57b97bb046038830fbf9932e868e06dc0e0c7ddea4f1965d99cd383755a93b6c05322783ae41f97faa5038ba40627d13fd91bc079d5 |
C:\Windows\{76BB640B-575A-428a-BE82-C5786FAD51B9}.exe
| MD5 | bc185c4496e190b3b9195773a4c6cce1 |
| SHA1 | 48718264dff644847a29d526fcd67f6cde9dc83a |
| SHA256 | 7534c9685edfd1c3942dee12f5cd57ebcf7ed58cf1d1e9139f3a3728eadb65b4 |
| SHA512 | bd09df3132d134566817d8ad4d5f1d273ae34cca06227e1b3336ae0776966605836a7957617007dcb50fd9e0418eb38be18145395809b980e0a5c76202e5333f |
C:\Windows\{7B755DF5-4E59-4cca-897E-FB39F787FD9F}.exe
| MD5 | 5a794c77f05bfa80939af48e2ed512e2 |
| SHA1 | 1591a153627a0e003b165375e45fff9f3a5544f1 |
| SHA256 | 5da35fceb0fea8246f18968acf0bd991fc07f4fa129be35a4638538abfa19a04 |
| SHA512 | 9aad56d130cd778ed884191edd36330d5da47600d313ec922b6db7f3150b18951033b1efbd689348fd7f609331ae28b26872381ed46c853604c8490ec737037f |
C:\Windows\{A1D1AD90-5180-40ab-BFC7-3E4EFDF903D1}.exe
| MD5 | d1a27f97a01b3dd2d390063e96b7fae3 |
| SHA1 | e8724a98c3bcd2a980cab66a25eb47a87ab938aa |
| SHA256 | 78d24c1cac5b0c701eddec1d08e60f81a101dc27e026c909272cba1276025c45 |
| SHA512 | 99f1b4f7ffab9c111d3901eb2ae359b7381eda31effe2c42ef231cca45cb4deb4a86d607c48dc3ff06db28e47db5607cb4ea3384f967f3a51476ca1e936468db |
C:\Windows\{6B8BF25E-AF64-4106-B440-CB9B7D25E01F}.exe
| MD5 | 61222317d009b4b6cac9003d1f166e08 |
| SHA1 | 24da2b0e6b15468c9b45f0ce3071e9cf2c9a6998 |
| SHA256 | 7d2811fe8a42c3a0f60accac941a0c68e7f02e6dc5102eb4b85695ca9069c10f |
| SHA512 | e367a7e16f1c9dce20516cf4dd46de19274a0e6649f6ff8c320bd3ad0ddd3021481ba900f22af1092ab9ce8ffbee2d041fbf8ab0757f224f588841651be26a9e |
C:\Windows\{27DEC9A1-8DAC-4882-91DE-FDFF851DFF6E}.exe
| MD5 | ecfa67ca309dcd91067482210fbc5acc |
| SHA1 | 4ed2fd71943e7201a7299588877e6bc15a340be3 |
| SHA256 | 8e9ad34c2b3bd026fdb5de263d56d6c59aebb7b29a5bc5b14fa0a40518a4216b |
| SHA512 | 88ecdc92cd85d885d2f2babc2f4e5e2c423c8f9d70f6b776d443f8259b2d1093fdd54c0b4e7ef8ee73117f5523985812ac687125691207c6ebc0e841b71e64fb |
C:\Windows\{A4D4A3D3-B8BD-4026-9893-456F0CB3161F}.exe
| MD5 | 81f52e039898ec0933e7b58d350ae348 |
| SHA1 | 1cd8cbdce585b3c78a714d12e48d8dfb05c8f9a6 |
| SHA256 | 14a099c3994ca6bd0202ca995999e65c3b4025245514292c6850aac8662e7ded |
| SHA512 | c1ddb2b4fc2c57656f3caf08605236efe1dd938e1586af5942a2aa6076d6f61f65e4c719e37c222118636853fb22aaccb168e1ddb61cbb0ca8b79a558550fbd5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 21:42
Reported
2024-04-06 21:44
Platform
win10v2004-20231215-en
Max time kernel
149s
Max time network
121s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A5873103-31D1-41b1-89DE-A08D98A4033E} | C:\Windows\{AA87B5C7-FDA2-4f58-8637-46322B4A3AB4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A5873103-31D1-41b1-89DE-A08D98A4033E}\stubpath = "C:\\Windows\\{A5873103-31D1-41b1-89DE-A08D98A4033E}.exe" | C:\Windows\{AA87B5C7-FDA2-4f58-8637-46322B4A3AB4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8DBE1B83-E263-48be-B221-FF8B6966EEDC} | C:\Users\Admin\AppData\Local\Temp\2024-04-06_837c0fd552356df3d2305046cc7d3d4b_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{10A33EC7-8B05-4d8b-AB01-443BF40F81DB} | C:\Windows\{4FBC5147-3ADE-4a23-9190-916DE8470E1C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A1C220E9-CC14-45e6-AD09-33AB41F7FC0C} | C:\Windows\{D58074FD-FD34-4583-B801-BEF67A2C0E23}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{62A3783E-94BD-4885-A11C-C39147543A1E}\stubpath = "C:\\Windows\\{62A3783E-94BD-4885-A11C-C39147543A1E}.exe" | C:\Windows\{0A1DB3E5-A661-4d3f-8762-45B0C5A8D30C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A1C220E9-CC14-45e6-AD09-33AB41F7FC0C}\stubpath = "C:\\Windows\\{A1C220E9-CC14-45e6-AD09-33AB41F7FC0C}.exe" | C:\Windows\{D58074FD-FD34-4583-B801-BEF67A2C0E23}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BE9B2563-BE57-46b0-BE42-3F10123ECA81}\stubpath = "C:\\Windows\\{BE9B2563-BE57-46b0-BE42-3F10123ECA81}.exe" | C:\Windows\{A1C220E9-CC14-45e6-AD09-33AB41F7FC0C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0A1DB3E5-A661-4d3f-8762-45B0C5A8D30C} | C:\Windows\{BE9B2563-BE57-46b0-BE42-3F10123ECA81}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AA87B5C7-FDA2-4f58-8637-46322B4A3AB4}\stubpath = "C:\\Windows\\{AA87B5C7-FDA2-4f58-8637-46322B4A3AB4}.exe" | C:\Windows\{62A3783E-94BD-4885-A11C-C39147543A1E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{94643B98-6781-4d9f-B07D-D48BE14C3EFD} | C:\Windows\{8DBE1B83-E263-48be-B221-FF8B6966EEDC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{94643B98-6781-4d9f-B07D-D48BE14C3EFD}\stubpath = "C:\\Windows\\{94643B98-6781-4d9f-B07D-D48BE14C3EFD}.exe" | C:\Windows\{8DBE1B83-E263-48be-B221-FF8B6966EEDC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4FBC5147-3ADE-4a23-9190-916DE8470E1C} | C:\Windows\{94643B98-6781-4d9f-B07D-D48BE14C3EFD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{59FA6CD1-02F0-4ad9-816A-6E2BC6F23F96}\stubpath = "C:\\Windows\\{59FA6CD1-02F0-4ad9-816A-6E2BC6F23F96}.exe" | C:\Windows\{10A33EC7-8B05-4d8b-AB01-443BF40F81DB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0A1DB3E5-A661-4d3f-8762-45B0C5A8D30C}\stubpath = "C:\\Windows\\{0A1DB3E5-A661-4d3f-8762-45B0C5A8D30C}.exe" | C:\Windows\{BE9B2563-BE57-46b0-BE42-3F10123ECA81}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AA87B5C7-FDA2-4f58-8637-46322B4A3AB4} | C:\Windows\{62A3783E-94BD-4885-A11C-C39147543A1E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8DBE1B83-E263-48be-B221-FF8B6966EEDC}\stubpath = "C:\\Windows\\{8DBE1B83-E263-48be-B221-FF8B6966EEDC}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-06_837c0fd552356df3d2305046cc7d3d4b_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{10A33EC7-8B05-4d8b-AB01-443BF40F81DB}\stubpath = "C:\\Windows\\{10A33EC7-8B05-4d8b-AB01-443BF40F81DB}.exe" | C:\Windows\{4FBC5147-3ADE-4a23-9190-916DE8470E1C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{59FA6CD1-02F0-4ad9-816A-6E2BC6F23F96} | C:\Windows\{10A33EC7-8B05-4d8b-AB01-443BF40F81DB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D58074FD-FD34-4583-B801-BEF67A2C0E23} | C:\Windows\{59FA6CD1-02F0-4ad9-816A-6E2BC6F23F96}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4FBC5147-3ADE-4a23-9190-916DE8470E1C}\stubpath = "C:\\Windows\\{4FBC5147-3ADE-4a23-9190-916DE8470E1C}.exe" | C:\Windows\{94643B98-6781-4d9f-B07D-D48BE14C3EFD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D58074FD-FD34-4583-B801-BEF67A2C0E23}\stubpath = "C:\\Windows\\{D58074FD-FD34-4583-B801-BEF67A2C0E23}.exe" | C:\Windows\{59FA6CD1-02F0-4ad9-816A-6E2BC6F23F96}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BE9B2563-BE57-46b0-BE42-3F10123ECA81} | C:\Windows\{A1C220E9-CC14-45e6-AD09-33AB41F7FC0C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{62A3783E-94BD-4885-A11C-C39147543A1E} | C:\Windows\{0A1DB3E5-A661-4d3f-8762-45B0C5A8D30C}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{8DBE1B83-E263-48be-B221-FF8B6966EEDC}.exe | N/A |
| N/A | N/A | C:\Windows\{94643B98-6781-4d9f-B07D-D48BE14C3EFD}.exe | N/A |
| N/A | N/A | C:\Windows\{4FBC5147-3ADE-4a23-9190-916DE8470E1C}.exe | N/A |
| N/A | N/A | C:\Windows\{10A33EC7-8B05-4d8b-AB01-443BF40F81DB}.exe | N/A |
| N/A | N/A | C:\Windows\{59FA6CD1-02F0-4ad9-816A-6E2BC6F23F96}.exe | N/A |
| N/A | N/A | C:\Windows\{D58074FD-FD34-4583-B801-BEF67A2C0E23}.exe | N/A |
| N/A | N/A | C:\Windows\{A1C220E9-CC14-45e6-AD09-33AB41F7FC0C}.exe | N/A |
| N/A | N/A | C:\Windows\{BE9B2563-BE57-46b0-BE42-3F10123ECA81}.exe | N/A |
| N/A | N/A | C:\Windows\{0A1DB3E5-A661-4d3f-8762-45B0C5A8D30C}.exe | N/A |
| N/A | N/A | C:\Windows\{62A3783E-94BD-4885-A11C-C39147543A1E}.exe | N/A |
| N/A | N/A | C:\Windows\{AA87B5C7-FDA2-4f58-8637-46322B4A3AB4}.exe | N/A |
| N/A | N/A | C:\Windows\{A5873103-31D1-41b1-89DE-A08D98A4033E}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{59FA6CD1-02F0-4ad9-816A-6E2BC6F23F96}.exe | C:\Windows\{10A33EC7-8B05-4d8b-AB01-443BF40F81DB}.exe | N/A |
| File created | C:\Windows\{D58074FD-FD34-4583-B801-BEF67A2C0E23}.exe | C:\Windows\{59FA6CD1-02F0-4ad9-816A-6E2BC6F23F96}.exe | N/A |
| File created | C:\Windows\{A1C220E9-CC14-45e6-AD09-33AB41F7FC0C}.exe | C:\Windows\{D58074FD-FD34-4583-B801-BEF67A2C0E23}.exe | N/A |
| File created | C:\Windows\{94643B98-6781-4d9f-B07D-D48BE14C3EFD}.exe | C:\Windows\{8DBE1B83-E263-48be-B221-FF8B6966EEDC}.exe | N/A |
| File created | C:\Windows\{4FBC5147-3ADE-4a23-9190-916DE8470E1C}.exe | C:\Windows\{94643B98-6781-4d9f-B07D-D48BE14C3EFD}.exe | N/A |
| File created | C:\Windows\{10A33EC7-8B05-4d8b-AB01-443BF40F81DB}.exe | C:\Windows\{4FBC5147-3ADE-4a23-9190-916DE8470E1C}.exe | N/A |
| File created | C:\Windows\{BE9B2563-BE57-46b0-BE42-3F10123ECA81}.exe | C:\Windows\{A1C220E9-CC14-45e6-AD09-33AB41F7FC0C}.exe | N/A |
| File created | C:\Windows\{0A1DB3E5-A661-4d3f-8762-45B0C5A8D30C}.exe | C:\Windows\{BE9B2563-BE57-46b0-BE42-3F10123ECA81}.exe | N/A |
| File created | C:\Windows\{62A3783E-94BD-4885-A11C-C39147543A1E}.exe | C:\Windows\{0A1DB3E5-A661-4d3f-8762-45B0C5A8D30C}.exe | N/A |
| File created | C:\Windows\{AA87B5C7-FDA2-4f58-8637-46322B4A3AB4}.exe | C:\Windows\{62A3783E-94BD-4885-A11C-C39147543A1E}.exe | N/A |
| File created | C:\Windows\{A5873103-31D1-41b1-89DE-A08D98A4033E}.exe | C:\Windows\{AA87B5C7-FDA2-4f58-8637-46322B4A3AB4}.exe | N/A |
| File created | C:\Windows\{8DBE1B83-E263-48be-B221-FF8B6966EEDC}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-06_837c0fd552356df3d2305046cc7d3d4b_goldeneye.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-06_837c0fd552356df3d2305046cc7d3d4b_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-06_837c0fd552356df3d2305046cc7d3d4b_goldeneye.exe"
C:\Windows\{8DBE1B83-E263-48be-B221-FF8B6966EEDC}.exe
C:\Windows\{8DBE1B83-E263-48be-B221-FF8B6966EEDC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{94643B98-6781-4d9f-B07D-D48BE14C3EFD}.exe
C:\Windows\{94643B98-6781-4d9f-B07D-D48BE14C3EFD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8DBE1~1.EXE > nul
C:\Windows\{4FBC5147-3ADE-4a23-9190-916DE8470E1C}.exe
C:\Windows\{4FBC5147-3ADE-4a23-9190-916DE8470E1C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{94643~1.EXE > nul
C:\Windows\{10A33EC7-8B05-4d8b-AB01-443BF40F81DB}.exe
C:\Windows\{10A33EC7-8B05-4d8b-AB01-443BF40F81DB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4FBC5~1.EXE > nul
C:\Windows\{59FA6CD1-02F0-4ad9-816A-6E2BC6F23F96}.exe
C:\Windows\{59FA6CD1-02F0-4ad9-816A-6E2BC6F23F96}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{10A33~1.EXE > nul
C:\Windows\{D58074FD-FD34-4583-B801-BEF67A2C0E23}.exe
C:\Windows\{D58074FD-FD34-4583-B801-BEF67A2C0E23}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{59FA6~1.EXE > nul
C:\Windows\{A1C220E9-CC14-45e6-AD09-33AB41F7FC0C}.exe
C:\Windows\{A1C220E9-CC14-45e6-AD09-33AB41F7FC0C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D5807~1.EXE > nul
C:\Windows\{BE9B2563-BE57-46b0-BE42-3F10123ECA81}.exe
C:\Windows\{BE9B2563-BE57-46b0-BE42-3F10123ECA81}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A1C22~1.EXE > nul
C:\Windows\{0A1DB3E5-A661-4d3f-8762-45B0C5A8D30C}.exe
C:\Windows\{0A1DB3E5-A661-4d3f-8762-45B0C5A8D30C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BE9B2~1.EXE > nul
C:\Windows\{62A3783E-94BD-4885-A11C-C39147543A1E}.exe
C:\Windows\{62A3783E-94BD-4885-A11C-C39147543A1E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0A1DB~1.EXE > nul
C:\Windows\{AA87B5C7-FDA2-4f58-8637-46322B4A3AB4}.exe
C:\Windows\{AA87B5C7-FDA2-4f58-8637-46322B4A3AB4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{62A37~1.EXE > nul
C:\Windows\{A5873103-31D1-41b1-89DE-A08D98A4033E}.exe
C:\Windows\{A5873103-31D1-41b1-89DE-A08D98A4033E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{AA87B~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
C:\Windows\{8DBE1B83-E263-48be-B221-FF8B6966EEDC}.exe
| MD5 | 7569f0e99dcc1f8dfaf49a4b81e30b19 |
| SHA1 | 90b3674e924d0777d75dc2a2e63292a6fc09561b |
| SHA256 | e2add24ad35a517f1d97e3add6470db553238771d20644685888a8ed46aaf6e6 |
| SHA512 | 2f9e0bebbb9a0710a33eaacc4b6acf3c95e40a38370b830bd7878453e8909c01ef5e4b3692eb71c6b4c7ab2c8a0e5c886f3a72d7e345e6ef673451b28aba92bb |
C:\Windows\{94643B98-6781-4d9f-B07D-D48BE14C3EFD}.exe
| MD5 | cd12d9f7fa73b6e961ecd6a3a3cc48ff |
| SHA1 | 938c651111b14c13ecb04a00458532a66bde57ad |
| SHA256 | 6cae6410e5f5b84ecf2d119a8f8faa3588cc1c61f1bbadf6041e656615485679 |
| SHA512 | 2299c5cc17ce951f44d26ab16734e7900075f432ece5fbaed8e22bd5670f56bac9ec40f3d882d8fea5e0a84bd701ef2a99abf514674c6eb11e185ad3ecc5bde1 |
C:\Windows\{4FBC5147-3ADE-4a23-9190-916DE8470E1C}.exe
| MD5 | 8640c6e630e04837db90d4b7d3e52ea4 |
| SHA1 | f796f43766f1f754d0908f87c709a50e552971a9 |
| SHA256 | 1df5b4c69186780d93a1565c3106ab961490d8cfad06b15009dcf8b1f4d5b3ca |
| SHA512 | 28dfb9ff2571dcc3429c61fea867cf35687ab11cc84b6631c04255cc7948257e93880adee3486a5924ef84de461491229b4425e0fa455eabbaedcfb1e1435c36 |
C:\Windows\{10A33EC7-8B05-4d8b-AB01-443BF40F81DB}.exe
| MD5 | 76e2c9c89fc9018b6341ce6703d90972 |
| SHA1 | 839ae26f4a7ce6da90075f04fa9a0e13a71339a1 |
| SHA256 | fc58a08dd58c46f829e56f6c5509fbfbf8cec6a4a1ef55af138973372d0508df |
| SHA512 | 1a60858f8204c90a89a654b3afdef6686318ff015320cd2546355a1a65f686d9caad525c07b9eaab105f1a802fb6ab84ef322b28bcd91bbe98b240199c062074 |
C:\Windows\{59FA6CD1-02F0-4ad9-816A-6E2BC6F23F96}.exe
| MD5 | 8b404d9b600bcc1ee62c08d77167c396 |
| SHA1 | dc75790484692817320bfc9da1eb9d3c0a7ea4e1 |
| SHA256 | deaa14017d304d5db3b6986c691220a779b28fca32a5954b21abb9e005e5e35f |
| SHA512 | 9a252da99de9190fd0fc9cb0144e02bfd633255ba46583f4628de384b59be8dbb4f1ad32a42a5903d2c8a207db8f3b2e7ee17952acd94cf193df98484d43142a |
C:\Windows\{D58074FD-FD34-4583-B801-BEF67A2C0E23}.exe
| MD5 | 13ebe2192a03339802aa57a6a91e9ac0 |
| SHA1 | f4605319e28d45594b16be3c3e8a5819ee3b6ad4 |
| SHA256 | a58bab623c4aee6ffc0acd3aa3d071b9d83332523fea3ca4d2a4318a3065bba5 |
| SHA512 | 867f5dfc6dff9157893ab6260f64abbbc0e07c10baa019402114ded4681810beff0c47a5094af8563b802caa35f85d0c27d87ba08ece9ff2849140f21d415435 |
C:\Windows\{A1C220E9-CC14-45e6-AD09-33AB41F7FC0C}.exe
| MD5 | fc44709c80b4b0ea239262396eaeda8f |
| SHA1 | 12e22c6e7128675c65ee0973bfad44aed5084e0a |
| SHA256 | 0591e33c93f4ad1490d9c3fcf82e0d9031a403434de9233e499eac493939cbd2 |
| SHA512 | 99b131beeb4eff75d45b4f11b7f7ec04cb97857fba9f837715f77af6c592adac6567a17a24f36db5990d794f89291691ae4aa7c5460835c36c50052f4d2e9758 |
C:\Windows\{BE9B2563-BE57-46b0-BE42-3F10123ECA81}.exe
| MD5 | 43b4263342c96c25c18673876c7bd1a6 |
| SHA1 | e4ac2781bee86ecee7ca17897721fb26be4b63f0 |
| SHA256 | 6e44ae73bd44288eba7203d1af38364dea3a15d811ab4fd16a5cbd09d8db4137 |
| SHA512 | 557c0a63036cde0a440d0528bd9bd22ab043c39d272f5bca8f8b2ac18a1e523f38feb6dd0458016ce86a13cd990121ce70d27a55be5bc2cc62a17bd5d2c84d8d |
C:\Windows\{0A1DB3E5-A661-4d3f-8762-45B0C5A8D30C}.exe
| MD5 | 8df644c8ce934f0658a1b090a8b60135 |
| SHA1 | 90c195f26893a62c79f35845176c46ad6246784b |
| SHA256 | 6f6adb49282080df9fed16035d647fffdabc5a2d1b824e52939186a98ce3b741 |
| SHA512 | d3e22bff79035845da04b048293e7a61428e73a0ea64780ee20931b82d14cccff645a43d416c108d48cfde6c95bb55dba5c0f2776a2e2a0844f166606f9c3a33 |
C:\Windows\{62A3783E-94BD-4885-A11C-C39147543A1E}.exe
| MD5 | 6e6fb211f921abf8d847ecb17e993ee6 |
| SHA1 | 5c5e3fa624a0aa875476f3818fe041656506e365 |
| SHA256 | 10b8478d7cabaca7738c776a9bc25d321a3390cc478cda6e4587a50982d1395c |
| SHA512 | 8c4317df5c8136a12a058e7151569bcb0ddb78afd53530af209c88ff832c821b961dee66f74f9e34f8aefab030015cb4e8b1f1b1d83a1bcd18659946e6c2c8a9 |
C:\Windows\{AA87B5C7-FDA2-4f58-8637-46322B4A3AB4}.exe
| MD5 | 9a5ae08cfbfaab489aec55b628da0ef0 |
| SHA1 | 030dc45a77c4cd3c18195a37688c93540d48e191 |
| SHA256 | a96caaa577c50660a489477668259175b94162b1b3960b4b6cab83cd0898c9f9 |
| SHA512 | 1f2e6af11391fd8098a6af5c5a8407d2311f73d775d46e9bcba5e8f3d8d16b0801a3f3073653e555394cada3af7d5b4d1c9c099629c1d4e20037a1775c64c0a2 |
C:\Windows\{A5873103-31D1-41b1-89DE-A08D98A4033E}.exe
| MD5 | 0a2d7fb2800e4328e0835ed84484b856 |
| SHA1 | 6db18d268702f1d755f5a669be3e843670f8f076 |
| SHA256 | 8addf6dd0acac8521ebd55d7dc7e86ac381f4d61d66918beb5ab36c3386fc640 |
| SHA512 | c71bedc69d7689da7d717c9baec39457f05857e8f091ef93fe41b42243e7f01f05340e6dad2b169fb28dd7711118d665eca4774b161766ebbef39fc268e90d6c |