Analysis Overview
SHA256
969c106c3de921e51dcf8d9ed004be6c297ec89e1524c38622425cf687cbd4b5
Threat Level: Known bad
The file 2024-04-06_8d82a2b777d782e76bfac9ed6d45addd_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 21:42
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 21:42
Reported
2024-04-06 21:45
Platform
win7-20240221-en
Max time kernel
144s
Max time network
117s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{407049F9-154A-4f38-A988-6DCF262C8374} | C:\Windows\{34239C63-5A02-4f46-AC44-CA746C59DFF9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{407049F9-154A-4f38-A988-6DCF262C8374}\stubpath = "C:\\Windows\\{407049F9-154A-4f38-A988-6DCF262C8374}.exe" | C:\Windows\{34239C63-5A02-4f46-AC44-CA746C59DFF9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{34239C63-5A02-4f46-AC44-CA746C59DFF9} | C:\Windows\{C08CF7C7-C925-4c1a-BACF-4EB1A2A00144}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{57FA58AA-08CF-4bbe-94D0-3225F96FADBD}\stubpath = "C:\\Windows\\{57FA58AA-08CF-4bbe-94D0-3225F96FADBD}.exe" | C:\Windows\{381BB032-87EC-4fc7-8A9D-6F34A9AB38AC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D93FDDD8-765D-4767-9B22-8C43F8147A6C}\stubpath = "C:\\Windows\\{D93FDDD8-765D-4767-9B22-8C43F8147A6C}.exe" | C:\Windows\{57FA58AA-08CF-4bbe-94D0-3225F96FADBD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{02EC94C7-DEE2-45b0-8CD2-299380742F36} | C:\Windows\{8A52C194-A382-4a98-8D16-46270DCD1027}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{02EC94C7-DEE2-45b0-8CD2-299380742F36}\stubpath = "C:\\Windows\\{02EC94C7-DEE2-45b0-8CD2-299380742F36}.exe" | C:\Windows\{8A52C194-A382-4a98-8D16-46270DCD1027}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{DACC91CB-61D7-49c8-8271-B3BC73B132A4}\stubpath = "C:\\Windows\\{DACC91CB-61D7-49c8-8271-B3BC73B132A4}.exe" | C:\Windows\{02EC94C7-DEE2-45b0-8CD2-299380742F36}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0E037E02-F335-4fed-AB31-E2C49B1E0823}\stubpath = "C:\\Windows\\{0E037E02-F335-4fed-AB31-E2C49B1E0823}.exe" | C:\Windows\{9F212FD2-E7F2-47a7-A344-2C22C2665C91}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C08CF7C7-C925-4c1a-BACF-4EB1A2A00144} | C:\Windows\{0E037E02-F335-4fed-AB31-E2C49B1E0823}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{34239C63-5A02-4f46-AC44-CA746C59DFF9}\stubpath = "C:\\Windows\\{34239C63-5A02-4f46-AC44-CA746C59DFF9}.exe" | C:\Windows\{C08CF7C7-C925-4c1a-BACF-4EB1A2A00144}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{57FA58AA-08CF-4bbe-94D0-3225F96FADBD} | C:\Windows\{381BB032-87EC-4fc7-8A9D-6F34A9AB38AC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9F212FD2-E7F2-47a7-A344-2C22C2665C91} | C:\Users\Admin\AppData\Local\Temp\2024-04-06_8d82a2b777d782e76bfac9ed6d45addd_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9F212FD2-E7F2-47a7-A344-2C22C2665C91}\stubpath = "C:\\Windows\\{9F212FD2-E7F2-47a7-A344-2C22C2665C91}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-06_8d82a2b777d782e76bfac9ed6d45addd_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0E037E02-F335-4fed-AB31-E2C49B1E0823} | C:\Windows\{9F212FD2-E7F2-47a7-A344-2C22C2665C91}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C08CF7C7-C925-4c1a-BACF-4EB1A2A00144}\stubpath = "C:\\Windows\\{C08CF7C7-C925-4c1a-BACF-4EB1A2A00144}.exe" | C:\Windows\{0E037E02-F335-4fed-AB31-E2C49B1E0823}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{381BB032-87EC-4fc7-8A9D-6F34A9AB38AC} | C:\Windows\{407049F9-154A-4f38-A988-6DCF262C8374}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{381BB032-87EC-4fc7-8A9D-6F34A9AB38AC}\stubpath = "C:\\Windows\\{381BB032-87EC-4fc7-8A9D-6F34A9AB38AC}.exe" | C:\Windows\{407049F9-154A-4f38-A988-6DCF262C8374}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D93FDDD8-765D-4767-9B22-8C43F8147A6C} | C:\Windows\{57FA58AA-08CF-4bbe-94D0-3225F96FADBD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A52C194-A382-4a98-8D16-46270DCD1027} | C:\Windows\{D93FDDD8-765D-4767-9B22-8C43F8147A6C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A52C194-A382-4a98-8D16-46270DCD1027}\stubpath = "C:\\Windows\\{8A52C194-A382-4a98-8D16-46270DCD1027}.exe" | C:\Windows\{D93FDDD8-765D-4767-9B22-8C43F8147A6C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{DACC91CB-61D7-49c8-8271-B3BC73B132A4} | C:\Windows\{02EC94C7-DEE2-45b0-8CD2-299380742F36}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{9F212FD2-E7F2-47a7-A344-2C22C2665C91}.exe | N/A |
| N/A | N/A | C:\Windows\{0E037E02-F335-4fed-AB31-E2C49B1E0823}.exe | N/A |
| N/A | N/A | C:\Windows\{C08CF7C7-C925-4c1a-BACF-4EB1A2A00144}.exe | N/A |
| N/A | N/A | C:\Windows\{34239C63-5A02-4f46-AC44-CA746C59DFF9}.exe | N/A |
| N/A | N/A | C:\Windows\{407049F9-154A-4f38-A988-6DCF262C8374}.exe | N/A |
| N/A | N/A | C:\Windows\{381BB032-87EC-4fc7-8A9D-6F34A9AB38AC}.exe | N/A |
| N/A | N/A | C:\Windows\{57FA58AA-08CF-4bbe-94D0-3225F96FADBD}.exe | N/A |
| N/A | N/A | C:\Windows\{D93FDDD8-765D-4767-9B22-8C43F8147A6C}.exe | N/A |
| N/A | N/A | C:\Windows\{8A52C194-A382-4a98-8D16-46270DCD1027}.exe | N/A |
| N/A | N/A | C:\Windows\{02EC94C7-DEE2-45b0-8CD2-299380742F36}.exe | N/A |
| N/A | N/A | C:\Windows\{DACC91CB-61D7-49c8-8271-B3BC73B132A4}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{9F212FD2-E7F2-47a7-A344-2C22C2665C91}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-06_8d82a2b777d782e76bfac9ed6d45addd_goldeneye.exe | N/A |
| File created | C:\Windows\{34239C63-5A02-4f46-AC44-CA746C59DFF9}.exe | C:\Windows\{C08CF7C7-C925-4c1a-BACF-4EB1A2A00144}.exe | N/A |
| File created | C:\Windows\{57FA58AA-08CF-4bbe-94D0-3225F96FADBD}.exe | C:\Windows\{381BB032-87EC-4fc7-8A9D-6F34A9AB38AC}.exe | N/A |
| File created | C:\Windows\{D93FDDD8-765D-4767-9B22-8C43F8147A6C}.exe | C:\Windows\{57FA58AA-08CF-4bbe-94D0-3225F96FADBD}.exe | N/A |
| File created | C:\Windows\{0E037E02-F335-4fed-AB31-E2C49B1E0823}.exe | C:\Windows\{9F212FD2-E7F2-47a7-A344-2C22C2665C91}.exe | N/A |
| File created | C:\Windows\{C08CF7C7-C925-4c1a-BACF-4EB1A2A00144}.exe | C:\Windows\{0E037E02-F335-4fed-AB31-E2C49B1E0823}.exe | N/A |
| File created | C:\Windows\{407049F9-154A-4f38-A988-6DCF262C8374}.exe | C:\Windows\{34239C63-5A02-4f46-AC44-CA746C59DFF9}.exe | N/A |
| File created | C:\Windows\{381BB032-87EC-4fc7-8A9D-6F34A9AB38AC}.exe | C:\Windows\{407049F9-154A-4f38-A988-6DCF262C8374}.exe | N/A |
| File created | C:\Windows\{8A52C194-A382-4a98-8D16-46270DCD1027}.exe | C:\Windows\{D93FDDD8-765D-4767-9B22-8C43F8147A6C}.exe | N/A |
| File created | C:\Windows\{02EC94C7-DEE2-45b0-8CD2-299380742F36}.exe | C:\Windows\{8A52C194-A382-4a98-8D16-46270DCD1027}.exe | N/A |
| File created | C:\Windows\{DACC91CB-61D7-49c8-8271-B3BC73B132A4}.exe | C:\Windows\{02EC94C7-DEE2-45b0-8CD2-299380742F36}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-06_8d82a2b777d782e76bfac9ed6d45addd_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-06_8d82a2b777d782e76bfac9ed6d45addd_goldeneye.exe"
C:\Windows\{9F212FD2-E7F2-47a7-A344-2C22C2665C91}.exe
C:\Windows\{9F212FD2-E7F2-47a7-A344-2C22C2665C91}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{0E037E02-F335-4fed-AB31-E2C49B1E0823}.exe
C:\Windows\{0E037E02-F335-4fed-AB31-E2C49B1E0823}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9F212~1.EXE > nul
C:\Windows\{C08CF7C7-C925-4c1a-BACF-4EB1A2A00144}.exe
C:\Windows\{C08CF7C7-C925-4c1a-BACF-4EB1A2A00144}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0E037~1.EXE > nul
C:\Windows\{34239C63-5A02-4f46-AC44-CA746C59DFF9}.exe
C:\Windows\{34239C63-5A02-4f46-AC44-CA746C59DFF9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C08CF~1.EXE > nul
C:\Windows\{407049F9-154A-4f38-A988-6DCF262C8374}.exe
C:\Windows\{407049F9-154A-4f38-A988-6DCF262C8374}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{34239~1.EXE > nul
C:\Windows\{381BB032-87EC-4fc7-8A9D-6F34A9AB38AC}.exe
C:\Windows\{381BB032-87EC-4fc7-8A9D-6F34A9AB38AC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{40704~1.EXE > nul
C:\Windows\{57FA58AA-08CF-4bbe-94D0-3225F96FADBD}.exe
C:\Windows\{57FA58AA-08CF-4bbe-94D0-3225F96FADBD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{381BB~1.EXE > nul
C:\Windows\{D93FDDD8-765D-4767-9B22-8C43F8147A6C}.exe
C:\Windows\{D93FDDD8-765D-4767-9B22-8C43F8147A6C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{57FA5~1.EXE > nul
C:\Windows\{8A52C194-A382-4a98-8D16-46270DCD1027}.exe
C:\Windows\{8A52C194-A382-4a98-8D16-46270DCD1027}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D93FD~1.EXE > nul
C:\Windows\{02EC94C7-DEE2-45b0-8CD2-299380742F36}.exe
C:\Windows\{02EC94C7-DEE2-45b0-8CD2-299380742F36}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8A52C~1.EXE > nul
C:\Windows\{DACC91CB-61D7-49c8-8271-B3BC73B132A4}.exe
C:\Windows\{DACC91CB-61D7-49c8-8271-B3BC73B132A4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{02EC9~1.EXE > nul
Network
Files
C:\Windows\{9F212FD2-E7F2-47a7-A344-2C22C2665C91}.exe
| MD5 | f5982fb9bf7efd7d07b9abd717c1d524 |
| SHA1 | a42b25d2d7a2ac8abae97ca23a04dabf49d77a7a |
| SHA256 | 3d3d79d15a598a7bf0047f26022645f04374e187d71751533d45fe08755eefb8 |
| SHA512 | 48999ebc379680246d1ca2262698892167591f9d3011870c8be09e5c1d6563363d84c1b988929ecbf32fe5a5b5d44531b66c68b7cb258a8198ceb3915e268221 |
C:\Windows\{0E037E02-F335-4fed-AB31-E2C49B1E0823}.exe
| MD5 | 5fa0084ea6a69bf7e98516fecf8ef6c5 |
| SHA1 | d5edec9d8854bf3153e0eac32f5e36ca5afd051f |
| SHA256 | 78916a038b4f035deb02ab14ba0caa75c732ebc1a2bbdabea5d934764f7fad04 |
| SHA512 | fe6147065847c6ddc6bf33e52a61234b4595f49bcedaf3ff130f37041f98e227364955aeeca464beae6bd3bed8518e7dfe3d4230f8e7e752fd7f6f0b30e4e344 |
C:\Windows\{C08CF7C7-C925-4c1a-BACF-4EB1A2A00144}.exe
| MD5 | 645f1e94b9481f93d97252ac617ef36d |
| SHA1 | 252a58b7ea7d003505b539ec575b013d882810bf |
| SHA256 | c9eb0804423967adf6b6052447924168bde170e6a1da01c2f92e7b2c27e4b61a |
| SHA512 | 668c890a2c397160c640d9e0ea64863634cc7b2f74cdf283f34747161c61c511bb1a4046d1e3f30dd0716d928dc93a577f7fbab19a6d06dd8e7dee36c4eba530 |
C:\Windows\{34239C63-5A02-4f46-AC44-CA746C59DFF9}.exe
| MD5 | d4187015c4c16bf2de929c7891f689d9 |
| SHA1 | d7bfccd8c1927c2721c527c0ef254ef3c3250f5d |
| SHA256 | d873681be2a38c8a4fd14acba2d81bb20bef850012b03780dae52d9217683b11 |
| SHA512 | d632cc1ceaf5327c09515011e22a09228587191973180f2d346c0e4d0762649d7b1d920d33515e0c61a71fa0d2b2a655202fc16e8eebf5e4f4ac4addd0678b3e |
C:\Windows\{407049F9-154A-4f38-A988-6DCF262C8374}.exe
| MD5 | 5392ecc05f6cdb9a359c2bfe70d15158 |
| SHA1 | 5d18789c6df531bd6db2b6b896d4ca13978c20a8 |
| SHA256 | f6208bdc71d71f5920a2741ff139ca6b5747abe0b505b317e4f8bd1359b282b9 |
| SHA512 | 73f24e93f46a9a0daea02872fb34bded30282649e5af782f0a12e7967367588770f9be5df6a42a7aee76c9929c08d3f55497968fb8c3689407990ef5beb2fa53 |
C:\Windows\{381BB032-87EC-4fc7-8A9D-6F34A9AB38AC}.exe
| MD5 | 4651cd0b5ef1a128f28fe22b5d611f70 |
| SHA1 | 80b8937e2b2eb9328aeb8129fcdc3bfd30f27a8c |
| SHA256 | d3c656b9a7f22dce8b388f065513106b41b403c6ba9b1032bc0fd834d4505bb2 |
| SHA512 | 7b33300fcf3f8de865add60a4d1ef67890e25e2d138cc7d0375b6c57aededc82db40a05b4a161b321431d696ab728c3568341725eba7773d7b656ca857290465 |
C:\Windows\{57FA58AA-08CF-4bbe-94D0-3225F96FADBD}.exe
| MD5 | d269e90beca3d45f4244adfa7011f427 |
| SHA1 | 29b73d5d1283c61388cb9de1c83575d43528b1ae |
| SHA256 | 3143bea3e4379d83d6a66f0c57982cdb43e5f60d6d08a0638045b2de8fa2b127 |
| SHA512 | a0e199ff4b5fd6e112bfc9e88b3a4c734b33ee5f47dd5f99ed5775d1816abdc19924f6d4f58108c1c0208628eeaea63d616d432ee53a3b8705cbc85260b310f7 |
C:\Windows\{D93FDDD8-765D-4767-9B22-8C43F8147A6C}.exe
| MD5 | 708a4a2b231b6715d1fa392392001e32 |
| SHA1 | 5c4acdfa9020eca54a073b9d032c666744c4f167 |
| SHA256 | 9b7f051c49f6e993879c889ae8e7c6837ab583769cb4f41d849fa346928fd63e |
| SHA512 | fa4e3fe0713e89f892a3d39f295598cb340e09b1e10dcbff7dc4cae7f240df5b65998781586708719e28e70d9cf8addb5ff9865c3c5211fad381cbedad093212 |
C:\Windows\{8A52C194-A382-4a98-8D16-46270DCD1027}.exe
| MD5 | 6cea902fc332e2c74cba3f05f9d314eb |
| SHA1 | 4fbd768f83add22faf116b126ab602743ac7fc85 |
| SHA256 | 05a2f099f6882fdbd39839f0f35eab7953f1a0815635f2e73587cd224098685a |
| SHA512 | 9e541791d428c722b381d31f0d38ab9aebd7bf37ff31cada3f5e12921cb776635ff4ea503c621572bd9b8457636eec2e654278f9b349c1327449137d19ca21db |
C:\Windows\{02EC94C7-DEE2-45b0-8CD2-299380742F36}.exe
| MD5 | 21bc7436d9478f9131e14f9855d72401 |
| SHA1 | d6c7d683be20f50389fc5a29c9628d4e3c1a1864 |
| SHA256 | 88f9059cc843fb1d8d5ca4541340113d9adcd967a2868b2ad9a034713a7a3374 |
| SHA512 | 4ef6b6e267cbf712c89738a351e11edcce79ac11b18bdd05a59f716c36136a70937883c41c434bdaca184baff9ae6d0c7544e2210875c890d43287fc181862a3 |
C:\Windows\{DACC91CB-61D7-49c8-8271-B3BC73B132A4}.exe
| MD5 | f125b894f3c72dda6670c1c3d4936fb0 |
| SHA1 | 5a488bbd79f9cbf3f4aa0b9aae8b983637bf87bf |
| SHA256 | 61f3aa50b5f3aea2f004b555f9d347cdb5c2798507fa9cdd1eb9ddffcc8591a7 |
| SHA512 | 2df315d36c4ead43b78c090f5f64fe4ade5d3b4f6aafe25133123644e6950cb0050d5d0ca4d40325cec141c9a997fc74533a5d5278e5cbff25df7edce80309b1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 21:42
Reported
2024-04-06 21:45
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{76ED5798-F50E-49f6-8587-1BE750C57253} | C:\Windows\{2E60B719-3A63-4176-AC7F-62BBF397CBF6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{76ED5798-F50E-49f6-8587-1BE750C57253}\stubpath = "C:\\Windows\\{76ED5798-F50E-49f6-8587-1BE750C57253}.exe" | C:\Windows\{2E60B719-3A63-4176-AC7F-62BBF397CBF6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{41EA55C0-93F5-4848-83C8-9421A078FE23} | C:\Windows\{76ED5798-F50E-49f6-8587-1BE750C57253}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4CC2BEF2-8C7E-41b4-9E44-62F7047A4B2C} | C:\Windows\{41EA55C0-93F5-4848-83C8-9421A078FE23}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5BEBEA82-0AAA-4c3e-9060-46D85ADA8DE5} | C:\Users\Admin\AppData\Local\Temp\2024-04-06_8d82a2b777d782e76bfac9ed6d45addd_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5BEBEA82-0AAA-4c3e-9060-46D85ADA8DE5}\stubpath = "C:\\Windows\\{5BEBEA82-0AAA-4c3e-9060-46D85ADA8DE5}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-06_8d82a2b777d782e76bfac9ed6d45addd_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{278AF669-9213-44bb-9714-726BA685660D}\stubpath = "C:\\Windows\\{278AF669-9213-44bb-9714-726BA685660D}.exe" | C:\Windows\{5BEBEA82-0AAA-4c3e-9060-46D85ADA8DE5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65629895-740A-431b-BA87-438EDD33690F} | C:\Windows\{278AF669-9213-44bb-9714-726BA685660D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{32886B16-178B-4b18-98C6-C3F4595281F8}\stubpath = "C:\\Windows\\{32886B16-178B-4b18-98C6-C3F4595281F8}.exe" | C:\Windows\{4CC2BEF2-8C7E-41b4-9E44-62F7047A4B2C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F2A73444-1137-4ab1-934F-4C02ACC6BA76} | C:\Windows\{146E4933-B102-4ed9-84D1-0DDE11C40ED8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F2A73444-1137-4ab1-934F-4C02ACC6BA76}\stubpath = "C:\\Windows\\{F2A73444-1137-4ab1-934F-4C02ACC6BA76}.exe" | C:\Windows\{146E4933-B102-4ed9-84D1-0DDE11C40ED8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C79A6706-EF0B-4b0f-B50F-97EFFE5B3C09} | C:\Windows\{65629895-740A-431b-BA87-438EDD33690F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2E60B719-3A63-4176-AC7F-62BBF397CBF6}\stubpath = "C:\\Windows\\{2E60B719-3A63-4176-AC7F-62BBF397CBF6}.exe" | C:\Windows\{C79A6706-EF0B-4b0f-B50F-97EFFE5B3C09}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{146E4933-B102-4ed9-84D1-0DDE11C40ED8} | C:\Windows\{86D806EB-98D7-452a-B4D5-AAD7E91D8C96}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{146E4933-B102-4ed9-84D1-0DDE11C40ED8}\stubpath = "C:\\Windows\\{146E4933-B102-4ed9-84D1-0DDE11C40ED8}.exe" | C:\Windows\{86D806EB-98D7-452a-B4D5-AAD7E91D8C96}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{278AF669-9213-44bb-9714-726BA685660D} | C:\Windows\{5BEBEA82-0AAA-4c3e-9060-46D85ADA8DE5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2E60B719-3A63-4176-AC7F-62BBF397CBF6} | C:\Windows\{C79A6706-EF0B-4b0f-B50F-97EFFE5B3C09}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4CC2BEF2-8C7E-41b4-9E44-62F7047A4B2C}\stubpath = "C:\\Windows\\{4CC2BEF2-8C7E-41b4-9E44-62F7047A4B2C}.exe" | C:\Windows\{41EA55C0-93F5-4848-83C8-9421A078FE23}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{86D806EB-98D7-452a-B4D5-AAD7E91D8C96}\stubpath = "C:\\Windows\\{86D806EB-98D7-452a-B4D5-AAD7E91D8C96}.exe" | C:\Windows\{32886B16-178B-4b18-98C6-C3F4595281F8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{86D806EB-98D7-452a-B4D5-AAD7E91D8C96} | C:\Windows\{32886B16-178B-4b18-98C6-C3F4595281F8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65629895-740A-431b-BA87-438EDD33690F}\stubpath = "C:\\Windows\\{65629895-740A-431b-BA87-438EDD33690F}.exe" | C:\Windows\{278AF669-9213-44bb-9714-726BA685660D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C79A6706-EF0B-4b0f-B50F-97EFFE5B3C09}\stubpath = "C:\\Windows\\{C79A6706-EF0B-4b0f-B50F-97EFFE5B3C09}.exe" | C:\Windows\{65629895-740A-431b-BA87-438EDD33690F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{41EA55C0-93F5-4848-83C8-9421A078FE23}\stubpath = "C:\\Windows\\{41EA55C0-93F5-4848-83C8-9421A078FE23}.exe" | C:\Windows\{76ED5798-F50E-49f6-8587-1BE750C57253}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{32886B16-178B-4b18-98C6-C3F4595281F8} | C:\Windows\{4CC2BEF2-8C7E-41b4-9E44-62F7047A4B2C}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{5BEBEA82-0AAA-4c3e-9060-46D85ADA8DE5}.exe | N/A |
| N/A | N/A | C:\Windows\{278AF669-9213-44bb-9714-726BA685660D}.exe | N/A |
| N/A | N/A | C:\Windows\{65629895-740A-431b-BA87-438EDD33690F}.exe | N/A |
| N/A | N/A | C:\Windows\{C79A6706-EF0B-4b0f-B50F-97EFFE5B3C09}.exe | N/A |
| N/A | N/A | C:\Windows\{2E60B719-3A63-4176-AC7F-62BBF397CBF6}.exe | N/A |
| N/A | N/A | C:\Windows\{76ED5798-F50E-49f6-8587-1BE750C57253}.exe | N/A |
| N/A | N/A | C:\Windows\{41EA55C0-93F5-4848-83C8-9421A078FE23}.exe | N/A |
| N/A | N/A | C:\Windows\{4CC2BEF2-8C7E-41b4-9E44-62F7047A4B2C}.exe | N/A |
| N/A | N/A | C:\Windows\{32886B16-178B-4b18-98C6-C3F4595281F8}.exe | N/A |
| N/A | N/A | C:\Windows\{86D806EB-98D7-452a-B4D5-AAD7E91D8C96}.exe | N/A |
| N/A | N/A | C:\Windows\{146E4933-B102-4ed9-84D1-0DDE11C40ED8}.exe | N/A |
| N/A | N/A | C:\Windows\{F2A73444-1137-4ab1-934F-4C02ACC6BA76}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{146E4933-B102-4ed9-84D1-0DDE11C40ED8}.exe | C:\Windows\{86D806EB-98D7-452a-B4D5-AAD7E91D8C96}.exe | N/A |
| File created | C:\Windows\{5BEBEA82-0AAA-4c3e-9060-46D85ADA8DE5}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-06_8d82a2b777d782e76bfac9ed6d45addd_goldeneye.exe | N/A |
| File created | C:\Windows\{278AF669-9213-44bb-9714-726BA685660D}.exe | C:\Windows\{5BEBEA82-0AAA-4c3e-9060-46D85ADA8DE5}.exe | N/A |
| File created | C:\Windows\{76ED5798-F50E-49f6-8587-1BE750C57253}.exe | C:\Windows\{2E60B719-3A63-4176-AC7F-62BBF397CBF6}.exe | N/A |
| File created | C:\Windows\{86D806EB-98D7-452a-B4D5-AAD7E91D8C96}.exe | C:\Windows\{32886B16-178B-4b18-98C6-C3F4595281F8}.exe | N/A |
| File created | C:\Windows\{4CC2BEF2-8C7E-41b4-9E44-62F7047A4B2C}.exe | C:\Windows\{41EA55C0-93F5-4848-83C8-9421A078FE23}.exe | N/A |
| File created | C:\Windows\{32886B16-178B-4b18-98C6-C3F4595281F8}.exe | C:\Windows\{4CC2BEF2-8C7E-41b4-9E44-62F7047A4B2C}.exe | N/A |
| File created | C:\Windows\{F2A73444-1137-4ab1-934F-4C02ACC6BA76}.exe | C:\Windows\{146E4933-B102-4ed9-84D1-0DDE11C40ED8}.exe | N/A |
| File created | C:\Windows\{65629895-740A-431b-BA87-438EDD33690F}.exe | C:\Windows\{278AF669-9213-44bb-9714-726BA685660D}.exe | N/A |
| File created | C:\Windows\{C79A6706-EF0B-4b0f-B50F-97EFFE5B3C09}.exe | C:\Windows\{65629895-740A-431b-BA87-438EDD33690F}.exe | N/A |
| File created | C:\Windows\{2E60B719-3A63-4176-AC7F-62BBF397CBF6}.exe | C:\Windows\{C79A6706-EF0B-4b0f-B50F-97EFFE5B3C09}.exe | N/A |
| File created | C:\Windows\{41EA55C0-93F5-4848-83C8-9421A078FE23}.exe | C:\Windows\{76ED5798-F50E-49f6-8587-1BE750C57253}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-06_8d82a2b777d782e76bfac9ed6d45addd_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-06_8d82a2b777d782e76bfac9ed6d45addd_goldeneye.exe"
C:\Windows\{5BEBEA82-0AAA-4c3e-9060-46D85ADA8DE5}.exe
C:\Windows\{5BEBEA82-0AAA-4c3e-9060-46D85ADA8DE5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{278AF669-9213-44bb-9714-726BA685660D}.exe
C:\Windows\{278AF669-9213-44bb-9714-726BA685660D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5BEBE~1.EXE > nul
C:\Windows\{65629895-740A-431b-BA87-438EDD33690F}.exe
C:\Windows\{65629895-740A-431b-BA87-438EDD33690F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{278AF~1.EXE > nul
C:\Windows\{C79A6706-EF0B-4b0f-B50F-97EFFE5B3C09}.exe
C:\Windows\{C79A6706-EF0B-4b0f-B50F-97EFFE5B3C09}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{65629~1.EXE > nul
C:\Windows\{2E60B719-3A63-4176-AC7F-62BBF397CBF6}.exe
C:\Windows\{2E60B719-3A63-4176-AC7F-62BBF397CBF6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C79A6~1.EXE > nul
C:\Windows\{76ED5798-F50E-49f6-8587-1BE750C57253}.exe
C:\Windows\{76ED5798-F50E-49f6-8587-1BE750C57253}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2E60B~1.EXE > nul
C:\Windows\{41EA55C0-93F5-4848-83C8-9421A078FE23}.exe
C:\Windows\{41EA55C0-93F5-4848-83C8-9421A078FE23}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{76ED5~1.EXE > nul
C:\Windows\{4CC2BEF2-8C7E-41b4-9E44-62F7047A4B2C}.exe
C:\Windows\{4CC2BEF2-8C7E-41b4-9E44-62F7047A4B2C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{41EA5~1.EXE > nul
C:\Windows\{32886B16-178B-4b18-98C6-C3F4595281F8}.exe
C:\Windows\{32886B16-178B-4b18-98C6-C3F4595281F8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4CC2B~1.EXE > nul
C:\Windows\{86D806EB-98D7-452a-B4D5-AAD7E91D8C96}.exe
C:\Windows\{86D806EB-98D7-452a-B4D5-AAD7E91D8C96}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{32886~1.EXE > nul
C:\Windows\{146E4933-B102-4ed9-84D1-0DDE11C40ED8}.exe
C:\Windows\{146E4933-B102-4ed9-84D1-0DDE11C40ED8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{86D80~1.EXE > nul
C:\Windows\{F2A73444-1137-4ab1-934F-4C02ACC6BA76}.exe
C:\Windows\{F2A73444-1137-4ab1-934F-4C02ACC6BA76}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{146E4~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.143.182.52.in-addr.arpa | udp |
Files
C:\Windows\{5BEBEA82-0AAA-4c3e-9060-46D85ADA8DE5}.exe
| MD5 | a58b04d8ad755a69f26444cfdd8b463f |
| SHA1 | c8d3504bad61c2a725983e0e8dd1ed74890899fc |
| SHA256 | 546ac77cc07ed72cf92395814b1c824e6fe9f58e4f3e18efeacd127f4d9343d4 |
| SHA512 | 47941f06e601ea0b4b6c2114a6c936e5273ed02e667968d75ced5bda2f49a4bb0bc6e0444e1b1b6c304b5f8ee85a98aab15e5a3a08a90939e6b83192d3a47ae4 |
C:\Windows\{278AF669-9213-44bb-9714-726BA685660D}.exe
| MD5 | 6134450ece3c6d582608228f58c337ef |
| SHA1 | bb582bdd6750e1e3859439960b70b7934836ceb6 |
| SHA256 | 49146285394797f80b71c0492c3f168d2ae4d370d213082ff57679679ca7b08a |
| SHA512 | d1bf87d478e45827bd7e39372af8cfbbb7c09d85f2473f78dcaf36c3726dd4744da54dcc1f8df92e083372577cffc73ea8e9a93534150099cf5071733b22db27 |
C:\Windows\{65629895-740A-431b-BA87-438EDD33690F}.exe
| MD5 | 56011916d51e8109cc76cbd32484a527 |
| SHA1 | 94a94613bcf13e921342eada13dd127a835647b6 |
| SHA256 | f852a61d47bb80a38d819d44dec712a9eacf14ccec3c3f4ee7e4e8574d3a5cdf |
| SHA512 | b438ec82b2063e969b64db150e1cb367774ca22fa949192263aa473f702a7de996bdaee6f910ebc0c076e8f8dd915b1c4f7bb9e91e4fb95b597069fe23b9e817 |
C:\Windows\{C79A6706-EF0B-4b0f-B50F-97EFFE5B3C09}.exe
| MD5 | 7e67e11a2ad8cc6b0651a6334072a49e |
| SHA1 | 673102eebe297978b5554a7cfa14acae2b22ac69 |
| SHA256 | 2c56417f56f48eead0c1d97bb2fa141e217845f87e52c4cc668121cf75d945dc |
| SHA512 | 43dcae046ce295464ddcc1f9eab22295fb400942bd324d4a2ea3e1a3bf91b6926a5b06ce3228dfa09aacd76fb01b4d2b78fbe6d88b67fb0cb97e5924613e7d92 |
C:\Windows\{2E60B719-3A63-4176-AC7F-62BBF397CBF6}.exe
| MD5 | fdda85422879f69397e1a4e738e35513 |
| SHA1 | df718d254fdc4a14184878e7a030e5ba431c7fde |
| SHA256 | c4bdfcab796b7b3e015f12e1f9340381f55e9be1b1a76bdd88e30512be17de36 |
| SHA512 | 3909cc67a0cd6a0627a0738a3eccf3eb9d7e6c002c393277ee1990d69b97080b97e13cfdbee2185a1d07cc9d4b4345e3a7968d7ef842d2be55bc38acb7ae59ad |
C:\Windows\{76ED5798-F50E-49f6-8587-1BE750C57253}.exe
| MD5 | fbc9859664284baf51a3f311b5b0e975 |
| SHA1 | 38431c941aefccd091eebd44ee3afeb50beaaac6 |
| SHA256 | ccfd8d9b18f6586aa9294b81d759610ce6729a33bad2c4f2d881a71128c88165 |
| SHA512 | 0dd93ad300f2b983807e92f905cb8f29b9f182326da4a122186f7464538339927c16dce660af3f2c344a767602495be1d8a6c74d80a1298ae33b73889682cfe9 |
C:\Windows\{41EA55C0-93F5-4848-83C8-9421A078FE23}.exe
| MD5 | a9cdfafa97c40058aac892fb6e056a0d |
| SHA1 | effa6a53b8fecd1681cd48b3817ce8e888391e2e |
| SHA256 | 3f694aaf56a0aee5f73f42002917873c2c153ad0e09417a7ff64c7a75c0fc5f1 |
| SHA512 | dad7eb6b476007a5d4235d4446d805fae6182a9d978f65babdc6ff306428714729a1c59593cf4be7e48fbe05162da00a1f2fe04abb84801f20a7c77bfc27e6bc |
C:\Windows\{4CC2BEF2-8C7E-41b4-9E44-62F7047A4B2C}.exe
| MD5 | 793408a61333c587995894434376d967 |
| SHA1 | 8f9b450063afef9a35736bc2b5e871d40353ff8f |
| SHA256 | bbc6b690e7928a39972ef0ae7aa541680380138e39dd75759f5717814e70ec67 |
| SHA512 | 521bdb7da053190ed8ddc722829c233ec66c82808100f17cb935f8f0f6805d3c79021c7d77848f85eb00b2c2d5b6c8efcf8fba936386dc43802460216c095a12 |
C:\Windows\{32886B16-178B-4b18-98C6-C3F4595281F8}.exe
| MD5 | c3bf9dba1a2ceb13acd410db4d726d06 |
| SHA1 | 1d03a136a91008e0fcf438648f490c6c8d3236d2 |
| SHA256 | 36073b13e36eed30738c8c7b171b28a61715350fb63030be7c9d8178d7d58576 |
| SHA512 | 3da1fdf906ddd32d12ee8a30c141952240bdacac451e5253c080a90247845b4a75c383ecc1a33a676ddfb1bec5f4fc19aa7e6b20555bacfe551c9495eb405095 |
C:\Windows\{86D806EB-98D7-452a-B4D5-AAD7E91D8C96}.exe
| MD5 | 078d6db615d52707787b75e92450a492 |
| SHA1 | 642859694f6de0ba28a1874ba8dd6fab0efb608c |
| SHA256 | 7334ae862cd657f138d0fcb9f9ad21f28e4862d8d3bdd8de1ad1eadd45300c37 |
| SHA512 | 42a8c44a546e1f63c30468e89a36d1bbf61d824d0466d86d0e36f15b1b639f9a58c1c32a1aa046762343bd4ad759dfee2c6e8fe4ac04277ff1b8906ff7282b15 |
C:\Windows\{146E4933-B102-4ed9-84D1-0DDE11C40ED8}.exe
| MD5 | 2912d1caa77748e5fa3f95c8c1d15ece |
| SHA1 | db8cbc93b83849ec11f09c88ec0e923190c4a4d0 |
| SHA256 | 83e2b8bfdbea0fd79c8d2c47aa4c42656c41bd7bb4f03bac74481e33832e7d39 |
| SHA512 | dc80ad65af21d30d983451b3cc21ebbb6ea42bd6b3412545346a098a4be32ef866fd1cdaf9dea2efe67333707a150003c4bcdfcf890928769745ef219894b4ab |
C:\Windows\{F2A73444-1137-4ab1-934F-4C02ACC6BA76}.exe
| MD5 | 0bcef92b08a98cc4ae625dcb42d0ee6a |
| SHA1 | a17cbe88d8f645d1a733fc6dfb4b3ae0745f2e86 |
| SHA256 | 320e2ded66e4129fe2119b585e7caa58f5c24078503f652cf9334443e25096df |
| SHA512 | c1f010455d2b03f6cef518b2261a481e9cc54f3a27f729446f2d2c1fcfa41cc0398c057e160f89f7d2c0f1563d0f0f6ff38f399695ae8f2eca16c7bd32456cad |