Analysis Overview
SHA256
fe5dc33f5d985d768e6081fee1137dbe48c1a2f600ccb520eb1a7c5f12ee2c0a
Threat Level: Known bad
The file 2024-04-06_b6e4bf03ad7424a7337bc3edf06cf0f4_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 21:49
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 21:49
Reported
2024-04-06 21:52
Platform
win7-20240221-en
Max time kernel
144s
Max time network
123s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{433A0F89-7C70-4446-AF9F-14D140036A5D}\stubpath = "C:\\Windows\\{433A0F89-7C70-4446-AF9F-14D140036A5D}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-06_b6e4bf03ad7424a7337bc3edf06cf0f4_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E48D6A7D-D667-45b9-BB51-C887689B29A8}\stubpath = "C:\\Windows\\{E48D6A7D-D667-45b9-BB51-C887689B29A8}.exe" | C:\Windows\{7128AACB-189A-445d-BF4B-E7F92D7431F6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{314EF48D-9736-46d8-AD21-41B03B51E9CC} | C:\Windows\{0F5344F4-FF70-470b-9F3E-E727F0730595}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1CB1469F-2307-4244-97E7-7357B8CCC461}\stubpath = "C:\\Windows\\{1CB1469F-2307-4244-97E7-7357B8CCC461}.exe" | C:\Windows\{1C20002B-50C4-4a5f-97B5-3D2BEDC3072B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2B6EB316-DA63-4edb-A2C4-51B6BF7A8A06} | C:\Windows\{1CB1469F-2307-4244-97E7-7357B8CCC461}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2B6EB316-DA63-4edb-A2C4-51B6BF7A8A06}\stubpath = "C:\\Windows\\{2B6EB316-DA63-4edb-A2C4-51B6BF7A8A06}.exe" | C:\Windows\{1CB1469F-2307-4244-97E7-7357B8CCC461}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0F5344F4-FF70-470b-9F3E-E727F0730595} | C:\Windows\{E48D6A7D-D667-45b9-BB51-C887689B29A8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FFAA4006-3982-449a-BC47-F29153BC2087}\stubpath = "C:\\Windows\\{FFAA4006-3982-449a-BC47-F29153BC2087}.exe" | C:\Windows\{314EF48D-9736-46d8-AD21-41B03B51E9CC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{58380FC6-1ABC-4da7-AE5F-F813DD49E982} | C:\Windows\{FFAA4006-3982-449a-BC47-F29153BC2087}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1C20002B-50C4-4a5f-97B5-3D2BEDC3072B} | C:\Windows\{58380FC6-1ABC-4da7-AE5F-F813DD49E982}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1C20002B-50C4-4a5f-97B5-3D2BEDC3072B}\stubpath = "C:\\Windows\\{1C20002B-50C4-4a5f-97B5-3D2BEDC3072B}.exe" | C:\Windows\{58380FC6-1ABC-4da7-AE5F-F813DD49E982}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1CB1469F-2307-4244-97E7-7357B8CCC461} | C:\Windows\{1C20002B-50C4-4a5f-97B5-3D2BEDC3072B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{433A0F89-7C70-4446-AF9F-14D140036A5D} | C:\Users\Admin\AppData\Local\Temp\2024-04-06_b6e4bf03ad7424a7337bc3edf06cf0f4_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B68794E2-D491-486a-B22B-478749CDE1EC}\stubpath = "C:\\Windows\\{B68794E2-D491-486a-B22B-478749CDE1EC}.exe" | C:\Windows\{433A0F89-7C70-4446-AF9F-14D140036A5D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7128AACB-189A-445d-BF4B-E7F92D7431F6}\stubpath = "C:\\Windows\\{7128AACB-189A-445d-BF4B-E7F92D7431F6}.exe" | C:\Windows\{B68794E2-D491-486a-B22B-478749CDE1EC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{314EF48D-9736-46d8-AD21-41B03B51E9CC}\stubpath = "C:\\Windows\\{314EF48D-9736-46d8-AD21-41B03B51E9CC}.exe" | C:\Windows\{0F5344F4-FF70-470b-9F3E-E727F0730595}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FFAA4006-3982-449a-BC47-F29153BC2087} | C:\Windows\{314EF48D-9736-46d8-AD21-41B03B51E9CC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{58380FC6-1ABC-4da7-AE5F-F813DD49E982}\stubpath = "C:\\Windows\\{58380FC6-1ABC-4da7-AE5F-F813DD49E982}.exe" | C:\Windows\{FFAA4006-3982-449a-BC47-F29153BC2087}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B68794E2-D491-486a-B22B-478749CDE1EC} | C:\Windows\{433A0F89-7C70-4446-AF9F-14D140036A5D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7128AACB-189A-445d-BF4B-E7F92D7431F6} | C:\Windows\{B68794E2-D491-486a-B22B-478749CDE1EC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E48D6A7D-D667-45b9-BB51-C887689B29A8} | C:\Windows\{7128AACB-189A-445d-BF4B-E7F92D7431F6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0F5344F4-FF70-470b-9F3E-E727F0730595}\stubpath = "C:\\Windows\\{0F5344F4-FF70-470b-9F3E-E727F0730595}.exe" | C:\Windows\{E48D6A7D-D667-45b9-BB51-C887689B29A8}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{433A0F89-7C70-4446-AF9F-14D140036A5D}.exe | N/A |
| N/A | N/A | C:\Windows\{B68794E2-D491-486a-B22B-478749CDE1EC}.exe | N/A |
| N/A | N/A | C:\Windows\{7128AACB-189A-445d-BF4B-E7F92D7431F6}.exe | N/A |
| N/A | N/A | C:\Windows\{E48D6A7D-D667-45b9-BB51-C887689B29A8}.exe | N/A |
| N/A | N/A | C:\Windows\{0F5344F4-FF70-470b-9F3E-E727F0730595}.exe | N/A |
| N/A | N/A | C:\Windows\{314EF48D-9736-46d8-AD21-41B03B51E9CC}.exe | N/A |
| N/A | N/A | C:\Windows\{FFAA4006-3982-449a-BC47-F29153BC2087}.exe | N/A |
| N/A | N/A | C:\Windows\{58380FC6-1ABC-4da7-AE5F-F813DD49E982}.exe | N/A |
| N/A | N/A | C:\Windows\{1C20002B-50C4-4a5f-97B5-3D2BEDC3072B}.exe | N/A |
| N/A | N/A | C:\Windows\{1CB1469F-2307-4244-97E7-7357B8CCC461}.exe | N/A |
| N/A | N/A | C:\Windows\{2B6EB316-DA63-4edb-A2C4-51B6BF7A8A06}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{B68794E2-D491-486a-B22B-478749CDE1EC}.exe | C:\Windows\{433A0F89-7C70-4446-AF9F-14D140036A5D}.exe | N/A |
| File created | C:\Windows\{E48D6A7D-D667-45b9-BB51-C887689B29A8}.exe | C:\Windows\{7128AACB-189A-445d-BF4B-E7F92D7431F6}.exe | N/A |
| File created | C:\Windows\{0F5344F4-FF70-470b-9F3E-E727F0730595}.exe | C:\Windows\{E48D6A7D-D667-45b9-BB51-C887689B29A8}.exe | N/A |
| File created | C:\Windows\{FFAA4006-3982-449a-BC47-F29153BC2087}.exe | C:\Windows\{314EF48D-9736-46d8-AD21-41B03B51E9CC}.exe | N/A |
| File created | C:\Windows\{1CB1469F-2307-4244-97E7-7357B8CCC461}.exe | C:\Windows\{1C20002B-50C4-4a5f-97B5-3D2BEDC3072B}.exe | N/A |
| File created | C:\Windows\{2B6EB316-DA63-4edb-A2C4-51B6BF7A8A06}.exe | C:\Windows\{1CB1469F-2307-4244-97E7-7357B8CCC461}.exe | N/A |
| File created | C:\Windows\{433A0F89-7C70-4446-AF9F-14D140036A5D}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-06_b6e4bf03ad7424a7337bc3edf06cf0f4_goldeneye.exe | N/A |
| File created | C:\Windows\{7128AACB-189A-445d-BF4B-E7F92D7431F6}.exe | C:\Windows\{B68794E2-D491-486a-B22B-478749CDE1EC}.exe | N/A |
| File created | C:\Windows\{314EF48D-9736-46d8-AD21-41B03B51E9CC}.exe | C:\Windows\{0F5344F4-FF70-470b-9F3E-E727F0730595}.exe | N/A |
| File created | C:\Windows\{58380FC6-1ABC-4da7-AE5F-F813DD49E982}.exe | C:\Windows\{FFAA4006-3982-449a-BC47-F29153BC2087}.exe | N/A |
| File created | C:\Windows\{1C20002B-50C4-4a5f-97B5-3D2BEDC3072B}.exe | C:\Windows\{58380FC6-1ABC-4da7-AE5F-F813DD49E982}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-06_b6e4bf03ad7424a7337bc3edf06cf0f4_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-06_b6e4bf03ad7424a7337bc3edf06cf0f4_goldeneye.exe"
C:\Windows\{433A0F89-7C70-4446-AF9F-14D140036A5D}.exe
C:\Windows\{433A0F89-7C70-4446-AF9F-14D140036A5D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{B68794E2-D491-486a-B22B-478749CDE1EC}.exe
C:\Windows\{B68794E2-D491-486a-B22B-478749CDE1EC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{433A0~1.EXE > nul
C:\Windows\{7128AACB-189A-445d-BF4B-E7F92D7431F6}.exe
C:\Windows\{7128AACB-189A-445d-BF4B-E7F92D7431F6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B6879~1.EXE > nul
C:\Windows\{E48D6A7D-D667-45b9-BB51-C887689B29A8}.exe
C:\Windows\{E48D6A7D-D667-45b9-BB51-C887689B29A8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7128A~1.EXE > nul
C:\Windows\{0F5344F4-FF70-470b-9F3E-E727F0730595}.exe
C:\Windows\{0F5344F4-FF70-470b-9F3E-E727F0730595}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E48D6~1.EXE > nul
C:\Windows\{314EF48D-9736-46d8-AD21-41B03B51E9CC}.exe
C:\Windows\{314EF48D-9736-46d8-AD21-41B03B51E9CC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0F534~1.EXE > nul
C:\Windows\{FFAA4006-3982-449a-BC47-F29153BC2087}.exe
C:\Windows\{FFAA4006-3982-449a-BC47-F29153BC2087}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{314EF~1.EXE > nul
C:\Windows\{58380FC6-1ABC-4da7-AE5F-F813DD49E982}.exe
C:\Windows\{58380FC6-1ABC-4da7-AE5F-F813DD49E982}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FFAA4~1.EXE > nul
C:\Windows\{1C20002B-50C4-4a5f-97B5-3D2BEDC3072B}.exe
C:\Windows\{1C20002B-50C4-4a5f-97B5-3D2BEDC3072B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{58380~1.EXE > nul
C:\Windows\{1CB1469F-2307-4244-97E7-7357B8CCC461}.exe
C:\Windows\{1CB1469F-2307-4244-97E7-7357B8CCC461}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1C200~1.EXE > nul
C:\Windows\{2B6EB316-DA63-4edb-A2C4-51B6BF7A8A06}.exe
C:\Windows\{2B6EB316-DA63-4edb-A2C4-51B6BF7A8A06}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1CB14~1.EXE > nul
Network
Files
C:\Windows\{433A0F89-7C70-4446-AF9F-14D140036A5D}.exe
| MD5 | 23e4508d0cee339f09e1b3659aec4df4 |
| SHA1 | d6a8cdc21d6ebddcdb52cf2742c262cee0e1cb0e |
| SHA256 | 76664623389c643a2792f9c453e5a85b0a5989aad565b719857ce843f412c588 |
| SHA512 | 57eaef3569744b93e5f6fdc8ae4685b07a38af555a156bb8bc7b3e1d10b27223892ca1033da6e9a26f5003e335fd7ce5ee4df318931e007e60cce774effa216f |
C:\Windows\{B68794E2-D491-486a-B22B-478749CDE1EC}.exe
| MD5 | ac7bfd52efffab9733ce5228db154e0c |
| SHA1 | 01ae51896ad39bd975a53de612d67606330b779f |
| SHA256 | 0649020a0219e134245e9c3aac5421e6144f2e3d4be6b3a18feceb0ce6647536 |
| SHA512 | 51135616b834c5d1115301b2a83b62ad7de0fca508ed86a3e1825fe59f90a812d1eab6e7445c601301f096427b2bd5f1904af7bc992caa9ffc1e1597aa32bd04 |
C:\Windows\{7128AACB-189A-445d-BF4B-E7F92D7431F6}.exe
| MD5 | 0ba2d6ce3865f36614351ea29239fa9c |
| SHA1 | c4265c252f83b2117b24db681e5b7eeab7b5c692 |
| SHA256 | 94a040d1e0398c0615f9dfe03a0fdeaeda7c6c58c0aa089bf642f2b050d5a190 |
| SHA512 | 03e81545eb54b6d076d0239ced011a8c8027462d5e1c995cb02ffb6db9c314011e260db8b74d197817a456836c75a29fe8e0c2d088788b1071ea294f1ac611ba |
C:\Windows\{E48D6A7D-D667-45b9-BB51-C887689B29A8}.exe
| MD5 | b6b6520bbb3960604c2e70a2408948f6 |
| SHA1 | 220ccb415f20a209b5ee92235d97df066e128679 |
| SHA256 | 42484f25523be91c6f3dadf59d8e1b6f5db499c0a2deb044a8cf8bc28ac6f981 |
| SHA512 | aec92e57b84408046fb52dbeb9d707d29f2d710a12249c48e4a6b4329065cbfed62541aee51a98ba981ac0fa8f8ed5eebc5871321fadca785e314b7b9aa4a46a |
C:\Windows\{0F5344F4-FF70-470b-9F3E-E727F0730595}.exe
| MD5 | 1e0292c1ed71138700e91263f65d3b46 |
| SHA1 | 1ddb59051fe162206ff385a2d304e54523886129 |
| SHA256 | 50885f9e88a6720d91b5c38188b296a4aa573ff0f64fbae8200b205afbd35a31 |
| SHA512 | 55ee356bde7b55796912f01b5e89ed312c6b19b5c90518006e2e852beb92e0d6df82a417edcd0864906338adec07d07a0806cb6553f660a315425a173f010086 |
C:\Windows\{314EF48D-9736-46d8-AD21-41B03B51E9CC}.exe
| MD5 | 8ed68166b074f272f5b4c9670d99d674 |
| SHA1 | 8f83d4fc6b5c325e7f0406b41c23557754e55d8d |
| SHA256 | 5750c15d1ec8eeaa69ad1da9b46333e692decaf621237ae36acc113165f6e528 |
| SHA512 | a8a6cac8257b513339085a123f9deb51e45d3f100d78052c4547b721a209f72b81116b5aee35f1abab2fded6374cd1f3e30ab65f143bdd2f201de273fb9dd951 |
C:\Windows\{FFAA4006-3982-449a-BC47-F29153BC2087}.exe
| MD5 | 900db0172d9f94eed55d0d66017d95ee |
| SHA1 | 9ea8a952fa376db1476ad152ee47ef068675f910 |
| SHA256 | 99acbba77138c2de939ba100d16cba64cc4697f81a2ce458f74c073d9f79ef9c |
| SHA512 | 8f5e99f68fa48b0c6025aea40ab61803c6f01fe54321bf73bd3eb9e24fed20a9425609c9a0c5b4024270268e6feba9281e6f05c9130937b79cf2dd0a7e7e8079 |
C:\Windows\{58380FC6-1ABC-4da7-AE5F-F813DD49E982}.exe
| MD5 | 8ac25d5e627a1d674ef6c2816e6f1fe4 |
| SHA1 | edd7cdc108666086e5a78ec39a9f6339fcec454a |
| SHA256 | db36176d1003ef8e5f747863b77ec673a77680d9d4a8254a501cdf9b4de8c0b2 |
| SHA512 | 7e24a5d908ea3474bd1f5ce8b39a4da8617c7a0797e06036757d8970b1373ca23484d54dd38419dc71b04e66dd85863b5b33a174bccd87769053eb53a5ef7510 |
C:\Windows\{1C20002B-50C4-4a5f-97B5-3D2BEDC3072B}.exe
| MD5 | 041a7bdddd96b93f917559ab1feed3bc |
| SHA1 | e66c402d4a4e9963fa543db2a2a35c9e337e96b4 |
| SHA256 | 9e56c820bc89187dd220df1dec9068010ef000cb3c95d5617c0010104b46a67d |
| SHA512 | 9bc1cca17e7e19bdc7f4b5a08dfa1206f044a754436c6e8f6fedf7dc80e25804499a9d1ba9e6e9e2b1c98bd321a1a036048a4b1593848879bdb7dec63672c6d5 |
C:\Windows\{1CB1469F-2307-4244-97E7-7357B8CCC461}.exe
| MD5 | a500e05c6bf765d4c0d56207b1548e58 |
| SHA1 | 73475d674bfbe09a4b644a4983b591b6861922f5 |
| SHA256 | 252ab4267bce1bf64a08eac22713b14a8673cd3d38b2d94ff5f64a1693cbbbb9 |
| SHA512 | d9ab9aefe79e996f72d322d5da2beabd6b886248dd41e85424a8a0b6d154f0e902c8a3b03be862ffdb00c42e668bd908fb7c1a79b6fd495f3256de239f19fd4d |
C:\Windows\{2B6EB316-DA63-4edb-A2C4-51B6BF7A8A06}.exe
| MD5 | 7528713aa3e80f9db5a4d1538e1a8a01 |
| SHA1 | df60b07ae5564da448bf85c360818ed0425401b5 |
| SHA256 | bb73593ee9d5a8a00115349611df18ce6a3b8eb6a2fa3bbc8a080501a84c3287 |
| SHA512 | ad4a5f0d9955b6fe08d9018675ea196a47121493718673dd2fe72aeb102977093beacb5519a6e5b4e0e0c245696a40902e6375bd8565f1f849fcd5a86aa39fbf |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 21:49
Reported
2024-04-06 21:52
Platform
win10v2004-20240226-en
Max time kernel
156s
Max time network
170s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{34A94B2B-6D33-471d-AB3F-7262E10CA612} | C:\Windows\{72D223BE-7FB3-4ba4-A9AF-78027CB4279E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7192EC37-0374-48b1-B868-459EED5B0D38} | C:\Users\Admin\AppData\Local\Temp\2024-04-06_b6e4bf03ad7424a7337bc3edf06cf0f4_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{375B8483-7473-44af-AB5C-E625E73CA48A}\stubpath = "C:\\Windows\\{375B8483-7473-44af-AB5C-E625E73CA48A}.exe" | C:\Windows\{9982DAA4-A9B2-448f-9874-BCCD70E1EF38}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{72D223BE-7FB3-4ba4-A9AF-78027CB4279E} | C:\Windows\{375B8483-7473-44af-AB5C-E625E73CA48A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CC57594B-E5B5-4c75-843C-C3E83875E0DB}\stubpath = "C:\\Windows\\{CC57594B-E5B5-4c75-843C-C3E83875E0DB}.exe" | C:\Windows\{34A94B2B-6D33-471d-AB3F-7262E10CA612}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9AD91C64-63C7-47f0-A7AD-D9E9C8290985}\stubpath = "C:\\Windows\\{9AD91C64-63C7-47f0-A7AD-D9E9C8290985}.exe" | C:\Windows\{FB4B5740-6BFA-414e-B4EC-E05DE12DEDFF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{407EA85C-1635-4a9d-A23D-ECB665EC0158} | C:\Windows\{E6CD6108-5369-4d1a-AFB6-294242C2745B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{407EA85C-1635-4a9d-A23D-ECB665EC0158}\stubpath = "C:\\Windows\\{407EA85C-1635-4a9d-A23D-ECB665EC0158}.exe" | C:\Windows\{E6CD6108-5369-4d1a-AFB6-294242C2745B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7192EC37-0374-48b1-B868-459EED5B0D38}\stubpath = "C:\\Windows\\{7192EC37-0374-48b1-B868-459EED5B0D38}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-06_b6e4bf03ad7424a7337bc3edf06cf0f4_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{76B55704-CB48-486d-BA95-A6BA26ABE361} | C:\Windows\{7192EC37-0374-48b1-B868-459EED5B0D38}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CC57594B-E5B5-4c75-843C-C3E83875E0DB} | C:\Windows\{34A94B2B-6D33-471d-AB3F-7262E10CA612}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{375B8483-7473-44af-AB5C-E625E73CA48A} | C:\Windows\{9982DAA4-A9B2-448f-9874-BCCD70E1EF38}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3F9C6365-E956-474d-95D4-230628C74E49}\stubpath = "C:\\Windows\\{3F9C6365-E956-474d-95D4-230628C74E49}.exe" | C:\Windows\{CC57594B-E5B5-4c75-843C-C3E83875E0DB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{FB4B5740-6BFA-414e-B4EC-E05DE12DEDFF} | C:\Windows\{3F9C6365-E956-474d-95D4-230628C74E49}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9AD91C64-63C7-47f0-A7AD-D9E9C8290985} | C:\Windows\{FB4B5740-6BFA-414e-B4EC-E05DE12DEDFF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E6CD6108-5369-4d1a-AFB6-294242C2745B}\stubpath = "C:\\Windows\\{E6CD6108-5369-4d1a-AFB6-294242C2745B}.exe" | C:\Windows\{9AD91C64-63C7-47f0-A7AD-D9E9C8290985}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{76B55704-CB48-486d-BA95-A6BA26ABE361}\stubpath = "C:\\Windows\\{76B55704-CB48-486d-BA95-A6BA26ABE361}.exe" | C:\Windows\{7192EC37-0374-48b1-B868-459EED5B0D38}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9982DAA4-A9B2-448f-9874-BCCD70E1EF38} | C:\Windows\{76B55704-CB48-486d-BA95-A6BA26ABE361}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9982DAA4-A9B2-448f-9874-BCCD70E1EF38}\stubpath = "C:\\Windows\\{9982DAA4-A9B2-448f-9874-BCCD70E1EF38}.exe" | C:\Windows\{76B55704-CB48-486d-BA95-A6BA26ABE361}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{FB4B5740-6BFA-414e-B4EC-E05DE12DEDFF}\stubpath = "C:\\Windows\\{FB4B5740-6BFA-414e-B4EC-E05DE12DEDFF}.exe" | C:\Windows\{3F9C6365-E956-474d-95D4-230628C74E49}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E6CD6108-5369-4d1a-AFB6-294242C2745B} | C:\Windows\{9AD91C64-63C7-47f0-A7AD-D9E9C8290985}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{72D223BE-7FB3-4ba4-A9AF-78027CB4279E}\stubpath = "C:\\Windows\\{72D223BE-7FB3-4ba4-A9AF-78027CB4279E}.exe" | C:\Windows\{375B8483-7473-44af-AB5C-E625E73CA48A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{34A94B2B-6D33-471d-AB3F-7262E10CA612}\stubpath = "C:\\Windows\\{34A94B2B-6D33-471d-AB3F-7262E10CA612}.exe" | C:\Windows\{72D223BE-7FB3-4ba4-A9AF-78027CB4279E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3F9C6365-E956-474d-95D4-230628C74E49} | C:\Windows\{CC57594B-E5B5-4c75-843C-C3E83875E0DB}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{7192EC37-0374-48b1-B868-459EED5B0D38}.exe | N/A |
| N/A | N/A | C:\Windows\{76B55704-CB48-486d-BA95-A6BA26ABE361}.exe | N/A |
| N/A | N/A | C:\Windows\{9982DAA4-A9B2-448f-9874-BCCD70E1EF38}.exe | N/A |
| N/A | N/A | C:\Windows\{375B8483-7473-44af-AB5C-E625E73CA48A}.exe | N/A |
| N/A | N/A | C:\Windows\{72D223BE-7FB3-4ba4-A9AF-78027CB4279E}.exe | N/A |
| N/A | N/A | C:\Windows\{34A94B2B-6D33-471d-AB3F-7262E10CA612}.exe | N/A |
| N/A | N/A | C:\Windows\{CC57594B-E5B5-4c75-843C-C3E83875E0DB}.exe | N/A |
| N/A | N/A | C:\Windows\{3F9C6365-E956-474d-95D4-230628C74E49}.exe | N/A |
| N/A | N/A | C:\Windows\{FB4B5740-6BFA-414e-B4EC-E05DE12DEDFF}.exe | N/A |
| N/A | N/A | C:\Windows\{9AD91C64-63C7-47f0-A7AD-D9E9C8290985}.exe | N/A |
| N/A | N/A | C:\Windows\{E6CD6108-5369-4d1a-AFB6-294242C2745B}.exe | N/A |
| N/A | N/A | C:\Windows\{407EA85C-1635-4a9d-A23D-ECB665EC0158}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{CC57594B-E5B5-4c75-843C-C3E83875E0DB}.exe | C:\Windows\{34A94B2B-6D33-471d-AB3F-7262E10CA612}.exe | N/A |
| File created | C:\Windows\{3F9C6365-E956-474d-95D4-230628C74E49}.exe | C:\Windows\{CC57594B-E5B5-4c75-843C-C3E83875E0DB}.exe | N/A |
| File created | C:\Windows\{9AD91C64-63C7-47f0-A7AD-D9E9C8290985}.exe | C:\Windows\{FB4B5740-6BFA-414e-B4EC-E05DE12DEDFF}.exe | N/A |
| File created | C:\Windows\{76B55704-CB48-486d-BA95-A6BA26ABE361}.exe | C:\Windows\{7192EC37-0374-48b1-B868-459EED5B0D38}.exe | N/A |
| File created | C:\Windows\{9982DAA4-A9B2-448f-9874-BCCD70E1EF38}.exe | C:\Windows\{76B55704-CB48-486d-BA95-A6BA26ABE361}.exe | N/A |
| File created | C:\Windows\{375B8483-7473-44af-AB5C-E625E73CA48A}.exe | C:\Windows\{9982DAA4-A9B2-448f-9874-BCCD70E1EF38}.exe | N/A |
| File created | C:\Windows\{72D223BE-7FB3-4ba4-A9AF-78027CB4279E}.exe | C:\Windows\{375B8483-7473-44af-AB5C-E625E73CA48A}.exe | N/A |
| File created | C:\Windows\{34A94B2B-6D33-471d-AB3F-7262E10CA612}.exe | C:\Windows\{72D223BE-7FB3-4ba4-A9AF-78027CB4279E}.exe | N/A |
| File created | C:\Windows\{E6CD6108-5369-4d1a-AFB6-294242C2745B}.exe | C:\Windows\{9AD91C64-63C7-47f0-A7AD-D9E9C8290985}.exe | N/A |
| File created | C:\Windows\{7192EC37-0374-48b1-B868-459EED5B0D38}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-06_b6e4bf03ad7424a7337bc3edf06cf0f4_goldeneye.exe | N/A |
| File created | C:\Windows\{FB4B5740-6BFA-414e-B4EC-E05DE12DEDFF}.exe | C:\Windows\{3F9C6365-E956-474d-95D4-230628C74E49}.exe | N/A |
| File created | C:\Windows\{407EA85C-1635-4a9d-A23D-ECB665EC0158}.exe | C:\Windows\{E6CD6108-5369-4d1a-AFB6-294242C2745B}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-06_b6e4bf03ad7424a7337bc3edf06cf0f4_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-06_b6e4bf03ad7424a7337bc3edf06cf0f4_goldeneye.exe"
C:\Windows\{7192EC37-0374-48b1-B868-459EED5B0D38}.exe
C:\Windows\{7192EC37-0374-48b1-B868-459EED5B0D38}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{76B55704-CB48-486d-BA95-A6BA26ABE361}.exe
C:\Windows\{76B55704-CB48-486d-BA95-A6BA26ABE361}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7192E~1.EXE > nul
C:\Windows\{9982DAA4-A9B2-448f-9874-BCCD70E1EF38}.exe
C:\Windows\{9982DAA4-A9B2-448f-9874-BCCD70E1EF38}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{76B55~1.EXE > nul
C:\Windows\{375B8483-7473-44af-AB5C-E625E73CA48A}.exe
C:\Windows\{375B8483-7473-44af-AB5C-E625E73CA48A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9982D~1.EXE > nul
C:\Windows\{72D223BE-7FB3-4ba4-A9AF-78027CB4279E}.exe
C:\Windows\{72D223BE-7FB3-4ba4-A9AF-78027CB4279E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{375B8~1.EXE > nul
C:\Windows\{34A94B2B-6D33-471d-AB3F-7262E10CA612}.exe
C:\Windows\{34A94B2B-6D33-471d-AB3F-7262E10CA612}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{72D22~1.EXE > nul
C:\Windows\{CC57594B-E5B5-4c75-843C-C3E83875E0DB}.exe
C:\Windows\{CC57594B-E5B5-4c75-843C-C3E83875E0DB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{34A94~1.EXE > nul
C:\Windows\{3F9C6365-E956-474d-95D4-230628C74E49}.exe
C:\Windows\{3F9C6365-E956-474d-95D4-230628C74E49}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CC575~1.EXE > nul
C:\Windows\{FB4B5740-6BFA-414e-B4EC-E05DE12DEDFF}.exe
C:\Windows\{FB4B5740-6BFA-414e-B4EC-E05DE12DEDFF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3F9C6~1.EXE > nul
C:\Windows\{9AD91C64-63C7-47f0-A7AD-D9E9C8290985}.exe
C:\Windows\{9AD91C64-63C7-47f0-A7AD-D9E9C8290985}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FB4B5~1.EXE > nul
C:\Windows\{E6CD6108-5369-4d1a-AFB6-294242C2745B}.exe
C:\Windows\{E6CD6108-5369-4d1a-AFB6-294242C2745B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9AD91~1.EXE > nul
C:\Windows\{407EA85C-1635-4a9d-A23D-ECB665EC0158}.exe
C:\Windows\{407EA85C-1635-4a9d-A23D-ECB665EC0158}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E6CD6~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.179.89.13.in-addr.arpa | udp |
Files
C:\Windows\{7192EC37-0374-48b1-B868-459EED5B0D38}.exe
| MD5 | d5253172b86a76084e04e3dc98ba38f6 |
| SHA1 | 2770af1bc4c9b948036a376a944bef1728d1815d |
| SHA256 | ad269b9cec6e140f0c7d09b4ec80b6fc63754be6ade3beecb61d628dab67fead |
| SHA512 | 3ef830e2abed84990821c9fee8975fb5f9f90275a9aa7575a3f214b42a639a8f628045945c2238ae81fd8d3bce36b54eb1cc68aee3e41920542c63a03f5eaac7 |
C:\Windows\{76B55704-CB48-486d-BA95-A6BA26ABE361}.exe
| MD5 | df5339e87f7421787189d46dabd539ab |
| SHA1 | 8f1f5cd03c65274f465f2880ab46c45e62e1047b |
| SHA256 | 1a5c26ac4fa3de642f7f40b34070c379682f747f01780f86b52cdd7a0c1619a5 |
| SHA512 | 00d588ac4004220e99d986e7714170a7aabce444131f2a8f81857ce8035c2778d5ae8261ac917669fd078bf3757dbbd89aab8dde486a286dbeb3c2d73f1b57bb |
C:\Windows\{9982DAA4-A9B2-448f-9874-BCCD70E1EF38}.exe
| MD5 | f6bfef9fd71731fd56d808bcd3f951b7 |
| SHA1 | f02ac852f83e61933343d58faddd614382d44075 |
| SHA256 | 6d415d140ad8bc75e6f3a7cfa45ba4fad106f7da9a1034d8424c3f8c6cf2f277 |
| SHA512 | 27d40ba48597a635cd9d270f5b7b578f56fd216e12fe9ab26ddd13cfee363958e871cd106595957f787f5a2017b74bff44957758699ee0862a8f04a58d5cd11e |
C:\Windows\{375B8483-7473-44af-AB5C-E625E73CA48A}.exe
| MD5 | 91bee7ea56ad14ae9905801c13d39c90 |
| SHA1 | 89afa3de3668d0db77f92448f3fc15da241b5809 |
| SHA256 | 4ecb448d4e86c51395b5e443455a6b87af50b2209317649ac95d1db9fdce5c63 |
| SHA512 | a8ed1204d71d682c2d71b8eaa951bcdb53b7f9f3ed5617327d3b5ab572b64c69a794fd9a393bbe3d216b0b5aa1cb4a3e7882e6a5648ade721e1f66fcfb65c913 |
C:\Windows\{72D223BE-7FB3-4ba4-A9AF-78027CB4279E}.exe
| MD5 | 7268d4a8224eb7f5096ea8268088487a |
| SHA1 | 7d904e94079bdf0b3bcd2bde1d14093fdbb7a11a |
| SHA256 | b81f1a5fd717b0d65ec7776785e2d24b35caf7121b670552e0107578e97c39ff |
| SHA512 | 992ec7e251f9508f1623e295cc0ba9b3ad57f2c609a383f900b33af639512ecacf9877927d7432ffc35b9a1037b9a95df79daaadb4ecd2cbc434176f6f1fb7be |
C:\Windows\{34A94B2B-6D33-471d-AB3F-7262E10CA612}.exe
| MD5 | 3b604803e29cf2c2b6ef153f99495ba7 |
| SHA1 | d72e78c76d544d41faabd7ebc78275632fc54d72 |
| SHA256 | c11328443f5b281be38843c0f873d34175127fa96905b78e7b6598fb962af637 |
| SHA512 | 39306a1280f68e13ffacd4c6064c6050a6f5d881a38658975a80595a1aed7aeff97a82832a74fa2d99d696d02ed8dcdb49dde1f4c99165b8c19e835cf6170aad |
C:\Windows\{CC57594B-E5B5-4c75-843C-C3E83875E0DB}.exe
| MD5 | 9a23cc515fd5d1885a7344207f708a48 |
| SHA1 | ffab8adb6eb07619835f20042d09af5bbb23ec43 |
| SHA256 | 343bb5cacfb3fef7d54f8773f4bb45ade9e7257c562dcdad7dcec685e6224db9 |
| SHA512 | 7e368a73872984f3c708554cf6f4072c6a2969d2d14be2fb17443f865705c9b7df127f16ef8948e6ace005f31b135ece5d09d3f050c9bba96f27996a898690ef |
C:\Windows\{3F9C6365-E956-474d-95D4-230628C74E49}.exe
| MD5 | 4c60284adafded2476ef1bd18ed61ef3 |
| SHA1 | df443b451abdbb63c70fd2d4b011aa8b99fdf670 |
| SHA256 | c4ff356e86ddff612baa5d594c88ccc17d243001651c25723e583ede94c13249 |
| SHA512 | 2bc4a228a569def0a23ff5fd730d5a70a5aa64c37b20bc9d5272650ee8c66adaeb459b95c6f494306f4e49a40b3cdc37f2c073dad4313592c205a91ac949ac41 |
C:\Windows\{FB4B5740-6BFA-414e-B4EC-E05DE12DEDFF}.exe
| MD5 | 598d5f931c12dc13c18bc0026ab8e3ad |
| SHA1 | 2d99014764d5e1042d60718d8871768c093dea24 |
| SHA256 | cf100aacf2428f5476fa5f3413e703d048c6a1e91c45e4d6ec694eddeafee21c |
| SHA512 | cc89ceb50f68a5e6ba6d34d4e8335049d42feab587dac50778a0520d3afb1b5490442fdccbe4a5b6240a7613d3dfa01c9a4165e84218b125fe747b40eba19312 |
C:\Windows\{9AD91C64-63C7-47f0-A7AD-D9E9C8290985}.exe
| MD5 | d0af6a6d4b60c886b49e04e89cfbab4f |
| SHA1 | 84117911f928c5629eb40f262a7d24f8bd99a155 |
| SHA256 | 97a959e3b0224380b6d0c5cca1dba5df8cbe63555ddda210cb64350aec8beac2 |
| SHA512 | 7308eecc2770fcb21f435cd96f7ad63332ade43f9fd583248728c79e0b13ef3cd6cd2f6e2ad699c7186e81951d16a0e1caf7c46af9780dad0f174f660848c9ae |
C:\Windows\{E6CD6108-5369-4d1a-AFB6-294242C2745B}.exe
| MD5 | f711d845659a1a7aef7c64d212f1bad4 |
| SHA1 | a016425f29df206706d40d4dcc3b60cf904ddd0d |
| SHA256 | 4d7f84b4a10ad540d60439b77d3ce10a6b09b33f1ac0e25e400d88e8cd1ca814 |
| SHA512 | 7fd13ac88fe556c0ab701bc9185d507ab54de4b68ca4644a9b5931ecd3b4c0a21830fceb30f42b550cd776561669467865c707c560dd15eedf29bf30e6c800b8 |
C:\Windows\{407EA85C-1635-4a9d-A23D-ECB665EC0158}.exe
| MD5 | 0877e400386f39c4d6c9076d164acd05 |
| SHA1 | 1b955ee2452e71d4dc78f65d4b5bfc8f72755e8b |
| SHA256 | da8e4b448a70d6d8f489d01d65cac3aded6cb50d961523abdb5b3ed4f55ba428 |
| SHA512 | af12e956d54b5c3e9834a8958fb08c21eadcf338161b56394c88a3608c2b54eb7165a863d85939670755820e2224ee3b9781e604d089f91cb94ad2b5656feb5e |