Analysis Overview
SHA256
dcd40847a9c5b28a3c737f245c6cca76fde0ae1d55b9552a84c38d8d9e020f20
Threat Level: Known bad
The file 2024-04-06_baacb51cfc744596fc87e7895d866fa7_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Executes dropped EXE
Deletes itself
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 21:50
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 21:50
Reported
2024-04-06 21:52
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A991EB8E-EF7A-456c-918F-002769D75A0B}\stubpath = "C:\\Windows\\{A991EB8E-EF7A-456c-918F-002769D75A0B}.exe" | C:\Windows\{27266D31-0FE2-477b-9837-E267A221C852}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DA6482E5-71A6-45fc-84A9-7FC5642C7002} | C:\Users\Admin\AppData\Local\Temp\2024-04-06_baacb51cfc744596fc87e7895d866fa7_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{17095BDF-038D-4370-9131-EF6E168BA25C} | C:\Windows\{DA6482E5-71A6-45fc-84A9-7FC5642C7002}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3A4BFA3C-3045-4160-8C30-30F6012EF89A} | C:\Windows\{17095BDF-038D-4370-9131-EF6E168BA25C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5104B4B5-D493-4bf3-99D7-ECECFD4C4A41} | C:\Windows\{72797662-1C6B-40f2-A9E0-576DA821CA6D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{283D5F0B-0B65-46b5-9419-892C88A95EF1} | C:\Windows\{5104B4B5-D493-4bf3-99D7-ECECFD4C4A41}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{283D5F0B-0B65-46b5-9419-892C88A95EF1}\stubpath = "C:\\Windows\\{283D5F0B-0B65-46b5-9419-892C88A95EF1}.exe" | C:\Windows\{5104B4B5-D493-4bf3-99D7-ECECFD4C4A41}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{27266D31-0FE2-477b-9837-E267A221C852} | C:\Windows\{283D5F0B-0B65-46b5-9419-892C88A95EF1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{28B1895D-BB0E-4327-A414-491EDABD057F} | C:\Windows\{07C730D9-B377-4598-99E2-07B3A75C27BA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{28B1895D-BB0E-4327-A414-491EDABD057F}\stubpath = "C:\\Windows\\{28B1895D-BB0E-4327-A414-491EDABD057F}.exe" | C:\Windows\{07C730D9-B377-4598-99E2-07B3A75C27BA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6D958B0B-4851-47bd-8402-FCA2FA3FF8D8}\stubpath = "C:\\Windows\\{6D958B0B-4851-47bd-8402-FCA2FA3FF8D8}.exe" | C:\Windows\{28B1895D-BB0E-4327-A414-491EDABD057F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{10D8BD04-138E-4855-9DB4-2B5E8D3CAA14} | C:\Windows\{6D958B0B-4851-47bd-8402-FCA2FA3FF8D8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{72797662-1C6B-40f2-A9E0-576DA821CA6D}\stubpath = "C:\\Windows\\{72797662-1C6B-40f2-A9E0-576DA821CA6D}.exe" | C:\Windows\{10D8BD04-138E-4855-9DB4-2B5E8D3CAA14}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5104B4B5-D493-4bf3-99D7-ECECFD4C4A41}\stubpath = "C:\\Windows\\{5104B4B5-D493-4bf3-99D7-ECECFD4C4A41}.exe" | C:\Windows\{72797662-1C6B-40f2-A9E0-576DA821CA6D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07C730D9-B377-4598-99E2-07B3A75C27BA} | C:\Windows\{3A4BFA3C-3045-4160-8C30-30F6012EF89A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{10D8BD04-138E-4855-9DB4-2B5E8D3CAA14}\stubpath = "C:\\Windows\\{10D8BD04-138E-4855-9DB4-2B5E8D3CAA14}.exe" | C:\Windows\{6D958B0B-4851-47bd-8402-FCA2FA3FF8D8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{27266D31-0FE2-477b-9837-E267A221C852}\stubpath = "C:\\Windows\\{27266D31-0FE2-477b-9837-E267A221C852}.exe" | C:\Windows\{283D5F0B-0B65-46b5-9419-892C88A95EF1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A991EB8E-EF7A-456c-918F-002769D75A0B} | C:\Windows\{27266D31-0FE2-477b-9837-E267A221C852}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DA6482E5-71A6-45fc-84A9-7FC5642C7002}\stubpath = "C:\\Windows\\{DA6482E5-71A6-45fc-84A9-7FC5642C7002}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-06_baacb51cfc744596fc87e7895d866fa7_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{17095BDF-038D-4370-9131-EF6E168BA25C}\stubpath = "C:\\Windows\\{17095BDF-038D-4370-9131-EF6E168BA25C}.exe" | C:\Windows\{DA6482E5-71A6-45fc-84A9-7FC5642C7002}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3A4BFA3C-3045-4160-8C30-30F6012EF89A}\stubpath = "C:\\Windows\\{3A4BFA3C-3045-4160-8C30-30F6012EF89A}.exe" | C:\Windows\{17095BDF-038D-4370-9131-EF6E168BA25C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07C730D9-B377-4598-99E2-07B3A75C27BA}\stubpath = "C:\\Windows\\{07C730D9-B377-4598-99E2-07B3A75C27BA}.exe" | C:\Windows\{3A4BFA3C-3045-4160-8C30-30F6012EF89A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6D958B0B-4851-47bd-8402-FCA2FA3FF8D8} | C:\Windows\{28B1895D-BB0E-4327-A414-491EDABD057F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{72797662-1C6B-40f2-A9E0-576DA821CA6D} | C:\Windows\{10D8BD04-138E-4855-9DB4-2B5E8D3CAA14}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{DA6482E5-71A6-45fc-84A9-7FC5642C7002}.exe | N/A |
| N/A | N/A | C:\Windows\{17095BDF-038D-4370-9131-EF6E168BA25C}.exe | N/A |
| N/A | N/A | C:\Windows\{3A4BFA3C-3045-4160-8C30-30F6012EF89A}.exe | N/A |
| N/A | N/A | C:\Windows\{07C730D9-B377-4598-99E2-07B3A75C27BA}.exe | N/A |
| N/A | N/A | C:\Windows\{28B1895D-BB0E-4327-A414-491EDABD057F}.exe | N/A |
| N/A | N/A | C:\Windows\{6D958B0B-4851-47bd-8402-FCA2FA3FF8D8}.exe | N/A |
| N/A | N/A | C:\Windows\{10D8BD04-138E-4855-9DB4-2B5E8D3CAA14}.exe | N/A |
| N/A | N/A | C:\Windows\{72797662-1C6B-40f2-A9E0-576DA821CA6D}.exe | N/A |
| N/A | N/A | C:\Windows\{5104B4B5-D493-4bf3-99D7-ECECFD4C4A41}.exe | N/A |
| N/A | N/A | C:\Windows\{283D5F0B-0B65-46b5-9419-892C88A95EF1}.exe | N/A |
| N/A | N/A | C:\Windows\{27266D31-0FE2-477b-9837-E267A221C852}.exe | N/A |
| N/A | N/A | C:\Windows\{A991EB8E-EF7A-456c-918F-002769D75A0B}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{10D8BD04-138E-4855-9DB4-2B5E8D3CAA14}.exe | C:\Windows\{6D958B0B-4851-47bd-8402-FCA2FA3FF8D8}.exe | N/A |
| File created | C:\Windows\{17095BDF-038D-4370-9131-EF6E168BA25C}.exe | C:\Windows\{DA6482E5-71A6-45fc-84A9-7FC5642C7002}.exe | N/A |
| File created | C:\Windows\{3A4BFA3C-3045-4160-8C30-30F6012EF89A}.exe | C:\Windows\{17095BDF-038D-4370-9131-EF6E168BA25C}.exe | N/A |
| File created | C:\Windows\{6D958B0B-4851-47bd-8402-FCA2FA3FF8D8}.exe | C:\Windows\{28B1895D-BB0E-4327-A414-491EDABD057F}.exe | N/A |
| File created | C:\Windows\{72797662-1C6B-40f2-A9E0-576DA821CA6D}.exe | C:\Windows\{10D8BD04-138E-4855-9DB4-2B5E8D3CAA14}.exe | N/A |
| File created | C:\Windows\{5104B4B5-D493-4bf3-99D7-ECECFD4C4A41}.exe | C:\Windows\{72797662-1C6B-40f2-A9E0-576DA821CA6D}.exe | N/A |
| File created | C:\Windows\{283D5F0B-0B65-46b5-9419-892C88A95EF1}.exe | C:\Windows\{5104B4B5-D493-4bf3-99D7-ECECFD4C4A41}.exe | N/A |
| File created | C:\Windows\{27266D31-0FE2-477b-9837-E267A221C852}.exe | C:\Windows\{283D5F0B-0B65-46b5-9419-892C88A95EF1}.exe | N/A |
| File created | C:\Windows\{A991EB8E-EF7A-456c-918F-002769D75A0B}.exe | C:\Windows\{27266D31-0FE2-477b-9837-E267A221C852}.exe | N/A |
| File created | C:\Windows\{DA6482E5-71A6-45fc-84A9-7FC5642C7002}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-06_baacb51cfc744596fc87e7895d866fa7_goldeneye.exe | N/A |
| File created | C:\Windows\{07C730D9-B377-4598-99E2-07B3A75C27BA}.exe | C:\Windows\{3A4BFA3C-3045-4160-8C30-30F6012EF89A}.exe | N/A |
| File created | C:\Windows\{28B1895D-BB0E-4327-A414-491EDABD057F}.exe | C:\Windows\{07C730D9-B377-4598-99E2-07B3A75C27BA}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-06_baacb51cfc744596fc87e7895d866fa7_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-06_baacb51cfc744596fc87e7895d866fa7_goldeneye.exe"
C:\Windows\{DA6482E5-71A6-45fc-84A9-7FC5642C7002}.exe
C:\Windows\{DA6482E5-71A6-45fc-84A9-7FC5642C7002}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{17095BDF-038D-4370-9131-EF6E168BA25C}.exe
C:\Windows\{17095BDF-038D-4370-9131-EF6E168BA25C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{DA648~1.EXE > nul
C:\Windows\{3A4BFA3C-3045-4160-8C30-30F6012EF89A}.exe
C:\Windows\{3A4BFA3C-3045-4160-8C30-30F6012EF89A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{17095~1.EXE > nul
C:\Windows\{07C730D9-B377-4598-99E2-07B3A75C27BA}.exe
C:\Windows\{07C730D9-B377-4598-99E2-07B3A75C27BA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3A4BF~1.EXE > nul
C:\Windows\{28B1895D-BB0E-4327-A414-491EDABD057F}.exe
C:\Windows\{28B1895D-BB0E-4327-A414-491EDABD057F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{07C73~1.EXE > nul
C:\Windows\{6D958B0B-4851-47bd-8402-FCA2FA3FF8D8}.exe
C:\Windows\{6D958B0B-4851-47bd-8402-FCA2FA3FF8D8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{28B18~1.EXE > nul
C:\Windows\{10D8BD04-138E-4855-9DB4-2B5E8D3CAA14}.exe
C:\Windows\{10D8BD04-138E-4855-9DB4-2B5E8D3CAA14}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6D958~1.EXE > nul
C:\Windows\{72797662-1C6B-40f2-A9E0-576DA821CA6D}.exe
C:\Windows\{72797662-1C6B-40f2-A9E0-576DA821CA6D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{10D8B~1.EXE > nul
C:\Windows\{5104B4B5-D493-4bf3-99D7-ECECFD4C4A41}.exe
C:\Windows\{5104B4B5-D493-4bf3-99D7-ECECFD4C4A41}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{72797~1.EXE > nul
C:\Windows\{283D5F0B-0B65-46b5-9419-892C88A95EF1}.exe
C:\Windows\{283D5F0B-0B65-46b5-9419-892C88A95EF1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5104B~1.EXE > nul
C:\Windows\{27266D31-0FE2-477b-9837-E267A221C852}.exe
C:\Windows\{27266D31-0FE2-477b-9837-E267A221C852}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{283D5~1.EXE > nul
C:\Windows\{A991EB8E-EF7A-456c-918F-002769D75A0B}.exe
C:\Windows\{A991EB8E-EF7A-456c-918F-002769D75A0B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{27266~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Windows\{DA6482E5-71A6-45fc-84A9-7FC5642C7002}.exe
| MD5 | 3da43fc55a53df731c4d652702b042ac |
| SHA1 | d84c482c495b44850fa64edd16d02b7b7c317a54 |
| SHA256 | 1bd71534a7154ced989bd0937203b6789750068f47737aef7e8a5cfa67a1c484 |
| SHA512 | 5521cbc201c12a7a2678f61edea0577636cf2799029f28ed1ccecba3175b0943ad39000acfdc917c6b82083e11adefa0fb6f6ecd51918b33e0f73d5f1d2ce6c6 |
C:\Windows\{17095BDF-038D-4370-9131-EF6E168BA25C}.exe
| MD5 | 40bd8b99c0eaac006802f5347008f1f0 |
| SHA1 | 23baf5f288b77fa87f08aead993e4a0917d6c2bc |
| SHA256 | d6c9084606402ca600c2a2015ece42a0c9f52270fb2f3ae30b0996a0084b5e13 |
| SHA512 | 5abac55fa45df8ec1412700fb479e1c93b179debd15ae9ba7e59f646efd3b038c70c0838447f25f8e8eae4cd965481743e1858e13050dec5598599d1e2dae34f |
C:\Windows\{3A4BFA3C-3045-4160-8C30-30F6012EF89A}.exe
| MD5 | 45ccd188a5928f0c54bc33c36eeaa446 |
| SHA1 | 956c52b3b399a1e7eec4d047f26f3611d103d2fc |
| SHA256 | 8521b63e7aa3a69eb0bde9c0d0dc8cc6a4beea446a9e5fc14b9d488135904719 |
| SHA512 | b962cd40f59347521e2af0d9cb0e8a547b41ab29f858c2b07d6ca084b3d9813528d0503996d3ea5770180461872f47e971f141de48fa4115b078776a2024f748 |
C:\Windows\{07C730D9-B377-4598-99E2-07B3A75C27BA}.exe
| MD5 | 250df096325155ac05d73945497adc49 |
| SHA1 | 2465dfbc69982263b02cbf4f2c509ca637a2e505 |
| SHA256 | 77dc56f5e16177c418492f2887a04e554d20bcec02e3305a695283d28b2c8afb |
| SHA512 | 93e4126d037b5898d2dfb5c8cf427bf3211e719f49b7738e7e241ae195c48207bac887ee2d146b10a1699910ef6045647854910127c010dbd220519474f9e481 |
C:\Windows\{28B1895D-BB0E-4327-A414-491EDABD057F}.exe
| MD5 | 28ed67a14d09941b451f80320efd54e9 |
| SHA1 | adddba7259efe7b14fc9c3e0e0c94d3871dd4f0e |
| SHA256 | edab4cbf821f7bc14a69be402507205e48bdc0af71444871b9d8a1c9a97e23f8 |
| SHA512 | 262936ab080172ae00766dded1fc5fac00b3359a259ef5be2e14f5bcf8490b68479d6a0b02355252fe62e2bb38616a70943cfea532b9e682d8ba2d903bd3ed51 |
C:\Windows\{6D958B0B-4851-47bd-8402-FCA2FA3FF8D8}.exe
| MD5 | 9b94e7fa35c49dda0acccec383e18bea |
| SHA1 | afe19229fe9e00a25323c908357e22eaa3720086 |
| SHA256 | 9bd192f31da2dce2e36d821f133e93c6d9d725cdce460fc866e8bfe49702d4e7 |
| SHA512 | 2c7ac4dc7eaaae89f2d2b2cfa90c1948261335bcc2995685452018e3c7f5fe0f78e828371d31e6b44873bcf644cd47ab5690ce58a96f3791f9a0494e5c4456da |
C:\Windows\{10D8BD04-138E-4855-9DB4-2B5E8D3CAA14}.exe
| MD5 | 085910de75371c307d3d7d399fcedff5 |
| SHA1 | 2d671bb10db9deec20487114cfc151c1cb57e79a |
| SHA256 | 9efc0f657d615da3670327d69d0538541c90bf4f369c6e6d92676b7b57ce8405 |
| SHA512 | a2697bc17d475d505728e318c319aebc4c98ad098d2161c2b8bc31e3c6ec6b0dda35fc0be215216c8690272b4acb7f72948190751134d7cb0fabbdd6dcdab3c2 |
C:\Windows\{72797662-1C6B-40f2-A9E0-576DA821CA6D}.exe
| MD5 | 60314c152d3be7e705d2bde6451590f0 |
| SHA1 | bc25168d3f3b31a6c115ed26706cd082dc0c09cc |
| SHA256 | 1002866ffd1a36ea586028a6db9b8957aad44be22777c5b7ebcc07dec9a8a2bf |
| SHA512 | 147f87faaf1e7147b809104de14bfc7348341257817eab5158631ae7881f57f53e54b2eb59ca66c4f78ca4ecdb2358e61d58e30c8344676ad7df5be2b56165a1 |
C:\Windows\{5104B4B5-D493-4bf3-99D7-ECECFD4C4A41}.exe
| MD5 | 114478b868a431f13cf1ba866621aad9 |
| SHA1 | 7dfe79c944a35be5bdd6adfa965b62e42ef3e08d |
| SHA256 | f9b3961f98b4f35717ffd6a617ea139c481fe5f59d1f6660825598894552bd2d |
| SHA512 | 01d3f7562e36c5cce1a726fa53d2e7969125784c3ca1d58c6c9d60bab440c956ce02572676003d9efa39e5565793b22a4d34617b750a225accdfa8eafb73d299 |
C:\Windows\{283D5F0B-0B65-46b5-9419-892C88A95EF1}.exe
| MD5 | d4350b74f7a70ff762bcc555f5706950 |
| SHA1 | 3b9cf345bd42febdd9c8bf890afe865c93bcaa26 |
| SHA256 | 51c519a676840b0898b5af8ebef9aea97f4971ae6bda157931b13ee9d7fd5df0 |
| SHA512 | 6d18f9dc865a00e6bdbb816fc9ea4d2fea7b0c06959da7f9ab98ab83985aed1242e0ccbb2f2fb730406e2267f425dff3a77e038f36fe71d2d6dbde6e67d1990f |
C:\Windows\{27266D31-0FE2-477b-9837-E267A221C852}.exe
| MD5 | 739a72a2a1c42a3ae9482cb19dafef62 |
| SHA1 | 2c4214f3faf189e3c5ea2fba01da7d2157737448 |
| SHA256 | 8d7decc1c29173520c2345acbebc6970ff7134b4cdcce72ccb7ca20d6488bf35 |
| SHA512 | 5ae3f39ecb5fcffde13798f12702193acb146d9d0aee92a55218887429475240123ee3429c9727645ba65fc0fc1da6d29c52bcf9839a00f88fd4351b6a58f102 |
C:\Windows\{A991EB8E-EF7A-456c-918F-002769D75A0B}.exe
| MD5 | 95e918120c50e99b981308b5f57222da |
| SHA1 | 8d01f465b211d3bb11f535950e962e01f26b041f |
| SHA256 | e1be01c8a58eff2ecc5ab35f56decb3a344deb028d1d6c2e3b1d2b8f364e8ed5 |
| SHA512 | 652c92ec046b454f25a4fabf95e71241608ee8db018f997826e7e559a864b43a684d42608473147d0440299b733d2e9c21957c1e81ffef4e65daa87bea4c2992 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 21:50
Reported
2024-04-06 21:52
Platform
win7-20240220-en
Max time kernel
144s
Max time network
120s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CE712C21-7F24-424f-A88D-3AE1F5624142} | C:\Users\Admin\AppData\Local\Temp\2024-04-06_baacb51cfc744596fc87e7895d866fa7_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1EA2D188-4A53-4b21-84C2-0D1DDC02CF8E} | C:\Windows\{4BAFA134-06C4-4bb3-9460-B262F3A9A32A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4077E545-4790-493f-B642-EFB5BE2E27C1}\stubpath = "C:\\Windows\\{4077E545-4790-493f-B642-EFB5BE2E27C1}.exe" | C:\Windows\{4F6546BD-3889-4c3d-B7E6-49EDE3BA0017}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A5F1D0CE-6DBF-4ba1-B81C-55B46AD88652}\stubpath = "C:\\Windows\\{A5F1D0CE-6DBF-4ba1-B81C-55B46AD88652}.exe" | C:\Windows\{EAC99EBD-C729-4caf-B3E2-4A4F47666AFB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CE712C21-7F24-424f-A88D-3AE1F5624142}\stubpath = "C:\\Windows\\{CE712C21-7F24-424f-A88D-3AE1F5624142}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-06_baacb51cfc744596fc87e7895d866fa7_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{746B09E6-05D9-4caa-BCA3-B065BA3CAB29}\stubpath = "C:\\Windows\\{746B09E6-05D9-4caa-BCA3-B065BA3CAB29}.exe" | C:\Windows\{1EA2D188-4A53-4b21-84C2-0D1DDC02CF8E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AC47F080-8A79-4cba-BD26-760B7D06DFBE}\stubpath = "C:\\Windows\\{AC47F080-8A79-4cba-BD26-760B7D06DFBE}.exe" | C:\Windows\{746B09E6-05D9-4caa-BCA3-B065BA3CAB29}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4077E545-4790-493f-B642-EFB5BE2E27C1} | C:\Windows\{4F6546BD-3889-4c3d-B7E6-49EDE3BA0017}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EAC99EBD-C729-4caf-B3E2-4A4F47666AFB} | C:\Windows\{4077E545-4790-493f-B642-EFB5BE2E27C1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AA6C2D9C-1FBE-46a3-BA81-E7BCB9DE6AA7}\stubpath = "C:\\Windows\\{AA6C2D9C-1FBE-46a3-BA81-E7BCB9DE6AA7}.exe" | C:\Windows\{1AA6F3AA-3911-41bc-A5B5-ED6C26CBE138}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1AA6F3AA-3911-41bc-A5B5-ED6C26CBE138} | C:\Windows\{A5F1D0CE-6DBF-4ba1-B81C-55B46AD88652}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1AA6F3AA-3911-41bc-A5B5-ED6C26CBE138}\stubpath = "C:\\Windows\\{1AA6F3AA-3911-41bc-A5B5-ED6C26CBE138}.exe" | C:\Windows\{A5F1D0CE-6DBF-4ba1-B81C-55B46AD88652}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4BAFA134-06C4-4bb3-9460-B262F3A9A32A}\stubpath = "C:\\Windows\\{4BAFA134-06C4-4bb3-9460-B262F3A9A32A}.exe" | C:\Windows\{CE712C21-7F24-424f-A88D-3AE1F5624142}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{746B09E6-05D9-4caa-BCA3-B065BA3CAB29} | C:\Windows\{1EA2D188-4A53-4b21-84C2-0D1DDC02CF8E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AC47F080-8A79-4cba-BD26-760B7D06DFBE} | C:\Windows\{746B09E6-05D9-4caa-BCA3-B065BA3CAB29}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4F6546BD-3889-4c3d-B7E6-49EDE3BA0017} | C:\Windows\{AC47F080-8A79-4cba-BD26-760B7D06DFBE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4F6546BD-3889-4c3d-B7E6-49EDE3BA0017}\stubpath = "C:\\Windows\\{4F6546BD-3889-4c3d-B7E6-49EDE3BA0017}.exe" | C:\Windows\{AC47F080-8A79-4cba-BD26-760B7D06DFBE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EAC99EBD-C729-4caf-B3E2-4A4F47666AFB}\stubpath = "C:\\Windows\\{EAC99EBD-C729-4caf-B3E2-4A4F47666AFB}.exe" | C:\Windows\{4077E545-4790-493f-B642-EFB5BE2E27C1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4BAFA134-06C4-4bb3-9460-B262F3A9A32A} | C:\Windows\{CE712C21-7F24-424f-A88D-3AE1F5624142}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1EA2D188-4A53-4b21-84C2-0D1DDC02CF8E}\stubpath = "C:\\Windows\\{1EA2D188-4A53-4b21-84C2-0D1DDC02CF8E}.exe" | C:\Windows\{4BAFA134-06C4-4bb3-9460-B262F3A9A32A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A5F1D0CE-6DBF-4ba1-B81C-55B46AD88652} | C:\Windows\{EAC99EBD-C729-4caf-B3E2-4A4F47666AFB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AA6C2D9C-1FBE-46a3-BA81-E7BCB9DE6AA7} | C:\Windows\{1AA6F3AA-3911-41bc-A5B5-ED6C26CBE138}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{CE712C21-7F24-424f-A88D-3AE1F5624142}.exe | N/A |
| N/A | N/A | C:\Windows\{4BAFA134-06C4-4bb3-9460-B262F3A9A32A}.exe | N/A |
| N/A | N/A | C:\Windows\{1EA2D188-4A53-4b21-84C2-0D1DDC02CF8E}.exe | N/A |
| N/A | N/A | C:\Windows\{746B09E6-05D9-4caa-BCA3-B065BA3CAB29}.exe | N/A |
| N/A | N/A | C:\Windows\{AC47F080-8A79-4cba-BD26-760B7D06DFBE}.exe | N/A |
| N/A | N/A | C:\Windows\{4F6546BD-3889-4c3d-B7E6-49EDE3BA0017}.exe | N/A |
| N/A | N/A | C:\Windows\{4077E545-4790-493f-B642-EFB5BE2E27C1}.exe | N/A |
| N/A | N/A | C:\Windows\{EAC99EBD-C729-4caf-B3E2-4A4F47666AFB}.exe | N/A |
| N/A | N/A | C:\Windows\{A5F1D0CE-6DBF-4ba1-B81C-55B46AD88652}.exe | N/A |
| N/A | N/A | C:\Windows\{1AA6F3AA-3911-41bc-A5B5-ED6C26CBE138}.exe | N/A |
| N/A | N/A | C:\Windows\{AA6C2D9C-1FBE-46a3-BA81-E7BCB9DE6AA7}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{EAC99EBD-C729-4caf-B3E2-4A4F47666AFB}.exe | C:\Windows\{4077E545-4790-493f-B642-EFB5BE2E27C1}.exe | N/A |
| File created | C:\Windows\{A5F1D0CE-6DBF-4ba1-B81C-55B46AD88652}.exe | C:\Windows\{EAC99EBD-C729-4caf-B3E2-4A4F47666AFB}.exe | N/A |
| File created | C:\Windows\{1AA6F3AA-3911-41bc-A5B5-ED6C26CBE138}.exe | C:\Windows\{A5F1D0CE-6DBF-4ba1-B81C-55B46AD88652}.exe | N/A |
| File created | C:\Windows\{AA6C2D9C-1FBE-46a3-BA81-E7BCB9DE6AA7}.exe | C:\Windows\{1AA6F3AA-3911-41bc-A5B5-ED6C26CBE138}.exe | N/A |
| File created | C:\Windows\{4077E545-4790-493f-B642-EFB5BE2E27C1}.exe | C:\Windows\{4F6546BD-3889-4c3d-B7E6-49EDE3BA0017}.exe | N/A |
| File created | C:\Windows\{4BAFA134-06C4-4bb3-9460-B262F3A9A32A}.exe | C:\Windows\{CE712C21-7F24-424f-A88D-3AE1F5624142}.exe | N/A |
| File created | C:\Windows\{1EA2D188-4A53-4b21-84C2-0D1DDC02CF8E}.exe | C:\Windows\{4BAFA134-06C4-4bb3-9460-B262F3A9A32A}.exe | N/A |
| File created | C:\Windows\{746B09E6-05D9-4caa-BCA3-B065BA3CAB29}.exe | C:\Windows\{1EA2D188-4A53-4b21-84C2-0D1DDC02CF8E}.exe | N/A |
| File created | C:\Windows\{AC47F080-8A79-4cba-BD26-760B7D06DFBE}.exe | C:\Windows\{746B09E6-05D9-4caa-BCA3-B065BA3CAB29}.exe | N/A |
| File created | C:\Windows\{4F6546BD-3889-4c3d-B7E6-49EDE3BA0017}.exe | C:\Windows\{AC47F080-8A79-4cba-BD26-760B7D06DFBE}.exe | N/A |
| File created | C:\Windows\{CE712C21-7F24-424f-A88D-3AE1F5624142}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-06_baacb51cfc744596fc87e7895d866fa7_goldeneye.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-06_baacb51cfc744596fc87e7895d866fa7_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-06_baacb51cfc744596fc87e7895d866fa7_goldeneye.exe"
C:\Windows\{CE712C21-7F24-424f-A88D-3AE1F5624142}.exe
C:\Windows\{CE712C21-7F24-424f-A88D-3AE1F5624142}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{4BAFA134-06C4-4bb3-9460-B262F3A9A32A}.exe
C:\Windows\{4BAFA134-06C4-4bb3-9460-B262F3A9A32A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CE712~1.EXE > nul
C:\Windows\{1EA2D188-4A53-4b21-84C2-0D1DDC02CF8E}.exe
C:\Windows\{1EA2D188-4A53-4b21-84C2-0D1DDC02CF8E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4BAFA~1.EXE > nul
C:\Windows\{746B09E6-05D9-4caa-BCA3-B065BA3CAB29}.exe
C:\Windows\{746B09E6-05D9-4caa-BCA3-B065BA3CAB29}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1EA2D~1.EXE > nul
C:\Windows\{AC47F080-8A79-4cba-BD26-760B7D06DFBE}.exe
C:\Windows\{AC47F080-8A79-4cba-BD26-760B7D06DFBE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{746B0~1.EXE > nul
C:\Windows\{4F6546BD-3889-4c3d-B7E6-49EDE3BA0017}.exe
C:\Windows\{4F6546BD-3889-4c3d-B7E6-49EDE3BA0017}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{AC47F~1.EXE > nul
C:\Windows\{4077E545-4790-493f-B642-EFB5BE2E27C1}.exe
C:\Windows\{4077E545-4790-493f-B642-EFB5BE2E27C1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4F654~1.EXE > nul
C:\Windows\{EAC99EBD-C729-4caf-B3E2-4A4F47666AFB}.exe
C:\Windows\{EAC99EBD-C729-4caf-B3E2-4A4F47666AFB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4077E~1.EXE > nul
C:\Windows\{A5F1D0CE-6DBF-4ba1-B81C-55B46AD88652}.exe
C:\Windows\{A5F1D0CE-6DBF-4ba1-B81C-55B46AD88652}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EAC99~1.EXE > nul
C:\Windows\{1AA6F3AA-3911-41bc-A5B5-ED6C26CBE138}.exe
C:\Windows\{1AA6F3AA-3911-41bc-A5B5-ED6C26CBE138}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A5F1D~1.EXE > nul
C:\Windows\{AA6C2D9C-1FBE-46a3-BA81-E7BCB9DE6AA7}.exe
C:\Windows\{AA6C2D9C-1FBE-46a3-BA81-E7BCB9DE6AA7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1AA6F~1.EXE > nul
Network
Files
C:\Windows\{CE712C21-7F24-424f-A88D-3AE1F5624142}.exe
| MD5 | e84bde898e8004cd1ad4412f2883def4 |
| SHA1 | 8f70e45d7ef4e590c67ed408363367720ca30b3d |
| SHA256 | da51a59c2372706cedcfc360616cdde86381f25e41057bf5cf2dc173a399e44b |
| SHA512 | 5aedb7c08f20395f97b3a3d14489e70f26d4076a3fce3d3b9f82511890c261f7606ffd82808b148abfa50f1c094dbc6aba2f599e4c87b15d7cba44ed796ff94c |
C:\Windows\{4BAFA134-06C4-4bb3-9460-B262F3A9A32A}.exe
| MD5 | b9f56cb40c6ac59511f12a455bf6d0e0 |
| SHA1 | d9d958f0dd20eac602295823de4231f07bd58449 |
| SHA256 | 8661586dc3ab7532d76d7b412019c09fbc210fc74b6cf0fefe8e31a738d767c7 |
| SHA512 | b41e174f9534c58882b11e75f272c810edd6d6c2796f84a4d35a303dcf5f4d07c8cc7c55482c3d209bb6d21c7b256fa013f311e64a4898d404c3b75f74b8a28b |
C:\Windows\{1EA2D188-4A53-4b21-84C2-0D1DDC02CF8E}.exe
| MD5 | 56bcd1079b7750baed3f19f5a0482915 |
| SHA1 | 3281dd9e94ad37b0d0863ff8fbbbfd7b230e4a9c |
| SHA256 | 50e3c37e994169e3df25173ab60d8483e9f1d799bb9000fa4596cfceefbb8571 |
| SHA512 | 64195a3a690926d01afd4f2d1616f20bb7de754b698491a8d4832001bfaa4b596ce1dadd545f647cd896c8114cffd66f0583ffa05e2d9d6da0ce598cc708fa78 |
C:\Windows\{746B09E6-05D9-4caa-BCA3-B065BA3CAB29}.exe
| MD5 | 2e053bd860fc883982644aa3206d0b2e |
| SHA1 | bea56fe7dbc1eaff203ea8623c439ce9e3644591 |
| SHA256 | 33f0d714215ae25c911cd943502338929594afd6912081458157db7a0b0d18ff |
| SHA512 | 556af88920d045d51e3be3d61894ab3cf54fce454eb297dd3494e09febfd7936c02e2a351e26981e122f1dc35ae43d25145eb462d13886accaac7103166fde35 |
C:\Windows\{AC47F080-8A79-4cba-BD26-760B7D06DFBE}.exe
| MD5 | 6d02d4a10180eebebaa9b8da1f0184bc |
| SHA1 | 474ec5f0e5e577e383289e56cbd36a50349bf6fd |
| SHA256 | aeaf964d60d69217a04b83131e751fe8dec37330b89c875dfec56cdb76262e9c |
| SHA512 | a424145364ce5fb93b01fb10518cf7dc983870fea1a860fd9081a572ac188c813a5e6478a930d0bb322e47459eea1a3e84da132bc8a737c8daa08c08f3c876ac |
C:\Windows\{4F6546BD-3889-4c3d-B7E6-49EDE3BA0017}.exe
| MD5 | 52ea9b806996029fa7a1c313a0267257 |
| SHA1 | cef4671beca34ae24caf712ed45e470166be763b |
| SHA256 | a7120767a6b08fb79da58811c38af959c35ae34becf90e7cd14cad9b3a94fb9e |
| SHA512 | 104d1d4958b82f15b30ac40b3f639e481bdc58b280910800bd8576f142b6704311b21a4c4f082f9173ebb942dc2feea31b0c59020b76986eac13838d86c03d99 |
C:\Windows\{4077E545-4790-493f-B642-EFB5BE2E27C1}.exe
| MD5 | a16524340df7e84c39886b13b33808b4 |
| SHA1 | feefdefbb45aedcceff2ee276c61354374f9e65e |
| SHA256 | 10beaf8b80598118c500c5c2e17d204af3e84103adb45284b49bf2e9ad307f71 |
| SHA512 | e56393bc79af9fe4dcca57cd9e19acdee1baa27ed75a48f1d1e6c54487ea5587cb5c21029f2b04e976d8c53daa6a54a09367c1a2a62db40f6fc2e78dbbec7e94 |
C:\Windows\{EAC99EBD-C729-4caf-B3E2-4A4F47666AFB}.exe
| MD5 | b6057e9aa2fa75932d4d884ca6723df2 |
| SHA1 | d3970b42e09263ddbf4d8f0c1dabcd2d24d5b55a |
| SHA256 | a50d3dd223076ba38e092dc6d1f6bf4208999dc17721d8c3f3c353eaaaff9640 |
| SHA512 | e37dbb191b8e12d02694ec3ada52f366aa0fc827d1300061ca97062a040ca24275d3fc5740aa2ddd37db0e1e86e6ad7e4d59ce0ea53678d8938046b2b4e333fa |
C:\Windows\{A5F1D0CE-6DBF-4ba1-B81C-55B46AD88652}.exe
| MD5 | 850058fcb9b959da2390618e47e63fb5 |
| SHA1 | d52fc5f5a73c797a7b0c64944aba16f235bd7c8b |
| SHA256 | 5f258f1e40ed4a2abf10067bd0ca5b712b351d7cd44f88266d97701dc65f61d2 |
| SHA512 | d646ad6b53d330741a392ea25fff995f622e6bd929e8cd3ef5944e824000f9171b7f277bdaab2ed3a796c8e30f9e8788d56fce72edef51ef097381687e4b3758 |
C:\Windows\{1AA6F3AA-3911-41bc-A5B5-ED6C26CBE138}.exe
| MD5 | 50d3e89b0e60ec749349aabd324101b1 |
| SHA1 | 5e5bee90205e96105849ba7d4f43d093af7f0b71 |
| SHA256 | 1623e13e1308403a0d9e28a4dfb5901ec0b1186d16678ec48a9076975bfbff0a |
| SHA512 | 8245b652f9454e0d824b8b5d47883700528ab63d00f6d19fab3832946a758d3dde16232bc57f554345afd7373e6caaafe478fd29efc7327a1c74beb7427e58f5 |
C:\Windows\{AA6C2D9C-1FBE-46a3-BA81-E7BCB9DE6AA7}.exe
| MD5 | f6aa604ed3e60b4ac5e7a35387f0871f |
| SHA1 | 0e66924a2cfd2dabf9c14b3d297ad1b024c1bc9e |
| SHA256 | af50787fda9042f139be432ddd46296131fab05c4896a3ac42e3e7210fb5afc7 |
| SHA512 | 00a82c5a97ca7d716e51411915a2f4d9f3d7a72a31aaf751b637ea49fecc99ff8f3ab5b69edff3f997ad17006363c502a0fda8573a41aab473c66280818bd789 |