Analysis Overview
SHA256
cd267688b8897852723dfa2a577eb83aba648659011693bb4c999a74dbdc0e6e
Threat Level: Known bad
The file 2024-04-06_d9c25d9566029572ba4babd9bd80c292_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Executes dropped EXE
Deletes itself
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 21:52
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 21:52
Reported
2024-04-06 21:55
Platform
win7-20240221-en
Max time kernel
144s
Max time network
123s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4C2F23E4-9BB1-4c67-A542-6BB8D77C1F26}\stubpath = "C:\\Windows\\{4C2F23E4-9BB1-4c67-A542-6BB8D77C1F26}.exe" | C:\Windows\{0ADC2434-940D-43b5-B246-18EF59CE0DA7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CFA7CCFA-6CB2-4252-888D-5064F8D97310}\stubpath = "C:\\Windows\\{CFA7CCFA-6CB2-4252-888D-5064F8D97310}.exe" | C:\Windows\{4C2F23E4-9BB1-4c67-A542-6BB8D77C1F26}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B254D774-9411-4b05-B500-98E5211BC002}\stubpath = "C:\\Windows\\{B254D774-9411-4b05-B500-98E5211BC002}.exe" | C:\Windows\{D58BEB16-9CBC-43f3-87A1-46FC01D9F55F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F3A252D8-2360-4c73-B1F4-6F0ED02DBCD2} | C:\Windows\{B254D774-9411-4b05-B500-98E5211BC002}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{29C1DD04-313D-49bf-B6AB-24B8508B78C3} | C:\Windows\{F3A252D8-2360-4c73-B1F4-6F0ED02DBCD2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0ADC2434-940D-43b5-B246-18EF59CE0DA7}\stubpath = "C:\\Windows\\{0ADC2434-940D-43b5-B246-18EF59CE0DA7}.exe" | C:\Windows\{29C1DD04-313D-49bf-B6AB-24B8508B78C3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4C2F23E4-9BB1-4c67-A542-6BB8D77C1F26} | C:\Windows\{0ADC2434-940D-43b5-B246-18EF59CE0DA7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D1BB67AC-F3CF-480c-B9B9-6FBF8392879D} | C:\Users\Admin\AppData\Local\Temp\2024-04-06_d9c25d9566029572ba4babd9bd80c292_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{29C1DD04-313D-49bf-B6AB-24B8508B78C3}\stubpath = "C:\\Windows\\{29C1DD04-313D-49bf-B6AB-24B8508B78C3}.exe" | C:\Windows\{F3A252D8-2360-4c73-B1F4-6F0ED02DBCD2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B254D774-9411-4b05-B500-98E5211BC002} | C:\Windows\{D58BEB16-9CBC-43f3-87A1-46FC01D9F55F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CFA7CCFA-6CB2-4252-888D-5064F8D97310} | C:\Windows\{4C2F23E4-9BB1-4c67-A542-6BB8D77C1F26}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{338EB578-02D7-4e1f-83C5-E4EEF5FD7A1B} | C:\Windows\{D1BB67AC-F3CF-480c-B9B9-6FBF8392879D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{338EB578-02D7-4e1f-83C5-E4EEF5FD7A1B}\stubpath = "C:\\Windows\\{338EB578-02D7-4e1f-83C5-E4EEF5FD7A1B}.exe" | C:\Windows\{D1BB67AC-F3CF-480c-B9B9-6FBF8392879D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{38064917-E724-4894-AA15-295EBE6069F5} | C:\Windows\{97EBB6DD-5164-46f7-A227-093ABDC0A763}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D58BEB16-9CBC-43f3-87A1-46FC01D9F55F} | C:\Windows\{38064917-E724-4894-AA15-295EBE6069F5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D58BEB16-9CBC-43f3-87A1-46FC01D9F55F}\stubpath = "C:\\Windows\\{D58BEB16-9CBC-43f3-87A1-46FC01D9F55F}.exe" | C:\Windows\{38064917-E724-4894-AA15-295EBE6069F5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0ADC2434-940D-43b5-B246-18EF59CE0DA7} | C:\Windows\{29C1DD04-313D-49bf-B6AB-24B8508B78C3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D1BB67AC-F3CF-480c-B9B9-6FBF8392879D}\stubpath = "C:\\Windows\\{D1BB67AC-F3CF-480c-B9B9-6FBF8392879D}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-06_d9c25d9566029572ba4babd9bd80c292_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{97EBB6DD-5164-46f7-A227-093ABDC0A763} | C:\Windows\{338EB578-02D7-4e1f-83C5-E4EEF5FD7A1B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{97EBB6DD-5164-46f7-A227-093ABDC0A763}\stubpath = "C:\\Windows\\{97EBB6DD-5164-46f7-A227-093ABDC0A763}.exe" | C:\Windows\{338EB578-02D7-4e1f-83C5-E4EEF5FD7A1B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{38064917-E724-4894-AA15-295EBE6069F5}\stubpath = "C:\\Windows\\{38064917-E724-4894-AA15-295EBE6069F5}.exe" | C:\Windows\{97EBB6DD-5164-46f7-A227-093ABDC0A763}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F3A252D8-2360-4c73-B1F4-6F0ED02DBCD2}\stubpath = "C:\\Windows\\{F3A252D8-2360-4c73-B1F4-6F0ED02DBCD2}.exe" | C:\Windows\{B254D774-9411-4b05-B500-98E5211BC002}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{D1BB67AC-F3CF-480c-B9B9-6FBF8392879D}.exe | N/A |
| N/A | N/A | C:\Windows\{338EB578-02D7-4e1f-83C5-E4EEF5FD7A1B}.exe | N/A |
| N/A | N/A | C:\Windows\{97EBB6DD-5164-46f7-A227-093ABDC0A763}.exe | N/A |
| N/A | N/A | C:\Windows\{38064917-E724-4894-AA15-295EBE6069F5}.exe | N/A |
| N/A | N/A | C:\Windows\{D58BEB16-9CBC-43f3-87A1-46FC01D9F55F}.exe | N/A |
| N/A | N/A | C:\Windows\{B254D774-9411-4b05-B500-98E5211BC002}.exe | N/A |
| N/A | N/A | C:\Windows\{F3A252D8-2360-4c73-B1F4-6F0ED02DBCD2}.exe | N/A |
| N/A | N/A | C:\Windows\{29C1DD04-313D-49bf-B6AB-24B8508B78C3}.exe | N/A |
| N/A | N/A | C:\Windows\{0ADC2434-940D-43b5-B246-18EF59CE0DA7}.exe | N/A |
| N/A | N/A | C:\Windows\{4C2F23E4-9BB1-4c67-A542-6BB8D77C1F26}.exe | N/A |
| N/A | N/A | C:\Windows\{CFA7CCFA-6CB2-4252-888D-5064F8D97310}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{338EB578-02D7-4e1f-83C5-E4EEF5FD7A1B}.exe | C:\Windows\{D1BB67AC-F3CF-480c-B9B9-6FBF8392879D}.exe | N/A |
| File created | C:\Windows\{97EBB6DD-5164-46f7-A227-093ABDC0A763}.exe | C:\Windows\{338EB578-02D7-4e1f-83C5-E4EEF5FD7A1B}.exe | N/A |
| File created | C:\Windows\{0ADC2434-940D-43b5-B246-18EF59CE0DA7}.exe | C:\Windows\{29C1DD04-313D-49bf-B6AB-24B8508B78C3}.exe | N/A |
| File created | C:\Windows\{29C1DD04-313D-49bf-B6AB-24B8508B78C3}.exe | C:\Windows\{F3A252D8-2360-4c73-B1F4-6F0ED02DBCD2}.exe | N/A |
| File created | C:\Windows\{4C2F23E4-9BB1-4c67-A542-6BB8D77C1F26}.exe | C:\Windows\{0ADC2434-940D-43b5-B246-18EF59CE0DA7}.exe | N/A |
| File created | C:\Windows\{CFA7CCFA-6CB2-4252-888D-5064F8D97310}.exe | C:\Windows\{4C2F23E4-9BB1-4c67-A542-6BB8D77C1F26}.exe | N/A |
| File created | C:\Windows\{D1BB67AC-F3CF-480c-B9B9-6FBF8392879D}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-06_d9c25d9566029572ba4babd9bd80c292_goldeneye.exe | N/A |
| File created | C:\Windows\{38064917-E724-4894-AA15-295EBE6069F5}.exe | C:\Windows\{97EBB6DD-5164-46f7-A227-093ABDC0A763}.exe | N/A |
| File created | C:\Windows\{D58BEB16-9CBC-43f3-87A1-46FC01D9F55F}.exe | C:\Windows\{38064917-E724-4894-AA15-295EBE6069F5}.exe | N/A |
| File created | C:\Windows\{B254D774-9411-4b05-B500-98E5211BC002}.exe | C:\Windows\{D58BEB16-9CBC-43f3-87A1-46FC01D9F55F}.exe | N/A |
| File created | C:\Windows\{F3A252D8-2360-4c73-B1F4-6F0ED02DBCD2}.exe | C:\Windows\{B254D774-9411-4b05-B500-98E5211BC002}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-06_d9c25d9566029572ba4babd9bd80c292_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-06_d9c25d9566029572ba4babd9bd80c292_goldeneye.exe"
C:\Windows\{D1BB67AC-F3CF-480c-B9B9-6FBF8392879D}.exe
C:\Windows\{D1BB67AC-F3CF-480c-B9B9-6FBF8392879D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{338EB578-02D7-4e1f-83C5-E4EEF5FD7A1B}.exe
C:\Windows\{338EB578-02D7-4e1f-83C5-E4EEF5FD7A1B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D1BB6~1.EXE > nul
C:\Windows\{97EBB6DD-5164-46f7-A227-093ABDC0A763}.exe
C:\Windows\{97EBB6DD-5164-46f7-A227-093ABDC0A763}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{338EB~1.EXE > nul
C:\Windows\{38064917-E724-4894-AA15-295EBE6069F5}.exe
C:\Windows\{38064917-E724-4894-AA15-295EBE6069F5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{97EBB~1.EXE > nul
C:\Windows\{D58BEB16-9CBC-43f3-87A1-46FC01D9F55F}.exe
C:\Windows\{D58BEB16-9CBC-43f3-87A1-46FC01D9F55F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{38064~1.EXE > nul
C:\Windows\{B254D774-9411-4b05-B500-98E5211BC002}.exe
C:\Windows\{B254D774-9411-4b05-B500-98E5211BC002}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D58BE~1.EXE > nul
C:\Windows\{F3A252D8-2360-4c73-B1F4-6F0ED02DBCD2}.exe
C:\Windows\{F3A252D8-2360-4c73-B1F4-6F0ED02DBCD2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B254D~1.EXE > nul
C:\Windows\{29C1DD04-313D-49bf-B6AB-24B8508B78C3}.exe
C:\Windows\{29C1DD04-313D-49bf-B6AB-24B8508B78C3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F3A25~1.EXE > nul
C:\Windows\{0ADC2434-940D-43b5-B246-18EF59CE0DA7}.exe
C:\Windows\{0ADC2434-940D-43b5-B246-18EF59CE0DA7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{29C1D~1.EXE > nul
C:\Windows\{4C2F23E4-9BB1-4c67-A542-6BB8D77C1F26}.exe
C:\Windows\{4C2F23E4-9BB1-4c67-A542-6BB8D77C1F26}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0ADC2~1.EXE > nul
C:\Windows\{CFA7CCFA-6CB2-4252-888D-5064F8D97310}.exe
C:\Windows\{CFA7CCFA-6CB2-4252-888D-5064F8D97310}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4C2F2~1.EXE > nul
Network
Files
C:\Windows\{D1BB67AC-F3CF-480c-B9B9-6FBF8392879D}.exe
| MD5 | d9b0b8917c4841bdb5182ccd4fe0f59b |
| SHA1 | f0706058b566945cbbeb8a74755ac2fbaff69678 |
| SHA256 | 345a4b60d92e2e26a4410991fe2976c5c0727d984b8cd14a3545c3f2dbc16851 |
| SHA512 | 6bd3e24fc0ecd6ee14bf6b2473af0521b7fff236f1ae7bccdfd1ab755c52336a4541cf380ef5bdd1d658a86697a3bccb7d1b62d43ac1c5dafff37c344d5088b2 |
C:\Windows\{338EB578-02D7-4e1f-83C5-E4EEF5FD7A1B}.exe
| MD5 | f368c81c59dd6efb2b54e7eeb718ed15 |
| SHA1 | 422d8c930c82195eba51a44b0435fab7a238831e |
| SHA256 | 1fd77f1a99bb1461b3bd66007828f5968c3cacbec8112778a67d7832871d4665 |
| SHA512 | 6e669d9892b8361acbf0f9cbeac4ee6ff1da982b5c59e8ec35780174ce487c5307b051f0e7c1401db323c95c49f076bcd8af8a9fe65a1d254b2349f27ba1960d |
C:\Windows\{97EBB6DD-5164-46f7-A227-093ABDC0A763}.exe
| MD5 | d4e2b0854ca4477f8a1be4808ac5d43c |
| SHA1 | 221cdd19b9cb13331f0388b2277a7898f5a38b5b |
| SHA256 | 53f80542ba1db2e00cdfc05b4ff8fcbdc74f7d7e168787ba5bff077ec78a7d89 |
| SHA512 | d47f42a680a79816966766c5ed23093c5fbcda89cf20687c831e4fa8a3698b07a5c64aea80be77c0490b1a55fafb3cbe45aa34926e5511e3ee4b5e1802c7aecd |
C:\Windows\{38064917-E724-4894-AA15-295EBE6069F5}.exe
| MD5 | 5202851c442379f9ddddfa706f881426 |
| SHA1 | e24a5b9e1e9d11661a48e0e0e2b51e2a87104ba4 |
| SHA256 | 0d79b36fedb8a3c8cfa523b7fb742afff2d68b8bb0d72810793961a1ac74ede6 |
| SHA512 | 8ad6f61bc41263026f8e7c9e3bcc656a9f769a61eebdd550f117a5a8c5106c5dad105c3234312a52e5badccc0b90c1d60b1e4da481268a7ac7e69500ee7f82f4 |
C:\Windows\{D58BEB16-9CBC-43f3-87A1-46FC01D9F55F}.exe
| MD5 | 8523d8ac47d2df295d640029d3126912 |
| SHA1 | 4c104a5eeab6fcc587bf07a7e84f26ed5ae43b6e |
| SHA256 | e9c8d7ec8b4331a44e1a311f799dd3cd4742a0fa0d461d837b61e6ee959e0973 |
| SHA512 | 93eddd9e5cbb85ef88b6ab9606708a9ead80cdba33fee020dc1e380473dbcdb18d461428a3504f16bf3ae74644cf912ecd7dbee6365eae2527cf5ceb8a29f10e |
C:\Windows\{B254D774-9411-4b05-B500-98E5211BC002}.exe
| MD5 | e98efc3aa6a64cfb00770e595197e1fc |
| SHA1 | eb559e86768a30a16d4483ed169fd657517c4099 |
| SHA256 | 4491f6a5769e089165fb4251bd4212f3988f75d018f6b406fe54bed5119c1cdd |
| SHA512 | 79d09e2e049136dfe6e9a5b2a2fcbf80ea121cd3c36bebea3908e2e0d6bccf78865da3eb2965cba0dda6a14dad7ef4db789cfe04ced5999bafee22df688b4d45 |
C:\Windows\{F3A252D8-2360-4c73-B1F4-6F0ED02DBCD2}.exe
| MD5 | 69c2a9fea5729b058dd974ae128980de |
| SHA1 | 9f202efe37bb0311610275c196b051e767cab3f9 |
| SHA256 | 3da498b3c8ed370416179ac4365787877da60629ac506528406795274c895360 |
| SHA512 | d1b2fcea0a4032f217c5258b96b34e4fb6c586953e40e36c1c7421755146e5f8e1c95e586f9bd730ce93c4c8029d8831ab4f05aabb3e2d0d7c0b312ba623fd08 |
C:\Windows\{29C1DD04-313D-49bf-B6AB-24B8508B78C3}.exe
| MD5 | 7f4edbe6575209698a39919c0f6c59cc |
| SHA1 | b161fd79cc0ece8e3f06e2fcce7eba5e000e52ff |
| SHA256 | c8d9529af6a83fd415822ac52fceca5013118e19d6fccce07d3527ce52442752 |
| SHA512 | 5c108a87e9acb4e0bb154833025a6dac4f3b654a0cae65c807fcb2b169ab21f972bc8d19c4d206a64a86106e914bf7eaeac3fea7b9fab1c4bbda15e3c65143ba |
C:\Windows\{0ADC2434-940D-43b5-B246-18EF59CE0DA7}.exe
| MD5 | cb216defae9618b5b2bd691dcf8866eb |
| SHA1 | d1dad666b5b1b10b8856169275951e39d8538479 |
| SHA256 | f9156656556bc79fad94cad041790d80ed8bf36457d030d9b66566c75195f6c9 |
| SHA512 | e275a8062d2abf104d805e392005eb1433884577036484391fd69498c43f20946602420da687f0fc46102db803b038627861462b9d1c23b41e37606120d4158f |
C:\Windows\{4C2F23E4-9BB1-4c67-A542-6BB8D77C1F26}.exe
| MD5 | 21571565e2c5cf93a8ec3369ec1a2e7e |
| SHA1 | dc6086766f125bce80d30b63044699fdc1a07b6f |
| SHA256 | 748522ca7009eb1bc5bef76d3366d6ce6ff5d286ca0d2ce15e3b71edd63e814f |
| SHA512 | 9a273ead7d090237560513bbd557dda72e953f88267738cb4e12f2f11f8530021b370788305c9799f96a93a37cab9b4b489cf30df08b69613228ffdae8536adb |
C:\Windows\{CFA7CCFA-6CB2-4252-888D-5064F8D97310}.exe
| MD5 | e3e9b804007311630c2f9fa00d838222 |
| SHA1 | 1807c390b687301289976de84d9a5ff1b2c6debb |
| SHA256 | c99af48a3ee402fe6e89d3b5ec8ebfb85149d0ac9378bdaa54c00bc23a645c72 |
| SHA512 | 7c3ec83b0f288d0f49a7183739992a5ce1de67ca7d9712f9158806a999d46ab9335479849c96474ad3c857033369130b33d8013fe433f83e4a5342e29026c703 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 21:52
Reported
2024-04-06 21:55
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{987BBBA7-1BFC-45a3-9AFD-A6D70B835854}\stubpath = "C:\\Windows\\{987BBBA7-1BFC-45a3-9AFD-A6D70B835854}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-06_d9c25d9566029572ba4babd9bd80c292_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{34F25754-B73E-4293-9F33-FB00283D94BA} | C:\Windows\{987BBBA7-1BFC-45a3-9AFD-A6D70B835854}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9691A96D-D92B-4908-8D9E-CFAF2E7B3495} | C:\Windows\{551B6FD3-DC28-44ba-B752-7E570ADFAF26}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{91BEEB67-8A52-4f2f-847F-F9C5388BF2FF} | C:\Windows\{85FB04A6-9ACE-4829-A331-696B594A0F62}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{91BEEB67-8A52-4f2f-847F-F9C5388BF2FF}\stubpath = "C:\\Windows\\{91BEEB67-8A52-4f2f-847F-F9C5388BF2FF}.exe" | C:\Windows\{85FB04A6-9ACE-4829-A331-696B594A0F62}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F8D6DD88-BFD2-4fab-A877-885C8378AFA8} | C:\Windows\{91BEEB67-8A52-4f2f-847F-F9C5388BF2FF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6F4E3B53-2A07-4752-9191-866CCBFA3A0E}\stubpath = "C:\\Windows\\{6F4E3B53-2A07-4752-9191-866CCBFA3A0E}.exe" | C:\Windows\{9B52724C-1B48-4af0-BB20-7954E52F35C5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6A66D627-C7EB-4bff-B098-5910E1C2D85C} | C:\Windows\{6F4E3B53-2A07-4752-9191-866CCBFA3A0E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CFAF503B-0438-45b3-B4A9-D64F4BAC55C5}\stubpath = "C:\\Windows\\{CFAF503B-0438-45b3-B4A9-D64F4BAC55C5}.exe" | C:\Windows\{6A66D627-C7EB-4bff-B098-5910E1C2D85C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{987BBBA7-1BFC-45a3-9AFD-A6D70B835854} | C:\Users\Admin\AppData\Local\Temp\2024-04-06_d9c25d9566029572ba4babd9bd80c292_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{784A513C-5F07-46f4-B179-DE54A5B98B8F} | C:\Windows\{9691A96D-D92B-4908-8D9E-CFAF2E7B3495}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{784A513C-5F07-46f4-B179-DE54A5B98B8F}\stubpath = "C:\\Windows\\{784A513C-5F07-46f4-B179-DE54A5B98B8F}.exe" | C:\Windows\{9691A96D-D92B-4908-8D9E-CFAF2E7B3495}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{85FB04A6-9ACE-4829-A331-696B594A0F62} | C:\Windows\{784A513C-5F07-46f4-B179-DE54A5B98B8F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F8D6DD88-BFD2-4fab-A877-885C8378AFA8}\stubpath = "C:\\Windows\\{F8D6DD88-BFD2-4fab-A877-885C8378AFA8}.exe" | C:\Windows\{91BEEB67-8A52-4f2f-847F-F9C5388BF2FF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9B52724C-1B48-4af0-BB20-7954E52F35C5} | C:\Windows\{F8D6DD88-BFD2-4fab-A877-885C8378AFA8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6A66D627-C7EB-4bff-B098-5910E1C2D85C}\stubpath = "C:\\Windows\\{6A66D627-C7EB-4bff-B098-5910E1C2D85C}.exe" | C:\Windows\{6F4E3B53-2A07-4752-9191-866CCBFA3A0E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{551B6FD3-DC28-44ba-B752-7E570ADFAF26}\stubpath = "C:\\Windows\\{551B6FD3-DC28-44ba-B752-7E570ADFAF26}.exe" | C:\Windows\{34F25754-B73E-4293-9F33-FB00283D94BA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9B52724C-1B48-4af0-BB20-7954E52F35C5}\stubpath = "C:\\Windows\\{9B52724C-1B48-4af0-BB20-7954E52F35C5}.exe" | C:\Windows\{F8D6DD88-BFD2-4fab-A877-885C8378AFA8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CFAF503B-0438-45b3-B4A9-D64F4BAC55C5} | C:\Windows\{6A66D627-C7EB-4bff-B098-5910E1C2D85C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{34F25754-B73E-4293-9F33-FB00283D94BA}\stubpath = "C:\\Windows\\{34F25754-B73E-4293-9F33-FB00283D94BA}.exe" | C:\Windows\{987BBBA7-1BFC-45a3-9AFD-A6D70B835854}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{551B6FD3-DC28-44ba-B752-7E570ADFAF26} | C:\Windows\{34F25754-B73E-4293-9F33-FB00283D94BA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9691A96D-D92B-4908-8D9E-CFAF2E7B3495}\stubpath = "C:\\Windows\\{9691A96D-D92B-4908-8D9E-CFAF2E7B3495}.exe" | C:\Windows\{551B6FD3-DC28-44ba-B752-7E570ADFAF26}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{85FB04A6-9ACE-4829-A331-696B594A0F62}\stubpath = "C:\\Windows\\{85FB04A6-9ACE-4829-A331-696B594A0F62}.exe" | C:\Windows\{784A513C-5F07-46f4-B179-DE54A5B98B8F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6F4E3B53-2A07-4752-9191-866CCBFA3A0E} | C:\Windows\{9B52724C-1B48-4af0-BB20-7954E52F35C5}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{987BBBA7-1BFC-45a3-9AFD-A6D70B835854}.exe | N/A |
| N/A | N/A | C:\Windows\{34F25754-B73E-4293-9F33-FB00283D94BA}.exe | N/A |
| N/A | N/A | C:\Windows\{551B6FD3-DC28-44ba-B752-7E570ADFAF26}.exe | N/A |
| N/A | N/A | C:\Windows\{9691A96D-D92B-4908-8D9E-CFAF2E7B3495}.exe | N/A |
| N/A | N/A | C:\Windows\{784A513C-5F07-46f4-B179-DE54A5B98B8F}.exe | N/A |
| N/A | N/A | C:\Windows\{85FB04A6-9ACE-4829-A331-696B594A0F62}.exe | N/A |
| N/A | N/A | C:\Windows\{91BEEB67-8A52-4f2f-847F-F9C5388BF2FF}.exe | N/A |
| N/A | N/A | C:\Windows\{F8D6DD88-BFD2-4fab-A877-885C8378AFA8}.exe | N/A |
| N/A | N/A | C:\Windows\{9B52724C-1B48-4af0-BB20-7954E52F35C5}.exe | N/A |
| N/A | N/A | C:\Windows\{6F4E3B53-2A07-4752-9191-866CCBFA3A0E}.exe | N/A |
| N/A | N/A | C:\Windows\{6A66D627-C7EB-4bff-B098-5910E1C2D85C}.exe | N/A |
| N/A | N/A | C:\Windows\{CFAF503B-0438-45b3-B4A9-D64F4BAC55C5}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{6F4E3B53-2A07-4752-9191-866CCBFA3A0E}.exe | C:\Windows\{9B52724C-1B48-4af0-BB20-7954E52F35C5}.exe | N/A |
| File created | C:\Windows\{6A66D627-C7EB-4bff-B098-5910E1C2D85C}.exe | C:\Windows\{6F4E3B53-2A07-4752-9191-866CCBFA3A0E}.exe | N/A |
| File created | C:\Windows\{CFAF503B-0438-45b3-B4A9-D64F4BAC55C5}.exe | C:\Windows\{6A66D627-C7EB-4bff-B098-5910E1C2D85C}.exe | N/A |
| File created | C:\Windows\{987BBBA7-1BFC-45a3-9AFD-A6D70B835854}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-06_d9c25d9566029572ba4babd9bd80c292_goldeneye.exe | N/A |
| File created | C:\Windows\{784A513C-5F07-46f4-B179-DE54A5B98B8F}.exe | C:\Windows\{9691A96D-D92B-4908-8D9E-CFAF2E7B3495}.exe | N/A |
| File created | C:\Windows\{85FB04A6-9ACE-4829-A331-696B594A0F62}.exe | C:\Windows\{784A513C-5F07-46f4-B179-DE54A5B98B8F}.exe | N/A |
| File created | C:\Windows\{91BEEB67-8A52-4f2f-847F-F9C5388BF2FF}.exe | C:\Windows\{85FB04A6-9ACE-4829-A331-696B594A0F62}.exe | N/A |
| File created | C:\Windows\{9B52724C-1B48-4af0-BB20-7954E52F35C5}.exe | C:\Windows\{F8D6DD88-BFD2-4fab-A877-885C8378AFA8}.exe | N/A |
| File created | C:\Windows\{34F25754-B73E-4293-9F33-FB00283D94BA}.exe | C:\Windows\{987BBBA7-1BFC-45a3-9AFD-A6D70B835854}.exe | N/A |
| File created | C:\Windows\{551B6FD3-DC28-44ba-B752-7E570ADFAF26}.exe | C:\Windows\{34F25754-B73E-4293-9F33-FB00283D94BA}.exe | N/A |
| File created | C:\Windows\{9691A96D-D92B-4908-8D9E-CFAF2E7B3495}.exe | C:\Windows\{551B6FD3-DC28-44ba-B752-7E570ADFAF26}.exe | N/A |
| File created | C:\Windows\{F8D6DD88-BFD2-4fab-A877-885C8378AFA8}.exe | C:\Windows\{91BEEB67-8A52-4f2f-847F-F9C5388BF2FF}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-06_d9c25d9566029572ba4babd9bd80c292_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-06_d9c25d9566029572ba4babd9bd80c292_goldeneye.exe"
C:\Windows\{987BBBA7-1BFC-45a3-9AFD-A6D70B835854}.exe
C:\Windows\{987BBBA7-1BFC-45a3-9AFD-A6D70B835854}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{34F25754-B73E-4293-9F33-FB00283D94BA}.exe
C:\Windows\{34F25754-B73E-4293-9F33-FB00283D94BA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{987BB~1.EXE > nul
C:\Windows\{551B6FD3-DC28-44ba-B752-7E570ADFAF26}.exe
C:\Windows\{551B6FD3-DC28-44ba-B752-7E570ADFAF26}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{34F25~1.EXE > nul
C:\Windows\{9691A96D-D92B-4908-8D9E-CFAF2E7B3495}.exe
C:\Windows\{9691A96D-D92B-4908-8D9E-CFAF2E7B3495}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{551B6~1.EXE > nul
C:\Windows\{784A513C-5F07-46f4-B179-DE54A5B98B8F}.exe
C:\Windows\{784A513C-5F07-46f4-B179-DE54A5B98B8F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9691A~1.EXE > nul
C:\Windows\{85FB04A6-9ACE-4829-A331-696B594A0F62}.exe
C:\Windows\{85FB04A6-9ACE-4829-A331-696B594A0F62}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{784A5~1.EXE > nul
C:\Windows\{91BEEB67-8A52-4f2f-847F-F9C5388BF2FF}.exe
C:\Windows\{91BEEB67-8A52-4f2f-847F-F9C5388BF2FF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{85FB0~1.EXE > nul
C:\Windows\{F8D6DD88-BFD2-4fab-A877-885C8378AFA8}.exe
C:\Windows\{F8D6DD88-BFD2-4fab-A877-885C8378AFA8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{91BEE~1.EXE > nul
C:\Windows\{9B52724C-1B48-4af0-BB20-7954E52F35C5}.exe
C:\Windows\{9B52724C-1B48-4af0-BB20-7954E52F35C5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F8D6D~1.EXE > nul
C:\Windows\{6F4E3B53-2A07-4752-9191-866CCBFA3A0E}.exe
C:\Windows\{6F4E3B53-2A07-4752-9191-866CCBFA3A0E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9B527~1.EXE > nul
C:\Windows\{6A66D627-C7EB-4bff-B098-5910E1C2D85C}.exe
C:\Windows\{6A66D627-C7EB-4bff-B098-5910E1C2D85C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6F4E3~1.EXE > nul
C:\Windows\{CFAF503B-0438-45b3-B4A9-D64F4BAC55C5}.exe
C:\Windows\{CFAF503B-0438-45b3-B4A9-D64F4BAC55C5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6A66D~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.179.89.13.in-addr.arpa | udp |
Files
C:\Windows\{987BBBA7-1BFC-45a3-9AFD-A6D70B835854}.exe
| MD5 | 55f48b4c052b793c9fe1a1050d15189f |
| SHA1 | cda1102c0249762cbefec9328f1a683c10e97e0c |
| SHA256 | 9a893ab96c73ca738aac97dd43067d9cd6569bd7319b2a50d408b76f79d19f36 |
| SHA512 | 7daf30aefe29acd19017ee704957e439fc388dc57de99c5afa62791a2c6f355073e8f2b1e30939b3072e266cba4381a39f054c645be8b24229028e6553fe5bf4 |
C:\Windows\{34F25754-B73E-4293-9F33-FB00283D94BA}.exe
| MD5 | c422c9134800101732cdd918f13bed2f |
| SHA1 | 2a82726cd06fb5fee93dcd254bb7ab9e2ac891d3 |
| SHA256 | a11dfafd74797697462d83f2571ec1d3057084185b5534a85bfa84c01ddd2830 |
| SHA512 | b23432113200224c6b9a699bdeb4b98d6a261f10fa986d4753214fe945b1daf7751b24926d462f7915de3fa03ed927009dbbcabde62c8f1e733e8e420039589a |
C:\Windows\{551B6FD3-DC28-44ba-B752-7E570ADFAF26}.exe
| MD5 | d99fce343533c2d893999b61e079638b |
| SHA1 | ab2e1913724d48d520c63d9616fa146544d9324d |
| SHA256 | 821e2ecf304a1a3fbe5958c9c9fb6f47aeafd9358f95fa01f3032cb472134e2e |
| SHA512 | 76cce7b3718115b9219c5c622ef4d5931b77b26fb5a80662bea355090ec7dffe0ed836a24c1e2181e154fe8fbea7f669e63274ffb97f59116c810c6d3aab6cf9 |
C:\Windows\{9691A96D-D92B-4908-8D9E-CFAF2E7B3495}.exe
| MD5 | 013c23b011348c692b38eb949c3e30b2 |
| SHA1 | c13d5dc5ac22486347d191572d7b75d300b0c2f4 |
| SHA256 | ea70b639ece50c68327304cd04ca64726fec552ecc8d88244b0e447b4cbb1fc5 |
| SHA512 | 9b34373b9c6113cbb46a75516d83254c47182943aac6cea49a45a2645118cb261cefc3862403ac2ec46dc2243285f9e551d4f5a03009c1e9f6780b4a2fcd2e38 |
C:\Windows\{784A513C-5F07-46f4-B179-DE54A5B98B8F}.exe
| MD5 | d3eb54142c1d94cc9e3f76d01a82329e |
| SHA1 | 3936632d28482cdd0805db783f46760a4d6de393 |
| SHA256 | 2dac653905ecadd097910e0cfa73b7e64a9b1797824e3ed6291aff4a19290db4 |
| SHA512 | 58f5e1c2198cdcfcb47381d8a53dd3135af5ffbc05322ecb2d0cb9b704533dce0f16d70bff4449dd323d0dc79b7dd599b97adffab86e772d9a7ed5f535d2c0f5 |
C:\Windows\{85FB04A6-9ACE-4829-A331-696B594A0F62}.exe
| MD5 | 5763f7cf21439ca85f010afd7b757857 |
| SHA1 | db10641d142bf43fba3e3229c415fe09b0971cd3 |
| SHA256 | 82773357e1115eddff07b2941b28d1904f285ab6877437d552606a7068e1d62b |
| SHA512 | 618ed44552e2abcef6d48c07ae2f9b45aaf627b8f8792cc02d9d4fb9b469becb3b449cbb89229d25fef351bc81f45ad58ae029b8fda565cfa46fa9dda55b7c8d |
C:\Windows\{91BEEB67-8A52-4f2f-847F-F9C5388BF2FF}.exe
| MD5 | 267eb54851112e7b5441c4fef6d85b72 |
| SHA1 | ab723c26b427d28eff96dc438e6d45638778c863 |
| SHA256 | 6447a894f1a8eca9407e835bf0301aa5b07296f751b5426995776ca817db2de8 |
| SHA512 | a3319a3b5b2ba5945aeabfdef655ef3eb6c4e3421867a6bb2d88acee8b42a8de3fe8ecbcfae429ef11a07f1b98da28910cd5f6400b3cff2f92cc845aede83262 |
C:\Windows\{F8D6DD88-BFD2-4fab-A877-885C8378AFA8}.exe
| MD5 | d9d7c680768b4b10c0617523c10b7010 |
| SHA1 | 755bb599eadb5b6c46de76aec4782ba4366d08af |
| SHA256 | 439fe5a92f0a6c24e59680f88be0b7e4658c0b053e0ae6cbaf96abbd85c1dd77 |
| SHA512 | 0bf6ce6029460a7c4f812f37a630e9bace6566c1cb1ba798ce0811f103baf6127e7387e1ba7c7468cf6c95946933987e9c238ce2a83cc0672c85bb1c738c9bab |
C:\Windows\{9B52724C-1B48-4af0-BB20-7954E52F35C5}.exe
| MD5 | bef9efa838554621242bf3310c51d392 |
| SHA1 | e80856dd915b8ced40f00fd7add20cd8734898f2 |
| SHA256 | 9471398cd7d365110d46eeb24ddbf93351f1405e03de1c9df144c51325057523 |
| SHA512 | 68659b068868a70ea19d6965721c29e0314f9fb9af5bcd7ddcb4e221ed1db3235db7f30a6dab37cd00f8d8ca87145588489da4908e485049edd5391f0405906c |
C:\Windows\{6F4E3B53-2A07-4752-9191-866CCBFA3A0E}.exe
| MD5 | 78f82e612ab9d7b0e726c0533dab9bbc |
| SHA1 | 14612b54332eec2f70f056d5468f678fd8ef78a6 |
| SHA256 | e7f8ee170b4a239c04b7a6f32f095b19dd24ced397ae81fa0f178f97c186ab8d |
| SHA512 | 0d5ea2334746091d81cc9e78f8c8d4a9fcd5eb52e9eaebbedb86203623d79614251a85b8000a3aef7ffd48b1643c412ca673068f9183d98e3befb7bb377ad114 |
C:\Windows\{6A66D627-C7EB-4bff-B098-5910E1C2D85C}.exe
| MD5 | 41e1ad85542eca2fb4092097be931f81 |
| SHA1 | a9cd0dcec24e175c7b6bd02f3dada588e82c3e71 |
| SHA256 | 2c436722bff3ca30b4ad5dd6ead83336a2222180d4794b2532d38b227bbadcc7 |
| SHA512 | 51add3f143e14f742ed0805ddf096ed4511c32a75ed0dee12340a7f7af48486e6a97397bb0822d5d2c285b1d3ebf6b35994e044d84142efbf7760a97c2feabba |
C:\Windows\{CFAF503B-0438-45b3-B4A9-D64F4BAC55C5}.exe
| MD5 | f1ae9b64e191d0cbd680443ee2f763f0 |
| SHA1 | 8feb01e46e4ca9bc9a35fa634d52888d4dc8faa6 |
| SHA256 | f4b71b1dc426ce5b9fb2d5a8d0078bda76d6646d44a691ecc48f67974bca08fa |
| SHA512 | ceab1dc43873742718cfdb4f9afd15e7fcf0901dc3a88ecf736757c6ea1c271ac9aeaf14e44798d005a82003ed098bda7d8fbfd0b742868d312d670f1dbe378d |