Analysis Overview
SHA256
629abf54d77eaf26bebff5146d1535eef92a7d6894143521acf8d428754ed373
Threat Level: Known bad
The file 2024-04-06_5a7ab326f6fab9cec0a30a4f55f5430f_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Executes dropped EXE
Deletes itself
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 22:29
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 22:29
Reported
2024-04-06 22:31
Platform
win7-20240221-en
Max time kernel
144s
Max time network
126s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{68EA5B4B-7714-4295-9D06-47A1B79235C1} | C:\Users\Admin\AppData\Local\Temp\2024-04-06_5a7ab326f6fab9cec0a30a4f55f5430f_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{68EA5B4B-7714-4295-9D06-47A1B79235C1}\stubpath = "C:\\Windows\\{68EA5B4B-7714-4295-9D06-47A1B79235C1}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-06_5a7ab326f6fab9cec0a30a4f55f5430f_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D566DE58-58E8-4f64-AB0F-DF782A1C3636} | C:\Windows\{206C9C9D-46D9-4a8b-975F-CE6FC7620D43}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D566DE58-58E8-4f64-AB0F-DF782A1C3636}\stubpath = "C:\\Windows\\{D566DE58-58E8-4f64-AB0F-DF782A1C3636}.exe" | C:\Windows\{206C9C9D-46D9-4a8b-975F-CE6FC7620D43}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FF9F4FBC-953C-4349-B422-5FBA6B5EFF12}\stubpath = "C:\\Windows\\{FF9F4FBC-953C-4349-B422-5FBA6B5EFF12}.exe" | C:\Windows\{4319BB2A-39BA-45c9-BCCD-A82F7A3940CB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{779DD137-5626-4d41-9E89-54C7A013C4BE} | C:\Windows\{FF9F4FBC-953C-4349-B422-5FBA6B5EFF12}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3335F20F-56B8-4ce4-ABC1-C47246C83A9C} | C:\Windows\{68EA5B4B-7714-4295-9D06-47A1B79235C1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3335F20F-56B8-4ce4-ABC1-C47246C83A9C}\stubpath = "C:\\Windows\\{3335F20F-56B8-4ce4-ABC1-C47246C83A9C}.exe" | C:\Windows\{68EA5B4B-7714-4295-9D06-47A1B79235C1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{DBBEB1E4-06A1-48ae-ACF9-4E2716D7D51E}\stubpath = "C:\\Windows\\{DBBEB1E4-06A1-48ae-ACF9-4E2716D7D51E}.exe" | C:\Windows\{3335F20F-56B8-4ce4-ABC1-C47246C83A9C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{31805F02-4BE0-403e-9D65-7A13722E1A9F}\stubpath = "C:\\Windows\\{31805F02-4BE0-403e-9D65-7A13722E1A9F}.exe" | C:\Windows\{A0359F57-97C0-4c20-B1EE-0525C9AB2CC0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1E89FB9D-71F0-458e-8764-EBC3941F0BA8}\stubpath = "C:\\Windows\\{1E89FB9D-71F0-458e-8764-EBC3941F0BA8}.exe" | C:\Windows\{D566DE58-58E8-4f64-AB0F-DF782A1C3636}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4319BB2A-39BA-45c9-BCCD-A82F7A3940CB} | C:\Windows\{1E89FB9D-71F0-458e-8764-EBC3941F0BA8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4319BB2A-39BA-45c9-BCCD-A82F7A3940CB}\stubpath = "C:\\Windows\\{4319BB2A-39BA-45c9-BCCD-A82F7A3940CB}.exe" | C:\Windows\{1E89FB9D-71F0-458e-8764-EBC3941F0BA8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{DBBEB1E4-06A1-48ae-ACF9-4E2716D7D51E} | C:\Windows\{3335F20F-56B8-4ce4-ABC1-C47246C83A9C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A0359F57-97C0-4c20-B1EE-0525C9AB2CC0}\stubpath = "C:\\Windows\\{A0359F57-97C0-4c20-B1EE-0525C9AB2CC0}.exe" | C:\Windows\{DBBEB1E4-06A1-48ae-ACF9-4E2716D7D51E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{206C9C9D-46D9-4a8b-975F-CE6FC7620D43} | C:\Windows\{31805F02-4BE0-403e-9D65-7A13722E1A9F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{206C9C9D-46D9-4a8b-975F-CE6FC7620D43}\stubpath = "C:\\Windows\\{206C9C9D-46D9-4a8b-975F-CE6FC7620D43}.exe" | C:\Windows\{31805F02-4BE0-403e-9D65-7A13722E1A9F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1E89FB9D-71F0-458e-8764-EBC3941F0BA8} | C:\Windows\{D566DE58-58E8-4f64-AB0F-DF782A1C3636}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{779DD137-5626-4d41-9E89-54C7A013C4BE}\stubpath = "C:\\Windows\\{779DD137-5626-4d41-9E89-54C7A013C4BE}.exe" | C:\Windows\{FF9F4FBC-953C-4349-B422-5FBA6B5EFF12}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A0359F57-97C0-4c20-B1EE-0525C9AB2CC0} | C:\Windows\{DBBEB1E4-06A1-48ae-ACF9-4E2716D7D51E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{31805F02-4BE0-403e-9D65-7A13722E1A9F} | C:\Windows\{A0359F57-97C0-4c20-B1EE-0525C9AB2CC0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FF9F4FBC-953C-4349-B422-5FBA6B5EFF12} | C:\Windows\{4319BB2A-39BA-45c9-BCCD-A82F7A3940CB}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{68EA5B4B-7714-4295-9D06-47A1B79235C1}.exe | N/A |
| N/A | N/A | C:\Windows\{3335F20F-56B8-4ce4-ABC1-C47246C83A9C}.exe | N/A |
| N/A | N/A | C:\Windows\{DBBEB1E4-06A1-48ae-ACF9-4E2716D7D51E}.exe | N/A |
| N/A | N/A | C:\Windows\{A0359F57-97C0-4c20-B1EE-0525C9AB2CC0}.exe | N/A |
| N/A | N/A | C:\Windows\{31805F02-4BE0-403e-9D65-7A13722E1A9F}.exe | N/A |
| N/A | N/A | C:\Windows\{206C9C9D-46D9-4a8b-975F-CE6FC7620D43}.exe | N/A |
| N/A | N/A | C:\Windows\{D566DE58-58E8-4f64-AB0F-DF782A1C3636}.exe | N/A |
| N/A | N/A | C:\Windows\{1E89FB9D-71F0-458e-8764-EBC3941F0BA8}.exe | N/A |
| N/A | N/A | C:\Windows\{4319BB2A-39BA-45c9-BCCD-A82F7A3940CB}.exe | N/A |
| N/A | N/A | C:\Windows\{FF9F4FBC-953C-4349-B422-5FBA6B5EFF12}.exe | N/A |
| N/A | N/A | C:\Windows\{779DD137-5626-4d41-9E89-54C7A013C4BE}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{1E89FB9D-71F0-458e-8764-EBC3941F0BA8}.exe | C:\Windows\{D566DE58-58E8-4f64-AB0F-DF782A1C3636}.exe | N/A |
| File created | C:\Windows\{FF9F4FBC-953C-4349-B422-5FBA6B5EFF12}.exe | C:\Windows\{4319BB2A-39BA-45c9-BCCD-A82F7A3940CB}.exe | N/A |
| File created | C:\Windows\{3335F20F-56B8-4ce4-ABC1-C47246C83A9C}.exe | C:\Windows\{68EA5B4B-7714-4295-9D06-47A1B79235C1}.exe | N/A |
| File created | C:\Windows\{DBBEB1E4-06A1-48ae-ACF9-4E2716D7D51E}.exe | C:\Windows\{3335F20F-56B8-4ce4-ABC1-C47246C83A9C}.exe | N/A |
| File created | C:\Windows\{A0359F57-97C0-4c20-B1EE-0525C9AB2CC0}.exe | C:\Windows\{DBBEB1E4-06A1-48ae-ACF9-4E2716D7D51E}.exe | N/A |
| File created | C:\Windows\{31805F02-4BE0-403e-9D65-7A13722E1A9F}.exe | C:\Windows\{A0359F57-97C0-4c20-B1EE-0525C9AB2CC0}.exe | N/A |
| File created | C:\Windows\{206C9C9D-46D9-4a8b-975F-CE6FC7620D43}.exe | C:\Windows\{31805F02-4BE0-403e-9D65-7A13722E1A9F}.exe | N/A |
| File created | C:\Windows\{D566DE58-58E8-4f64-AB0F-DF782A1C3636}.exe | C:\Windows\{206C9C9D-46D9-4a8b-975F-CE6FC7620D43}.exe | N/A |
| File created | C:\Windows\{779DD137-5626-4d41-9E89-54C7A013C4BE}.exe | C:\Windows\{FF9F4FBC-953C-4349-B422-5FBA6B5EFF12}.exe | N/A |
| File created | C:\Windows\{68EA5B4B-7714-4295-9D06-47A1B79235C1}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-06_5a7ab326f6fab9cec0a30a4f55f5430f_goldeneye.exe | N/A |
| File created | C:\Windows\{4319BB2A-39BA-45c9-BCCD-A82F7A3940CB}.exe | C:\Windows\{1E89FB9D-71F0-458e-8764-EBC3941F0BA8}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-06_5a7ab326f6fab9cec0a30a4f55f5430f_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-06_5a7ab326f6fab9cec0a30a4f55f5430f_goldeneye.exe"
C:\Windows\{68EA5B4B-7714-4295-9D06-47A1B79235C1}.exe
C:\Windows\{68EA5B4B-7714-4295-9D06-47A1B79235C1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{3335F20F-56B8-4ce4-ABC1-C47246C83A9C}.exe
C:\Windows\{3335F20F-56B8-4ce4-ABC1-C47246C83A9C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{68EA5~1.EXE > nul
C:\Windows\{DBBEB1E4-06A1-48ae-ACF9-4E2716D7D51E}.exe
C:\Windows\{DBBEB1E4-06A1-48ae-ACF9-4E2716D7D51E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3335F~1.EXE > nul
C:\Windows\{A0359F57-97C0-4c20-B1EE-0525C9AB2CC0}.exe
C:\Windows\{A0359F57-97C0-4c20-B1EE-0525C9AB2CC0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{DBBEB~1.EXE > nul
C:\Windows\{31805F02-4BE0-403e-9D65-7A13722E1A9F}.exe
C:\Windows\{31805F02-4BE0-403e-9D65-7A13722E1A9F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A0359~1.EXE > nul
C:\Windows\{206C9C9D-46D9-4a8b-975F-CE6FC7620D43}.exe
C:\Windows\{206C9C9D-46D9-4a8b-975F-CE6FC7620D43}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{31805~1.EXE > nul
C:\Windows\{D566DE58-58E8-4f64-AB0F-DF782A1C3636}.exe
C:\Windows\{D566DE58-58E8-4f64-AB0F-DF782A1C3636}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{206C9~1.EXE > nul
C:\Windows\{1E89FB9D-71F0-458e-8764-EBC3941F0BA8}.exe
C:\Windows\{1E89FB9D-71F0-458e-8764-EBC3941F0BA8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D566D~1.EXE > nul
C:\Windows\{4319BB2A-39BA-45c9-BCCD-A82F7A3940CB}.exe
C:\Windows\{4319BB2A-39BA-45c9-BCCD-A82F7A3940CB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1E89F~1.EXE > nul
C:\Windows\{FF9F4FBC-953C-4349-B422-5FBA6B5EFF12}.exe
C:\Windows\{FF9F4FBC-953C-4349-B422-5FBA6B5EFF12}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4319B~1.EXE > nul
C:\Windows\{779DD137-5626-4d41-9E89-54C7A013C4BE}.exe
C:\Windows\{779DD137-5626-4d41-9E89-54C7A013C4BE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FF9F4~1.EXE > nul
Network
Files
C:\Windows\{68EA5B4B-7714-4295-9D06-47A1B79235C1}.exe
| MD5 | 7041376d8f6a94f270009886f07fe8c9 |
| SHA1 | 914d7992a8dd74b2e317075305e6a2c9a9582642 |
| SHA256 | 74eb7673d50bd66468caa46292547b7951c911054a33927b24615fb5b2758631 |
| SHA512 | 57a27690e75c4d97d60262643beb178fedfdd2e13eb2218898796588165a1a97b6fc43c1a2dedb107b5090212ae73d72fb57c7a352e0d69e7eda965cf05279e9 |
C:\Windows\{3335F20F-56B8-4ce4-ABC1-C47246C83A9C}.exe
| MD5 | 4b8841e319046e8bf0e3dda07def8935 |
| SHA1 | e007853cdc6863a18aa7e0c86d0d32e82e1aa3ca |
| SHA256 | a54494fddd3d60a6b2ffaf4a2a72c0003429af7f2b46796045d046264aea8d4d |
| SHA512 | be7ea120feff300ebc679f653f075ae34e7c826fb55e813859fdb81a7ad268383d50cf48d5e5ba34cefb8bf8406c64a1530bfda58221d7d4228be2f172472fc4 |
C:\Windows\{DBBEB1E4-06A1-48ae-ACF9-4E2716D7D51E}.exe
| MD5 | cbe78cf2ae07a1901eba984dbe8b8802 |
| SHA1 | e88884669720158753f0959bd45749318c95d11f |
| SHA256 | 154339d1f857622b5d9a017c155a9d97072b7529477d0ad8fcccf46b59ec4c52 |
| SHA512 | cf6fb173e2d18d43ac1239836a9bd60094fea0750db5439af03c3ba6fd4ac8f2a7a577585e855fdacec2a22c44d6a2dd9528dd8e4717e0108def7ad1c9e05936 |
C:\Windows\{A0359F57-97C0-4c20-B1EE-0525C9AB2CC0}.exe
| MD5 | d310dfa8eb6a43450c901b2e39673e20 |
| SHA1 | 7f5a375f7c4dfc5fad84f5cee983da3b6bb0044b |
| SHA256 | 392e9f277fe983f936d97509cb7b3a5817031bae573b36ed3668c12df1b7866a |
| SHA512 | b3b78e03a16139bcc448108dbc0e6c328503e876f649b9d157976ab9b235d040e6bf1da3a3a545f9c360158a7ec2d46892505e79b60e82f82689067d07601e38 |
C:\Windows\{31805F02-4BE0-403e-9D65-7A13722E1A9F}.exe
| MD5 | c6f2da893a3466dd804b041f33cb3a50 |
| SHA1 | 256195df8f67a57c5411c6a69fdfbc3c7cdefe36 |
| SHA256 | 46a7c3136aa247ac5f2af424dfec1b25167922e08a4b19390838f01822439cbb |
| SHA512 | c2fd876c4e3f350bfc9ae56bd0b842b7fc373b8c51c633ff77213acaaaeb4efa8c77cd998441e154769624589b26aca037895bd2327888b211828c0c070185a3 |
C:\Windows\{206C9C9D-46D9-4a8b-975F-CE6FC7620D43}.exe
| MD5 | dbbb01f5537b8fa42bbe4f883da4d05f |
| SHA1 | a1159b9ad8b08cabc4418b5e78f54c36ce7858bc |
| SHA256 | 470e695b11077ae56d83ae3f184c0fe4c0296667d7876aff70caf7baae19deed |
| SHA512 | 71c8d374d6074fd252d06fde1113001df17635231c1a426473f2d37e08a49988f47a12f3d5699b3b3d6db94d4f5cef7994ecb2247e2977a1fd30f8f1422e5b69 |
C:\Windows\{D566DE58-58E8-4f64-AB0F-DF782A1C3636}.exe
| MD5 | 1b8e53630d158b3334ef6b23b1a6a9e2 |
| SHA1 | 2d59b30259823100472ecf57d94517a2260effd5 |
| SHA256 | 35b920b97ff7d40f0ee048b8678a535696a8d8030b375089611c8baa5d490fe7 |
| SHA512 | 67fe46e40b4760e0c612ccd6f4961ea62e252292a491055253716abf52be37e74abd2ef2b0c0f0134a032db4c6959fea82281bb053370979e55330f355aca4fd |
C:\Windows\{1E89FB9D-71F0-458e-8764-EBC3941F0BA8}.exe
| MD5 | 86621337a8c61951baacc00f28f5ea69 |
| SHA1 | 25242f5d2f6325701bb2dc0403b5d7c75811bba1 |
| SHA256 | e13176a3066a96e7802ed0b8b8aac50389c0e8389dc37b954b37c53e6d15b8cb |
| SHA512 | f1f84d181c69c928166cd30e0f857d84957aa7f230617f103597e725b065811c8d1d9a2ad9120d8fdcee98b3b2e8f5ac7b9fdcba94977d55974ce2615ea3aa3e |
C:\Windows\{4319BB2A-39BA-45c9-BCCD-A82F7A3940CB}.exe
| MD5 | 7f29238b1b62e224ddd1e0d43139c375 |
| SHA1 | 7c6b506babfc94eb1863a7ba3af536ed934501f2 |
| SHA256 | a707f7f225717ab816752b31944cfd5b83d838e03bb155344a70562f43cdd4f5 |
| SHA512 | 79ccb52deba089befb5dc79a959f68d4b41b84c4a3882600c65b29f30c66cf037d6780a14a3678f4fdf23ecacd5f082bda12909245d58f90b7e5e14e745e0d02 |
C:\Windows\{FF9F4FBC-953C-4349-B422-5FBA6B5EFF12}.exe
| MD5 | bb1c314cab7ff022253c2c9298d53b1a |
| SHA1 | aa04e30807a9f507590112740d9ff4a5fd697aef |
| SHA256 | 4099f151609483204b87028717e525b172b95f7d6d6dca43584204f9a6fc8943 |
| SHA512 | afdb8657b1d062ed3cf6f144e99583420d88f339bfa616d62e798e8d071e74d8a5a4a62369f75aebf853b229df6c8eb72b7c534445a4718c01f2d786565a5241 |
C:\Windows\{779DD137-5626-4d41-9E89-54C7A013C4BE}.exe
| MD5 | 4e53ed637b1df65eba4743ff3e46970b |
| SHA1 | 3a77b81abd96c3dd96adb7d4ebbbdeaa72a66dfb |
| SHA256 | 25bd652a2c1d8a6590fb18763c1cf9e99ee46befb9d5e8bd0986f3079149abe4 |
| SHA512 | 214f13c8aa39276afc3abc63c4d73987e0f842f6c54f510be1cb80a3b7f7af92d10903275963ee9bd8eda6e01b70d2ff93a74309156b33ed89f71aef842979b8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 22:29
Reported
2024-04-06 22:31
Platform
win10v2004-20240319-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9BCC6E81-5EE8-479c-96F5-C659817538F1}\stubpath = "C:\\Windows\\{9BCC6E81-5EE8-479c-96F5-C659817538F1}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-06_5a7ab326f6fab9cec0a30a4f55f5430f_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0EBF65B2-2543-4190-86C5-3CD794913490}\stubpath = "C:\\Windows\\{0EBF65B2-2543-4190-86C5-3CD794913490}.exe" | C:\Windows\{9BCC6E81-5EE8-479c-96F5-C659817538F1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{573F9AA1-F17E-4008-80FE-B89E6160393F}\stubpath = "C:\\Windows\\{573F9AA1-F17E-4008-80FE-B89E6160393F}.exe" | C:\Windows\{684C63B3-C864-4287-96EB-DA92DC18919B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{59F23E9E-C880-4e49-B8D5-A4E33057D605} | C:\Windows\{B0C41266-3AEF-4fac-A881-3D0552A4123C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{59F23E9E-C880-4e49-B8D5-A4E33057D605}\stubpath = "C:\\Windows\\{59F23E9E-C880-4e49-B8D5-A4E33057D605}.exe" | C:\Windows\{B0C41266-3AEF-4fac-A881-3D0552A4123C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AE463372-326A-4b27-BBD0-406CA70F20E3}\stubpath = "C:\\Windows\\{AE463372-326A-4b27-BBD0-406CA70F20E3}.exe" | C:\Windows\{CD218272-2458-451c-B33D-E5A0A03E4807}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2B2D5C9F-CF41-4250-9175-C1A705DDA6C6}\stubpath = "C:\\Windows\\{2B2D5C9F-CF41-4250-9175-C1A705DDA6C6}.exe" | C:\Windows\{AE463372-326A-4b27-BBD0-406CA70F20E3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9BCC6E81-5EE8-479c-96F5-C659817538F1} | C:\Users\Admin\AppData\Local\Temp\2024-04-06_5a7ab326f6fab9cec0a30a4f55f5430f_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B0C41266-3AEF-4fac-A881-3D0552A4123C} | C:\Windows\{CCA22F9A-D8A6-4b5b-A1EC-B7894DBCE02A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CD218272-2458-451c-B33D-E5A0A03E4807} | C:\Windows\{59F23E9E-C880-4e49-B8D5-A4E33057D605}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CD218272-2458-451c-B33D-E5A0A03E4807}\stubpath = "C:\\Windows\\{CD218272-2458-451c-B33D-E5A0A03E4807}.exe" | C:\Windows\{59F23E9E-C880-4e49-B8D5-A4E33057D605}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CCA22F9A-D8A6-4b5b-A1EC-B7894DBCE02A} | C:\Windows\{573F9AA1-F17E-4008-80FE-B89E6160393F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{20C0AAE5-E19F-4f90-9115-5BED1F53525B} | C:\Windows\{0EBF65B2-2543-4190-86C5-3CD794913490}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0AAB978C-EE2A-4b51-92D9-0ABECC396AD3} | C:\Windows\{20C0AAE5-E19F-4f90-9115-5BED1F53525B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{573F9AA1-F17E-4008-80FE-B89E6160393F} | C:\Windows\{684C63B3-C864-4287-96EB-DA92DC18919B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CCA22F9A-D8A6-4b5b-A1EC-B7894DBCE02A}\stubpath = "C:\\Windows\\{CCA22F9A-D8A6-4b5b-A1EC-B7894DBCE02A}.exe" | C:\Windows\{573F9AA1-F17E-4008-80FE-B89E6160393F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B0C41266-3AEF-4fac-A881-3D0552A4123C}\stubpath = "C:\\Windows\\{B0C41266-3AEF-4fac-A881-3D0552A4123C}.exe" | C:\Windows\{CCA22F9A-D8A6-4b5b-A1EC-B7894DBCE02A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AE463372-326A-4b27-BBD0-406CA70F20E3} | C:\Windows\{CD218272-2458-451c-B33D-E5A0A03E4807}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0EBF65B2-2543-4190-86C5-3CD794913490} | C:\Windows\{9BCC6E81-5EE8-479c-96F5-C659817538F1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0AAB978C-EE2A-4b51-92D9-0ABECC396AD3}\stubpath = "C:\\Windows\\{0AAB978C-EE2A-4b51-92D9-0ABECC396AD3}.exe" | C:\Windows\{20C0AAE5-E19F-4f90-9115-5BED1F53525B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{684C63B3-C864-4287-96EB-DA92DC18919B} | C:\Windows\{0AAB978C-EE2A-4b51-92D9-0ABECC396AD3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{684C63B3-C864-4287-96EB-DA92DC18919B}\stubpath = "C:\\Windows\\{684C63B3-C864-4287-96EB-DA92DC18919B}.exe" | C:\Windows\{0AAB978C-EE2A-4b51-92D9-0ABECC396AD3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2B2D5C9F-CF41-4250-9175-C1A705DDA6C6} | C:\Windows\{AE463372-326A-4b27-BBD0-406CA70F20E3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{20C0AAE5-E19F-4f90-9115-5BED1F53525B}\stubpath = "C:\\Windows\\{20C0AAE5-E19F-4f90-9115-5BED1F53525B}.exe" | C:\Windows\{0EBF65B2-2543-4190-86C5-3CD794913490}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{9BCC6E81-5EE8-479c-96F5-C659817538F1}.exe | N/A |
| N/A | N/A | C:\Windows\{0EBF65B2-2543-4190-86C5-3CD794913490}.exe | N/A |
| N/A | N/A | C:\Windows\{20C0AAE5-E19F-4f90-9115-5BED1F53525B}.exe | N/A |
| N/A | N/A | C:\Windows\{0AAB978C-EE2A-4b51-92D9-0ABECC396AD3}.exe | N/A |
| N/A | N/A | C:\Windows\{684C63B3-C864-4287-96EB-DA92DC18919B}.exe | N/A |
| N/A | N/A | C:\Windows\{573F9AA1-F17E-4008-80FE-B89E6160393F}.exe | N/A |
| N/A | N/A | C:\Windows\{CCA22F9A-D8A6-4b5b-A1EC-B7894DBCE02A}.exe | N/A |
| N/A | N/A | C:\Windows\{B0C41266-3AEF-4fac-A881-3D0552A4123C}.exe | N/A |
| N/A | N/A | C:\Windows\{59F23E9E-C880-4e49-B8D5-A4E33057D605}.exe | N/A |
| N/A | N/A | C:\Windows\{CD218272-2458-451c-B33D-E5A0A03E4807}.exe | N/A |
| N/A | N/A | C:\Windows\{AE463372-326A-4b27-BBD0-406CA70F20E3}.exe | N/A |
| N/A | N/A | C:\Windows\{2B2D5C9F-CF41-4250-9175-C1A705DDA6C6}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{9BCC6E81-5EE8-479c-96F5-C659817538F1}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-06_5a7ab326f6fab9cec0a30a4f55f5430f_goldeneye.exe | N/A |
| File created | C:\Windows\{0EBF65B2-2543-4190-86C5-3CD794913490}.exe | C:\Windows\{9BCC6E81-5EE8-479c-96F5-C659817538F1}.exe | N/A |
| File created | C:\Windows\{684C63B3-C864-4287-96EB-DA92DC18919B}.exe | C:\Windows\{0AAB978C-EE2A-4b51-92D9-0ABECC396AD3}.exe | N/A |
| File created | C:\Windows\{573F9AA1-F17E-4008-80FE-B89E6160393F}.exe | C:\Windows\{684C63B3-C864-4287-96EB-DA92DC18919B}.exe | N/A |
| File created | C:\Windows\{CCA22F9A-D8A6-4b5b-A1EC-B7894DBCE02A}.exe | C:\Windows\{573F9AA1-F17E-4008-80FE-B89E6160393F}.exe | N/A |
| File created | C:\Windows\{CD218272-2458-451c-B33D-E5A0A03E4807}.exe | C:\Windows\{59F23E9E-C880-4e49-B8D5-A4E33057D605}.exe | N/A |
| File created | C:\Windows\{2B2D5C9F-CF41-4250-9175-C1A705DDA6C6}.exe | C:\Windows\{AE463372-326A-4b27-BBD0-406CA70F20E3}.exe | N/A |
| File created | C:\Windows\{20C0AAE5-E19F-4f90-9115-5BED1F53525B}.exe | C:\Windows\{0EBF65B2-2543-4190-86C5-3CD794913490}.exe | N/A |
| File created | C:\Windows\{0AAB978C-EE2A-4b51-92D9-0ABECC396AD3}.exe | C:\Windows\{20C0AAE5-E19F-4f90-9115-5BED1F53525B}.exe | N/A |
| File created | C:\Windows\{B0C41266-3AEF-4fac-A881-3D0552A4123C}.exe | C:\Windows\{CCA22F9A-D8A6-4b5b-A1EC-B7894DBCE02A}.exe | N/A |
| File created | C:\Windows\{59F23E9E-C880-4e49-B8D5-A4E33057D605}.exe | C:\Windows\{B0C41266-3AEF-4fac-A881-3D0552A4123C}.exe | N/A |
| File created | C:\Windows\{AE463372-326A-4b27-BBD0-406CA70F20E3}.exe | C:\Windows\{CD218272-2458-451c-B33D-E5A0A03E4807}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-06_5a7ab326f6fab9cec0a30a4f55f5430f_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-06_5a7ab326f6fab9cec0a30a4f55f5430f_goldeneye.exe"
C:\Windows\{9BCC6E81-5EE8-479c-96F5-C659817538F1}.exe
C:\Windows\{9BCC6E81-5EE8-479c-96F5-C659817538F1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{0EBF65B2-2543-4190-86C5-3CD794913490}.exe
C:\Windows\{0EBF65B2-2543-4190-86C5-3CD794913490}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9BCC6~1.EXE > nul
C:\Windows\{20C0AAE5-E19F-4f90-9115-5BED1F53525B}.exe
C:\Windows\{20C0AAE5-E19F-4f90-9115-5BED1F53525B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0EBF6~1.EXE > nul
C:\Windows\{0AAB978C-EE2A-4b51-92D9-0ABECC396AD3}.exe
C:\Windows\{0AAB978C-EE2A-4b51-92D9-0ABECC396AD3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{20C0A~1.EXE > nul
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4252 --field-trial-handle=2224,i,17688331074622862378,73816879873678745,262144 --variations-seed-version /prefetch:8
C:\Windows\{684C63B3-C864-4287-96EB-DA92DC18919B}.exe
C:\Windows\{684C63B3-C864-4287-96EB-DA92DC18919B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0AAB9~1.EXE > nul
C:\Windows\{573F9AA1-F17E-4008-80FE-B89E6160393F}.exe
C:\Windows\{573F9AA1-F17E-4008-80FE-B89E6160393F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{684C6~1.EXE > nul
C:\Windows\{CCA22F9A-D8A6-4b5b-A1EC-B7894DBCE02A}.exe
C:\Windows\{CCA22F9A-D8A6-4b5b-A1EC-B7894DBCE02A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{573F9~1.EXE > nul
C:\Windows\{B0C41266-3AEF-4fac-A881-3D0552A4123C}.exe
C:\Windows\{B0C41266-3AEF-4fac-A881-3D0552A4123C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CCA22~1.EXE > nul
C:\Windows\{59F23E9E-C880-4e49-B8D5-A4E33057D605}.exe
C:\Windows\{59F23E9E-C880-4e49-B8D5-A4E33057D605}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B0C41~1.EXE > nul
C:\Windows\{CD218272-2458-451c-B33D-E5A0A03E4807}.exe
C:\Windows\{CD218272-2458-451c-B33D-E5A0A03E4807}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{59F23~1.EXE > nul
C:\Windows\{AE463372-326A-4b27-BBD0-406CA70F20E3}.exe
C:\Windows\{AE463372-326A-4b27-BBD0-406CA70F20E3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CD218~1.EXE > nul
C:\Windows\{2B2D5C9F-CF41-4250-9175-C1A705DDA6C6}.exe
C:\Windows\{2B2D5C9F-CF41-4250-9175-C1A705DDA6C6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{AE463~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| IE | 94.245.104.56:443 | tcp | |
| GB | 172.166.92.12:443 | tcp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| GB | 51.140.242.104:443 | tcp | |
| NL | 142.250.179.138:443 | tcp | |
| NL | 142.250.179.138:443 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| GB | 13.105.221.16:443 | tcp | |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Windows\{9BCC6E81-5EE8-479c-96F5-C659817538F1}.exe
| MD5 | 706a9c31dcb29e1fb05187db48cf9c25 |
| SHA1 | 7d3e32843aa54d842186896f16f306f9371ab3eb |
| SHA256 | 6a2023e206fab07d785f5c3d7dee7329ca38cd98033468b1a3633d5bc8e6c140 |
| SHA512 | 0423a273e96388a861de4167ba1b3835f65dad0415c3b9208e6b001a39bbe3d4a49d83d5af0338e97851c283f2bb9cc0c5a52ca5cc381a046f16a2345bc88d02 |
C:\Windows\{0EBF65B2-2543-4190-86C5-3CD794913490}.exe
| MD5 | ae326cc6ca03732bd53a943187f3886c |
| SHA1 | f2785761fda9a28eeb2a31eb491a2ae7fc8ed253 |
| SHA256 | 55d602ffd72766eb3f4c29ef1cb8ff80626ffa35e9e4db318c6c40ddc8a97e01 |
| SHA512 | 13bac76c5f28e04d47c783279110a200f2a85a40d68dfaed43c998f81e3b26f0fc632dbb82376747036805e5dbd00254d483fb1137b73766ecfe26f523442db7 |
C:\Windows\{20C0AAE5-E19F-4f90-9115-5BED1F53525B}.exe
| MD5 | 25ce1f045ee833227aba45c377e05df2 |
| SHA1 | d305a3a443e946a8847c1fbc738cfa03168bc518 |
| SHA256 | b3a11e882add83f9e5d47ca4c07ccb7d501b313f45556be3fa170ca28979a7e6 |
| SHA512 | 2aab2c6e39e208f39028d4706cf97a303441f6cc02997abfbe3785fe0a3fe8f63cf90929a376e4f104e6e74accaa96f007b4fe1494a0865471e1fc79c9c8934a |
C:\Windows\{0AAB978C-EE2A-4b51-92D9-0ABECC396AD3}.exe
| MD5 | ddc58e92c0bcecd55eb1a9572368a34b |
| SHA1 | d8b2a618b8e1cd85f383c6ac16296df56c3dc289 |
| SHA256 | 16c4872c58d65cf06949cb444d4881261e1d222838c13745fff4cf4193d59b18 |
| SHA512 | 09c1df1ac388a8ae661a87679531ea0ee843e549ffafbdd663c656f1d1fc1fa8f847df3ea7926c0f2d097ebdc75d9c0de3400709692289c813079b5e9d7942c2 |
C:\Windows\{684C63B3-C864-4287-96EB-DA92DC18919B}.exe
| MD5 | 4150dce7b76182befa13cf9f32d993d1 |
| SHA1 | 0860a6862cd55f56174a906b143bee38791a0acc |
| SHA256 | c2abff559a9f80fa7f9ad8de8ef06066def902e89e855d234fd4317210658f0c |
| SHA512 | 72435ecfc88363b403fa2d3145dd79f347e8c6b18d4203cf5c7dbae90edd82c39840c88cdd89b3246ce927e87aa77d796fe63e4a7fd278bc1426ecbf17e9e612 |
C:\Windows\{573F9AA1-F17E-4008-80FE-B89E6160393F}.exe
| MD5 | d691885140ea13fd85ed407df0966d4d |
| SHA1 | abbc23034207643529517bb713645e2b26878c1e |
| SHA256 | 971903022fa928e31c6a806ea5bf0c1b898eb226f624203babb6f177745135c2 |
| SHA512 | 91bf6ceca41501a01d20debd0ebc40ffd9d55da3d882915ca066d9c9740fb4ac09038acc44c2b5c191cc9c52c8ace0471c7f9f6026abefb8ef5d5f30cf9ebd14 |
C:\Windows\{CCA22F9A-D8A6-4b5b-A1EC-B7894DBCE02A}.exe
| MD5 | 85c57c4a84a43d7767acc523df000c5f |
| SHA1 | efbc280542b7f7cec6be083c2458d621c11b0929 |
| SHA256 | 3960e73f796fed4750faeb92bfeb98264be752e5e4d206a57ab255761814ee25 |
| SHA512 | 63acf252262ad03db9f064c93c4426016b62f6424bf2f756b024befd9251c72d05503a73bff106ce94b51cdfd63e073a7b587940478bcc95d8db739d3b0b0b02 |
C:\Windows\{B0C41266-3AEF-4fac-A881-3D0552A4123C}.exe
| MD5 | 6d002d586d1fa7f9ff882f683f409dcf |
| SHA1 | 1e3ea05139efd6eab0f11de0b7e4b4b9f183cc02 |
| SHA256 | 4e31807991050803068bba92d141e9ccc528a40f46237a04a7fec2450a824943 |
| SHA512 | 6db9d5e315a59f64bca935f2fd7187cac4210055c8308643e0f50681f0b6d3a7a5acf2ea3eeb9de02fe9f3a4be7aa2ecccc298a3e5ad3a4f6f96eb2644d5d436 |
C:\Windows\{59F23E9E-C880-4e49-B8D5-A4E33057D605}.exe
| MD5 | 535baf5f6cc09a7f3e89aadb280af695 |
| SHA1 | ef594370ae74777bdf05405b3720eb3a21deb85d |
| SHA256 | b9f4c3d21ecc86e1797471601d89ff4e91976562a583fda685744b5bc0ed4c83 |
| SHA512 | 69f8b926d0ec7e173cc3862974775c4b1cce3c34247ed2d4a5c64ec8830b8e6b434b080d492a81198b6caa220a21ddb213cdd927db25729df83b90043ca90db8 |
C:\Windows\{CD218272-2458-451c-B33D-E5A0A03E4807}.exe
| MD5 | 2dfb176e39935ddcf033b7e42f03f05e |
| SHA1 | 9e09250cd5b5426c9a4b9dccb45cb2a7646a82a9 |
| SHA256 | e5d00f9e847c766eec475b34586fee28039e498bf51fe67361da7b4c3528df60 |
| SHA512 | 46f60c3101b5e187ee66231c4c2fac5e4a6485daf1b7b1627395b0b13c875f20dcb5bdabd168f1005c9ce245feb345fd0d02e5f457941e1ebd59d02b6beba19e |
C:\Windows\{AE463372-326A-4b27-BBD0-406CA70F20E3}.exe
| MD5 | d90c7a4e6c7c6d9b621268bc113ba94a |
| SHA1 | 50f6b1c4d108c0d0fbef59d8e2cec867fd3440a7 |
| SHA256 | 59d6418e2ddee8f46439c6719f7ab0643d3a8e0983b0b3816eea85479c133baf |
| SHA512 | 3a0cd2bb15040d25eff97555b987b1c55aa6b96f6bc928e1f2e3ce7fff5ef074c8ba92deb1fd813974176e0b60102dbf2ccebf27f1e8aea6285e9be6a05ffc7c |
C:\Windows\{2B2D5C9F-CF41-4250-9175-C1A705DDA6C6}.exe
| MD5 | 969d9f2a0c28d7022b277e0877d68ece |
| SHA1 | 53b4248450aec2f6c83cc788e22364cc8de30904 |
| SHA256 | 2d82102c4368ffc63351edf260a33d5ccae90a8e98de36f90fecf983d11304c9 |
| SHA512 | a6543925325484039786bbfca5fa640ea2bdb1599579756052ddb6833ea28c59cd2ef34502398472fa67274bb58eac604982b18ff325623a272b0febd4991d13 |