Analysis Overview
SHA256
109b34023a9cc232e0c95081a5c482107e459cca1cfa877c5f2f112ae980bcca
Threat Level: Known bad
The file 2024-04-07_54ce192027ed3fdc340f6646a9ae6bab_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 18:23
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 18:23
Reported
2024-04-07 18:26
Platform
win7-20240221-en
Max time kernel
150s
Max time network
128s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B5D14ADA-0524-4e26-BE2F-498CC4D9B1DF}\stubpath = "C:\\Windows\\{B5D14ADA-0524-4e26-BE2F-498CC4D9B1DF}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-07_54ce192027ed3fdc340f6646a9ae6bab_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{210A6396-2554-4879-9390-D502CC668292} | C:\Windows\{B5D14ADA-0524-4e26-BE2F-498CC4D9B1DF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{95DE7661-C070-4595-940E-6244FD65BEEE}\stubpath = "C:\\Windows\\{95DE7661-C070-4595-940E-6244FD65BEEE}.exe" | C:\Windows\{8EF7A5A3-585D-46b2-8E97-06D2C5605488}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FCCA356F-534F-4b2f-9BBF-3F0F65D6943C}\stubpath = "C:\\Windows\\{FCCA356F-534F-4b2f-9BBF-3F0F65D6943C}.exe" | C:\Windows\{FB931F42-EA4C-4d19-AF36-15C1D037A642}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BF4B2FC1-A838-4da7-B08D-F92533F6EA4D}\stubpath = "C:\\Windows\\{BF4B2FC1-A838-4da7-B08D-F92533F6EA4D}.exe" | C:\Windows\{907FE030-4B94-4658-B184-1215277D7E1C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5F3A9788-2CB3-49f3-9707-518E38884056}\stubpath = "C:\\Windows\\{5F3A9788-2CB3-49f3-9707-518E38884056}.exe" | C:\Windows\{BF4B2FC1-A838-4da7-B08D-F92533F6EA4D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6AB3ABEE-3679-4160-A8D5-9C43073BC6D8}\stubpath = "C:\\Windows\\{6AB3ABEE-3679-4160-A8D5-9C43073BC6D8}.exe" | C:\Windows\{9AC28808-B49C-4346-A083-B9C0C126D898}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D7092B21-2618-4960-8442-8EA36BF4CEB3}\stubpath = "C:\\Windows\\{D7092B21-2618-4960-8442-8EA36BF4CEB3}.exe" | C:\Windows\{5F3A9788-2CB3-49f3-9707-518E38884056}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9AC28808-B49C-4346-A083-B9C0C126D898}\stubpath = "C:\\Windows\\{9AC28808-B49C-4346-A083-B9C0C126D898}.exe" | C:\Windows\{D7092B21-2618-4960-8442-8EA36BF4CEB3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6AB3ABEE-3679-4160-A8D5-9C43073BC6D8} | C:\Windows\{9AC28808-B49C-4346-A083-B9C0C126D898}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FB931F42-EA4C-4d19-AF36-15C1D037A642}\stubpath = "C:\\Windows\\{FB931F42-EA4C-4d19-AF36-15C1D037A642}.exe" | C:\Windows\{6AB3ABEE-3679-4160-A8D5-9C43073BC6D8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FCCA356F-534F-4b2f-9BBF-3F0F65D6943C} | C:\Windows\{FB931F42-EA4C-4d19-AF36-15C1D037A642}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{210A6396-2554-4879-9390-D502CC668292}\stubpath = "C:\\Windows\\{210A6396-2554-4879-9390-D502CC668292}.exe" | C:\Windows\{B5D14ADA-0524-4e26-BE2F-498CC4D9B1DF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{907FE030-4B94-4658-B184-1215277D7E1C}\stubpath = "C:\\Windows\\{907FE030-4B94-4658-B184-1215277D7E1C}.exe" | C:\Windows\{210A6396-2554-4879-9390-D502CC668292}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D7092B21-2618-4960-8442-8EA36BF4CEB3} | C:\Windows\{5F3A9788-2CB3-49f3-9707-518E38884056}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8EF7A5A3-585D-46b2-8E97-06D2C5605488} | C:\Windows\{FCCA356F-534F-4b2f-9BBF-3F0F65D6943C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8EF7A5A3-585D-46b2-8E97-06D2C5605488}\stubpath = "C:\\Windows\\{8EF7A5A3-585D-46b2-8E97-06D2C5605488}.exe" | C:\Windows\{FCCA356F-534F-4b2f-9BBF-3F0F65D6943C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{95DE7661-C070-4595-940E-6244FD65BEEE} | C:\Windows\{8EF7A5A3-585D-46b2-8E97-06D2C5605488}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5F3A9788-2CB3-49f3-9707-518E38884056} | C:\Windows\{BF4B2FC1-A838-4da7-B08D-F92533F6EA4D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9AC28808-B49C-4346-A083-B9C0C126D898} | C:\Windows\{D7092B21-2618-4960-8442-8EA36BF4CEB3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FB931F42-EA4C-4d19-AF36-15C1D037A642} | C:\Windows\{6AB3ABEE-3679-4160-A8D5-9C43073BC6D8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B5D14ADA-0524-4e26-BE2F-498CC4D9B1DF} | C:\Users\Admin\AppData\Local\Temp\2024-04-07_54ce192027ed3fdc340f6646a9ae6bab_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{907FE030-4B94-4658-B184-1215277D7E1C} | C:\Windows\{210A6396-2554-4879-9390-D502CC668292}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BF4B2FC1-A838-4da7-B08D-F92533F6EA4D} | C:\Windows\{907FE030-4B94-4658-B184-1215277D7E1C}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{B5D14ADA-0524-4e26-BE2F-498CC4D9B1DF}.exe | N/A |
| N/A | N/A | C:\Windows\{210A6396-2554-4879-9390-D502CC668292}.exe | N/A |
| N/A | N/A | C:\Windows\{907FE030-4B94-4658-B184-1215277D7E1C}.exe | N/A |
| N/A | N/A | C:\Windows\{BF4B2FC1-A838-4da7-B08D-F92533F6EA4D}.exe | N/A |
| N/A | N/A | C:\Windows\{5F3A9788-2CB3-49f3-9707-518E38884056}.exe | N/A |
| N/A | N/A | C:\Windows\{D7092B21-2618-4960-8442-8EA36BF4CEB3}.exe | N/A |
| N/A | N/A | C:\Windows\{9AC28808-B49C-4346-A083-B9C0C126D898}.exe | N/A |
| N/A | N/A | C:\Windows\{6AB3ABEE-3679-4160-A8D5-9C43073BC6D8}.exe | N/A |
| N/A | N/A | C:\Windows\{FB931F42-EA4C-4d19-AF36-15C1D037A642}.exe | N/A |
| N/A | N/A | C:\Windows\{FCCA356F-534F-4b2f-9BBF-3F0F65D6943C}.exe | N/A |
| N/A | N/A | C:\Windows\{8EF7A5A3-585D-46b2-8E97-06D2C5605488}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{95DE7661-C070-4595-940E-6244FD65BEEE}.exe | C:\Windows\{8EF7A5A3-585D-46b2-8E97-06D2C5605488}.exe | N/A |
| File created | C:\Windows\{B5D14ADA-0524-4e26-BE2F-498CC4D9B1DF}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_54ce192027ed3fdc340f6646a9ae6bab_goldeneye.exe | N/A |
| File created | C:\Windows\{BF4B2FC1-A838-4da7-B08D-F92533F6EA4D}.exe | C:\Windows\{907FE030-4B94-4658-B184-1215277D7E1C}.exe | N/A |
| File created | C:\Windows\{5F3A9788-2CB3-49f3-9707-518E38884056}.exe | C:\Windows\{BF4B2FC1-A838-4da7-B08D-F92533F6EA4D}.exe | N/A |
| File created | C:\Windows\{D7092B21-2618-4960-8442-8EA36BF4CEB3}.exe | C:\Windows\{5F3A9788-2CB3-49f3-9707-518E38884056}.exe | N/A |
| File created | C:\Windows\{FCCA356F-534F-4b2f-9BBF-3F0F65D6943C}.exe | C:\Windows\{FB931F42-EA4C-4d19-AF36-15C1D037A642}.exe | N/A |
| File created | C:\Windows\{8EF7A5A3-585D-46b2-8E97-06D2C5605488}.exe | C:\Windows\{FCCA356F-534F-4b2f-9BBF-3F0F65D6943C}.exe | N/A |
| File created | C:\Windows\{210A6396-2554-4879-9390-D502CC668292}.exe | C:\Windows\{B5D14ADA-0524-4e26-BE2F-498CC4D9B1DF}.exe | N/A |
| File created | C:\Windows\{907FE030-4B94-4658-B184-1215277D7E1C}.exe | C:\Windows\{210A6396-2554-4879-9390-D502CC668292}.exe | N/A |
| File created | C:\Windows\{9AC28808-B49C-4346-A083-B9C0C126D898}.exe | C:\Windows\{D7092B21-2618-4960-8442-8EA36BF4CEB3}.exe | N/A |
| File created | C:\Windows\{6AB3ABEE-3679-4160-A8D5-9C43073BC6D8}.exe | C:\Windows\{9AC28808-B49C-4346-A083-B9C0C126D898}.exe | N/A |
| File created | C:\Windows\{FB931F42-EA4C-4d19-AF36-15C1D037A642}.exe | C:\Windows\{6AB3ABEE-3679-4160-A8D5-9C43073BC6D8}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-07_54ce192027ed3fdc340f6646a9ae6bab_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-07_54ce192027ed3fdc340f6646a9ae6bab_goldeneye.exe"
C:\Windows\{B5D14ADA-0524-4e26-BE2F-498CC4D9B1DF}.exe
C:\Windows\{B5D14ADA-0524-4e26-BE2F-498CC4D9B1DF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{210A6396-2554-4879-9390-D502CC668292}.exe
C:\Windows\{210A6396-2554-4879-9390-D502CC668292}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B5D14~1.EXE > nul
C:\Windows\{907FE030-4B94-4658-B184-1215277D7E1C}.exe
C:\Windows\{907FE030-4B94-4658-B184-1215277D7E1C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{210A6~1.EXE > nul
C:\Windows\{BF4B2FC1-A838-4da7-B08D-F92533F6EA4D}.exe
C:\Windows\{BF4B2FC1-A838-4da7-B08D-F92533F6EA4D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{907FE~1.EXE > nul
C:\Windows\{5F3A9788-2CB3-49f3-9707-518E38884056}.exe
C:\Windows\{5F3A9788-2CB3-49f3-9707-518E38884056}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BF4B2~1.EXE > nul
C:\Windows\{D7092B21-2618-4960-8442-8EA36BF4CEB3}.exe
C:\Windows\{D7092B21-2618-4960-8442-8EA36BF4CEB3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5F3A9~1.EXE > nul
C:\Windows\{9AC28808-B49C-4346-A083-B9C0C126D898}.exe
C:\Windows\{9AC28808-B49C-4346-A083-B9C0C126D898}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D7092~1.EXE > nul
C:\Windows\{6AB3ABEE-3679-4160-A8D5-9C43073BC6D8}.exe
C:\Windows\{6AB3ABEE-3679-4160-A8D5-9C43073BC6D8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9AC28~1.EXE > nul
C:\Windows\{FB931F42-EA4C-4d19-AF36-15C1D037A642}.exe
C:\Windows\{FB931F42-EA4C-4d19-AF36-15C1D037A642}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6AB3A~1.EXE > nul
C:\Windows\{FCCA356F-534F-4b2f-9BBF-3F0F65D6943C}.exe
C:\Windows\{FCCA356F-534F-4b2f-9BBF-3F0F65D6943C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FB931~1.EXE > nul
C:\Windows\{8EF7A5A3-585D-46b2-8E97-06D2C5605488}.exe
C:\Windows\{8EF7A5A3-585D-46b2-8E97-06D2C5605488}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FCCA3~1.EXE > nul
Network
Files
C:\Windows\{B5D14ADA-0524-4e26-BE2F-498CC4D9B1DF}.exe
| MD5 | 3d70680ca82973c967e2b5848b923582 |
| SHA1 | 24d3c1df47cd2e0df547da1d5ed400af730f7cdf |
| SHA256 | e1919c1c5d8ef52d9f30031758a0a9c5f310b614695621c9db71eb39676bec5a |
| SHA512 | f7d93d0e58932c815ef910c155f28cd3d325d70135a2e28a98fa42e3af48ae4544d73852d750ef20eb22438923c69a945e759525ca9c6ebd455796acc11d0909 |
C:\Windows\{210A6396-2554-4879-9390-D502CC668292}.exe
| MD5 | 58611829034c594cf41404bb571a3118 |
| SHA1 | 9e6f96c03f14d21bc95fc4ad7a615592dec7daf8 |
| SHA256 | 37f9134758f865d902c80fbe7692866f48f6fddfb7c3bf062bfd513ca717f293 |
| SHA512 | 8de323edb14c5fcaf01f194fd3a5d1e02ea7b1bf6d0ed1156ef4be3440615f731e0e65ddd4171b9c618517173ea96b20e3506a75b10799092ddb2ee0ff94abf9 |
C:\Windows\{907FE030-4B94-4658-B184-1215277D7E1C}.exe
| MD5 | 6bad7b14bf02fdda10d7d934fc89d5d5 |
| SHA1 | bd9696f47c45dc29f8037e302372cd1a91cc2fe3 |
| SHA256 | 7483e294768a7a6a119a7a0730de4ccd6c318ffbf53e3e720916972161ab82dc |
| SHA512 | 0437c63edcebc89aa05e477f384e64e7f9bbfb0caf8b66fa3f1eb058f7020768080e9b4bd803b9613462bc726049aaab1ce0459384416fedf281101c944d5a81 |
C:\Windows\{BF4B2FC1-A838-4da7-B08D-F92533F6EA4D}.exe
| MD5 | 15025d93b71e579a2e8d72c925a97ed6 |
| SHA1 | 885d56f547e80dc314767ae25a6a9816dbfcd325 |
| SHA256 | 89a0ff10c81e7b72678ffc20b8898d88c871cba91c8f3f25ba1bb9e771e58112 |
| SHA512 | 0bbee332ccabd1d182ecfea5b9de6d993045cfd1a2cab239474a7ba1882ba2ec47e61c6c9c4aea9607d334bbc8d0ca2858bd38f50d2cda1e8173e39c90339ee2 |
C:\Windows\{5F3A9788-2CB3-49f3-9707-518E38884056}.exe
| MD5 | c6dda87db59cad47ac3b5f9dd41fcef9 |
| SHA1 | e2e083d8906ec8f100244c56afe21177ed5b3a45 |
| SHA256 | 35415f97c38f3afd7ed0954257a08c783e6eec99c50a204bf1daefdac04fcd3e |
| SHA512 | 38d8bebe273dacf1977436af05ff169f94c3e2332edc51ff8010045b4dfed87c095e5666c6fc8002fdb68a25dcdf691209e8ab10e5fd89a564c8d37db27107ae |
C:\Windows\{D7092B21-2618-4960-8442-8EA36BF4CEB3}.exe
| MD5 | 296fce1141a975d834165700256492b7 |
| SHA1 | 9d1a0e8eaf8166a08212da9489f04b6179030296 |
| SHA256 | a351c5b9785cdfa4536f8ba10bc50b7e93b5030d458493e655c0bca8ecca5c4f |
| SHA512 | 674a866340ae2c34c051c87149fd969157d3cbdd0f5ce5ef6dd3bdab9d04998fa77eecb5e22c3eb35ffad757608147f1228813f91b50511d142be3a6cc46719b |
C:\Windows\{9AC28808-B49C-4346-A083-B9C0C126D898}.exe
| MD5 | 4e11639e653c1a0fd2998408b1264a78 |
| SHA1 | 62248825ceb0768e299088d5b8b079ff0e610f91 |
| SHA256 | e9212b0e55595b9535600bc12b9ed60adcb23cde64b50548ae0bca4f88217f2e |
| SHA512 | 87fcf3f7bc5b617d09eae0b7025dafceb4f405d94b528cc62d1276314c53696b1263a78f5d0fe679c29f1e3dc3237ce7d22a2dc08a82177d508a51816bd66190 |
C:\Windows\{6AB3ABEE-3679-4160-A8D5-9C43073BC6D8}.exe
| MD5 | 43740ff40c188de30e88f4c340073184 |
| SHA1 | 8629676c0c1f5a079cd583756c2d14fa89fccbf1 |
| SHA256 | e30d758d72aafd338e498d7f18ddfad108a476ae08b50232b46d956875026dd0 |
| SHA512 | 88c74de0bf5b2d3a90840e4d5b9c86927bb9f210605e99aad0d8ab66b95987f2f2cc3b44db4d891fe0094faeb93aa821f9ae3911aa5ebbf6cbb272093b06ee4e |
C:\Windows\{FB931F42-EA4C-4d19-AF36-15C1D037A642}.exe
| MD5 | 870361acb692138bcd337165c4d647ce |
| SHA1 | 63171a263de266b8f9479e47b8c5831ad238ab23 |
| SHA256 | da37e19cdc93f1984901ad5fbe2a42a32c62ea7e9e61285e943b409a3f23ce95 |
| SHA512 | 30a558bdd88d7ac867550a6b04661257030362b9ebe9b7dc0d87d6985768a4df84f55934b4b76f9eb3c2ad7d1e90cd6bdcb25f85c22b044ef127b0a2af0b0f89 |
C:\Windows\{FCCA356F-534F-4b2f-9BBF-3F0F65D6943C}.exe
| MD5 | 6555767c5513ec9e06929d60b5a72109 |
| SHA1 | a145b644215a39f5d04542afb0a555a4f827b9d2 |
| SHA256 | dd39040f8f49f694cc7b8dedb4dc86dd515cd9f4a63ee2839a3fcacec2e20463 |
| SHA512 | 74272a72439939a59955478e23d2a402a7bb36478f2cb77de1871372f83470ca7801229ec0f89bd97f5a54caeeee8c1dbda57942b6ffc7026ed8337f6f7d4eb0 |
C:\Windows\{8EF7A5A3-585D-46b2-8E97-06D2C5605488}.exe
| MD5 | 33faf0436973ad97b9657bf97c612a8f |
| SHA1 | 14c7af03fb8ba6617abbf4b0b1219ed21cc4fe80 |
| SHA256 | 023e652b5e980655be217c0f9d377292817c508e9ae3015329b02756f51d73ee |
| SHA512 | 286f4b6471ff1144d627fdaaf3763c33a2aaaab4ca2814136860ebd8ecaefe1c605384c4fb08f729ef90d41e1731906287930e81ae64f810c50e26fd8472c086 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 18:23
Reported
2024-04-07 18:25
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
156s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{67EAA18A-04BC-46c4-BA82-266FE5E2001D} | C:\Windows\{9DFDAD25-5B04-43e0-8990-B3D1D508A04F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{ABDA1398-CE29-4ccc-A954-31ECA73CA80B} | C:\Windows\{CFACBC31-C29C-45b0-9F23-2A64502A9F44}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0F2CBD14-7366-4e33-98B0-BEE679E075AD} | C:\Windows\{9C2389F7-41EE-4ab9-A72D-737E0CED85E7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9C2389F7-41EE-4ab9-A72D-737E0CED85E7} | C:\Windows\{ABDA1398-CE29-4ccc-A954-31ECA73CA80B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9C2389F7-41EE-4ab9-A72D-737E0CED85E7}\stubpath = "C:\\Windows\\{9C2389F7-41EE-4ab9-A72D-737E0CED85E7}.exe" | C:\Windows\{ABDA1398-CE29-4ccc-A954-31ECA73CA80B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{19D7AF7A-3ADD-4020-9E31-F3598C9E51C4} | C:\Windows\{962A767F-57F4-482d-86A8-532E764053D1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1498DCE8-EF36-48fc-8D91-91D1A16EF10D}\stubpath = "C:\\Windows\\{1498DCE8-EF36-48fc-8D91-91D1A16EF10D}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-07_54ce192027ed3fdc340f6646a9ae6bab_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B962E929-D87D-4fa2-8417-2F922E5991DE} | C:\Windows\{67EAA18A-04BC-46c4-BA82-266FE5E2001D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CFACBC31-C29C-45b0-9F23-2A64502A9F44}\stubpath = "C:\\Windows\\{CFACBC31-C29C-45b0-9F23-2A64502A9F44}.exe" | C:\Windows\{B962E929-D87D-4fa2-8417-2F922E5991DE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CFACBC31-C29C-45b0-9F23-2A64502A9F44} | C:\Windows\{B962E929-D87D-4fa2-8417-2F922E5991DE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{962A767F-57F4-482d-86A8-532E764053D1} | C:\Windows\{0F2CBD14-7366-4e33-98B0-BEE679E075AD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{19D7AF7A-3ADD-4020-9E31-F3598C9E51C4}\stubpath = "C:\\Windows\\{19D7AF7A-3ADD-4020-9E31-F3598C9E51C4}.exe" | C:\Windows\{962A767F-57F4-482d-86A8-532E764053D1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4DCAEC6D-AA1C-4983-97A5-AB49BAF5D747} | C:\Windows\{19D7AF7A-3ADD-4020-9E31-F3598C9E51C4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4DCAEC6D-AA1C-4983-97A5-AB49BAF5D747}\stubpath = "C:\\Windows\\{4DCAEC6D-AA1C-4983-97A5-AB49BAF5D747}.exe" | C:\Windows\{19D7AF7A-3ADD-4020-9E31-F3598C9E51C4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1498DCE8-EF36-48fc-8D91-91D1A16EF10D} | C:\Users\Admin\AppData\Local\Temp\2024-04-07_54ce192027ed3fdc340f6646a9ae6bab_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9DFDAD25-5B04-43e0-8990-B3D1D508A04F} | C:\Windows\{1498DCE8-EF36-48fc-8D91-91D1A16EF10D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9DFDAD25-5B04-43e0-8990-B3D1D508A04F}\stubpath = "C:\\Windows\\{9DFDAD25-5B04-43e0-8990-B3D1D508A04F}.exe" | C:\Windows\{1498DCE8-EF36-48fc-8D91-91D1A16EF10D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0F2CBD14-7366-4e33-98B0-BEE679E075AD}\stubpath = "C:\\Windows\\{0F2CBD14-7366-4e33-98B0-BEE679E075AD}.exe" | C:\Windows\{9C2389F7-41EE-4ab9-A72D-737E0CED85E7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{962A767F-57F4-482d-86A8-532E764053D1}\stubpath = "C:\\Windows\\{962A767F-57F4-482d-86A8-532E764053D1}.exe" | C:\Windows\{0F2CBD14-7366-4e33-98B0-BEE679E075AD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{67EAA18A-04BC-46c4-BA82-266FE5E2001D}\stubpath = "C:\\Windows\\{67EAA18A-04BC-46c4-BA82-266FE5E2001D}.exe" | C:\Windows\{9DFDAD25-5B04-43e0-8990-B3D1D508A04F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B962E929-D87D-4fa2-8417-2F922E5991DE}\stubpath = "C:\\Windows\\{B962E929-D87D-4fa2-8417-2F922E5991DE}.exe" | C:\Windows\{67EAA18A-04BC-46c4-BA82-266FE5E2001D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{ABDA1398-CE29-4ccc-A954-31ECA73CA80B}\stubpath = "C:\\Windows\\{ABDA1398-CE29-4ccc-A954-31ECA73CA80B}.exe" | C:\Windows\{CFACBC31-C29C-45b0-9F23-2A64502A9F44}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{1498DCE8-EF36-48fc-8D91-91D1A16EF10D}.exe | N/A |
| N/A | N/A | C:\Windows\{9DFDAD25-5B04-43e0-8990-B3D1D508A04F}.exe | N/A |
| N/A | N/A | C:\Windows\{67EAA18A-04BC-46c4-BA82-266FE5E2001D}.exe | N/A |
| N/A | N/A | C:\Windows\{B962E929-D87D-4fa2-8417-2F922E5991DE}.exe | N/A |
| N/A | N/A | C:\Windows\{CFACBC31-C29C-45b0-9F23-2A64502A9F44}.exe | N/A |
| N/A | N/A | C:\Windows\{ABDA1398-CE29-4ccc-A954-31ECA73CA80B}.exe | N/A |
| N/A | N/A | C:\Windows\{9C2389F7-41EE-4ab9-A72D-737E0CED85E7}.exe | N/A |
| N/A | N/A | C:\Windows\{0F2CBD14-7366-4e33-98B0-BEE679E075AD}.exe | N/A |
| N/A | N/A | C:\Windows\{962A767F-57F4-482d-86A8-532E764053D1}.exe | N/A |
| N/A | N/A | C:\Windows\{19D7AF7A-3ADD-4020-9E31-F3598C9E51C4}.exe | N/A |
| N/A | N/A | C:\Windows\{4DCAEC6D-AA1C-4983-97A5-AB49BAF5D747}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{67EAA18A-04BC-46c4-BA82-266FE5E2001D}.exe | C:\Windows\{9DFDAD25-5B04-43e0-8990-B3D1D508A04F}.exe | N/A |
| File created | C:\Windows\{CFACBC31-C29C-45b0-9F23-2A64502A9F44}.exe | C:\Windows\{B962E929-D87D-4fa2-8417-2F922E5991DE}.exe | N/A |
| File created | C:\Windows\{ABDA1398-CE29-4ccc-A954-31ECA73CA80B}.exe | C:\Windows\{CFACBC31-C29C-45b0-9F23-2A64502A9F44}.exe | N/A |
| File created | C:\Windows\{0F2CBD14-7366-4e33-98B0-BEE679E075AD}.exe | C:\Windows\{9C2389F7-41EE-4ab9-A72D-737E0CED85E7}.exe | N/A |
| File created | C:\Windows\{4DCAEC6D-AA1C-4983-97A5-AB49BAF5D747}.exe | C:\Windows\{19D7AF7A-3ADD-4020-9E31-F3598C9E51C4}.exe | N/A |
| File created | C:\Windows\{1498DCE8-EF36-48fc-8D91-91D1A16EF10D}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_54ce192027ed3fdc340f6646a9ae6bab_goldeneye.exe | N/A |
| File created | C:\Windows\{9DFDAD25-5B04-43e0-8990-B3D1D508A04F}.exe | C:\Windows\{1498DCE8-EF36-48fc-8D91-91D1A16EF10D}.exe | N/A |
| File created | C:\Windows\{B962E929-D87D-4fa2-8417-2F922E5991DE}.exe | C:\Windows\{67EAA18A-04BC-46c4-BA82-266FE5E2001D}.exe | N/A |
| File created | C:\Windows\{9C2389F7-41EE-4ab9-A72D-737E0CED85E7}.exe | C:\Windows\{ABDA1398-CE29-4ccc-A954-31ECA73CA80B}.exe | N/A |
| File created | C:\Windows\{962A767F-57F4-482d-86A8-532E764053D1}.exe | C:\Windows\{0F2CBD14-7366-4e33-98B0-BEE679E075AD}.exe | N/A |
| File created | C:\Windows\{19D7AF7A-3ADD-4020-9E31-F3598C9E51C4}.exe | C:\Windows\{962A767F-57F4-482d-86A8-532E764053D1}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-07_54ce192027ed3fdc340f6646a9ae6bab_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-07_54ce192027ed3fdc340f6646a9ae6bab_goldeneye.exe"
C:\Windows\{1498DCE8-EF36-48fc-8D91-91D1A16EF10D}.exe
C:\Windows\{1498DCE8-EF36-48fc-8D91-91D1A16EF10D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{9DFDAD25-5B04-43e0-8990-B3D1D508A04F}.exe
C:\Windows\{9DFDAD25-5B04-43e0-8990-B3D1D508A04F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1498D~1.EXE > nul
C:\Windows\{67EAA18A-04BC-46c4-BA82-266FE5E2001D}.exe
C:\Windows\{67EAA18A-04BC-46c4-BA82-266FE5E2001D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9DFDA~1.EXE > nul
C:\Windows\{B962E929-D87D-4fa2-8417-2F922E5991DE}.exe
C:\Windows\{B962E929-D87D-4fa2-8417-2F922E5991DE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{67EAA~1.EXE > nul
C:\Windows\{CFACBC31-C29C-45b0-9F23-2A64502A9F44}.exe
C:\Windows\{CFACBC31-C29C-45b0-9F23-2A64502A9F44}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B962E~1.EXE > nul
C:\Windows\{ABDA1398-CE29-4ccc-A954-31ECA73CA80B}.exe
C:\Windows\{ABDA1398-CE29-4ccc-A954-31ECA73CA80B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CFACB~1.EXE > nul
C:\Windows\{9C2389F7-41EE-4ab9-A72D-737E0CED85E7}.exe
C:\Windows\{9C2389F7-41EE-4ab9-A72D-737E0CED85E7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{ABDA1~1.EXE > nul
C:\Windows\{0F2CBD14-7366-4e33-98B0-BEE679E075AD}.exe
C:\Windows\{0F2CBD14-7366-4e33-98B0-BEE679E075AD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9C238~1.EXE > nul
C:\Windows\{962A767F-57F4-482d-86A8-532E764053D1}.exe
C:\Windows\{962A767F-57F4-482d-86A8-532E764053D1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0F2CB~1.EXE > nul
C:\Windows\{19D7AF7A-3ADD-4020-9E31-F3598C9E51C4}.exe
C:\Windows\{19D7AF7A-3ADD-4020-9E31-F3598C9E51C4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{962A7~1.EXE > nul
C:\Windows\{4DCAEC6D-AA1C-4983-97A5-AB49BAF5D747}.exe
C:\Windows\{4DCAEC6D-AA1C-4983-97A5-AB49BAF5D747}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{19D7A~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 72.246.173.187:80 | www.microsoft.com | tcp |
| NL | 72.246.173.187:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.173.246.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.112.168.52.in-addr.arpa | udp |
Files
C:\Windows\{1498DCE8-EF36-48fc-8D91-91D1A16EF10D}.exe
| MD5 | 04b8ab2968d4b33b2bc940c1918141f2 |
| SHA1 | 3901c2f344973e7dc1da78253a0d4c75b18fde56 |
| SHA256 | 49ab269a7d4ca5f3af525252a82d86d75b7dfa5bce09c219689a63cd10328ff0 |
| SHA512 | 94ae286a4e920d5178349bf78019255f47211b8a5a8516c5e26685480daa96628ff9e394a3d5f231017ebf92d5ebe45a46057fe634449feb8ea0b76c94464614 |
C:\Windows\{9DFDAD25-5B04-43e0-8990-B3D1D508A04F}.exe
| MD5 | b0300be7b6883bea12af49a01a98a15c |
| SHA1 | 94ad95cf09f93d2fcc3490996c29b6112373dafe |
| SHA256 | 87b2d783a7aaf0069277eef0bfe726f56263c0d5dd361f2eea24ffcefd03b766 |
| SHA512 | 961c46b6a37f09e9200af3f7723c3ac73c49a71dc2f567041a4858bd0efc96ffd77b8d33e94a0dff357bd0f20a366794b1807fdc89e857ce94de3ccdd1e7b4ec |
C:\Windows\{67EAA18A-04BC-46c4-BA82-266FE5E2001D}.exe
| MD5 | ebc16e03c1fcc23d2bea45e3a5da7909 |
| SHA1 | 4eec56b3db24f21465ac8232997e45a7c980b68d |
| SHA256 | 5de45a8c3069c0a9745c33ede6a11af55604f8b64f3b7a679cf6e925f935f2db |
| SHA512 | fb8d542741f1133be6b8ee4047e83c946d50c6da8664edbb983839dc30e218af48c46e6edb92560185c1464977560eb59b58387f25e71a29b20d834b0155ebf4 |
C:\Windows\{B962E929-D87D-4fa2-8417-2F922E5991DE}.exe
| MD5 | ebb128339cb02cd6f183f0e221d9170f |
| SHA1 | 8f5841f800b216f48a4d05c64175041194caedb5 |
| SHA256 | e3fbe5723c2e04d22c4f3e3997456ae868721f358fee321c6e999e4a0adc9722 |
| SHA512 | a1ceca48f0cc0cab034eaf77fd04cc99d134066c7515a0b446032fdbc914566dfab8f5e99018c9f2d562c49145ba51508835e94ece013b10297582a113def00e |
C:\Windows\{CFACBC31-C29C-45b0-9F23-2A64502A9F44}.exe
| MD5 | 8f6e4326d5f1f1f9e71378f210df3e94 |
| SHA1 | 46fdffcaea2f31f7f628fe8181b48e6ec0c53be0 |
| SHA256 | b40739a35a0c27039f782ee1f00d88e96a1fa4fe6f104afc860b2393182ef600 |
| SHA512 | c7cdd2cc27c7c485f5adc9cbcdf9684b414224cca4871a6c69916554e5fce2f64862a1bc9656e9e440e6b174f9b0acfb42bfcf9b6e5430ac6a46c51ddbfcb5e5 |
C:\Windows\{ABDA1398-CE29-4ccc-A954-31ECA73CA80B}.exe
| MD5 | 707b0115e8e6288da9bb20d14b3e3c4d |
| SHA1 | ede39849418085a7eee1ef2339e88387fc108765 |
| SHA256 | 1e0347b1ebeb63dc454bba392846afbf20bb41df9a213e3882b8444414f0d25e |
| SHA512 | 23d4bfdc5eb1c64241c5245266a8eeb4b806b855ab1bae2dde754239f6213477361a3f2e20940fec7a294c0ff5d56234ed7508d4157cea8d5312ee02546d3077 |
C:\Windows\{9C2389F7-41EE-4ab9-A72D-737E0CED85E7}.exe
| MD5 | 6d8a1d3b4f205dd523f3f2b8826c4a2a |
| SHA1 | 3f2faac7d1137a1c622c907693569d06684895e9 |
| SHA256 | a28879395229265a6777b3aaaab859b412b262bc8a7a959e29b0b4046d94e473 |
| SHA512 | a5e188303b4d2a6d5cccb1fc0cc316cf526ebba3f4b4e27f0059d5eb7e63fa7294b14f9edc04916acefbcb3d8c7d0e88b5836b0842f22d080169756820816662 |
C:\Windows\{0F2CBD14-7366-4e33-98B0-BEE679E075AD}.exe
| MD5 | 5c7f63a4eb985d118a92dab446bec139 |
| SHA1 | 2bb07108fe5b69b96c2d5cadbba647889a78076f |
| SHA256 | 2ff59dfd8e34aae2f2eb4f2921b873e6ebccfc238573b824c46367ff5faa6d63 |
| SHA512 | 979e79f78ff5e378437732467d79c9a8714d301036855ec838e880d7a965fdb84ec059f2a75316e4ae97aff2644453fe7f48c026b3e03cfe7bfeb993745766ea |
C:\Windows\{962A767F-57F4-482d-86A8-532E764053D1}.exe
| MD5 | e940294304353c9ed3f25169f766b6cd |
| SHA1 | 1e913fbf5cf17b45abd212afc324dff8b3c0eac7 |
| SHA256 | 0fe268abcb7c56e1e63b6f324e2f5b08910302a9f26b2b605545946bbf238c17 |
| SHA512 | 3157f49fa96fd17a4d2a0e9806c7d187fbc623170515c412508037d8f340c650ba5feaf4d9fab4ebdfa4e2540a28e9fb197d7e0d73f9448a8e685e6405b11d72 |
C:\Windows\{19D7AF7A-3ADD-4020-9E31-F3598C9E51C4}.exe
| MD5 | 49f487763d9d74f7022b5846fa3ffde6 |
| SHA1 | 93a615333525d7eb111573960cc3fe2d1f25e8ad |
| SHA256 | 670f0e2198e80142fbab8b050791dddfa3fc66d5f6d34fc36c497c4a32ed5993 |
| SHA512 | ecd779179d1d59736624d0efc90c2f6e79c237147f4d5a610c8ceaf02eb6393b5cbe160fa13be0308749fa4157e1c640f8ce8cc000443e2ae4f3d92cbfadb348 |
C:\Windows\{4DCAEC6D-AA1C-4983-97A5-AB49BAF5D747}.exe
| MD5 | ca20851455ac1d699b439482df8a97da |
| SHA1 | b43fdce22682e8e0ad731cb37d805938b2bf395d |
| SHA256 | b9fbc83214a3fd35497d0d471dae05cacbeb54fcc23d4a0d78cad05a0eed35c0 |
| SHA512 | 252d1b163342db411c055c21ebc296d76c35dd8ce18753b2aa76afb5f1b1a19fdec30d390118dde7e13167d023b0896b90424d1a12bc9c024d85411108f609b2 |