Analysis Overview
SHA256
eda374791495b6b2561c090e690301fdde0c80634a1cc4b6ca9ac954f6c78ec3
Threat Level: Known bad
The file 2024-04-07_7ad159816e5e1b401a70f0c9ca3f4b07_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Executes dropped EXE
Deletes itself
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 18:23
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 18:23
Reported
2024-04-07 18:26
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
103s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{02BB0D67-6F54-40d5-B6FD-84FD2BFB146D}\stubpath = "C:\\Windows\\{02BB0D67-6F54-40d5-B6FD-84FD2BFB146D}.exe" | C:\Windows\{478CFFF3-CD2A-4435-99E9-F3D2B0853296}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E1D38934-28D1-44e9-AE67-2158241E5D40}\stubpath = "C:\\Windows\\{E1D38934-28D1-44e9-AE67-2158241E5D40}.exe" | C:\Windows\{F4D53829-DD5B-4b13-AE7C-DAC616EE9CA2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5D45A8F0-7AC8-464d-9383-3D77086BEB4F} | C:\Windows\{2E06F327-5D4F-4e68-8387-1D5328A27369}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{73B21AB4-3146-494c-B43E-9B5541D83E04} | C:\Windows\{8D3C3E23-1948-4c2f-8AE1-FF6203FBFDB0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{02BB0D67-6F54-40d5-B6FD-84FD2BFB146D} | C:\Windows\{478CFFF3-CD2A-4435-99E9-F3D2B0853296}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{478CFFF3-CD2A-4435-99E9-F3D2B0853296}\stubpath = "C:\\Windows\\{478CFFF3-CD2A-4435-99E9-F3D2B0853296}.exe" | C:\Windows\{38CCBEF1-2638-4f86-8B98-8B76C4121DEE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35A60DDE-1BD1-4f67-8B91-255000FA6F9E}\stubpath = "C:\\Windows\\{35A60DDE-1BD1-4f67-8B91-255000FA6F9E}.exe" | C:\Windows\{02BB0D67-6F54-40d5-B6FD-84FD2BFB146D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8D3C3E23-1948-4c2f-8AE1-FF6203FBFDB0} | C:\Windows\{5D45A8F0-7AC8-464d-9383-3D77086BEB4F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{93ECBC45-3C60-4a0a-A855-CCD1E7BCDE1A}\stubpath = "C:\\Windows\\{93ECBC45-3C60-4a0a-A855-CCD1E7BCDE1A}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-07_7ad159816e5e1b401a70f0c9ca3f4b07_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{FD14D6EB-1968-4b20-82E4-5159168E442E}\stubpath = "C:\\Windows\\{FD14D6EB-1968-4b20-82E4-5159168E442E}.exe" | C:\Windows\{93ECBC45-3C60-4a0a-A855-CCD1E7BCDE1A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{38CCBEF1-2638-4f86-8B98-8B76C4121DEE}\stubpath = "C:\\Windows\\{38CCBEF1-2638-4f86-8B98-8B76C4121DEE}.exe" | C:\Windows\{FD14D6EB-1968-4b20-82E4-5159168E442E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{478CFFF3-CD2A-4435-99E9-F3D2B0853296} | C:\Windows\{38CCBEF1-2638-4f86-8B98-8B76C4121DEE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35A60DDE-1BD1-4f67-8B91-255000FA6F9E} | C:\Windows\{02BB0D67-6F54-40d5-B6FD-84FD2BFB146D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F4D53829-DD5B-4b13-AE7C-DAC616EE9CA2}\stubpath = "C:\\Windows\\{F4D53829-DD5B-4b13-AE7C-DAC616EE9CA2}.exe" | C:\Windows\{35A60DDE-1BD1-4f67-8B91-255000FA6F9E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5D45A8F0-7AC8-464d-9383-3D77086BEB4F}\stubpath = "C:\\Windows\\{5D45A8F0-7AC8-464d-9383-3D77086BEB4F}.exe" | C:\Windows\{2E06F327-5D4F-4e68-8387-1D5328A27369}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{FD14D6EB-1968-4b20-82E4-5159168E442E} | C:\Windows\{93ECBC45-3C60-4a0a-A855-CCD1E7BCDE1A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{38CCBEF1-2638-4f86-8B98-8B76C4121DEE} | C:\Windows\{FD14D6EB-1968-4b20-82E4-5159168E442E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F4D53829-DD5B-4b13-AE7C-DAC616EE9CA2} | C:\Windows\{35A60DDE-1BD1-4f67-8B91-255000FA6F9E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E1D38934-28D1-44e9-AE67-2158241E5D40} | C:\Windows\{F4D53829-DD5B-4b13-AE7C-DAC616EE9CA2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2E06F327-5D4F-4e68-8387-1D5328A27369} | C:\Windows\{E1D38934-28D1-44e9-AE67-2158241E5D40}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2E06F327-5D4F-4e68-8387-1D5328A27369}\stubpath = "C:\\Windows\\{2E06F327-5D4F-4e68-8387-1D5328A27369}.exe" | C:\Windows\{E1D38934-28D1-44e9-AE67-2158241E5D40}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8D3C3E23-1948-4c2f-8AE1-FF6203FBFDB0}\stubpath = "C:\\Windows\\{8D3C3E23-1948-4c2f-8AE1-FF6203FBFDB0}.exe" | C:\Windows\{5D45A8F0-7AC8-464d-9383-3D77086BEB4F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{73B21AB4-3146-494c-B43E-9B5541D83E04}\stubpath = "C:\\Windows\\{73B21AB4-3146-494c-B43E-9B5541D83E04}.exe" | C:\Windows\{8D3C3E23-1948-4c2f-8AE1-FF6203FBFDB0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{93ECBC45-3C60-4a0a-A855-CCD1E7BCDE1A} | C:\Users\Admin\AppData\Local\Temp\2024-04-07_7ad159816e5e1b401a70f0c9ca3f4b07_goldeneye.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{93ECBC45-3C60-4a0a-A855-CCD1E7BCDE1A}.exe | N/A |
| N/A | N/A | C:\Windows\{FD14D6EB-1968-4b20-82E4-5159168E442E}.exe | N/A |
| N/A | N/A | C:\Windows\{38CCBEF1-2638-4f86-8B98-8B76C4121DEE}.exe | N/A |
| N/A | N/A | C:\Windows\{478CFFF3-CD2A-4435-99E9-F3D2B0853296}.exe | N/A |
| N/A | N/A | C:\Windows\{02BB0D67-6F54-40d5-B6FD-84FD2BFB146D}.exe | N/A |
| N/A | N/A | C:\Windows\{35A60DDE-1BD1-4f67-8B91-255000FA6F9E}.exe | N/A |
| N/A | N/A | C:\Windows\{F4D53829-DD5B-4b13-AE7C-DAC616EE9CA2}.exe | N/A |
| N/A | N/A | C:\Windows\{E1D38934-28D1-44e9-AE67-2158241E5D40}.exe | N/A |
| N/A | N/A | C:\Windows\{2E06F327-5D4F-4e68-8387-1D5328A27369}.exe | N/A |
| N/A | N/A | C:\Windows\{5D45A8F0-7AC8-464d-9383-3D77086BEB4F}.exe | N/A |
| N/A | N/A | C:\Windows\{8D3C3E23-1948-4c2f-8AE1-FF6203FBFDB0}.exe | N/A |
| N/A | N/A | C:\Windows\{73B21AB4-3146-494c-B43E-9B5541D83E04}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{F4D53829-DD5B-4b13-AE7C-DAC616EE9CA2}.exe | C:\Windows\{35A60DDE-1BD1-4f67-8B91-255000FA6F9E}.exe | N/A |
| File created | C:\Windows\{2E06F327-5D4F-4e68-8387-1D5328A27369}.exe | C:\Windows\{E1D38934-28D1-44e9-AE67-2158241E5D40}.exe | N/A |
| File created | C:\Windows\{8D3C3E23-1948-4c2f-8AE1-FF6203FBFDB0}.exe | C:\Windows\{5D45A8F0-7AC8-464d-9383-3D77086BEB4F}.exe | N/A |
| File created | C:\Windows\{73B21AB4-3146-494c-B43E-9B5541D83E04}.exe | C:\Windows\{8D3C3E23-1948-4c2f-8AE1-FF6203FBFDB0}.exe | N/A |
| File created | C:\Windows\{FD14D6EB-1968-4b20-82E4-5159168E442E}.exe | C:\Windows\{93ECBC45-3C60-4a0a-A855-CCD1E7BCDE1A}.exe | N/A |
| File created | C:\Windows\{02BB0D67-6F54-40d5-B6FD-84FD2BFB146D}.exe | C:\Windows\{478CFFF3-CD2A-4435-99E9-F3D2B0853296}.exe | N/A |
| File created | C:\Windows\{35A60DDE-1BD1-4f67-8B91-255000FA6F9E}.exe | C:\Windows\{02BB0D67-6F54-40d5-B6FD-84FD2BFB146D}.exe | N/A |
| File created | C:\Windows\{E1D38934-28D1-44e9-AE67-2158241E5D40}.exe | C:\Windows\{F4D53829-DD5B-4b13-AE7C-DAC616EE9CA2}.exe | N/A |
| File created | C:\Windows\{5D45A8F0-7AC8-464d-9383-3D77086BEB4F}.exe | C:\Windows\{2E06F327-5D4F-4e68-8387-1D5328A27369}.exe | N/A |
| File created | C:\Windows\{93ECBC45-3C60-4a0a-A855-CCD1E7BCDE1A}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_7ad159816e5e1b401a70f0c9ca3f4b07_goldeneye.exe | N/A |
| File created | C:\Windows\{38CCBEF1-2638-4f86-8B98-8B76C4121DEE}.exe | C:\Windows\{FD14D6EB-1968-4b20-82E4-5159168E442E}.exe | N/A |
| File created | C:\Windows\{478CFFF3-CD2A-4435-99E9-F3D2B0853296}.exe | C:\Windows\{38CCBEF1-2638-4f86-8B98-8B76C4121DEE}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-07_7ad159816e5e1b401a70f0c9ca3f4b07_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-07_7ad159816e5e1b401a70f0c9ca3f4b07_goldeneye.exe"
C:\Windows\{93ECBC45-3C60-4a0a-A855-CCD1E7BCDE1A}.exe
C:\Windows\{93ECBC45-3C60-4a0a-A855-CCD1E7BCDE1A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{FD14D6EB-1968-4b20-82E4-5159168E442E}.exe
C:\Windows\{FD14D6EB-1968-4b20-82E4-5159168E442E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{93ECB~1.EXE > nul
C:\Windows\{38CCBEF1-2638-4f86-8B98-8B76C4121DEE}.exe
C:\Windows\{38CCBEF1-2638-4f86-8B98-8B76C4121DEE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FD14D~1.EXE > nul
C:\Windows\{478CFFF3-CD2A-4435-99E9-F3D2B0853296}.exe
C:\Windows\{478CFFF3-CD2A-4435-99E9-F3D2B0853296}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{38CCB~1.EXE > nul
C:\Windows\{02BB0D67-6F54-40d5-B6FD-84FD2BFB146D}.exe
C:\Windows\{02BB0D67-6F54-40d5-B6FD-84FD2BFB146D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{478CF~1.EXE > nul
C:\Windows\{35A60DDE-1BD1-4f67-8B91-255000FA6F9E}.exe
C:\Windows\{35A60DDE-1BD1-4f67-8B91-255000FA6F9E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{02BB0~1.EXE > nul
C:\Windows\{F4D53829-DD5B-4b13-AE7C-DAC616EE9CA2}.exe
C:\Windows\{F4D53829-DD5B-4b13-AE7C-DAC616EE9CA2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{35A60~1.EXE > nul
C:\Windows\{E1D38934-28D1-44e9-AE67-2158241E5D40}.exe
C:\Windows\{E1D38934-28D1-44e9-AE67-2158241E5D40}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F4D53~1.EXE > nul
C:\Windows\{2E06F327-5D4F-4e68-8387-1D5328A27369}.exe
C:\Windows\{2E06F327-5D4F-4e68-8387-1D5328A27369}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E1D38~1.EXE > nul
C:\Windows\{5D45A8F0-7AC8-464d-9383-3D77086BEB4F}.exe
C:\Windows\{5D45A8F0-7AC8-464d-9383-3D77086BEB4F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2E06F~1.EXE > nul
C:\Windows\{8D3C3E23-1948-4c2f-8AE1-FF6203FBFDB0}.exe
C:\Windows\{8D3C3E23-1948-4c2f-8AE1-FF6203FBFDB0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5D45A~1.EXE > nul
C:\Windows\{73B21AB4-3146-494c-B43E-9B5541D83E04}.exe
C:\Windows\{73B21AB4-3146-494c-B43E-9B5541D83E04}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8D3C3~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.143.109.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.197.17.2.in-addr.arpa | udp |
Files
C:\Windows\{93ECBC45-3C60-4a0a-A855-CCD1E7BCDE1A}.exe
| MD5 | 92260aad30abc24d4d2867afaa505ce9 |
| SHA1 | 1df1f4a694af652584907a3c5b345974f3e40428 |
| SHA256 | d631c247f56230d194dfbb762a4d951125faa05408a76401198c0ea07f202516 |
| SHA512 | bc37a39f597c411bf76f71d69ed1c7be85a1407b1be167e8efb676c6d42851b7ad52b0b7b4962a8f2a14be9da10e949f7cd3cd9340a8481fa15a2f98bc6da336 |
C:\Windows\{FD14D6EB-1968-4b20-82E4-5159168E442E}.exe
| MD5 | 5615a4d17c4d6cea9351113073262b88 |
| SHA1 | fb56aaa89c14305a18f4abfec4896be05c088f95 |
| SHA256 | cc14e8a1b82f9129745fc36b4fe11d05d09ca7f5df995ec9d8591fd8b6fd3563 |
| SHA512 | 2eb625299608ee3fc8f4dfa51bdca07a1479acdc4c0fd8c3ad11f74f1e64a0184e1d2ad1a3cecd7c1d7fe4e7860c1dee4fc7e758bf8f482231bfcd96251389a9 |
C:\Windows\{38CCBEF1-2638-4f86-8B98-8B76C4121DEE}.exe
| MD5 | 018533f2a5c4df62a711ab7d535812dd |
| SHA1 | 7d2c4954b2eff5890e64d0c9a4acb200fd2d8ea7 |
| SHA256 | a870090c75cbebdfc8e7baf15e263a851dfcd8d9728d07ac0d523d479e429a0b |
| SHA512 | 1c07886fdfc9d82ac2a89a4f43eb67e09753b37109d3704580a2836eb7e3b0e265418928630ee28060625c5564f5178fff5bd5753ddc6808e52f44838e14ba8a |
C:\Windows\{478CFFF3-CD2A-4435-99E9-F3D2B0853296}.exe
| MD5 | 14523da205c2d3bdfc27917b8654c3a3 |
| SHA1 | 25eeba50e052500db4f644c47b029347ccb82543 |
| SHA256 | 1cadcf5ce6457158444b2829d10dc8a65f0c88498ad31e1162ecb64744e93285 |
| SHA512 | 1e21566c55ce16a1001c617194175cb60eea1addd3054d62827ca4e298809b3e09e8545c0ef13ee23cb594e47bd3fae45ae6484d0e145e95096b51d97e8c4bc9 |
C:\Windows\{02BB0D67-6F54-40d5-B6FD-84FD2BFB146D}.exe
| MD5 | 442ba02b0fc60d8ec9025a3de7a40621 |
| SHA1 | e2e971882a86c71df35822ef6cedd79e1c6dc4ac |
| SHA256 | a7212fb19199a9cd6a538ff07e0ef5a4b90f8fe59e91dd03307aee9343ecc462 |
| SHA512 | 982e6a79d31fc13e75ae0d645dff4ab7570581637576943d8e32769dc7aec51a6511c169e03fd37e74eca36d42cfd33270cc454fe05779eb9e816c825a65c38a |
C:\Windows\{35A60DDE-1BD1-4f67-8B91-255000FA6F9E}.exe
| MD5 | a820386440c8597080a7510793a4d722 |
| SHA1 | e84cd5a5136f5f475a9cf0e32c9e97ba66390c35 |
| SHA256 | 0b8e69fb07a8d2684462ebabb3b8170f52f1862682eda6c27a2b3fd0431b5ab8 |
| SHA512 | 7ec013fc6217686ab8fc755a911123ffa4fbb99cb3564344359bc12ec80a3b60fa944f38287cbbda0a90b8f3b02d4d4eb626d1497ba2517d460c29feab61d27d |
C:\Windows\{F4D53829-DD5B-4b13-AE7C-DAC616EE9CA2}.exe
| MD5 | 123fe34a2bd0b0bee2518ac2b0e11567 |
| SHA1 | b6887013c8ec63f52c769d0ce24936eab057e8a0 |
| SHA256 | 987b7f223f4a06e63dac73ef1a934ea2073c24b23a30d346dfbe008a82d277c1 |
| SHA512 | 164ff8cfeff64213cbb428b5599d2bc8e4cd3349b260bd41b32150db8e80acb87287eee2593350df47b5b7d143ee390916e395efc519b938fc23e2c1c7a2861a |
C:\Windows\{E1D38934-28D1-44e9-AE67-2158241E5D40}.exe
| MD5 | f7fb956999653c261c27295a0a3d7edf |
| SHA1 | 41e51c1f0529987f83b62d48813f4d4952bfd5fe |
| SHA256 | d9f2f990b6dc806da9360ef1fd3c69f7e496b42ff0569ceabe05acb20af7230e |
| SHA512 | d9a5e36665a574575880405043c5a732ebf14d8a39ac43d3152c579001decc849276af2f9b3b12529f4bacbb10bb9916acae3da9953a4d1e155daaae631a4662 |
C:\Windows\{2E06F327-5D4F-4e68-8387-1D5328A27369}.exe
| MD5 | cac6a19afb5a85b397b20ab2c55667be |
| SHA1 | b89070a24d8a33bbb3b799856fc8d0a91e6a1cbe |
| SHA256 | 16856d1e09482f808f79cf63d00b82ef093fdece23a340bacc88bf90d6579744 |
| SHA512 | 5d0310eef18cd25d12256079739264b6987d3c96035949652a66de5fd2ef5f74672f7db5aadccc72be8e553812f343bfa3f43c1d381d3b5cb647a74496ec7e37 |
C:\Windows\{5D45A8F0-7AC8-464d-9383-3D77086BEB4F}.exe
| MD5 | 6f709c40613213d9697bae4d07aefd52 |
| SHA1 | 8e40d14cfb7d59ff4615e2d95d87d8049b21e905 |
| SHA256 | 029b9bacec91a9e24abec7a8ed75620ca94d4fec3624c29c42cce5fb2f431914 |
| SHA512 | 68dba71f7058d705c47a3ee0748f4ef5b4bae067340758332703658c7444c9c2f0b028f313aa96080de1247d79ca0cd21c61f0542ccc4d874eb3d2f451ef7570 |
C:\Windows\{8D3C3E23-1948-4c2f-8AE1-FF6203FBFDB0}.exe
| MD5 | 9cc922f34c35da7811305abe5d5d9d8a |
| SHA1 | 20a187ed0742238eba88cd2f6e954acdbf4ce93c |
| SHA256 | 1d8f18a26802c29a40ceae2225eb93d02efcfcef78f757bf19b1e912463e6ed2 |
| SHA512 | 9d1a9650813d040eefcf6e1a2f746226feeacdb2355b940ab6089301c380730b71a31455d60ed794e92c817a27c950dd9e0d5b09cbc389d9feb1d0073b6ad303 |
C:\Windows\{73B21AB4-3146-494c-B43E-9B5541D83E04}.exe
| MD5 | 5de47c55a843866b26900c5e72b932db |
| SHA1 | 80d5e75394f7b8f0e7baeb9c652ff95476e9f2a3 |
| SHA256 | fd8f7722f687e73dc8fb222e2bb62b573375c79f242ec08de4c6770948a6407a |
| SHA512 | e01aa63e36ce4b6057b8be4533f2fd3fdac0631ebafef1e10ecedeb4c82910848b5f180e1cf06d806b17a630e05adacd34e718933979c9a0111dca8ae8efe78a |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 18:23
Reported
2024-04-07 18:26
Platform
win7-20240221-en
Max time kernel
150s
Max time network
132s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9E60938C-E3C2-48f3-AAE7-31DDE19CBE87} | C:\Windows\{0D45D587-C400-4b07-9134-FCC176FC66A3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E6420383-AB6A-4459-9096-2E40920878A7}\stubpath = "C:\\Windows\\{E6420383-AB6A-4459-9096-2E40920878A7}.exe" | C:\Windows\{FF432A0C-D213-4d50-BB60-63F4C97E296E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3FFFD432-C4C0-443b-A4E5-B116B93A2E6F}\stubpath = "C:\\Windows\\{3FFFD432-C4C0-443b-A4E5-B116B93A2E6F}.exe" | C:\Windows\{E6420383-AB6A-4459-9096-2E40920878A7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7D93EAA5-B0E2-4522-B1D9-50801528D9CA}\stubpath = "C:\\Windows\\{7D93EAA5-B0E2-4522-B1D9-50801528D9CA}.exe" | C:\Windows\{8470E077-C3BF-47ef-9FEB-2DE604ABE6E5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{64038816-6A41-410c-830D-3310D11BCF74} | C:\Windows\{51A5582B-2AC6-4a4a-B3AD-E5E3F654654A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0D45D587-C400-4b07-9134-FCC176FC66A3} | C:\Windows\{64038816-6A41-410c-830D-3310D11BCF74}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0D45D587-C400-4b07-9134-FCC176FC66A3}\stubpath = "C:\\Windows\\{0D45D587-C400-4b07-9134-FCC176FC66A3}.exe" | C:\Windows\{64038816-6A41-410c-830D-3310D11BCF74}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3FFFD432-C4C0-443b-A4E5-B116B93A2E6F} | C:\Windows\{E6420383-AB6A-4459-9096-2E40920878A7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{51A5582B-2AC6-4a4a-B3AD-E5E3F654654A} | C:\Windows\{7D93EAA5-B0E2-4522-B1D9-50801528D9CA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9E60938C-E3C2-48f3-AAE7-31DDE19CBE87}\stubpath = "C:\\Windows\\{9E60938C-E3C2-48f3-AAE7-31DDE19CBE87}.exe" | C:\Windows\{0D45D587-C400-4b07-9134-FCC176FC66A3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FF432A0C-D213-4d50-BB60-63F4C97E296E} | C:\Windows\{A26BE6C3-B30B-4ee4-8B02-1A97DEBC3F02}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FF432A0C-D213-4d50-BB60-63F4C97E296E}\stubpath = "C:\\Windows\\{FF432A0C-D213-4d50-BB60-63F4C97E296E}.exe" | C:\Windows\{A26BE6C3-B30B-4ee4-8B02-1A97DEBC3F02}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7D93EAA5-B0E2-4522-B1D9-50801528D9CA} | C:\Windows\{8470E077-C3BF-47ef-9FEB-2DE604ABE6E5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{64038816-6A41-410c-830D-3310D11BCF74}\stubpath = "C:\\Windows\\{64038816-6A41-410c-830D-3310D11BCF74}.exe" | C:\Windows\{51A5582B-2AC6-4a4a-B3AD-E5E3F654654A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A26BE6C3-B30B-4ee4-8B02-1A97DEBC3F02}\stubpath = "C:\\Windows\\{A26BE6C3-B30B-4ee4-8B02-1A97DEBC3F02}.exe" | C:\Windows\{9E60938C-E3C2-48f3-AAE7-31DDE19CBE87}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E6420383-AB6A-4459-9096-2E40920878A7} | C:\Windows\{FF432A0C-D213-4d50-BB60-63F4C97E296E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{15E27CE6-1188-420c-AEF7-6047D39942AE} | C:\Windows\{3FFFD432-C4C0-443b-A4E5-B116B93A2E6F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{15E27CE6-1188-420c-AEF7-6047D39942AE}\stubpath = "C:\\Windows\\{15E27CE6-1188-420c-AEF7-6047D39942AE}.exe" | C:\Windows\{3FFFD432-C4C0-443b-A4E5-B116B93A2E6F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8470E077-C3BF-47ef-9FEB-2DE604ABE6E5} | C:\Users\Admin\AppData\Local\Temp\2024-04-07_7ad159816e5e1b401a70f0c9ca3f4b07_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8470E077-C3BF-47ef-9FEB-2DE604ABE6E5}\stubpath = "C:\\Windows\\{8470E077-C3BF-47ef-9FEB-2DE604ABE6E5}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-07_7ad159816e5e1b401a70f0c9ca3f4b07_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{51A5582B-2AC6-4a4a-B3AD-E5E3F654654A}\stubpath = "C:\\Windows\\{51A5582B-2AC6-4a4a-B3AD-E5E3F654654A}.exe" | C:\Windows\{7D93EAA5-B0E2-4522-B1D9-50801528D9CA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A26BE6C3-B30B-4ee4-8B02-1A97DEBC3F02} | C:\Windows\{9E60938C-E3C2-48f3-AAE7-31DDE19CBE87}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{8470E077-C3BF-47ef-9FEB-2DE604ABE6E5}.exe | N/A |
| N/A | N/A | C:\Windows\{7D93EAA5-B0E2-4522-B1D9-50801528D9CA}.exe | N/A |
| N/A | N/A | C:\Windows\{51A5582B-2AC6-4a4a-B3AD-E5E3F654654A}.exe | N/A |
| N/A | N/A | C:\Windows\{64038816-6A41-410c-830D-3310D11BCF74}.exe | N/A |
| N/A | N/A | C:\Windows\{0D45D587-C400-4b07-9134-FCC176FC66A3}.exe | N/A |
| N/A | N/A | C:\Windows\{9E60938C-E3C2-48f3-AAE7-31DDE19CBE87}.exe | N/A |
| N/A | N/A | C:\Windows\{A26BE6C3-B30B-4ee4-8B02-1A97DEBC3F02}.exe | N/A |
| N/A | N/A | C:\Windows\{FF432A0C-D213-4d50-BB60-63F4C97E296E}.exe | N/A |
| N/A | N/A | C:\Windows\{E6420383-AB6A-4459-9096-2E40920878A7}.exe | N/A |
| N/A | N/A | C:\Windows\{3FFFD432-C4C0-443b-A4E5-B116B93A2E6F}.exe | N/A |
| N/A | N/A | C:\Windows\{15E27CE6-1188-420c-AEF7-6047D39942AE}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{FF432A0C-D213-4d50-BB60-63F4C97E296E}.exe | C:\Windows\{A26BE6C3-B30B-4ee4-8B02-1A97DEBC3F02}.exe | N/A |
| File created | C:\Windows\{3FFFD432-C4C0-443b-A4E5-B116B93A2E6F}.exe | C:\Windows\{E6420383-AB6A-4459-9096-2E40920878A7}.exe | N/A |
| File created | C:\Windows\{51A5582B-2AC6-4a4a-B3AD-E5E3F654654A}.exe | C:\Windows\{7D93EAA5-B0E2-4522-B1D9-50801528D9CA}.exe | N/A |
| File created | C:\Windows\{0D45D587-C400-4b07-9134-FCC176FC66A3}.exe | C:\Windows\{64038816-6A41-410c-830D-3310D11BCF74}.exe | N/A |
| File created | C:\Windows\{9E60938C-E3C2-48f3-AAE7-31DDE19CBE87}.exe | C:\Windows\{0D45D587-C400-4b07-9134-FCC176FC66A3}.exe | N/A |
| File created | C:\Windows\{A26BE6C3-B30B-4ee4-8B02-1A97DEBC3F02}.exe | C:\Windows\{9E60938C-E3C2-48f3-AAE7-31DDE19CBE87}.exe | N/A |
| File created | C:\Windows\{E6420383-AB6A-4459-9096-2E40920878A7}.exe | C:\Windows\{FF432A0C-D213-4d50-BB60-63F4C97E296E}.exe | N/A |
| File created | C:\Windows\{15E27CE6-1188-420c-AEF7-6047D39942AE}.exe | C:\Windows\{3FFFD432-C4C0-443b-A4E5-B116B93A2E6F}.exe | N/A |
| File created | C:\Windows\{8470E077-C3BF-47ef-9FEB-2DE604ABE6E5}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_7ad159816e5e1b401a70f0c9ca3f4b07_goldeneye.exe | N/A |
| File created | C:\Windows\{7D93EAA5-B0E2-4522-B1D9-50801528D9CA}.exe | C:\Windows\{8470E077-C3BF-47ef-9FEB-2DE604ABE6E5}.exe | N/A |
| File created | C:\Windows\{64038816-6A41-410c-830D-3310D11BCF74}.exe | C:\Windows\{51A5582B-2AC6-4a4a-B3AD-E5E3F654654A}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-07_7ad159816e5e1b401a70f0c9ca3f4b07_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-07_7ad159816e5e1b401a70f0c9ca3f4b07_goldeneye.exe"
C:\Windows\{8470E077-C3BF-47ef-9FEB-2DE604ABE6E5}.exe
C:\Windows\{8470E077-C3BF-47ef-9FEB-2DE604ABE6E5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{7D93EAA5-B0E2-4522-B1D9-50801528D9CA}.exe
C:\Windows\{7D93EAA5-B0E2-4522-B1D9-50801528D9CA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8470E~1.EXE > nul
C:\Windows\{51A5582B-2AC6-4a4a-B3AD-E5E3F654654A}.exe
C:\Windows\{51A5582B-2AC6-4a4a-B3AD-E5E3F654654A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7D93E~1.EXE > nul
C:\Windows\{64038816-6A41-410c-830D-3310D11BCF74}.exe
C:\Windows\{64038816-6A41-410c-830D-3310D11BCF74}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{51A55~1.EXE > nul
C:\Windows\{0D45D587-C400-4b07-9134-FCC176FC66A3}.exe
C:\Windows\{0D45D587-C400-4b07-9134-FCC176FC66A3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{64038~1.EXE > nul
C:\Windows\{9E60938C-E3C2-48f3-AAE7-31DDE19CBE87}.exe
C:\Windows\{9E60938C-E3C2-48f3-AAE7-31DDE19CBE87}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0D45D~1.EXE > nul
C:\Windows\{A26BE6C3-B30B-4ee4-8B02-1A97DEBC3F02}.exe
C:\Windows\{A26BE6C3-B30B-4ee4-8B02-1A97DEBC3F02}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9E609~1.EXE > nul
C:\Windows\{FF432A0C-D213-4d50-BB60-63F4C97E296E}.exe
C:\Windows\{FF432A0C-D213-4d50-BB60-63F4C97E296E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A26BE~1.EXE > nul
C:\Windows\{E6420383-AB6A-4459-9096-2E40920878A7}.exe
C:\Windows\{E6420383-AB6A-4459-9096-2E40920878A7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FF432~1.EXE > nul
C:\Windows\{3FFFD432-C4C0-443b-A4E5-B116B93A2E6F}.exe
C:\Windows\{3FFFD432-C4C0-443b-A4E5-B116B93A2E6F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E6420~1.EXE > nul
C:\Windows\{15E27CE6-1188-420c-AEF7-6047D39942AE}.exe
C:\Windows\{15E27CE6-1188-420c-AEF7-6047D39942AE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3FFFD~1.EXE > nul
Network
Files
C:\Windows\{8470E077-C3BF-47ef-9FEB-2DE604ABE6E5}.exe
| MD5 | f4a8e845859d14c6ffadf3779ef2e731 |
| SHA1 | fb67091e6b293fe97b01448f1ea676b81b6e92c8 |
| SHA256 | 1b74d76ddd26a36b6b04fa1305068177cb74621e6996ced4e3b442bb4b0813bc |
| SHA512 | 584e1956516c4635fd3377a5046db617d5c96af7dd8b30fe70dcdd984927d42778d8515bbdfa1c349d61801507b760b06b04d08bc11f9e067533008ff1f33881 |
C:\Windows\{7D93EAA5-B0E2-4522-B1D9-50801528D9CA}.exe
| MD5 | 65f7c2942d872112124195b593d9433d |
| SHA1 | 9c07dbb1e374a0e37284ccabecf294d0ff02a168 |
| SHA256 | 9051c6af65f837a55ca1f54fd651933e0b04c4ea119180c4d8312c64bae64560 |
| SHA512 | 3ff17a6b09e4597eaf7e8830f83bcafdf88dbf2efdb69a9f00e2fcc0def078ae9824659392c31b12f7caa4ddfcb0ce8b7503366ed082004e7d7e36e0207b6e37 |
C:\Windows\{51A5582B-2AC6-4a4a-B3AD-E5E3F654654A}.exe
| MD5 | ecb1a9eb50098d769eb13c67a7511256 |
| SHA1 | 337e7f7804c208048d47a1e8a7ae12b29ea42e66 |
| SHA256 | d2422ada1c1385300f8a878db5b8ed31d8985aa69a438e308475527b24b7fce9 |
| SHA512 | 4b0f32ad0aada592fcc5ee22ac3997c2f47b1792ce9c8ddbba8da55b814c5bedd15f28092942eff62048fbc7bee8ae78d496ac0ced34572027e72b5eddfce86c |
C:\Windows\{64038816-6A41-410c-830D-3310D11BCF74}.exe
| MD5 | 9fbc6ccae42d24ac96aa3d4fc68eeaf3 |
| SHA1 | 12166e5ccf5f6132c8e6469d432b2e5c9487bc21 |
| SHA256 | f79ddc955e9741e0f8ecc11057a82a6fdb99ba494b716d249c47551811d81241 |
| SHA512 | 3295b8d4a0562344c6acb5dbb66597813ddd3d2a9ec7d7adbeaf330c052118258e2afd14cb00209099fcbcce20fb7135e76308855af712c978af577a0d9b2ea5 |
C:\Windows\{0D45D587-C400-4b07-9134-FCC176FC66A3}.exe
| MD5 | c5ccbc5ee89aea588b524d942ee03a2f |
| SHA1 | 8781e754a25ca036f3b349296bb01c8021f4b236 |
| SHA256 | 886cd89cf2969aa13236b1bc3402815f762d5a621e0e13fef184267ada09606f |
| SHA512 | 76c5bb2d51d1c839f86e9d6dd3909ba08c47d1b88cb5dcee145c6f2b4de59ec0b288cbc91e2037ddc3b3a60cd266b409721b61b1ae5617ebe154a8ce36d9093c |
C:\Windows\{9E60938C-E3C2-48f3-AAE7-31DDE19CBE87}.exe
| MD5 | a1273f46227b4e757098b20c35cb53c3 |
| SHA1 | 801a04bf7de8115408d0215c166e11868886c1cd |
| SHA256 | 73e9c6b778f01d11e6bfb30a846fd51af219466d130627239d579012c9f2f37a |
| SHA512 | ed36743e618cec74b651d38b6c42cf65fde3d14c5a4c8af1cd7180009f6a40d56e876a68e42a9f701da1ca5de0fe994fa3b9b1e42c3a7332717f21c0f8f09957 |
C:\Windows\{A26BE6C3-B30B-4ee4-8B02-1A97DEBC3F02}.exe
| MD5 | 6350e1b5b1ae3574fafaf564160ebc70 |
| SHA1 | 250c3862efb21834c3ecaf47e8566e75b41dbbb1 |
| SHA256 | cf05edbe421a3bbee08f6f146eb384a605c42adf8a764d109de1b9a69aedebe0 |
| SHA512 | 4174a8b9670875ce4a7b791f2333b8dfb68ecfb27ac440034d8778d240297ccc6838599d3946b7cdba57a7e74e6dc711f0c89c887ed5953e4120e330ce1f4592 |
C:\Windows\{FF432A0C-D213-4d50-BB60-63F4C97E296E}.exe
| MD5 | 45437f355196faf835ea5416c7db2c51 |
| SHA1 | fd2d5d061f49e625713c32eb96020ea7e3c7f01a |
| SHA256 | 1d23b586fc15cc5c57e3fb8e4877786605874abb3b989953611f3e8c5b6cbc88 |
| SHA512 | 2215a8bdfce6197cf5e26d97316190669fb1de000edd2505392089b845dbecf62b0227700c8573f6f0daf5843b7bcf1bce61db1c70128742c13b8fe00394b625 |
C:\Windows\{E6420383-AB6A-4459-9096-2E40920878A7}.exe
| MD5 | 2e706ee3fd9da98ba0ef0e2bbede2b92 |
| SHA1 | 08fd3cd7c6cba9c60534093c9b1d6061341ca470 |
| SHA256 | e30c37b886079a605c55ffc78468e498024b539ac856b23d55cd5c11ae8881c0 |
| SHA512 | e9b9778864b62583e69bd965de358dc38a260da7fa1ba08594ae77dd42c4d6c3f07fef3707cd92df59b0f4919b3b5c8a24fe0f7c7b51185412467f2a7be1e59f |
C:\Windows\{3FFFD432-C4C0-443b-A4E5-B116B93A2E6F}.exe
| MD5 | 80381f9ac50e64ab0493c081315b6eb9 |
| SHA1 | 3bcf1b50614b62d89cab23b3a2b808f3a6bf09b7 |
| SHA256 | 21190f29e8894cc0e71e4ddca2a56e4897c977d05052d1e987cdfc58ce53ec83 |
| SHA512 | f4c96620c3a0928d021e2a780ff53a563479725bbe32ea712dafacd7de509fc171567e008c6298776095e5c978979737c25f92ebb3237decf66047ea0a9057c9 |
C:\Windows\{15E27CE6-1188-420c-AEF7-6047D39942AE}.exe
| MD5 | 7a3ff86e790b353c3a26167391dd4817 |
| SHA1 | 29e40afecb7c11d759b51f62ee778a48b93b9a5f |
| SHA256 | 125d2c028bc0492cf44ab4c1c88219fb0dd4f55e96b1c48f808c47dc3e81970b |
| SHA512 | 4d745518f64bc10d0defe3c252ea1aa869df28901fd7e369446aa03658aa88afc61518fd2eae3d58307c18b93bd66660a4ff163003e48ba29084565f32e06414 |