Analysis Overview
SHA256
f2b44abd30904b50805d71b4f7b02f24df41facc12957cecdeb3a639eaee6116
Threat Level: Known bad
The file 2024-04-07_dd833d8b0310ae0db7c72846e6202b7e_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 18:25
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 18:25
Reported
2024-04-07 18:28
Platform
win7-20240221-en
Max time kernel
144s
Max time network
119s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{51DF99B2-AD6F-4a42-9A3F-23A83D6378D5}\stubpath = "C:\\Windows\\{51DF99B2-AD6F-4a42-9A3F-23A83D6378D5}.exe" | C:\Windows\{738F6632-8380-4cc0-8B30-2018B3D646B4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8FDFAF99-AB3C-4529-8F04-26286F8B8905} | C:\Users\Admin\AppData\Local\Temp\2024-04-07_dd833d8b0310ae0db7c72846e6202b7e_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BE6E7768-4A1B-4f36-A39B-41C25A1222D0} | C:\Windows\{8FDFAF99-AB3C-4529-8F04-26286F8B8905}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BE6E7768-4A1B-4f36-A39B-41C25A1222D0}\stubpath = "C:\\Windows\\{BE6E7768-4A1B-4f36-A39B-41C25A1222D0}.exe" | C:\Windows\{8FDFAF99-AB3C-4529-8F04-26286F8B8905}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0A93BDCD-5226-4667-A30F-2BE209D50C75}\stubpath = "C:\\Windows\\{0A93BDCD-5226-4667-A30F-2BE209D50C75}.exe" | C:\Windows\{C5089361-CC2A-4bef-80B3-0233B276184C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{916DFFBD-D3F3-4321-BBFD-5805B0FD8DB8}\stubpath = "C:\\Windows\\{916DFFBD-D3F3-4321-BBFD-5805B0FD8DB8}.exe" | C:\Windows\{12BD913B-9C21-46e0-9954-851E72A3B806}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9344C5D5-697B-474a-8997-4EB3EBE8464C} | C:\Windows\{916DFFBD-D3F3-4321-BBFD-5805B0FD8DB8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C5089361-CC2A-4bef-80B3-0233B276184C}\stubpath = "C:\\Windows\\{C5089361-CC2A-4bef-80B3-0233B276184C}.exe" | C:\Windows\{BE6E7768-4A1B-4f36-A39B-41C25A1222D0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8C2AEA60-DD0B-43cb-AF71-D85EEE7D2EE1}\stubpath = "C:\\Windows\\{8C2AEA60-DD0B-43cb-AF71-D85EEE7D2EE1}.exe" | C:\Windows\{51DF99B2-AD6F-4a42-9A3F-23A83D6378D5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E0E278EF-4F75-4349-9203-CA828B49CD81}\stubpath = "C:\\Windows\\{E0E278EF-4F75-4349-9203-CA828B49CD81}.exe" | C:\Windows\{8C2AEA60-DD0B-43cb-AF71-D85EEE7D2EE1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{916DFFBD-D3F3-4321-BBFD-5805B0FD8DB8} | C:\Windows\{12BD913B-9C21-46e0-9954-851E72A3B806}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8C2AEA60-DD0B-43cb-AF71-D85EEE7D2EE1} | C:\Windows\{51DF99B2-AD6F-4a42-9A3F-23A83D6378D5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{12BD913B-9C21-46e0-9954-851E72A3B806} | C:\Windows\{E0E278EF-4F75-4349-9203-CA828B49CD81}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8FDFAF99-AB3C-4529-8F04-26286F8B8905}\stubpath = "C:\\Windows\\{8FDFAF99-AB3C-4529-8F04-26286F8B8905}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-07_dd833d8b0310ae0db7c72846e6202b7e_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C5089361-CC2A-4bef-80B3-0233B276184C} | C:\Windows\{BE6E7768-4A1B-4f36-A39B-41C25A1222D0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0A93BDCD-5226-4667-A30F-2BE209D50C75} | C:\Windows\{C5089361-CC2A-4bef-80B3-0233B276184C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{51DF99B2-AD6F-4a42-9A3F-23A83D6378D5} | C:\Windows\{738F6632-8380-4cc0-8B30-2018B3D646B4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9344C5D5-697B-474a-8997-4EB3EBE8464C}\stubpath = "C:\\Windows\\{9344C5D5-697B-474a-8997-4EB3EBE8464C}.exe" | C:\Windows\{916DFFBD-D3F3-4321-BBFD-5805B0FD8DB8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{738F6632-8380-4cc0-8B30-2018B3D646B4} | C:\Windows\{0A93BDCD-5226-4667-A30F-2BE209D50C75}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{738F6632-8380-4cc0-8B30-2018B3D646B4}\stubpath = "C:\\Windows\\{738F6632-8380-4cc0-8B30-2018B3D646B4}.exe" | C:\Windows\{0A93BDCD-5226-4667-A30F-2BE209D50C75}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E0E278EF-4F75-4349-9203-CA828B49CD81} | C:\Windows\{8C2AEA60-DD0B-43cb-AF71-D85EEE7D2EE1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{12BD913B-9C21-46e0-9954-851E72A3B806}\stubpath = "C:\\Windows\\{12BD913B-9C21-46e0-9954-851E72A3B806}.exe" | C:\Windows\{E0E278EF-4F75-4349-9203-CA828B49CD81}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{8FDFAF99-AB3C-4529-8F04-26286F8B8905}.exe | N/A |
| N/A | N/A | C:\Windows\{BE6E7768-4A1B-4f36-A39B-41C25A1222D0}.exe | N/A |
| N/A | N/A | C:\Windows\{C5089361-CC2A-4bef-80B3-0233B276184C}.exe | N/A |
| N/A | N/A | C:\Windows\{0A93BDCD-5226-4667-A30F-2BE209D50C75}.exe | N/A |
| N/A | N/A | C:\Windows\{738F6632-8380-4cc0-8B30-2018B3D646B4}.exe | N/A |
| N/A | N/A | C:\Windows\{51DF99B2-AD6F-4a42-9A3F-23A83D6378D5}.exe | N/A |
| N/A | N/A | C:\Windows\{8C2AEA60-DD0B-43cb-AF71-D85EEE7D2EE1}.exe | N/A |
| N/A | N/A | C:\Windows\{E0E278EF-4F75-4349-9203-CA828B49CD81}.exe | N/A |
| N/A | N/A | C:\Windows\{12BD913B-9C21-46e0-9954-851E72A3B806}.exe | N/A |
| N/A | N/A | C:\Windows\{916DFFBD-D3F3-4321-BBFD-5805B0FD8DB8}.exe | N/A |
| N/A | N/A | C:\Windows\{9344C5D5-697B-474a-8997-4EB3EBE8464C}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{0A93BDCD-5226-4667-A30F-2BE209D50C75}.exe | C:\Windows\{C5089361-CC2A-4bef-80B3-0233B276184C}.exe | N/A |
| File created | C:\Windows\{738F6632-8380-4cc0-8B30-2018B3D646B4}.exe | C:\Windows\{0A93BDCD-5226-4667-A30F-2BE209D50C75}.exe | N/A |
| File created | C:\Windows\{8C2AEA60-DD0B-43cb-AF71-D85EEE7D2EE1}.exe | C:\Windows\{51DF99B2-AD6F-4a42-9A3F-23A83D6378D5}.exe | N/A |
| File created | C:\Windows\{12BD913B-9C21-46e0-9954-851E72A3B806}.exe | C:\Windows\{E0E278EF-4F75-4349-9203-CA828B49CD81}.exe | N/A |
| File created | C:\Windows\{916DFFBD-D3F3-4321-BBFD-5805B0FD8DB8}.exe | C:\Windows\{12BD913B-9C21-46e0-9954-851E72A3B806}.exe | N/A |
| File created | C:\Windows\{BE6E7768-4A1B-4f36-A39B-41C25A1222D0}.exe | C:\Windows\{8FDFAF99-AB3C-4529-8F04-26286F8B8905}.exe | N/A |
| File created | C:\Windows\{C5089361-CC2A-4bef-80B3-0233B276184C}.exe | C:\Windows\{BE6E7768-4A1B-4f36-A39B-41C25A1222D0}.exe | N/A |
| File created | C:\Windows\{E0E278EF-4F75-4349-9203-CA828B49CD81}.exe | C:\Windows\{8C2AEA60-DD0B-43cb-AF71-D85EEE7D2EE1}.exe | N/A |
| File created | C:\Windows\{9344C5D5-697B-474a-8997-4EB3EBE8464C}.exe | C:\Windows\{916DFFBD-D3F3-4321-BBFD-5805B0FD8DB8}.exe | N/A |
| File created | C:\Windows\{8FDFAF99-AB3C-4529-8F04-26286F8B8905}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_dd833d8b0310ae0db7c72846e6202b7e_goldeneye.exe | N/A |
| File created | C:\Windows\{51DF99B2-AD6F-4a42-9A3F-23A83D6378D5}.exe | C:\Windows\{738F6632-8380-4cc0-8B30-2018B3D646B4}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-07_dd833d8b0310ae0db7c72846e6202b7e_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-07_dd833d8b0310ae0db7c72846e6202b7e_goldeneye.exe"
C:\Windows\{8FDFAF99-AB3C-4529-8F04-26286F8B8905}.exe
C:\Windows\{8FDFAF99-AB3C-4529-8F04-26286F8B8905}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{BE6E7768-4A1B-4f36-A39B-41C25A1222D0}.exe
C:\Windows\{BE6E7768-4A1B-4f36-A39B-41C25A1222D0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8FDFA~1.EXE > nul
C:\Windows\{C5089361-CC2A-4bef-80B3-0233B276184C}.exe
C:\Windows\{C5089361-CC2A-4bef-80B3-0233B276184C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BE6E7~1.EXE > nul
C:\Windows\{0A93BDCD-5226-4667-A30F-2BE209D50C75}.exe
C:\Windows\{0A93BDCD-5226-4667-A30F-2BE209D50C75}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C5089~1.EXE > nul
C:\Windows\{738F6632-8380-4cc0-8B30-2018B3D646B4}.exe
C:\Windows\{738F6632-8380-4cc0-8B30-2018B3D646B4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0A93B~1.EXE > nul
C:\Windows\{51DF99B2-AD6F-4a42-9A3F-23A83D6378D5}.exe
C:\Windows\{51DF99B2-AD6F-4a42-9A3F-23A83D6378D5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{738F6~1.EXE > nul
C:\Windows\{8C2AEA60-DD0B-43cb-AF71-D85EEE7D2EE1}.exe
C:\Windows\{8C2AEA60-DD0B-43cb-AF71-D85EEE7D2EE1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{51DF9~1.EXE > nul
C:\Windows\{E0E278EF-4F75-4349-9203-CA828B49CD81}.exe
C:\Windows\{E0E278EF-4F75-4349-9203-CA828B49CD81}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8C2AE~1.EXE > nul
C:\Windows\{12BD913B-9C21-46e0-9954-851E72A3B806}.exe
C:\Windows\{12BD913B-9C21-46e0-9954-851E72A3B806}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E0E27~1.EXE > nul
C:\Windows\{916DFFBD-D3F3-4321-BBFD-5805B0FD8DB8}.exe
C:\Windows\{916DFFBD-D3F3-4321-BBFD-5805B0FD8DB8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{12BD9~1.EXE > nul
C:\Windows\{9344C5D5-697B-474a-8997-4EB3EBE8464C}.exe
C:\Windows\{9344C5D5-697B-474a-8997-4EB3EBE8464C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{916DF~1.EXE > nul
Network
Files
C:\Windows\{8FDFAF99-AB3C-4529-8F04-26286F8B8905}.exe
| MD5 | 6adee3e65e73a875863328d89a13e777 |
| SHA1 | 6d10c41136d5ba69108911082ff45a6a8b8044cd |
| SHA256 | 7cae4c9741eaa6a67c83cad3720977a42c107c586b0e3eb5991a7c681e90baf3 |
| SHA512 | e205feeccc076a4524af52c3f7e1c7ca7d64cbe80818150ad89bc8ff79f60c22a0b8fd0813443db6c2b1542f84bacccd16f5ae91f4e836b26d2b1f4e8145704b |
C:\Windows\{BE6E7768-4A1B-4f36-A39B-41C25A1222D0}.exe
| MD5 | 87eb92cb28c0a115d2729f85fa7be151 |
| SHA1 | e29fa740b63a0e48f56456e8279718e70659e375 |
| SHA256 | 356a554cf40bfd31d651a5394322e863e1cd094729e1cae923f3197a9c8e35e9 |
| SHA512 | e857f882ff28f82901fa91ddb46de698534eccac2ddefc3c1d338bdd4f80140d6f911018ef7d40f3985fe9eb98c4385a4c0d7c29f2eef50ffd9325b12633b21b |
C:\Windows\{C5089361-CC2A-4bef-80B3-0233B276184C}.exe
| MD5 | bd88dda2104a1d1ecd698d7378a4c27a |
| SHA1 | d4fb5fe3297dd3e741ee6a2825a9478e99fca3d9 |
| SHA256 | be5553c1d863c591d154d5e9c93734b8c1a60a0a21a00f502a447bc2617f2c65 |
| SHA512 | 8a51cbf0393d9da4a854665fa191b6bff1577bebb25eb92df7519244dbbc1b14ed27a134aaa1977606e234d7aa73d51071e134e2ffd4ed7aa6a4cffdab0fa7a3 |
C:\Windows\{0A93BDCD-5226-4667-A30F-2BE209D50C75}.exe
| MD5 | 845f237651078b636ce0569e4020a90f |
| SHA1 | db3161efa2b079a991a8f28e7ff4c846d43cc0f0 |
| SHA256 | 0e5ffc6a5b8b0a8c3a3571cff7c082cbb463164f229a5eea6a592f999039bfcb |
| SHA512 | 3645f0d1c74ce80a5664218664521f7dc8e927b61b709fe41b2af871a05af85908be4ad90be8126bbd2e2ca10f941d079741660983994207b1ef57464a7bc38e |
C:\Windows\{738F6632-8380-4cc0-8B30-2018B3D646B4}.exe
| MD5 | f89706ff978e6aa87eccc16ed2bcc70e |
| SHA1 | 25836889a332759ca49c4e073aef95550c268468 |
| SHA256 | fb8d454bfd32d4abe340d2afb8070f2079f94d5d360350864e5dfc73e1b8b4f8 |
| SHA512 | 6a903529381cf5a036f0ec9d0e30edff4c7717d4a63bc6ed94acfeec6ee703eaa64997dfa7ee53f477adbae9115398d53da6075f9a9d42cf32948b621fc27627 |
C:\Windows\{51DF99B2-AD6F-4a42-9A3F-23A83D6378D5}.exe
| MD5 | 0bf927be15da6677435bf93b4b8c44e4 |
| SHA1 | 67d6af7dadbb467479635ae3294d7e32262f0f06 |
| SHA256 | a7522371c4f4d90647b0608d7ba0a1f879271b5d276a37688dc859f9a285f888 |
| SHA512 | a8c7acd3f49c8d8c95a768b5274e257abd5be5c8ad8dd069c31ff5aafcaf829c44117961f72ad7a9a0df985349aff16b687c21322c6cb787ec4a7983578abbea |
C:\Windows\{8C2AEA60-DD0B-43cb-AF71-D85EEE7D2EE1}.exe
| MD5 | 43dd7c0c3d1b5b02482da1710ec15de5 |
| SHA1 | c1de811b2111c77f772a40fda46e3c604af624b9 |
| SHA256 | 5eb440ef5e554f1fbffda4a7ad4753385aad02d2d26982903c9ed0690b90b389 |
| SHA512 | e8beb5f8c817b7bb3309e3f5dc1756e7c20a5f42669cea1b45196685eab8160b1cbe7364a040d4c6b3407f648cd4aa208b47077254d4b8877fbad99a9ad9894a |
C:\Windows\{E0E278EF-4F75-4349-9203-CA828B49CD81}.exe
| MD5 | 43a8089cb8d356d2e03687186a9b5b67 |
| SHA1 | 2b80e7b2a2b4dee689f1804845096efcb08163b7 |
| SHA256 | fbc917b6308e53ce4ad49025aa744f16727765661e43d40e8658d1328054ebdf |
| SHA512 | 811a351f81d503ba227d362fea77960a4679d2d11df836773414587c70fd73d444502c670b3b0e5e45254b9f4cc9092253dc9b02e394b42a4fcf1c6e9551ab01 |
C:\Windows\{12BD913B-9C21-46e0-9954-851E72A3B806}.exe
| MD5 | 475d739c75e517c151cdba81153e5693 |
| SHA1 | 634ed9ecd0e37f7c7a97d779033bf417991b2f55 |
| SHA256 | 0390165d56be736ad6b57c65a18be9956d427ea0fa04889f06e1aa294669e829 |
| SHA512 | 5a1de1ec6038e02ffca4f5b7123c1582dc751c39ab35a7d8c8133418af79c7baa420c2da8a7f5603f06e861de524c71bfb6e9f7bd18dfc9bf72162033fbfc576 |
C:\Windows\{916DFFBD-D3F3-4321-BBFD-5805B0FD8DB8}.exe
| MD5 | ff87899d59c695f19c10e08342fa7d01 |
| SHA1 | 274d77950bbc7ab3b1869ff7c7b8030bea72503a |
| SHA256 | 0724d9ae6eadd9809515a962f56959abf393fea02c10dc3e6aff66b34429a9c2 |
| SHA512 | e7be206365bead63491b4a6963e559d46681d8686e5c31a65de8114c3ee0256ca068e8dc9492c42e5c23c1e702d12e14b59d2205bc34a597ab82d05cb55260c9 |
C:\Windows\{9344C5D5-697B-474a-8997-4EB3EBE8464C}.exe
| MD5 | 96cc1b5b070da4b3a8185935021275ae |
| SHA1 | 9c2acfc247420d84a40b79b2110b517e7a7ea914 |
| SHA256 | 639661eca2eeeb2a31fb53f1563dcc4e0debc027c9a8642e32563682a84ba3d6 |
| SHA512 | 4b38735d0ff5e5abd94298832a56f245754e78baf5b0c163ce09883511186fa58f071a7b97aa1a7ed2b4c9a036af62605ac445ecf8a638499348741ddc32851c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 18:25
Reported
2024-04-07 18:28
Platform
win10v2004-20231215-en
Max time kernel
149s
Max time network
122s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{FEBF8050-BE26-4c73-90A4-C51126F9207F} | C:\Windows\{CFADE122-FE7D-43eb-A544-791611B2F26B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{91E1B2A3-507E-4036-ABAA-9EC5B5EDE06E} | C:\Windows\{FEBF8050-BE26-4c73-90A4-C51126F9207F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F9B5DB0F-F9AB-4cd4-84D1-E728949441D3}\stubpath = "C:\\Windows\\{F9B5DB0F-F9AB-4cd4-84D1-E728949441D3}.exe" | C:\Windows\{1BCEF5CE-E6A2-4e2b-87F0-783471CBA34B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CB0A78D2-5461-44f8-A540-0322FE86175F} | C:\Windows\{49153064-B613-4a65-B8FA-D361BF1CEC02}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9164958E-8642-46b3-B634-FF459772C016} | C:\Windows\{CB0A78D2-5461-44f8-A540-0322FE86175F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CDFE9889-535E-404d-B6C2-EDF148D7B3AF}\stubpath = "C:\\Windows\\{CDFE9889-535E-404d-B6C2-EDF148D7B3AF}.exe" | C:\Windows\{9164958E-8642-46b3-B634-FF459772C016}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1BCEF5CE-E6A2-4e2b-87F0-783471CBA34B} | C:\Windows\{5FC63B36-0E6A-468a-A94A-CF14C88A713E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{49153064-B613-4a65-B8FA-D361BF1CEC02} | C:\Windows\{8B5DCFAC-430A-484f-88E4-367C3F29CB25}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7FB69ECE-313C-44fc-AF68-10D570AAA2C7} | C:\Windows\{CDFE9889-535E-404d-B6C2-EDF148D7B3AF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{91E1B2A3-507E-4036-ABAA-9EC5B5EDE06E}\stubpath = "C:\\Windows\\{91E1B2A3-507E-4036-ABAA-9EC5B5EDE06E}.exe" | C:\Windows\{FEBF8050-BE26-4c73-90A4-C51126F9207F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CDFE9889-535E-404d-B6C2-EDF148D7B3AF} | C:\Windows\{9164958E-8642-46b3-B634-FF459772C016}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CFADE122-FE7D-43eb-A544-791611B2F26B} | C:\Windows\{7FB69ECE-313C-44fc-AF68-10D570AAA2C7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{FEBF8050-BE26-4c73-90A4-C51126F9207F}\stubpath = "C:\\Windows\\{FEBF8050-BE26-4c73-90A4-C51126F9207F}.exe" | C:\Windows\{CFADE122-FE7D-43eb-A544-791611B2F26B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8B5DCFAC-430A-484f-88E4-367C3F29CB25} | C:\Users\Admin\AppData\Local\Temp\2024-04-07_dd833d8b0310ae0db7c72846e6202b7e_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{49153064-B613-4a65-B8FA-D361BF1CEC02}\stubpath = "C:\\Windows\\{49153064-B613-4a65-B8FA-D361BF1CEC02}.exe" | C:\Windows\{8B5DCFAC-430A-484f-88E4-367C3F29CB25}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9164958E-8642-46b3-B634-FF459772C016}\stubpath = "C:\\Windows\\{9164958E-8642-46b3-B634-FF459772C016}.exe" | C:\Windows\{CB0A78D2-5461-44f8-A540-0322FE86175F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CFADE122-FE7D-43eb-A544-791611B2F26B}\stubpath = "C:\\Windows\\{CFADE122-FE7D-43eb-A544-791611B2F26B}.exe" | C:\Windows\{7FB69ECE-313C-44fc-AF68-10D570AAA2C7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5FC63B36-0E6A-468a-A94A-CF14C88A713E} | C:\Windows\{91E1B2A3-507E-4036-ABAA-9EC5B5EDE06E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5FC63B36-0E6A-468a-A94A-CF14C88A713E}\stubpath = "C:\\Windows\\{5FC63B36-0E6A-468a-A94A-CF14C88A713E}.exe" | C:\Windows\{91E1B2A3-507E-4036-ABAA-9EC5B5EDE06E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1BCEF5CE-E6A2-4e2b-87F0-783471CBA34B}\stubpath = "C:\\Windows\\{1BCEF5CE-E6A2-4e2b-87F0-783471CBA34B}.exe" | C:\Windows\{5FC63B36-0E6A-468a-A94A-CF14C88A713E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F9B5DB0F-F9AB-4cd4-84D1-E728949441D3} | C:\Windows\{1BCEF5CE-E6A2-4e2b-87F0-783471CBA34B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8B5DCFAC-430A-484f-88E4-367C3F29CB25}\stubpath = "C:\\Windows\\{8B5DCFAC-430A-484f-88E4-367C3F29CB25}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-07_dd833d8b0310ae0db7c72846e6202b7e_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CB0A78D2-5461-44f8-A540-0322FE86175F}\stubpath = "C:\\Windows\\{CB0A78D2-5461-44f8-A540-0322FE86175F}.exe" | C:\Windows\{49153064-B613-4a65-B8FA-D361BF1CEC02}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7FB69ECE-313C-44fc-AF68-10D570AAA2C7}\stubpath = "C:\\Windows\\{7FB69ECE-313C-44fc-AF68-10D570AAA2C7}.exe" | C:\Windows\{CDFE9889-535E-404d-B6C2-EDF148D7B3AF}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{8B5DCFAC-430A-484f-88E4-367C3F29CB25}.exe | N/A |
| N/A | N/A | C:\Windows\{49153064-B613-4a65-B8FA-D361BF1CEC02}.exe | N/A |
| N/A | N/A | C:\Windows\{CB0A78D2-5461-44f8-A540-0322FE86175F}.exe | N/A |
| N/A | N/A | C:\Windows\{9164958E-8642-46b3-B634-FF459772C016}.exe | N/A |
| N/A | N/A | C:\Windows\{CDFE9889-535E-404d-B6C2-EDF148D7B3AF}.exe | N/A |
| N/A | N/A | C:\Windows\{7FB69ECE-313C-44fc-AF68-10D570AAA2C7}.exe | N/A |
| N/A | N/A | C:\Windows\{CFADE122-FE7D-43eb-A544-791611B2F26B}.exe | N/A |
| N/A | N/A | C:\Windows\{FEBF8050-BE26-4c73-90A4-C51126F9207F}.exe | N/A |
| N/A | N/A | C:\Windows\{91E1B2A3-507E-4036-ABAA-9EC5B5EDE06E}.exe | N/A |
| N/A | N/A | C:\Windows\{5FC63B36-0E6A-468a-A94A-CF14C88A713E}.exe | N/A |
| N/A | N/A | C:\Windows\{1BCEF5CE-E6A2-4e2b-87F0-783471CBA34B}.exe | N/A |
| N/A | N/A | C:\Windows\{F9B5DB0F-F9AB-4cd4-84D1-E728949441D3}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{CB0A78D2-5461-44f8-A540-0322FE86175F}.exe | C:\Windows\{49153064-B613-4a65-B8FA-D361BF1CEC02}.exe | N/A |
| File created | C:\Windows\{CDFE9889-535E-404d-B6C2-EDF148D7B3AF}.exe | C:\Windows\{9164958E-8642-46b3-B634-FF459772C016}.exe | N/A |
| File created | C:\Windows\{7FB69ECE-313C-44fc-AF68-10D570AAA2C7}.exe | C:\Windows\{CDFE9889-535E-404d-B6C2-EDF148D7B3AF}.exe | N/A |
| File created | C:\Windows\{CFADE122-FE7D-43eb-A544-791611B2F26B}.exe | C:\Windows\{7FB69ECE-313C-44fc-AF68-10D570AAA2C7}.exe | N/A |
| File created | C:\Windows\{91E1B2A3-507E-4036-ABAA-9EC5B5EDE06E}.exe | C:\Windows\{FEBF8050-BE26-4c73-90A4-C51126F9207F}.exe | N/A |
| File created | C:\Windows\{1BCEF5CE-E6A2-4e2b-87F0-783471CBA34B}.exe | C:\Windows\{5FC63B36-0E6A-468a-A94A-CF14C88A713E}.exe | N/A |
| File created | C:\Windows\{8B5DCFAC-430A-484f-88E4-367C3F29CB25}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_dd833d8b0310ae0db7c72846e6202b7e_goldeneye.exe | N/A |
| File created | C:\Windows\{49153064-B613-4a65-B8FA-D361BF1CEC02}.exe | C:\Windows\{8B5DCFAC-430A-484f-88E4-367C3F29CB25}.exe | N/A |
| File created | C:\Windows\{9164958E-8642-46b3-B634-FF459772C016}.exe | C:\Windows\{CB0A78D2-5461-44f8-A540-0322FE86175F}.exe | N/A |
| File created | C:\Windows\{FEBF8050-BE26-4c73-90A4-C51126F9207F}.exe | C:\Windows\{CFADE122-FE7D-43eb-A544-791611B2F26B}.exe | N/A |
| File created | C:\Windows\{5FC63B36-0E6A-468a-A94A-CF14C88A713E}.exe | C:\Windows\{91E1B2A3-507E-4036-ABAA-9EC5B5EDE06E}.exe | N/A |
| File created | C:\Windows\{F9B5DB0F-F9AB-4cd4-84D1-E728949441D3}.exe | C:\Windows\{1BCEF5CE-E6A2-4e2b-87F0-783471CBA34B}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-07_dd833d8b0310ae0db7c72846e6202b7e_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-07_dd833d8b0310ae0db7c72846e6202b7e_goldeneye.exe"
C:\Windows\{8B5DCFAC-430A-484f-88E4-367C3F29CB25}.exe
C:\Windows\{8B5DCFAC-430A-484f-88E4-367C3F29CB25}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{49153064-B613-4a65-B8FA-D361BF1CEC02}.exe
C:\Windows\{49153064-B613-4a65-B8FA-D361BF1CEC02}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8B5DC~1.EXE > nul
C:\Windows\{CB0A78D2-5461-44f8-A540-0322FE86175F}.exe
C:\Windows\{CB0A78D2-5461-44f8-A540-0322FE86175F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{49153~1.EXE > nul
C:\Windows\{9164958E-8642-46b3-B634-FF459772C016}.exe
C:\Windows\{9164958E-8642-46b3-B634-FF459772C016}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CB0A7~1.EXE > nul
C:\Windows\{CDFE9889-535E-404d-B6C2-EDF148D7B3AF}.exe
C:\Windows\{CDFE9889-535E-404d-B6C2-EDF148D7B3AF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{91649~1.EXE > nul
C:\Windows\{7FB69ECE-313C-44fc-AF68-10D570AAA2C7}.exe
C:\Windows\{7FB69ECE-313C-44fc-AF68-10D570AAA2C7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CDFE9~1.EXE > nul
C:\Windows\{CFADE122-FE7D-43eb-A544-791611B2F26B}.exe
C:\Windows\{CFADE122-FE7D-43eb-A544-791611B2F26B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7FB69~1.EXE > nul
C:\Windows\{FEBF8050-BE26-4c73-90A4-C51126F9207F}.exe
C:\Windows\{FEBF8050-BE26-4c73-90A4-C51126F9207F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CFADE~1.EXE > nul
C:\Windows\{91E1B2A3-507E-4036-ABAA-9EC5B5EDE06E}.exe
C:\Windows\{91E1B2A3-507E-4036-ABAA-9EC5B5EDE06E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FEBF8~1.EXE > nul
C:\Windows\{5FC63B36-0E6A-468a-A94A-CF14C88A713E}.exe
C:\Windows\{5FC63B36-0E6A-468a-A94A-CF14C88A713E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{91E1B~1.EXE > nul
C:\Windows\{1BCEF5CE-E6A2-4e2b-87F0-783471CBA34B}.exe
C:\Windows\{1BCEF5CE-E6A2-4e2b-87F0-783471CBA34B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5FC63~1.EXE > nul
C:\Windows\{F9B5DB0F-F9AB-4cd4-84D1-E728949441D3}.exe
C:\Windows\{F9B5DB0F-F9AB-4cd4-84D1-E728949441D3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1BCEF~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.143.109.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
Files
C:\Windows\{8B5DCFAC-430A-484f-88E4-367C3F29CB25}.exe
| MD5 | c835391372e9790d623af11c41e22728 |
| SHA1 | 264164e04fc4078c0de3e2bfbad0036bf515df95 |
| SHA256 | 93861ddf0b619c9f39c010b40f1ac8dbfc539963e5386c5bcc785f6154105db7 |
| SHA512 | 292814ec96354bc1a84aa4c97b35a9df8c33b970d429b41505dbb73e250d4f31b89dd75b32b302a520a357c83be1fca088d2f3c84e39ed51374545c7db2a82a2 |
C:\Windows\{49153064-B613-4a65-B8FA-D361BF1CEC02}.exe
| MD5 | 6bc5eb2332e65e50a500579752b4b070 |
| SHA1 | f056c5d2a62bfcdb38545dcbdbaa11ae00657758 |
| SHA256 | 6120abe490caedd2365a01143c2a13db2834f295fca1e757bfbc1ecfd05fb89c |
| SHA512 | 15b00edae3febc35f9f3ba41c4fb172d1d2551c8c7ef18961c4fac0d176abc85772cc192c85b7d0d3fff55e53ec0eaf155c9c4b440bee524ac2c2ccc06c3a6d7 |
C:\Windows\{CB0A78D2-5461-44f8-A540-0322FE86175F}.exe
| MD5 | ab541398a642015da8b8756dd6338b7f |
| SHA1 | 2d653c9057efbc8948ddf370847551f3b7c42e46 |
| SHA256 | 5dd2d2fce78d18ec6d1c720a839913147bb1b18cb87958bfbc7ac308f5ea077b |
| SHA512 | 9e48b3bcec426ce5ae90024345edba103771aa7409b34960284819dfcd273fb33ab54a55f3dc1299e940494be77bc98259ce663126d4a4e6b9f125689ae523db |
C:\Windows\{9164958E-8642-46b3-B634-FF459772C016}.exe
| MD5 | 34e797446e71ea0b03d943ba0c25eb74 |
| SHA1 | b4874817987bc10dd706cf2d7d5bc57a0f518d73 |
| SHA256 | 0403d91394b67492afce5aea22bf83542358598811e0a09569abf5ada7bf1c7a |
| SHA512 | f1491972c10a6dd1e28c6244ee2582f2f9ecdb2ab932c471db2e961ef9abd9bad9825f45417819f3a17ebfb18c1a00960d41424c6a1bef097528756ea9ea7385 |
C:\Windows\{CDFE9889-535E-404d-B6C2-EDF148D7B3AF}.exe
| MD5 | 5a1881c5a7dae5004e5973873a553a07 |
| SHA1 | a68ee20d534ea8cb3fed9bdf29609ab82174afb1 |
| SHA256 | b3238714f132bfa4b0300660677cdb332c002b22368884e7c32403ff8e6cb056 |
| SHA512 | a5e6bbcedfef62af794288b2b2653d96d5b02be26147cff845dfb7982b980f63b4025e1551f4cb82f6e93db0db5e8ca699c51c76245f7058b89c8d4906c86170 |
C:\Windows\{7FB69ECE-313C-44fc-AF68-10D570AAA2C7}.exe
| MD5 | 6d68a83654791c2d5f869cdefbb48dd0 |
| SHA1 | b5fa05f83bc728eb50bfc4ff08d0aa6954283fb8 |
| SHA256 | 3ea61ac6331586aadc972652c6c110616c22315686c38a568f272fbe52c30673 |
| SHA512 | 9edcebff5b0e2c5b2a628394afcaae500e1885c325fa4f348c8f7ddced13154b1962507b74d2c637711a1e8e625a91c7136af1f14ce5a698aaad1c873532ea00 |
C:\Windows\{CFADE122-FE7D-43eb-A544-791611B2F26B}.exe
| MD5 | 59c0ab945ef3784b66b72988a4a43e0c |
| SHA1 | 9daac84da50a3f6b16aca96ef4c3b7eb693a6c6b |
| SHA256 | 4c305d26c9a7a3134e826e0dc1b49d7265a7d5e50b01931d473d6a8483719153 |
| SHA512 | 1be049177cfa8ba9111bec7787874badf325ef6b49762b7816174b8df8da9609b3fd7dab347c9df54602b1ef13a22f64abb37ad755b0943399decd85e7a319cf |
C:\Windows\{FEBF8050-BE26-4c73-90A4-C51126F9207F}.exe
| MD5 | 2239342b14682254c3b94eca9c5d86cf |
| SHA1 | f94f979033e8074dbb8fecc490ea132148c5afaf |
| SHA256 | 39f8972b295c9f6c4264290c3095b14c844dcc1f890d27153832ffd1846e5c15 |
| SHA512 | 7e441b70e3a2d801f6e59a8c9c8c7c9624882ad3d29a1ddcd025af663481d120c568b6715c21c6789d53f79b604189fbbf11c6f705ddaae40b388432271132f2 |
C:\Windows\{91E1B2A3-507E-4036-ABAA-9EC5B5EDE06E}.exe
| MD5 | ee8eea4152c0e50ebbf4885596e266b4 |
| SHA1 | 242abc7a82ca3ef405146948d47901389b5399b0 |
| SHA256 | de7ac0f00364d2afa88cdbb6d46f03f6fd14cb3476d00804c9cfa87da220869e |
| SHA512 | e807fc2a02eca4a1bb3ac5199f74accda971fcf09927495101e2bd0e9145454043888910e1f2d5f18d20ccac43b4f0edce4b494d090d4aeac76928c9601c7a75 |
C:\Windows\{5FC63B36-0E6A-468a-A94A-CF14C88A713E}.exe
| MD5 | 57a6c2d6d4b94114d2a4553bff15a566 |
| SHA1 | 5b7cd339f908bddb39689a6684dd1ccbb19c1c2b |
| SHA256 | 0072699a4fdcf1044446749316f44630ae4775e1bb1796d674611af101b5999b |
| SHA512 | f1267568f7c1c4e51a366e9ddc34762652e90e6fc2f25cd795413c2fe6ce33259a41a9037f4c96b7cabaac75828271158c34feabe423f7cd4194ea692d980118 |
C:\Windows\{1BCEF5CE-E6A2-4e2b-87F0-783471CBA34B}.exe
| MD5 | b6e0a745c0f30e03aa3d89c1f041a179 |
| SHA1 | 093352f62d7b25f9a697a1448beb301a4cc6f159 |
| SHA256 | 4a3dc5fce4042738a1de2733a25a489eda2a57df80808798d70427e4fe473d34 |
| SHA512 | 9ce94b7ecb85db29d519c2660954088fc54aab017ccd26368e57d3f710876c3afe01afe9c31abcbf399d3457135c5539eb22076af32fbd2b6f1e1c41f758570f |
C:\Windows\{F9B5DB0F-F9AB-4cd4-84D1-E728949441D3}.exe
| MD5 | f25ffd1eeacd2b45b5b2089e0ae93654 |
| SHA1 | 3fb5de3a9fed9a293397a88fb6d3d0da797e34f0 |
| SHA256 | a314f1a9ce504f42a6221dbc4e3e7fffe4527ccb84fa38dbd45fb811896de7d5 |
| SHA512 | e73b0dc9304f6cb9b424b83db0c64ecd8e37bd704bc92cbf68ddfb6b392b674a1991bfa2f59c6ce59dd39ee197a921be7eb3d1fa67c1370d0f272ebd579a9b8e |