Analysis Overview
SHA256
40f2319621aa36a8441100f13eaac93c1ba6b95eaa59a2a5ff95f4a14cce7d90
Threat Level: Known bad
The file 2024-04-07_8c67995833d225fec4058ef2767ccfc3_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 18:24
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 18:24
Reported
2024-04-07 18:27
Platform
win7-20240221-en
Max time kernel
150s
Max time network
127s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F33C51F8-34E9-419d-8CED-7B4CE5FCCB49} | C:\Windows\{0BB47AA6-7BD7-4b20-B1C1-8D7ACDD4662C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6104DD92-11ED-40af-AC72-F522DD4B55D8}\stubpath = "C:\\Windows\\{6104DD92-11ED-40af-AC72-F522DD4B55D8}.exe" | C:\Windows\{F33C51F8-34E9-419d-8CED-7B4CE5FCCB49}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9133B1DE-2B4B-46bc-B996-CE3AABB167A9} | C:\Windows\{87431D0F-4D1E-4a23-AFCB-C6239747F4C0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A2C3E774-59E5-4ff5-B687-FE701689EB14} | C:\Windows\{9133B1DE-2B4B-46bc-B996-CE3AABB167A9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0B9D4CFD-2966-4eed-8442-A0811AFABA47}\stubpath = "C:\\Windows\\{0B9D4CFD-2966-4eed-8442-A0811AFABA47}.exe" | C:\Windows\{A2C3E774-59E5-4ff5-B687-FE701689EB14}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B8C07498-8388-467a-B213-9B5115E20186} | C:\Windows\{CDE21332-EB8C-40ff-8DA2-64CA29C2BBD1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{59215EA6-93A1-40dc-A8F7-E0214AAAD562} | C:\Windows\{B8C07498-8388-467a-B213-9B5115E20186}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1DBA4D02-0C2A-432b-A45E-9F181ED58AD2} | C:\Users\Admin\AppData\Local\Temp\2024-04-07_8c67995833d225fec4058ef2767ccfc3_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0BB47AA6-7BD7-4b20-B1C1-8D7ACDD4662C}\stubpath = "C:\\Windows\\{0BB47AA6-7BD7-4b20-B1C1-8D7ACDD4662C}.exe" | C:\Windows\{1DBA4D02-0C2A-432b-A45E-9F181ED58AD2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F33C51F8-34E9-419d-8CED-7B4CE5FCCB49}\stubpath = "C:\\Windows\\{F33C51F8-34E9-419d-8CED-7B4CE5FCCB49}.exe" | C:\Windows\{0BB47AA6-7BD7-4b20-B1C1-8D7ACDD4662C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6104DD92-11ED-40af-AC72-F522DD4B55D8} | C:\Windows\{F33C51F8-34E9-419d-8CED-7B4CE5FCCB49}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{87431D0F-4D1E-4a23-AFCB-C6239747F4C0}\stubpath = "C:\\Windows\\{87431D0F-4D1E-4a23-AFCB-C6239747F4C0}.exe" | C:\Windows\{6104DD92-11ED-40af-AC72-F522DD4B55D8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CDE21332-EB8C-40ff-8DA2-64CA29C2BBD1}\stubpath = "C:\\Windows\\{CDE21332-EB8C-40ff-8DA2-64CA29C2BBD1}.exe" | C:\Windows\{0B9D4CFD-2966-4eed-8442-A0811AFABA47}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0BB47AA6-7BD7-4b20-B1C1-8D7ACDD4662C} | C:\Windows\{1DBA4D02-0C2A-432b-A45E-9F181ED58AD2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CDE21332-EB8C-40ff-8DA2-64CA29C2BBD1} | C:\Windows\{0B9D4CFD-2966-4eed-8442-A0811AFABA47}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{59215EA6-93A1-40dc-A8F7-E0214AAAD562}\stubpath = "C:\\Windows\\{59215EA6-93A1-40dc-A8F7-E0214AAAD562}.exe" | C:\Windows\{B8C07498-8388-467a-B213-9B5115E20186}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FA48EB78-5FE5-49b9-AEF2-FE3F209239D1} | C:\Windows\{59215EA6-93A1-40dc-A8F7-E0214AAAD562}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FA48EB78-5FE5-49b9-AEF2-FE3F209239D1}\stubpath = "C:\\Windows\\{FA48EB78-5FE5-49b9-AEF2-FE3F209239D1}.exe" | C:\Windows\{59215EA6-93A1-40dc-A8F7-E0214AAAD562}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{87431D0F-4D1E-4a23-AFCB-C6239747F4C0} | C:\Windows\{6104DD92-11ED-40af-AC72-F522DD4B55D8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9133B1DE-2B4B-46bc-B996-CE3AABB167A9}\stubpath = "C:\\Windows\\{9133B1DE-2B4B-46bc-B996-CE3AABB167A9}.exe" | C:\Windows\{87431D0F-4D1E-4a23-AFCB-C6239747F4C0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A2C3E774-59E5-4ff5-B687-FE701689EB14}\stubpath = "C:\\Windows\\{A2C3E774-59E5-4ff5-B687-FE701689EB14}.exe" | C:\Windows\{9133B1DE-2B4B-46bc-B996-CE3AABB167A9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0B9D4CFD-2966-4eed-8442-A0811AFABA47} | C:\Windows\{A2C3E774-59E5-4ff5-B687-FE701689EB14}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B8C07498-8388-467a-B213-9B5115E20186}\stubpath = "C:\\Windows\\{B8C07498-8388-467a-B213-9B5115E20186}.exe" | C:\Windows\{CDE21332-EB8C-40ff-8DA2-64CA29C2BBD1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1DBA4D02-0C2A-432b-A45E-9F181ED58AD2}\stubpath = "C:\\Windows\\{1DBA4D02-0C2A-432b-A45E-9F181ED58AD2}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-07_8c67995833d225fec4058ef2767ccfc3_goldeneye.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{1DBA4D02-0C2A-432b-A45E-9F181ED58AD2}.exe | N/A |
| N/A | N/A | C:\Windows\{0BB47AA6-7BD7-4b20-B1C1-8D7ACDD4662C}.exe | N/A |
| N/A | N/A | C:\Windows\{F33C51F8-34E9-419d-8CED-7B4CE5FCCB49}.exe | N/A |
| N/A | N/A | C:\Windows\{6104DD92-11ED-40af-AC72-F522DD4B55D8}.exe | N/A |
| N/A | N/A | C:\Windows\{87431D0F-4D1E-4a23-AFCB-C6239747F4C0}.exe | N/A |
| N/A | N/A | C:\Windows\{9133B1DE-2B4B-46bc-B996-CE3AABB167A9}.exe | N/A |
| N/A | N/A | C:\Windows\{A2C3E774-59E5-4ff5-B687-FE701689EB14}.exe | N/A |
| N/A | N/A | C:\Windows\{0B9D4CFD-2966-4eed-8442-A0811AFABA47}.exe | N/A |
| N/A | N/A | C:\Windows\{CDE21332-EB8C-40ff-8DA2-64CA29C2BBD1}.exe | N/A |
| N/A | N/A | C:\Windows\{B8C07498-8388-467a-B213-9B5115E20186}.exe | N/A |
| N/A | N/A | C:\Windows\{59215EA6-93A1-40dc-A8F7-E0214AAAD562}.exe | N/A |
| N/A | N/A | C:\Windows\{FA48EB78-5FE5-49b9-AEF2-FE3F209239D1}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{6104DD92-11ED-40af-AC72-F522DD4B55D8}.exe | C:\Windows\{F33C51F8-34E9-419d-8CED-7B4CE5FCCB49}.exe | N/A |
| File created | C:\Windows\{9133B1DE-2B4B-46bc-B996-CE3AABB167A9}.exe | C:\Windows\{87431D0F-4D1E-4a23-AFCB-C6239747F4C0}.exe | N/A |
| File created | C:\Windows\{0B9D4CFD-2966-4eed-8442-A0811AFABA47}.exe | C:\Windows\{A2C3E774-59E5-4ff5-B687-FE701689EB14}.exe | N/A |
| File created | C:\Windows\{CDE21332-EB8C-40ff-8DA2-64CA29C2BBD1}.exe | C:\Windows\{0B9D4CFD-2966-4eed-8442-A0811AFABA47}.exe | N/A |
| File created | C:\Windows\{B8C07498-8388-467a-B213-9B5115E20186}.exe | C:\Windows\{CDE21332-EB8C-40ff-8DA2-64CA29C2BBD1}.exe | N/A |
| File created | C:\Windows\{FA48EB78-5FE5-49b9-AEF2-FE3F209239D1}.exe | C:\Windows\{59215EA6-93A1-40dc-A8F7-E0214AAAD562}.exe | N/A |
| File created | C:\Windows\{0BB47AA6-7BD7-4b20-B1C1-8D7ACDD4662C}.exe | C:\Windows\{1DBA4D02-0C2A-432b-A45E-9F181ED58AD2}.exe | N/A |
| File created | C:\Windows\{F33C51F8-34E9-419d-8CED-7B4CE5FCCB49}.exe | C:\Windows\{0BB47AA6-7BD7-4b20-B1C1-8D7ACDD4662C}.exe | N/A |
| File created | C:\Windows\{87431D0F-4D1E-4a23-AFCB-C6239747F4C0}.exe | C:\Windows\{6104DD92-11ED-40af-AC72-F522DD4B55D8}.exe | N/A |
| File created | C:\Windows\{A2C3E774-59E5-4ff5-B687-FE701689EB14}.exe | C:\Windows\{9133B1DE-2B4B-46bc-B996-CE3AABB167A9}.exe | N/A |
| File created | C:\Windows\{59215EA6-93A1-40dc-A8F7-E0214AAAD562}.exe | C:\Windows\{B8C07498-8388-467a-B213-9B5115E20186}.exe | N/A |
| File created | C:\Windows\{1DBA4D02-0C2A-432b-A45E-9F181ED58AD2}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_8c67995833d225fec4058ef2767ccfc3_goldeneye.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-07_8c67995833d225fec4058ef2767ccfc3_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-07_8c67995833d225fec4058ef2767ccfc3_goldeneye.exe"
C:\Windows\{1DBA4D02-0C2A-432b-A45E-9F181ED58AD2}.exe
C:\Windows\{1DBA4D02-0C2A-432b-A45E-9F181ED58AD2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{0BB47AA6-7BD7-4b20-B1C1-8D7ACDD4662C}.exe
C:\Windows\{0BB47AA6-7BD7-4b20-B1C1-8D7ACDD4662C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1DBA4~1.EXE > nul
C:\Windows\{F33C51F8-34E9-419d-8CED-7B4CE5FCCB49}.exe
C:\Windows\{F33C51F8-34E9-419d-8CED-7B4CE5FCCB49}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0BB47~1.EXE > nul
C:\Windows\{6104DD92-11ED-40af-AC72-F522DD4B55D8}.exe
C:\Windows\{6104DD92-11ED-40af-AC72-F522DD4B55D8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F33C5~1.EXE > nul
C:\Windows\{87431D0F-4D1E-4a23-AFCB-C6239747F4C0}.exe
C:\Windows\{87431D0F-4D1E-4a23-AFCB-C6239747F4C0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6104D~1.EXE > nul
C:\Windows\{9133B1DE-2B4B-46bc-B996-CE3AABB167A9}.exe
C:\Windows\{9133B1DE-2B4B-46bc-B996-CE3AABB167A9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{87431~1.EXE > nul
C:\Windows\{A2C3E774-59E5-4ff5-B687-FE701689EB14}.exe
C:\Windows\{A2C3E774-59E5-4ff5-B687-FE701689EB14}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9133B~1.EXE > nul
C:\Windows\{0B9D4CFD-2966-4eed-8442-A0811AFABA47}.exe
C:\Windows\{0B9D4CFD-2966-4eed-8442-A0811AFABA47}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A2C3E~1.EXE > nul
C:\Windows\{CDE21332-EB8C-40ff-8DA2-64CA29C2BBD1}.exe
C:\Windows\{CDE21332-EB8C-40ff-8DA2-64CA29C2BBD1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0B9D4~1.EXE > nul
C:\Windows\{B8C07498-8388-467a-B213-9B5115E20186}.exe
C:\Windows\{B8C07498-8388-467a-B213-9B5115E20186}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CDE21~1.EXE > nul
C:\Windows\{59215EA6-93A1-40dc-A8F7-E0214AAAD562}.exe
C:\Windows\{59215EA6-93A1-40dc-A8F7-E0214AAAD562}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B8C07~1.EXE > nul
C:\Windows\{FA48EB78-5FE5-49b9-AEF2-FE3F209239D1}.exe
C:\Windows\{FA48EB78-5FE5-49b9-AEF2-FE3F209239D1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{59215~1.EXE > nul
Network
Files
C:\Windows\{1DBA4D02-0C2A-432b-A45E-9F181ED58AD2}.exe
| MD5 | 8eb92fc46bdccb7571e2df68a386b0e3 |
| SHA1 | 10805b7e859888a01b6881ccb26c13b249bc3498 |
| SHA256 | 6b8e34889fe6fbf679780035fb3adbc17f175fd512d09480219d024886bc1fb6 |
| SHA512 | b5f5a60f201b0d6cf3b836583a2b669ef2716722117f385fa3fdac984590434e62d278fc93fd76ca9621da3ee1d7bdb45b6a00775bd0856e8b73de5e771bf7c4 |
C:\Windows\{0BB47AA6-7BD7-4b20-B1C1-8D7ACDD4662C}.exe
| MD5 | 986f3598c94abe8ee98a87cc60858a5e |
| SHA1 | a1d74da3cffc30d4ed7019b40f65df1c20bde696 |
| SHA256 | e73e2e5737cb3701892a729a6f1b35bc31454da09497c7b85a79a88f6d06e01a |
| SHA512 | 380817c31c7060861b8b5039e361322da4321236bffcfd670f679979db9d6f00302ae410ea81e2169185c23c2101c3dfb5a703ca911d943b65a8ec41522c8650 |
C:\Windows\{F33C51F8-34E9-419d-8CED-7B4CE5FCCB49}.exe
| MD5 | 9543d896e8aff2ab70a041aebba78a77 |
| SHA1 | 472dc9b27017dcb9629cd6e6daa234fd476fcf0a |
| SHA256 | 162ffc6878676bdfbf9ceb295260438d999ec4a97f4638403a7312bc9f9bfe17 |
| SHA512 | 6aa15634fdd6f892b1a44f78122b81f335ded44d83ffec6e492b3ef5b20f772d2c1a07ee37e10982935e926d6550452c0c21aa628143a3b75600a55f8193bf53 |
C:\Windows\{6104DD92-11ED-40af-AC72-F522DD4B55D8}.exe
| MD5 | 234a6474f1e552df770afd197cc8c03b |
| SHA1 | 0f592778f7e5805b5d773c7354c15864324dd44e |
| SHA256 | d2e9491ca216f8c20ce7bb8b5a09145b88d0f3f884c0e137e45a1f48462b7fb4 |
| SHA512 | df8afa3f2b3b0fe4156f088eee9e27cabfc1d2313ae190a077ff6e8f3ac623ba87b0a2e15bf15701ab97e58f39cd62135b9e3f4c4153517d5e18b370fb6c63df |
C:\Windows\{87431D0F-4D1E-4a23-AFCB-C6239747F4C0}.exe
| MD5 | 0bbccb98b8dec5d87c9387b68467de64 |
| SHA1 | 8e15fdf5e28cc967e53b12c38404c111aedcad5c |
| SHA256 | 8701ff50be69c0b1f72b97eb7b6a5592fe953198be7e41287395c30110c6ae6f |
| SHA512 | 522881606a737271ae2896081a10f479db3e46a7a5530531162bd44617e2993dc6aa933641a09a902c73a46c968fdd934fdea6df1d3c3d73d3376bcb1e88804c |
C:\Windows\{9133B1DE-2B4B-46bc-B996-CE3AABB167A9}.exe
| MD5 | 733075295c9d4f2a9ccda6e5cb372131 |
| SHA1 | 3a7dfb07e29018032d85902aeaf9ef04399e9f95 |
| SHA256 | 41bb38202c598f28c93c579536f86c2de3a2235084333b7c5e7949e8684525e3 |
| SHA512 | 93263930dce05349af7af88a15cad3e956221d384fce5c576266d8e17814a54c5c066675bdfbbf4835958ccde1700a5acdb77e8f5ce1314ec24e32ca5a7909f1 |
C:\Windows\{A2C3E774-59E5-4ff5-B687-FE701689EB14}.exe
| MD5 | e0a4cc304a27c881abbfc01289459d19 |
| SHA1 | 5f6ea5a2e1792b32c9e82519bf460e53169e808b |
| SHA256 | 7122f690889dfbd1ed4ce546d9c83e2537b8b8fdb4270e61d13a1e3bec757ee9 |
| SHA512 | f90441e6a6b9cefa3be9f618ac02f98d9c7cc9605d7af57b17e28da164adfe65e2663ab02d3fb5f27a0952ec5ae09d88c434817a5dc67bec715effee0948ec3a |
C:\Windows\{0B9D4CFD-2966-4eed-8442-A0811AFABA47}.exe
| MD5 | 1e67d672ba4473f572081cc44b23046b |
| SHA1 | f08b2fe030456c822b5b0f3b670bb52ad0b20f50 |
| SHA256 | 7935b164bea338415261b0a91c95ef5f83a12c57909aec276b101d45d88ce7d8 |
| SHA512 | a0dd0342526a9db5cb797c7a124d93ac4fced7bb7d6ac246452dbb12e7744987c55a24f3b5d247a39cef21573f459fdeecf5b24963d2cb0fc8b4ef36beb29cd2 |
C:\Windows\{CDE21332-EB8C-40ff-8DA2-64CA29C2BBD1}.exe
| MD5 | 69bc1ab2a99e9531f7bb99886cf022c2 |
| SHA1 | b456c333b5de19a090dfec5228c81eb65ebe303c |
| SHA256 | 30a4fc80b401da0cbb771838f5f9cf8d71b9a26f1b355b5ad81298eee321e4d5 |
| SHA512 | a432aa2ba733936ad514e51176e8b1ca810cb660c49b965854434f99ca717739841f7a332b297bf570d6c2c56da897bf156d8b2daee78ddfe875964424f6c38e |
C:\Windows\{B8C07498-8388-467a-B213-9B5115E20186}.exe
| MD5 | 9738455a1098e34cfb65170366290d41 |
| SHA1 | a0522dde1ce313aa792afddc14ac5194ddbe712b |
| SHA256 | 01775becc18f72ba4f07d39b3e6957b793202ff923f9da2dfcf3a2947e00ca60 |
| SHA512 | f6df89469cedc66da82368dfe78c60315186646b111221a129cfb9b6ad2e71b4e4d11f5c8ac10f80f8408349e181e72ed63705f36241f4267e67f3fea9e6e027 |
C:\Windows\{59215EA6-93A1-40dc-A8F7-E0214AAAD562}.exe
| MD5 | de2e5cc37a307e545c83586be2396047 |
| SHA1 | 42651372aa40208a14dbc10310824240f73b3059 |
| SHA256 | 193c225da6f5d4040f479094e721485fae09306aeb2eadc7f8439ef65432b81c |
| SHA512 | 6bdb41559736fe6d0dc75f2e81f93f028e76aea5f6acd2288f311c372a996c021a38f2a74e629a819b68666e5ccbbac9806a56e1b58fa6f637ca17ae525b755f |
C:\Windows\{FA48EB78-5FE5-49b9-AEF2-FE3F209239D1}.exe
| MD5 | 603a29dcd7b1592bca898f5040a886c9 |
| SHA1 | 4f619dce77fdcab53dff39cc0dec7c12e15cb818 |
| SHA256 | 77288278e856b01045933ce6489f8368ee054855d70546648059068b0d72f263 |
| SHA512 | b25a6f3c6968edec96bf8543260b584da9aa1ef6e4393a07bb5002bead0e71551f475ef633dfdceef9ee03cfdbdb8e00274dfd2ec189125dd29e56f3483bfc18 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 18:24
Reported
2024-04-07 18:27
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
156s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{69AD0E30-5C72-4972-8ADA-033698153D5D} | C:\Users\Admin\AppData\Local\Temp\2024-04-07_8c67995833d225fec4058ef2767ccfc3_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6E78C6A8-413B-4ea1-B195-043BB1A4A5A8} | C:\Windows\{9AEF254F-F43B-44ba-846D-AA9A9C1FB1AC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{46494377-F956-473d-8783-F4D6CB7DF16C} | C:\Windows\{954C3D71-5268-4731-9EA8-0B74D2B76E09}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{20796186-C809-46e9-AA62-FEE02AD318A9} | C:\Windows\{46494377-F956-473d-8783-F4D6CB7DF16C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{20796186-C809-46e9-AA62-FEE02AD318A9}\stubpath = "C:\\Windows\\{20796186-C809-46e9-AA62-FEE02AD318A9}.exe" | C:\Windows\{46494377-F956-473d-8783-F4D6CB7DF16C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{51D23301-4294-4d2d-8B11-DA2AC8834B14}\stubpath = "C:\\Windows\\{51D23301-4294-4d2d-8B11-DA2AC8834B14}.exe" | C:\Windows\{20796186-C809-46e9-AA62-FEE02AD318A9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9669F571-58D3-457d-99A4-C87C7DEE27A5} | C:\Windows\{51D23301-4294-4d2d-8B11-DA2AC8834B14}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2F5C8348-657F-4cbf-B8D1-4AEB182933DC}\stubpath = "C:\\Windows\\{2F5C8348-657F-4cbf-B8D1-4AEB182933DC}.exe" | C:\Windows\{D9833F14-AAEF-4134-AB6E-04A6BC67D24C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B124C05F-AA98-4252-8045-A96047CF4392}\stubpath = "C:\\Windows\\{B124C05F-AA98-4252-8045-A96047CF4392}.exe" | C:\Windows\{6E78C6A8-413B-4ea1-B195-043BB1A4A5A8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D9833F14-AAEF-4134-AB6E-04A6BC67D24C} | C:\Windows\{9669F571-58D3-457d-99A4-C87C7DEE27A5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D9833F14-AAEF-4134-AB6E-04A6BC67D24C}\stubpath = "C:\\Windows\\{D9833F14-AAEF-4134-AB6E-04A6BC67D24C}.exe" | C:\Windows\{9669F571-58D3-457d-99A4-C87C7DEE27A5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{69AD0E30-5C72-4972-8ADA-033698153D5D}\stubpath = "C:\\Windows\\{69AD0E30-5C72-4972-8ADA-033698153D5D}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-07_8c67995833d225fec4058ef2767ccfc3_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9AEF254F-F43B-44ba-846D-AA9A9C1FB1AC} | C:\Windows\{69AD0E30-5C72-4972-8ADA-033698153D5D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6E78C6A8-413B-4ea1-B195-043BB1A4A5A8}\stubpath = "C:\\Windows\\{6E78C6A8-413B-4ea1-B195-043BB1A4A5A8}.exe" | C:\Windows\{9AEF254F-F43B-44ba-846D-AA9A9C1FB1AC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B124C05F-AA98-4252-8045-A96047CF4392} | C:\Windows\{6E78C6A8-413B-4ea1-B195-043BB1A4A5A8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{954C3D71-5268-4731-9EA8-0B74D2B76E09} | C:\Windows\{B124C05F-AA98-4252-8045-A96047CF4392}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{954C3D71-5268-4731-9EA8-0B74D2B76E09}\stubpath = "C:\\Windows\\{954C3D71-5268-4731-9EA8-0B74D2B76E09}.exe" | C:\Windows\{B124C05F-AA98-4252-8045-A96047CF4392}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{46494377-F956-473d-8783-F4D6CB7DF16C}\stubpath = "C:\\Windows\\{46494377-F956-473d-8783-F4D6CB7DF16C}.exe" | C:\Windows\{954C3D71-5268-4731-9EA8-0B74D2B76E09}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{51D23301-4294-4d2d-8B11-DA2AC8834B14} | C:\Windows\{20796186-C809-46e9-AA62-FEE02AD318A9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2F5C8348-657F-4cbf-B8D1-4AEB182933DC} | C:\Windows\{D9833F14-AAEF-4134-AB6E-04A6BC67D24C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9AEF254F-F43B-44ba-846D-AA9A9C1FB1AC}\stubpath = "C:\\Windows\\{9AEF254F-F43B-44ba-846D-AA9A9C1FB1AC}.exe" | C:\Windows\{69AD0E30-5C72-4972-8ADA-033698153D5D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9669F571-58D3-457d-99A4-C87C7DEE27A5}\stubpath = "C:\\Windows\\{9669F571-58D3-457d-99A4-C87C7DEE27A5}.exe" | C:\Windows\{51D23301-4294-4d2d-8B11-DA2AC8834B14}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{615AE48F-379C-474b-B573-CA8696803F47} | C:\Windows\{2F5C8348-657F-4cbf-B8D1-4AEB182933DC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{615AE48F-379C-474b-B573-CA8696803F47}\stubpath = "C:\\Windows\\{615AE48F-379C-474b-B573-CA8696803F47}.exe" | C:\Windows\{2F5C8348-657F-4cbf-B8D1-4AEB182933DC}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{69AD0E30-5C72-4972-8ADA-033698153D5D}.exe | N/A |
| N/A | N/A | C:\Windows\{9AEF254F-F43B-44ba-846D-AA9A9C1FB1AC}.exe | N/A |
| N/A | N/A | C:\Windows\{6E78C6A8-413B-4ea1-B195-043BB1A4A5A8}.exe | N/A |
| N/A | N/A | C:\Windows\{B124C05F-AA98-4252-8045-A96047CF4392}.exe | N/A |
| N/A | N/A | C:\Windows\{954C3D71-5268-4731-9EA8-0B74D2B76E09}.exe | N/A |
| N/A | N/A | C:\Windows\{46494377-F956-473d-8783-F4D6CB7DF16C}.exe | N/A |
| N/A | N/A | C:\Windows\{20796186-C809-46e9-AA62-FEE02AD318A9}.exe | N/A |
| N/A | N/A | C:\Windows\{51D23301-4294-4d2d-8B11-DA2AC8834B14}.exe | N/A |
| N/A | N/A | C:\Windows\{9669F571-58D3-457d-99A4-C87C7DEE27A5}.exe | N/A |
| N/A | N/A | C:\Windows\{D9833F14-AAEF-4134-AB6E-04A6BC67D24C}.exe | N/A |
| N/A | N/A | C:\Windows\{2F5C8348-657F-4cbf-B8D1-4AEB182933DC}.exe | N/A |
| N/A | N/A | C:\Windows\{615AE48F-379C-474b-B573-CA8696803F47}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{69AD0E30-5C72-4972-8ADA-033698153D5D}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_8c67995833d225fec4058ef2767ccfc3_goldeneye.exe | N/A |
| File created | C:\Windows\{20796186-C809-46e9-AA62-FEE02AD318A9}.exe | C:\Windows\{46494377-F956-473d-8783-F4D6CB7DF16C}.exe | N/A |
| File created | C:\Windows\{46494377-F956-473d-8783-F4D6CB7DF16C}.exe | C:\Windows\{954C3D71-5268-4731-9EA8-0B74D2B76E09}.exe | N/A |
| File created | C:\Windows\{51D23301-4294-4d2d-8B11-DA2AC8834B14}.exe | C:\Windows\{20796186-C809-46e9-AA62-FEE02AD318A9}.exe | N/A |
| File created | C:\Windows\{9669F571-58D3-457d-99A4-C87C7DEE27A5}.exe | C:\Windows\{51D23301-4294-4d2d-8B11-DA2AC8834B14}.exe | N/A |
| File created | C:\Windows\{D9833F14-AAEF-4134-AB6E-04A6BC67D24C}.exe | C:\Windows\{9669F571-58D3-457d-99A4-C87C7DEE27A5}.exe | N/A |
| File created | C:\Windows\{9AEF254F-F43B-44ba-846D-AA9A9C1FB1AC}.exe | C:\Windows\{69AD0E30-5C72-4972-8ADA-033698153D5D}.exe | N/A |
| File created | C:\Windows\{6E78C6A8-413B-4ea1-B195-043BB1A4A5A8}.exe | C:\Windows\{9AEF254F-F43B-44ba-846D-AA9A9C1FB1AC}.exe | N/A |
| File created | C:\Windows\{B124C05F-AA98-4252-8045-A96047CF4392}.exe | C:\Windows\{6E78C6A8-413B-4ea1-B195-043BB1A4A5A8}.exe | N/A |
| File created | C:\Windows\{954C3D71-5268-4731-9EA8-0B74D2B76E09}.exe | C:\Windows\{B124C05F-AA98-4252-8045-A96047CF4392}.exe | N/A |
| File created | C:\Windows\{2F5C8348-657F-4cbf-B8D1-4AEB182933DC}.exe | C:\Windows\{D9833F14-AAEF-4134-AB6E-04A6BC67D24C}.exe | N/A |
| File created | C:\Windows\{615AE48F-379C-474b-B573-CA8696803F47}.exe | C:\Windows\{2F5C8348-657F-4cbf-B8D1-4AEB182933DC}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-07_8c67995833d225fec4058ef2767ccfc3_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-07_8c67995833d225fec4058ef2767ccfc3_goldeneye.exe"
C:\Windows\{69AD0E30-5C72-4972-8ADA-033698153D5D}.exe
C:\Windows\{69AD0E30-5C72-4972-8ADA-033698153D5D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{9AEF254F-F43B-44ba-846D-AA9A9C1FB1AC}.exe
C:\Windows\{9AEF254F-F43B-44ba-846D-AA9A9C1FB1AC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{69AD0~1.EXE > nul
C:\Windows\{6E78C6A8-413B-4ea1-B195-043BB1A4A5A8}.exe
C:\Windows\{6E78C6A8-413B-4ea1-B195-043BB1A4A5A8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9AEF2~1.EXE > nul
C:\Windows\{B124C05F-AA98-4252-8045-A96047CF4392}.exe
C:\Windows\{B124C05F-AA98-4252-8045-A96047CF4392}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6E78C~1.EXE > nul
C:\Windows\{954C3D71-5268-4731-9EA8-0B74D2B76E09}.exe
C:\Windows\{954C3D71-5268-4731-9EA8-0B74D2B76E09}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B124C~1.EXE > nul
C:\Windows\{46494377-F956-473d-8783-F4D6CB7DF16C}.exe
C:\Windows\{46494377-F956-473d-8783-F4D6CB7DF16C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{954C3~1.EXE > nul
C:\Windows\{20796186-C809-46e9-AA62-FEE02AD318A9}.exe
C:\Windows\{20796186-C809-46e9-AA62-FEE02AD318A9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{46494~1.EXE > nul
C:\Windows\{51D23301-4294-4d2d-8B11-DA2AC8834B14}.exe
C:\Windows\{51D23301-4294-4d2d-8B11-DA2AC8834B14}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{20796~1.EXE > nul
C:\Windows\{9669F571-58D3-457d-99A4-C87C7DEE27A5}.exe
C:\Windows\{9669F571-58D3-457d-99A4-C87C7DEE27A5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{51D23~1.EXE > nul
C:\Windows\{D9833F14-AAEF-4134-AB6E-04A6BC67D24C}.exe
C:\Windows\{D9833F14-AAEF-4134-AB6E-04A6BC67D24C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9669F~1.EXE > nul
C:\Windows\{2F5C8348-657F-4cbf-B8D1-4AEB182933DC}.exe
C:\Windows\{2F5C8348-657F-4cbf-B8D1-4AEB182933DC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D9833~1.EXE > nul
C:\Windows\{615AE48F-379C-474b-B573-CA8696803F47}.exe
C:\Windows\{615AE48F-379C-474b-B573-CA8696803F47}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2F5C8~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.143.109.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.173.189.20.in-addr.arpa | udp |
Files
C:\Windows\{69AD0E30-5C72-4972-8ADA-033698153D5D}.exe
| MD5 | dedbb4a21c8cb96e68d8a48afce9dc4b |
| SHA1 | 4ec0e5c76f9c0b0d3b5cdb7085d5556656652f47 |
| SHA256 | 4bfd8d53825d21e5cccdc7d624e910dd498ed189a8547d1a40cceb7dbc4b03f2 |
| SHA512 | 48cd4b5d3c67e55c76a428d5db5cca833a4b69ce4a011f6e4480eac22590407826e2e21bceeeae9ff01a741cdb04091dba43cec443ec9b831ac43ad1d90f2542 |
C:\Windows\{9AEF254F-F43B-44ba-846D-AA9A9C1FB1AC}.exe
| MD5 | 8764ca4173ee3854370d419746d02be1 |
| SHA1 | 0b5dca907685159ab3757f2aef7ddfa804571d6e |
| SHA256 | 96fab3c27830489548a207897067003a9bc8fd141b9086f0772c45acf0a5d2b0 |
| SHA512 | 5321b81dbd73d7bd6f8a30b73bd2a04d3eb85943678b711bb17984c1ea6eb45814528defc9d66151bde575d278c1c35a6c156aee3d5653f62dc51680bd8709bc |
C:\Windows\{6E78C6A8-413B-4ea1-B195-043BB1A4A5A8}.exe
| MD5 | 72add08a7fe4edbd9f6f8f772955fab7 |
| SHA1 | ac3c3c2bf19407c0b6bd2321e3224e6a69e0fdce |
| SHA256 | 1ba82af1286fe44240ee11fafc10fe0b41dbbd3e4c341cbecfa46455b9cf9625 |
| SHA512 | ef982069337e7d5e09b01181133470714f2f09b453e77987a801e6a7fc72a589a065159cece4189a9a7982926f9c53cd278e752734bfc269f6052e283047493c |
C:\Windows\{B124C05F-AA98-4252-8045-A96047CF4392}.exe
| MD5 | 89b710518ca00d5a34c44030f2361c72 |
| SHA1 | 3dcc5b83709086a09f316fbc4d4266f66fca5da2 |
| SHA256 | 87d4f1d589e1de32641619052e61eab68aa4d24022420913032821ca82983d5d |
| SHA512 | 82a909dbb185b2e4d2c750fdbc670c2d16dbd2656f115b3e5d31a686a98dbfa701b261a11b3934a336746a401d5c9cfcfcec0dc43a23f45dcb98893684317dc1 |
C:\Windows\{954C3D71-5268-4731-9EA8-0B74D2B76E09}.exe
| MD5 | d2b3cf41526d12a408ead0393d256516 |
| SHA1 | f7febde408852e80876b9ff1711216f0c6bd81fb |
| SHA256 | 48e60085828790b7da9e699d8d25417ff67b525684ad0c96f886b55ae628f88f |
| SHA512 | 3e7c6567de9b390ee2b28f6f9bb48fff525efeac91c57dfde8cfece5e0eea03d0c9754d6c43c2df72abe24292c4629e0ee163c0d6dae3f88abdf6c27f5c06828 |
C:\Windows\{46494377-F956-473d-8783-F4D6CB7DF16C}.exe
| MD5 | ca7109822e6cfaf2a1af577244f2920c |
| SHA1 | 5d80052b368c2ee9844c8b520fd1d78d74289009 |
| SHA256 | 795e91e405957dc4e8f14dd581cf06dcafcff227ace3edeb7f72d28ab3d1ab23 |
| SHA512 | 5b68b3c17e517320960fba33f925bfa709e0aa108767f690dbecb5cb4cd74d39c2bfee3f240a0e4388734dc133fbb7857099378cbe8383898f23a5873d945471 |
C:\Windows\{20796186-C809-46e9-AA62-FEE02AD318A9}.exe
| MD5 | 638e397f7fe47de270e0220ce4b7ba20 |
| SHA1 | 3e09eb275628d8e178832486db75c94d5e1fcc83 |
| SHA256 | 3330a2d2249afca14cccae0273b4a62d72bfacc2302479e885119e408f38eff7 |
| SHA512 | 048b2a802c43a93a5f09c4154f14b7371ac84ad66e66f5630e4f97ce4dc105235a4d131f0ae624fb93695b15add73e52b9c3c47b57f0eb22fbf489543df28838 |
C:\Windows\{51D23301-4294-4d2d-8B11-DA2AC8834B14}.exe
| MD5 | e02d46a1fde63d3d7e9dc98635590596 |
| SHA1 | 2f15c4c7c5f792b61860e116f1523012951f766c |
| SHA256 | a7cd600a3cc97d1f6ebfeb316298898fd7620fd19e0875325779f7bb6451e5fe |
| SHA512 | 48c60b0f99f736fa33c600e8d038ed9e3fe1a9583a6b4fb301d92b8303fc60db797e47163c5d63f98a79f47a68cc4cfdf84498a7dcd74fd697f8c53e71241e3e |
C:\Windows\{9669F571-58D3-457d-99A4-C87C7DEE27A5}.exe
| MD5 | 7bb1314b66001ae9f3756898ff3d98bd |
| SHA1 | 1ee8f75be0374fe1a303bdc115ae9b7fc330759b |
| SHA256 | a56331ba3f5f0cc3ab2534f390dc9bb5e7eb4dd9cf941d7895c998e1bfda0858 |
| SHA512 | e1cb46fc3c8ef58904ca409d5a05506f027e10b8910a294ac2988aa6a846cd445c861f0ff160cbd766e3e31f437c7f9f263f7e1325575a569ee7e28d1f766e18 |
C:\Windows\{D9833F14-AAEF-4134-AB6E-04A6BC67D24C}.exe
| MD5 | 0e50b84893c33492b3919db64f7fe0bc |
| SHA1 | 49cc65d91e7e9d35208e34469cd9979308852305 |
| SHA256 | 38d6dccff438e42184318c7c565400aeaddfd3c8387f654edd06ffca4d5600fa |
| SHA512 | 29d252027aaa2ba133c0607a34af5ff26793d59c6f82d17950cab06a92e0f4855bbbe2d8842eb05cfa06bc3f48267be41b944a49f3bc07bfa57c7e965eb1de12 |
C:\Windows\{2F5C8348-657F-4cbf-B8D1-4AEB182933DC}.exe
| MD5 | ae76382ad8378c2c87874091f255b0d5 |
| SHA1 | 2972fb2a946c240c59b848855086d9c4adf6998b |
| SHA256 | 16e203977448b20094136871ac2620bfb111d32950e765a674967d17d1a73a58 |
| SHA512 | 47fcb8f19849afc26f8517f5126a5c1f01a0ef6f6746ffd53d891ae5e233053c47e83ce84f3e0f13834b5a986ca0df292cb93eb7056f7964cd56bd42b5f24146 |
C:\Windows\{615AE48F-379C-474b-B573-CA8696803F47}.exe
| MD5 | 7271f7fd4216b79aad1ba93621fb8cf3 |
| SHA1 | 7d976676e12cc7ff39f016ab3f8b47993a616ce1 |
| SHA256 | e6992493d49ada8329da39ceb3a51e99a30d338ad30615facee18372922ebe25 |
| SHA512 | b474c76b29eba4348cd89d124b052d334adbd44e7b6dfd90212079595bb78c6404c39f94a59ac1572cced13836ce40317913b71d69b3bda3987344a594bb382c |