Analysis Overview
SHA256
5ccfe0b40b6ec665f752ebac66c12558b4b987ec716d6e22db495388df57019d
Threat Level: Known bad
The file 2024-06-03_27e9afa001da14b6afe70b6d9471bffa_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 05:54
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 05:54
Reported
2024-06-03 05:56
Platform
win7-20240508-en
Max time kernel
144s
Max time network
121s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D44B4254-9B52-471d-B70F-42BAF794A13A}\stubpath = "C:\\Windows\\{D44B4254-9B52-471d-B70F-42BAF794A13A}.exe" | C:\Windows\{5B88DA58-FF35-42ea-A373-A4EB7AF98AE2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F69BDE90-4A04-406d-A2FF-1119A0F35E69} | C:\Windows\{D44B4254-9B52-471d-B70F-42BAF794A13A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{71581408-3C2C-4b3a-828C-EB7A94492DAB} | C:\Windows\{C6BEA092-6497-474a-B1A4-55EEBD8AF719}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{71581408-3C2C-4b3a-828C-EB7A94492DAB}\stubpath = "C:\\Windows\\{71581408-3C2C-4b3a-828C-EB7A94492DAB}.exe" | C:\Windows\{C6BEA092-6497-474a-B1A4-55EEBD8AF719}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E1132057-952A-4365-9945-D35435E2C9D6}\stubpath = "C:\\Windows\\{E1132057-952A-4365-9945-D35435E2C9D6}.exe" | C:\Windows\{F84BFE49-A18D-4b57-93FE-594A95DF22D4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A1A26742-0014-4b9c-84BE-34192C2E42FE} | C:\Windows\{06F84650-5581-4dad-8BF0-7F1DF5058A46}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C6BEA092-6497-474a-B1A4-55EEBD8AF719} | C:\Windows\{A1A26742-0014-4b9c-84BE-34192C2E42FE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C6BEA092-6497-474a-B1A4-55EEBD8AF719}\stubpath = "C:\\Windows\\{C6BEA092-6497-474a-B1A4-55EEBD8AF719}.exe" | C:\Windows\{A1A26742-0014-4b9c-84BE-34192C2E42FE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D44B4254-9B52-471d-B70F-42BAF794A13A} | C:\Windows\{5B88DA58-FF35-42ea-A373-A4EB7AF98AE2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F84BFE49-A18D-4b57-93FE-594A95DF22D4}\stubpath = "C:\\Windows\\{F84BFE49-A18D-4b57-93FE-594A95DF22D4}.exe" | C:\Windows\{F69BDE90-4A04-406d-A2FF-1119A0F35E69}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{06F84650-5581-4dad-8BF0-7F1DF5058A46} | C:\Windows\{E1132057-952A-4365-9945-D35435E2C9D6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{06F84650-5581-4dad-8BF0-7F1DF5058A46}\stubpath = "C:\\Windows\\{06F84650-5581-4dad-8BF0-7F1DF5058A46}.exe" | C:\Windows\{E1132057-952A-4365-9945-D35435E2C9D6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AE74FCD3-F452-4550-8F33-68BAD6F52437} | C:\Users\Admin\AppData\Local\Temp\2024-06-03_27e9afa001da14b6afe70b6d9471bffa_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AE74FCD3-F452-4550-8F33-68BAD6F52437}\stubpath = "C:\\Windows\\{AE74FCD3-F452-4550-8F33-68BAD6F52437}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-03_27e9afa001da14b6afe70b6d9471bffa_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3EA2FA91-4B32-443d-88C5-FED832668A23}\stubpath = "C:\\Windows\\{3EA2FA91-4B32-443d-88C5-FED832668A23}.exe" | C:\Windows\{AE74FCD3-F452-4550-8F33-68BAD6F52437}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5B88DA58-FF35-42ea-A373-A4EB7AF98AE2}\stubpath = "C:\\Windows\\{5B88DA58-FF35-42ea-A373-A4EB7AF98AE2}.exe" | C:\Windows\{3EA2FA91-4B32-443d-88C5-FED832668A23}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A1A26742-0014-4b9c-84BE-34192C2E42FE}\stubpath = "C:\\Windows\\{A1A26742-0014-4b9c-84BE-34192C2E42FE}.exe" | C:\Windows\{06F84650-5581-4dad-8BF0-7F1DF5058A46}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E1132057-952A-4365-9945-D35435E2C9D6} | C:\Windows\{F84BFE49-A18D-4b57-93FE-594A95DF22D4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3EA2FA91-4B32-443d-88C5-FED832668A23} | C:\Windows\{AE74FCD3-F452-4550-8F33-68BAD6F52437}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5B88DA58-FF35-42ea-A373-A4EB7AF98AE2} | C:\Windows\{3EA2FA91-4B32-443d-88C5-FED832668A23}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F69BDE90-4A04-406d-A2FF-1119A0F35E69}\stubpath = "C:\\Windows\\{F69BDE90-4A04-406d-A2FF-1119A0F35E69}.exe" | C:\Windows\{D44B4254-9B52-471d-B70F-42BAF794A13A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F84BFE49-A18D-4b57-93FE-594A95DF22D4} | C:\Windows\{F69BDE90-4A04-406d-A2FF-1119A0F35E69}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{AE74FCD3-F452-4550-8F33-68BAD6F52437}.exe | N/A |
| N/A | N/A | C:\Windows\{3EA2FA91-4B32-443d-88C5-FED832668A23}.exe | N/A |
| N/A | N/A | C:\Windows\{5B88DA58-FF35-42ea-A373-A4EB7AF98AE2}.exe | N/A |
| N/A | N/A | C:\Windows\{D44B4254-9B52-471d-B70F-42BAF794A13A}.exe | N/A |
| N/A | N/A | C:\Windows\{F69BDE90-4A04-406d-A2FF-1119A0F35E69}.exe | N/A |
| N/A | N/A | C:\Windows\{F84BFE49-A18D-4b57-93FE-594A95DF22D4}.exe | N/A |
| N/A | N/A | C:\Windows\{E1132057-952A-4365-9945-D35435E2C9D6}.exe | N/A |
| N/A | N/A | C:\Windows\{06F84650-5581-4dad-8BF0-7F1DF5058A46}.exe | N/A |
| N/A | N/A | C:\Windows\{A1A26742-0014-4b9c-84BE-34192C2E42FE}.exe | N/A |
| N/A | N/A | C:\Windows\{C6BEA092-6497-474a-B1A4-55EEBD8AF719}.exe | N/A |
| N/A | N/A | C:\Windows\{71581408-3C2C-4b3a-828C-EB7A94492DAB}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{C6BEA092-6497-474a-B1A4-55EEBD8AF719}.exe | C:\Windows\{A1A26742-0014-4b9c-84BE-34192C2E42FE}.exe | N/A |
| File created | C:\Windows\{06F84650-5581-4dad-8BF0-7F1DF5058A46}.exe | C:\Windows\{E1132057-952A-4365-9945-D35435E2C9D6}.exe | N/A |
| File created | C:\Windows\{AE74FCD3-F452-4550-8F33-68BAD6F52437}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-03_27e9afa001da14b6afe70b6d9471bffa_goldeneye.exe | N/A |
| File created | C:\Windows\{3EA2FA91-4B32-443d-88C5-FED832668A23}.exe | C:\Windows\{AE74FCD3-F452-4550-8F33-68BAD6F52437}.exe | N/A |
| File created | C:\Windows\{5B88DA58-FF35-42ea-A373-A4EB7AF98AE2}.exe | C:\Windows\{3EA2FA91-4B32-443d-88C5-FED832668A23}.exe | N/A |
| File created | C:\Windows\{D44B4254-9B52-471d-B70F-42BAF794A13A}.exe | C:\Windows\{5B88DA58-FF35-42ea-A373-A4EB7AF98AE2}.exe | N/A |
| File created | C:\Windows\{F69BDE90-4A04-406d-A2FF-1119A0F35E69}.exe | C:\Windows\{D44B4254-9B52-471d-B70F-42BAF794A13A}.exe | N/A |
| File created | C:\Windows\{F84BFE49-A18D-4b57-93FE-594A95DF22D4}.exe | C:\Windows\{F69BDE90-4A04-406d-A2FF-1119A0F35E69}.exe | N/A |
| File created | C:\Windows\{E1132057-952A-4365-9945-D35435E2C9D6}.exe | C:\Windows\{F84BFE49-A18D-4b57-93FE-594A95DF22D4}.exe | N/A |
| File created | C:\Windows\{A1A26742-0014-4b9c-84BE-34192C2E42FE}.exe | C:\Windows\{06F84650-5581-4dad-8BF0-7F1DF5058A46}.exe | N/A |
| File created | C:\Windows\{71581408-3C2C-4b3a-828C-EB7A94492DAB}.exe | C:\Windows\{C6BEA092-6497-474a-B1A4-55EEBD8AF719}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-03_27e9afa001da14b6afe70b6d9471bffa_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-03_27e9afa001da14b6afe70b6d9471bffa_goldeneye.exe"
C:\Windows\{AE74FCD3-F452-4550-8F33-68BAD6F52437}.exe
C:\Windows\{AE74FCD3-F452-4550-8F33-68BAD6F52437}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{3EA2FA91-4B32-443d-88C5-FED832668A23}.exe
C:\Windows\{3EA2FA91-4B32-443d-88C5-FED832668A23}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{AE74F~1.EXE > nul
C:\Windows\{5B88DA58-FF35-42ea-A373-A4EB7AF98AE2}.exe
C:\Windows\{5B88DA58-FF35-42ea-A373-A4EB7AF98AE2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3EA2F~1.EXE > nul
C:\Windows\{D44B4254-9B52-471d-B70F-42BAF794A13A}.exe
C:\Windows\{D44B4254-9B52-471d-B70F-42BAF794A13A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5B88D~1.EXE > nul
C:\Windows\{F69BDE90-4A04-406d-A2FF-1119A0F35E69}.exe
C:\Windows\{F69BDE90-4A04-406d-A2FF-1119A0F35E69}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D44B4~1.EXE > nul
C:\Windows\{F84BFE49-A18D-4b57-93FE-594A95DF22D4}.exe
C:\Windows\{F84BFE49-A18D-4b57-93FE-594A95DF22D4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F69BD~1.EXE > nul
C:\Windows\{E1132057-952A-4365-9945-D35435E2C9D6}.exe
C:\Windows\{E1132057-952A-4365-9945-D35435E2C9D6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F84BF~1.EXE > nul
C:\Windows\{06F84650-5581-4dad-8BF0-7F1DF5058A46}.exe
C:\Windows\{06F84650-5581-4dad-8BF0-7F1DF5058A46}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E1132~1.EXE > nul
C:\Windows\{A1A26742-0014-4b9c-84BE-34192C2E42FE}.exe
C:\Windows\{A1A26742-0014-4b9c-84BE-34192C2E42FE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{06F84~1.EXE > nul
C:\Windows\{C6BEA092-6497-474a-B1A4-55EEBD8AF719}.exe
C:\Windows\{C6BEA092-6497-474a-B1A4-55EEBD8AF719}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A1A26~1.EXE > nul
C:\Windows\{71581408-3C2C-4b3a-828C-EB7A94492DAB}.exe
C:\Windows\{71581408-3C2C-4b3a-828C-EB7A94492DAB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C6BEA~1.EXE > nul
Network
Files
C:\Windows\{AE74FCD3-F452-4550-8F33-68BAD6F52437}.exe
| MD5 | d93eb3dc5a8e1ae32bb6895a45198a16 |
| SHA1 | afb94e429836b37dabdee2163822bcd582267ae4 |
| SHA256 | b5cb0fd79985f6a8ed83c4dc1a17eac5a187e45660a3bfb57294a7821fe00ad5 |
| SHA512 | f4a4159f7d487b21c6113499bbefb6b6289d92c9a9d7fcddf8e2e8ea2bce5c6138d15e7f6770bb9b9ad53a1f9ba709a193aa5443cd80b9ab22d8445fb051f157 |
C:\Windows\{3EA2FA91-4B32-443d-88C5-FED832668A23}.exe
| MD5 | e85fae0d4d878f73e3526047434fecc4 |
| SHA1 | edea0ed1ed827d1669b4765ee26c4e737f4a3b45 |
| SHA256 | 89de24bcf1b01491ff8732570b6fa5ccc76385fdd84697d82f18828a34efcbc0 |
| SHA512 | de42d19355e5c3463214f43eb67aa565ffc259192f532069b3195a9f72a417291e3fefe338bc4d1fd143ee7e324e0a98f88e2a995079d61451f06eb4feccca8e |
C:\Windows\{5B88DA58-FF35-42ea-A373-A4EB7AF98AE2}.exe
| MD5 | 5ab6bf9ca1e70cb56b0a376fec149e2e |
| SHA1 | ed59886d79c4395297030b0c53e7e1c790d1bdb1 |
| SHA256 | d31fd82410985ca8aa5b85905843a40e1fdfe31c05f1b1a022075597a041c41d |
| SHA512 | 93b67deb0e6cd1f5b0b39979444039b85a25aefbba0cb3f17fe7cb402e410eaf03e794cd239afe9853b04787d8dec6fd71358ea7d858850e0c76d735bbbf5220 |
C:\Windows\{D44B4254-9B52-471d-B70F-42BAF794A13A}.exe
| MD5 | ee33fb7f2a4738c3fb726ccfd5672dd2 |
| SHA1 | f99929eba7d1122e6cdad4481666e58e100bf009 |
| SHA256 | db4a4e1fd5dbb9e43d09defc0abb5eeffe1cf435968d3a0ae4f3acf7c1ffc7d4 |
| SHA512 | deb3e17efac0ef4fdae7973072ab740dafd3cac8cad58903a4a573b44f0e449d7ee6fb3a091ef1775a96cf3eb5641d83b775bb8efd72d2751183c9e879043fc3 |
C:\Windows\{F69BDE90-4A04-406d-A2FF-1119A0F35E69}.exe
| MD5 | db251276dcdf7e264010fb6044568276 |
| SHA1 | b533899247de5b0b71ae014d992e64c031673317 |
| SHA256 | a2e82956bef0833bc8563ea18e9d1316d9f656157bd677a857b38a2cb3d1c1d5 |
| SHA512 | 5a886c71789d902447830e9728a8e85648d8f9f5ce2e1d576a153403e4dc9bfc585bee45a2cc44c93779e87da4fdb8a8027028a563a63a89ecdbae56cfe63432 |
C:\Windows\{F84BFE49-A18D-4b57-93FE-594A95DF22D4}.exe
| MD5 | 3a088d68f6d89d8616f7027ab1f794ca |
| SHA1 | d86327a5a49c736113c21bef5e320a199cc5dd60 |
| SHA256 | 1580edd52b470481b0b0fb281e783e63392ba11716f78f00a883af220ed1010e |
| SHA512 | aac438586e2283bd3f8d41607b85c5b6c72eabc5e6fc45aa216d0d0485566eebd42fe80f8e0be47dbc3c39c3199beb44b2cbe2d1cefca23e495b903295ed4c5b |
C:\Windows\{E1132057-952A-4365-9945-D35435E2C9D6}.exe
| MD5 | c5f4394d9854de2ea764f2948322a142 |
| SHA1 | 062c6618f81e966d6c3368ee7c72943363d871ce |
| SHA256 | 7a37491b73a8535e403e5507b01672df77e2c8320a704f94e36f9c454a7ebe8b |
| SHA512 | 311c6b0f53bf86b47be7935a2969b3de2b411fb506555c0bd612e622e4c3c8ac220c0d8e8cfc3a1e02714a04ea34a9a2d783d8173046d11b04b8995b891bc6d8 |
C:\Windows\{06F84650-5581-4dad-8BF0-7F1DF5058A46}.exe
| MD5 | 158151b8717f96481ee0f93af5af0e3d |
| SHA1 | 4aa122f181a57dc6ae23579f6f122dc31c8d581f |
| SHA256 | 70aecc4d8328ceb00430b0dea709b782c18368404c287b074fdf1896f29788ca |
| SHA512 | ffc183fa2716df52fe9f83a404eee430e093d6cd9dc5d52fce19d735766c68a617624ebfee8c9f647ef268622a2d1029e7234407779837b58e9e1b59ef991803 |
C:\Windows\{A1A26742-0014-4b9c-84BE-34192C2E42FE}.exe
| MD5 | 38350660047c884e9f94d02e3dd23123 |
| SHA1 | df9c611f8513eb36563fdacfb2b0201783ff1172 |
| SHA256 | 40af574028249c1eb571ab16b0cdd0c596278af60e5b62188406efc713361f90 |
| SHA512 | 5d599fe60aad7b525fc6d295e28e37a3b2d8fb26b8aca2745a43b2047a283791f545d3a5521914e92ded2d64a32a203e5604ed6854d9442cd69ac06b07f14619 |
C:\Windows\{C6BEA092-6497-474a-B1A4-55EEBD8AF719}.exe
| MD5 | f982630768851d63bc56d459f57227c5 |
| SHA1 | 4c2d928efcb6877e8b4f938a8c36ff45e6abf96e |
| SHA256 | 9c704047c0d0465b894c1b7d75c23dcf05e42528c64a366d5a7fcf0c3c260845 |
| SHA512 | c6b64c273cca4d1d8bd471d1bfd7f00e035ba82611a013290665f6669321e1a57c7df91316e0c83d3e7187409938900f12311d7eabec948119e2b6ee64e9a94b |
C:\Windows\{71581408-3C2C-4b3a-828C-EB7A94492DAB}.exe
| MD5 | c7243635a9095fee23dff3039e36ef5b |
| SHA1 | b63890dfaf5b4e81287df4c4b2d938e1265cc69b |
| SHA256 | 83dbfe50b8481473ce6a7745740ca32bf8c5dfd19e207e548cca413e16dec2fc |
| SHA512 | 8fcee7316e2f2c5c02b5480dda10ddca4354c77ca36daf9ea37c080f9c359ade6e1fabb5e18dc43ddad6198f8a97ad0c4b289d10e4a0df09f5ff7784ced0b85e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 05:54
Reported
2024-06-03 05:56
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{180CE071-AFA8-469f-8237-0D684ED15B9B}\stubpath = "C:\\Windows\\{180CE071-AFA8-469f-8237-0D684ED15B9B}.exe" | C:\Windows\{CD8670C6-6D0A-47e4-B579-C3721C078671}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4E574702-6458-4453-8CA4-8534A39DC7F9}\stubpath = "C:\\Windows\\{4E574702-6458-4453-8CA4-8534A39DC7F9}.exe" | C:\Windows\{883B9851-BFF0-4b6a-8F56-CE46725EFF44}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{27763C0D-8AE3-4303-A4DF-A11F432C1B3D}\stubpath = "C:\\Windows\\{27763C0D-8AE3-4303-A4DF-A11F432C1B3D}.exe" | C:\Windows\{9989CFA0-0150-45f8-B76F-6FFC4D581CA6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{78DA4EAB-67EF-4b80-AD3F-FC3269C64381}\stubpath = "C:\\Windows\\{78DA4EAB-67EF-4b80-AD3F-FC3269C64381}.exe" | C:\Windows\{92751F6C-53A7-4a27-97A4-A737FE0C817A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9989CFA0-0150-45f8-B76F-6FFC4D581CA6} | C:\Windows\{4E574702-6458-4453-8CA4-8534A39DC7F9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F7A6C776-283E-4282-A5EA-FF1786AE6679} | C:\Windows\{FD772A2D-4A6B-4d5c-A406-F38E12403C00}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{794A3DA1-7472-41a2-A4A2-4F7B4A7EC107} | C:\Users\Admin\AppData\Local\Temp\2024-06-03_27e9afa001da14b6afe70b6d9471bffa_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{794A3DA1-7472-41a2-A4A2-4F7B4A7EC107}\stubpath = "C:\\Windows\\{794A3DA1-7472-41a2-A4A2-4F7B4A7EC107}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-03_27e9afa001da14b6afe70b6d9471bffa_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CD8670C6-6D0A-47e4-B579-C3721C078671}\stubpath = "C:\\Windows\\{CD8670C6-6D0A-47e4-B579-C3721C078671}.exe" | C:\Windows\{C14843B2-7205-4a4b-99E5-CB57A567496E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{92751F6C-53A7-4a27-97A4-A737FE0C817A} | C:\Windows\{180CE071-AFA8-469f-8237-0D684ED15B9B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{92751F6C-53A7-4a27-97A4-A737FE0C817A}\stubpath = "C:\\Windows\\{92751F6C-53A7-4a27-97A4-A737FE0C817A}.exe" | C:\Windows\{180CE071-AFA8-469f-8237-0D684ED15B9B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F7A6C776-283E-4282-A5EA-FF1786AE6679}\stubpath = "C:\\Windows\\{F7A6C776-283E-4282-A5EA-FF1786AE6679}.exe" | C:\Windows\{FD772A2D-4A6B-4d5c-A406-F38E12403C00}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4E574702-6458-4453-8CA4-8534A39DC7F9} | C:\Windows\{883B9851-BFF0-4b6a-8F56-CE46725EFF44}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{FD772A2D-4A6B-4d5c-A406-F38E12403C00} | C:\Windows\{27763C0D-8AE3-4303-A4DF-A11F432C1B3D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C14843B2-7205-4a4b-99E5-CB57A567496E} | C:\Windows\{794A3DA1-7472-41a2-A4A2-4F7B4A7EC107}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C14843B2-7205-4a4b-99E5-CB57A567496E}\stubpath = "C:\\Windows\\{C14843B2-7205-4a4b-99E5-CB57A567496E}.exe" | C:\Windows\{794A3DA1-7472-41a2-A4A2-4F7B4A7EC107}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{78DA4EAB-67EF-4b80-AD3F-FC3269C64381} | C:\Windows\{92751F6C-53A7-4a27-97A4-A737FE0C817A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{883B9851-BFF0-4b6a-8F56-CE46725EFF44} | C:\Windows\{78DA4EAB-67EF-4b80-AD3F-FC3269C64381}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{883B9851-BFF0-4b6a-8F56-CE46725EFF44}\stubpath = "C:\\Windows\\{883B9851-BFF0-4b6a-8F56-CE46725EFF44}.exe" | C:\Windows\{78DA4EAB-67EF-4b80-AD3F-FC3269C64381}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CD8670C6-6D0A-47e4-B579-C3721C078671} | C:\Windows\{C14843B2-7205-4a4b-99E5-CB57A567496E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{180CE071-AFA8-469f-8237-0D684ED15B9B} | C:\Windows\{CD8670C6-6D0A-47e4-B579-C3721C078671}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9989CFA0-0150-45f8-B76F-6FFC4D581CA6}\stubpath = "C:\\Windows\\{9989CFA0-0150-45f8-B76F-6FFC4D581CA6}.exe" | C:\Windows\{4E574702-6458-4453-8CA4-8534A39DC7F9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{27763C0D-8AE3-4303-A4DF-A11F432C1B3D} | C:\Windows\{9989CFA0-0150-45f8-B76F-6FFC4D581CA6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{FD772A2D-4A6B-4d5c-A406-F38E12403C00}\stubpath = "C:\\Windows\\{FD772A2D-4A6B-4d5c-A406-F38E12403C00}.exe" | C:\Windows\{27763C0D-8AE3-4303-A4DF-A11F432C1B3D}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{794A3DA1-7472-41a2-A4A2-4F7B4A7EC107}.exe | N/A |
| N/A | N/A | C:\Windows\{C14843B2-7205-4a4b-99E5-CB57A567496E}.exe | N/A |
| N/A | N/A | C:\Windows\{CD8670C6-6D0A-47e4-B579-C3721C078671}.exe | N/A |
| N/A | N/A | C:\Windows\{180CE071-AFA8-469f-8237-0D684ED15B9B}.exe | N/A |
| N/A | N/A | C:\Windows\{92751F6C-53A7-4a27-97A4-A737FE0C817A}.exe | N/A |
| N/A | N/A | C:\Windows\{78DA4EAB-67EF-4b80-AD3F-FC3269C64381}.exe | N/A |
| N/A | N/A | C:\Windows\{883B9851-BFF0-4b6a-8F56-CE46725EFF44}.exe | N/A |
| N/A | N/A | C:\Windows\{4E574702-6458-4453-8CA4-8534A39DC7F9}.exe | N/A |
| N/A | N/A | C:\Windows\{9989CFA0-0150-45f8-B76F-6FFC4D581CA6}.exe | N/A |
| N/A | N/A | C:\Windows\{27763C0D-8AE3-4303-A4DF-A11F432C1B3D}.exe | N/A |
| N/A | N/A | C:\Windows\{FD772A2D-4A6B-4d5c-A406-F38E12403C00}.exe | N/A |
| N/A | N/A | C:\Windows\{F7A6C776-283E-4282-A5EA-FF1786AE6679}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{794A3DA1-7472-41a2-A4A2-4F7B4A7EC107}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-03_27e9afa001da14b6afe70b6d9471bffa_goldeneye.exe | N/A |
| File created | C:\Windows\{C14843B2-7205-4a4b-99E5-CB57A567496E}.exe | C:\Windows\{794A3DA1-7472-41a2-A4A2-4F7B4A7EC107}.exe | N/A |
| File created | C:\Windows\{CD8670C6-6D0A-47e4-B579-C3721C078671}.exe | C:\Windows\{C14843B2-7205-4a4b-99E5-CB57A567496E}.exe | N/A |
| File created | C:\Windows\{180CE071-AFA8-469f-8237-0D684ED15B9B}.exe | C:\Windows\{CD8670C6-6D0A-47e4-B579-C3721C078671}.exe | N/A |
| File created | C:\Windows\{92751F6C-53A7-4a27-97A4-A737FE0C817A}.exe | C:\Windows\{180CE071-AFA8-469f-8237-0D684ED15B9B}.exe | N/A |
| File created | C:\Windows\{4E574702-6458-4453-8CA4-8534A39DC7F9}.exe | C:\Windows\{883B9851-BFF0-4b6a-8F56-CE46725EFF44}.exe | N/A |
| File created | C:\Windows\{9989CFA0-0150-45f8-B76F-6FFC4D581CA6}.exe | C:\Windows\{4E574702-6458-4453-8CA4-8534A39DC7F9}.exe | N/A |
| File created | C:\Windows\{27763C0D-8AE3-4303-A4DF-A11F432C1B3D}.exe | C:\Windows\{9989CFA0-0150-45f8-B76F-6FFC4D581CA6}.exe | N/A |
| File created | C:\Windows\{FD772A2D-4A6B-4d5c-A406-F38E12403C00}.exe | C:\Windows\{27763C0D-8AE3-4303-A4DF-A11F432C1B3D}.exe | N/A |
| File created | C:\Windows\{F7A6C776-283E-4282-A5EA-FF1786AE6679}.exe | C:\Windows\{FD772A2D-4A6B-4d5c-A406-F38E12403C00}.exe | N/A |
| File created | C:\Windows\{78DA4EAB-67EF-4b80-AD3F-FC3269C64381}.exe | C:\Windows\{92751F6C-53A7-4a27-97A4-A737FE0C817A}.exe | N/A |
| File created | C:\Windows\{883B9851-BFF0-4b6a-8F56-CE46725EFF44}.exe | C:\Windows\{78DA4EAB-67EF-4b80-AD3F-FC3269C64381}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-03_27e9afa001da14b6afe70b6d9471bffa_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-03_27e9afa001da14b6afe70b6d9471bffa_goldeneye.exe"
C:\Windows\{794A3DA1-7472-41a2-A4A2-4F7B4A7EC107}.exe
C:\Windows\{794A3DA1-7472-41a2-A4A2-4F7B4A7EC107}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{C14843B2-7205-4a4b-99E5-CB57A567496E}.exe
C:\Windows\{C14843B2-7205-4a4b-99E5-CB57A567496E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{794A3~1.EXE > nul
C:\Windows\{CD8670C6-6D0A-47e4-B579-C3721C078671}.exe
C:\Windows\{CD8670C6-6D0A-47e4-B579-C3721C078671}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C1484~1.EXE > nul
C:\Windows\{180CE071-AFA8-469f-8237-0D684ED15B9B}.exe
C:\Windows\{180CE071-AFA8-469f-8237-0D684ED15B9B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CD867~1.EXE > nul
C:\Windows\{92751F6C-53A7-4a27-97A4-A737FE0C817A}.exe
C:\Windows\{92751F6C-53A7-4a27-97A4-A737FE0C817A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{180CE~1.EXE > nul
C:\Windows\{78DA4EAB-67EF-4b80-AD3F-FC3269C64381}.exe
C:\Windows\{78DA4EAB-67EF-4b80-AD3F-FC3269C64381}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{92751~1.EXE > nul
C:\Windows\{883B9851-BFF0-4b6a-8F56-CE46725EFF44}.exe
C:\Windows\{883B9851-BFF0-4b6a-8F56-CE46725EFF44}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{78DA4~1.EXE > nul
C:\Windows\{4E574702-6458-4453-8CA4-8534A39DC7F9}.exe
C:\Windows\{4E574702-6458-4453-8CA4-8534A39DC7F9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{883B9~1.EXE > nul
C:\Windows\{9989CFA0-0150-45f8-B76F-6FFC4D581CA6}.exe
C:\Windows\{9989CFA0-0150-45f8-B76F-6FFC4D581CA6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4E574~1.EXE > nul
C:\Windows\{27763C0D-8AE3-4303-A4DF-A11F432C1B3D}.exe
C:\Windows\{27763C0D-8AE3-4303-A4DF-A11F432C1B3D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9989C~1.EXE > nul
C:\Windows\{FD772A2D-4A6B-4d5c-A406-F38E12403C00}.exe
C:\Windows\{FD772A2D-4A6B-4d5c-A406-F38E12403C00}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{27763~1.EXE > nul
C:\Windows\{F7A6C776-283E-4282-A5EA-FF1786AE6679}.exe
C:\Windows\{F7A6C776-283E-4282-A5EA-FF1786AE6679}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FD772~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 84.65.42.20.in-addr.arpa | udp |
Files
C:\Windows\{794A3DA1-7472-41a2-A4A2-4F7B4A7EC107}.exe
| MD5 | cd3c507f5dc73b759b4a6eafc7a0574d |
| SHA1 | 5be80498e060130791031f43a768ee70cf580302 |
| SHA256 | cefc8613afb1b443cb9aaba43fb59b467ed76be509ef6572af555e202a41b17d |
| SHA512 | df4013eebfc06416b24d47b4ad160afd0da549f5161bad8d3ff36125c14cae35707d967d0bdd3ec2aff641214dc0fd61632e7bc9d03676b6922b339d441aa3aa |
C:\Windows\{C14843B2-7205-4a4b-99E5-CB57A567496E}.exe
| MD5 | 7589a8b957c47abb4c3f4e394c99f6a4 |
| SHA1 | dcb7488c2c7fb3e8348ca0ec77587d8f6e5146c5 |
| SHA256 | eb61cc481212df400a08451494e80c76ffdd5ce3afc5194dfea631df490a4a72 |
| SHA512 | c504b616bd27a989d0effa9f926c1357758ae8d0fdf45d0da4050a81da555f424db59cadcec232ab387cfd5b6741d439b3447766aa745967ff1dfa7b3a3cbc81 |
C:\Windows\{CD8670C6-6D0A-47e4-B579-C3721C078671}.exe
| MD5 | e378145fd78377200184a6e92fc1af7d |
| SHA1 | 9eaafa2176a565999d6b0d65c33fbeeb057e265d |
| SHA256 | 6822c0e39fa679b1303e59d2da63aa650162606a91c421fa50ba882937212264 |
| SHA512 | 87b52d70fd1ab35b9e6fbe2d32ed22b0d1ebfb08fa9a45230b64dc0d57d1499f46ca4600ec279215e25eb1ed54fdd3585adedd41a25513f56d0ab83f342920ee |
C:\Windows\{180CE071-AFA8-469f-8237-0D684ED15B9B}.exe
| MD5 | 21e05d9755a3fbb22475cb2706ccd822 |
| SHA1 | 286a301b6cadb518551b8f8977944aafa3d09555 |
| SHA256 | e01bc5bb8e02b2bdffc9aab16eeb32946d4d902e4b4b793aa61ccbc7da58f725 |
| SHA512 | 451485506fee48de0258aab6c2583303b628e1df57cec0c7bf5fb07fd76536148c55b907eef307a0f16de93ae18da25abf350d1735caaa24bf0c599567ea9da7 |
C:\Windows\{92751F6C-53A7-4a27-97A4-A737FE0C817A}.exe
| MD5 | 520795aa4c16ad8f0fcf536b82ffaef6 |
| SHA1 | 95213d4d0266c5193a0093519e7a0837706c609c |
| SHA256 | 3453c35aca6d9a90582518a72210823ac5291a1ca5ac1d502f52f9fb761958c1 |
| SHA512 | 85e59f222e46994cdbbc2944db3d84f7e9b971aa4e4e3eede0a580f0e214f241fbc608f3bde292ca3fe428b2d35a49bdb8b01dd9e25579e9b9594cdd37e2a9ac |
C:\Windows\{78DA4EAB-67EF-4b80-AD3F-FC3269C64381}.exe
| MD5 | 0412655879c9a2741cdb5822060e6dfa |
| SHA1 | 3118ba7108e77b654dd1743d10f442ab1989e925 |
| SHA256 | 95144fa6d94a65cb7058768a04890be4a8c14cd60df3090c1837c2b610f56bb6 |
| SHA512 | 0961f52624db37fcb064627a19e453f84a6305bcec5e3711a04548ee82f1c8997f09df76ab44f2b6ef83ecab30d2a208dd8b12e4091fd05643f2e431dd269abb |
C:\Windows\{883B9851-BFF0-4b6a-8F56-CE46725EFF44}.exe
| MD5 | ba722625dbc35e30a7a7e7316f7fa8d5 |
| SHA1 | d7998468a02a9571f0372d2b9d599dce0b7f4f96 |
| SHA256 | a161ffde969dace2500c7de3ea5cfcb560b663999a6c6cf8a7f5aafe9ba42e6d |
| SHA512 | b6ea36c5de4a1f9faec737d412469bf9dc24005561ad5d97216cfdb2137f9359c2dda1b90925a164d016a0c3b1084c624031c87e456a8798d51bb648a03b5b70 |
C:\Windows\{4E574702-6458-4453-8CA4-8534A39DC7F9}.exe
| MD5 | ee259aceb76368ebd1f507239780f9ff |
| SHA1 | c567009f00a7292450d7ef4b0506b182cccfcd28 |
| SHA256 | dcc18173d223ffc8d36a941c0f954035c295badd8abc89ff6f49f0e076b3225b |
| SHA512 | e3dcd79ed8bac6adc9d9c3f19f4b99a7aff193e9e6d7ad64a23b2a32a5a6a4749dc04a63a33f9b3c6e80b532472c2716811422f0307a5e4804b7024161a9fd92 |
C:\Windows\{9989CFA0-0150-45f8-B76F-6FFC4D581CA6}.exe
| MD5 | 4f568bee77c8f574659d1838e35fc265 |
| SHA1 | c926368a1af098427b253fa4ab6e9259ad552bd0 |
| SHA256 | 04ce8d9cf112913f7cf7414d46f680f1054119966bb96318040b9e7fb11f5d05 |
| SHA512 | 0ced89ebb1a4d140e32288e55e2f4c70df9a62dea6baf72d9e4da2232e774a5cff2fd2c149e4f960f8ef6d1126eeeebd510bf9f760361ab188c69d63dea72e10 |
C:\Windows\{27763C0D-8AE3-4303-A4DF-A11F432C1B3D}.exe
| MD5 | 6a7682b3ae93ddc572ab2dd95036b789 |
| SHA1 | 8e70a5b1367a6565bd0db1271f74e8a98f1621e8 |
| SHA256 | 42e6e913e1e2cc627a8c0385d6e9e0114eab3ec9aae57b4dab7e24e7bb94ec08 |
| SHA512 | 6e7e82cb8b87973b7527465b6cae124b5336cf4909f93ec3154329c46b1320eece4526d8d0db10c4f5441f7886d20def6e09462423ff8977aff42f129ce0516f |
C:\Windows\{FD772A2D-4A6B-4d5c-A406-F38E12403C00}.exe
| MD5 | f990a27298c189b0256e5e605c89b915 |
| SHA1 | c7d393a2f271f1c889a1305964f003d6139c1183 |
| SHA256 | 6281860f94b43aa6625b628e8a2e0fb2877c8627bfccfd1f1a45fa0af570eda4 |
| SHA512 | 7cbfe797c312e90ed783684fe01397f185444f27a8f494a1ca2821a01776fd8c87917fa8179c7250174486d4b7105ad22e27111a65239f4805d872c141543332 |
C:\Windows\{F7A6C776-283E-4282-A5EA-FF1786AE6679}.exe
| MD5 | f3e993482bddad2a96d628f23fb1096f |
| SHA1 | 3901e860b37261be0bf9d73e7266468873e45222 |
| SHA256 | 1a323fd6b9354c74b313326a27458a3eb4d3fd8d4a0f1f5c13e05137d653b691 |
| SHA512 | 740cf8c80dce6f39a080a734c4252b9b1315ccf0484cd67a543e5ad039cefab9d42f0207c61d106546d9a35f3969c4a1ccc8ac268f09e9a895e904b9efd18d0e |