Analysis Overview
SHA256
217ad59471ba98885cc8a3b4f0a8bf890d0082026ba6e92db4ee83db29dc3f06
Threat Level: Known bad
The file 2024-06-10_9261f11bd165c8f1c19177f14d3d1f64_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-10 04:41
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-10 04:36
Reported
2024-06-10 04:44
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
93s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{17765F30-865E-4280-81CA-1A2B9BFA3BCB}\stubpath = "C:\\Windows\\{17765F30-865E-4280-81CA-1A2B9BFA3BCB}.exe" | C:\Windows\{71861140-3D32-420f-BCDB-976D9D8786E2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AA9C7749-C8A1-4578-925D-7BC41BCD7C7E}\stubpath = "C:\\Windows\\{AA9C7749-C8A1-4578-925D-7BC41BCD7C7E}.exe" | C:\Windows\{5FAED625-28E8-4ed6-86D0-09B21354944B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B280F1E1-4A8B-4928-BC61-0FAA850CAEC1} | C:\Windows\{8EFB68F9-6B6B-4ec4-8B53-C47A38E56877}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B280F1E1-4A8B-4928-BC61-0FAA850CAEC1}\stubpath = "C:\\Windows\\{B280F1E1-4A8B-4928-BC61-0FAA850CAEC1}.exe" | C:\Windows\{8EFB68F9-6B6B-4ec4-8B53-C47A38E56877}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E3C6CA15-E29F-433f-A59E-3255A81E6483} | C:\Windows\{B280F1E1-4A8B-4928-BC61-0FAA850CAEC1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E3C6CA15-E29F-433f-A59E-3255A81E6483}\stubpath = "C:\\Windows\\{E3C6CA15-E29F-433f-A59E-3255A81E6483}.exe" | C:\Windows\{B280F1E1-4A8B-4928-BC61-0FAA850CAEC1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C0C09A38-218C-424a-AFE6-93E80DBA1D2B}\stubpath = "C:\\Windows\\{C0C09A38-218C-424a-AFE6-93E80DBA1D2B}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-10_9261f11bd165c8f1c19177f14d3d1f64_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{17765F30-865E-4280-81CA-1A2B9BFA3BCB} | C:\Windows\{71861140-3D32-420f-BCDB-976D9D8786E2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8EFB68F9-6B6B-4ec4-8B53-C47A38E56877} | C:\Windows\{870D9506-2B8E-4fd3-94A0-E4B21AB7C6B9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C0C09A38-218C-424a-AFE6-93E80DBA1D2B} | C:\Users\Admin\AppData\Local\Temp\2024-06-10_9261f11bd165c8f1c19177f14d3d1f64_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1D082B3A-FBA5-4547-9657-F137337C4BB1} | C:\Windows\{4BD5788E-F672-4914-A220-0F7D214265FB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4BD5788E-F672-4914-A220-0F7D214265FB}\stubpath = "C:\\Windows\\{4BD5788E-F672-4914-A220-0F7D214265FB}.exe" | C:\Windows\{17765F30-865E-4280-81CA-1A2B9BFA3BCB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AA9C7749-C8A1-4578-925D-7BC41BCD7C7E} | C:\Windows\{5FAED625-28E8-4ed6-86D0-09B21354944B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{71861140-3D32-420f-BCDB-976D9D8786E2}\stubpath = "C:\\Windows\\{71861140-3D32-420f-BCDB-976D9D8786E2}.exe" | C:\Windows\{C0C09A38-218C-424a-AFE6-93E80DBA1D2B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4BD5788E-F672-4914-A220-0F7D214265FB} | C:\Windows\{17765F30-865E-4280-81CA-1A2B9BFA3BCB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5FAED625-28E8-4ed6-86D0-09B21354944B} | C:\Windows\{1D082B3A-FBA5-4547-9657-F137337C4BB1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5FAED625-28E8-4ed6-86D0-09B21354944B}\stubpath = "C:\\Windows\\{5FAED625-28E8-4ed6-86D0-09B21354944B}.exe" | C:\Windows\{1D082B3A-FBA5-4547-9657-F137337C4BB1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{870D9506-2B8E-4fd3-94A0-E4B21AB7C6B9} | C:\Windows\{AA9C7749-C8A1-4578-925D-7BC41BCD7C7E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{870D9506-2B8E-4fd3-94A0-E4B21AB7C6B9}\stubpath = "C:\\Windows\\{870D9506-2B8E-4fd3-94A0-E4B21AB7C6B9}.exe" | C:\Windows\{AA9C7749-C8A1-4578-925D-7BC41BCD7C7E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8EFB68F9-6B6B-4ec4-8B53-C47A38E56877}\stubpath = "C:\\Windows\\{8EFB68F9-6B6B-4ec4-8B53-C47A38E56877}.exe" | C:\Windows\{870D9506-2B8E-4fd3-94A0-E4B21AB7C6B9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9E0651DD-81FE-49ba-9DC8-BA855CF42D12} | C:\Windows\{E3C6CA15-E29F-433f-A59E-3255A81E6483}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{71861140-3D32-420f-BCDB-976D9D8786E2} | C:\Windows\{C0C09A38-218C-424a-AFE6-93E80DBA1D2B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1D082B3A-FBA5-4547-9657-F137337C4BB1}\stubpath = "C:\\Windows\\{1D082B3A-FBA5-4547-9657-F137337C4BB1}.exe" | C:\Windows\{4BD5788E-F672-4914-A220-0F7D214265FB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9E0651DD-81FE-49ba-9DC8-BA855CF42D12}\stubpath = "C:\\Windows\\{9E0651DD-81FE-49ba-9DC8-BA855CF42D12}.exe" | C:\Windows\{E3C6CA15-E29F-433f-A59E-3255A81E6483}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{C0C09A38-218C-424a-AFE6-93E80DBA1D2B}.exe | N/A |
| N/A | N/A | C:\Windows\{71861140-3D32-420f-BCDB-976D9D8786E2}.exe | N/A |
| N/A | N/A | C:\Windows\{17765F30-865E-4280-81CA-1A2B9BFA3BCB}.exe | N/A |
| N/A | N/A | C:\Windows\{4BD5788E-F672-4914-A220-0F7D214265FB}.exe | N/A |
| N/A | N/A | C:\Windows\{1D082B3A-FBA5-4547-9657-F137337C4BB1}.exe | N/A |
| N/A | N/A | C:\Windows\{5FAED625-28E8-4ed6-86D0-09B21354944B}.exe | N/A |
| N/A | N/A | C:\Windows\{AA9C7749-C8A1-4578-925D-7BC41BCD7C7E}.exe | N/A |
| N/A | N/A | C:\Windows\{870D9506-2B8E-4fd3-94A0-E4B21AB7C6B9}.exe | N/A |
| N/A | N/A | C:\Windows\{8EFB68F9-6B6B-4ec4-8B53-C47A38E56877}.exe | N/A |
| N/A | N/A | C:\Windows\{B280F1E1-4A8B-4928-BC61-0FAA850CAEC1}.exe | N/A |
| N/A | N/A | C:\Windows\{E3C6CA15-E29F-433f-A59E-3255A81E6483}.exe | N/A |
| N/A | N/A | C:\Windows\{9E0651DD-81FE-49ba-9DC8-BA855CF42D12}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{1D082B3A-FBA5-4547-9657-F137337C4BB1}.exe | C:\Windows\{4BD5788E-F672-4914-A220-0F7D214265FB}.exe | N/A |
| File created | C:\Windows\{B280F1E1-4A8B-4928-BC61-0FAA850CAEC1}.exe | C:\Windows\{8EFB68F9-6B6B-4ec4-8B53-C47A38E56877}.exe | N/A |
| File created | C:\Windows\{E3C6CA15-E29F-433f-A59E-3255A81E6483}.exe | C:\Windows\{B280F1E1-4A8B-4928-BC61-0FAA850CAEC1}.exe | N/A |
| File created | C:\Windows\{9E0651DD-81FE-49ba-9DC8-BA855CF42D12}.exe | C:\Windows\{E3C6CA15-E29F-433f-A59E-3255A81E6483}.exe | N/A |
| File created | C:\Windows\{C0C09A38-218C-424a-AFE6-93E80DBA1D2B}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-10_9261f11bd165c8f1c19177f14d3d1f64_goldeneye.exe | N/A |
| File created | C:\Windows\{4BD5788E-F672-4914-A220-0F7D214265FB}.exe | C:\Windows\{17765F30-865E-4280-81CA-1A2B9BFA3BCB}.exe | N/A |
| File created | C:\Windows\{5FAED625-28E8-4ed6-86D0-09B21354944B}.exe | C:\Windows\{1D082B3A-FBA5-4547-9657-F137337C4BB1}.exe | N/A |
| File created | C:\Windows\{AA9C7749-C8A1-4578-925D-7BC41BCD7C7E}.exe | C:\Windows\{5FAED625-28E8-4ed6-86D0-09B21354944B}.exe | N/A |
| File created | C:\Windows\{870D9506-2B8E-4fd3-94A0-E4B21AB7C6B9}.exe | C:\Windows\{AA9C7749-C8A1-4578-925D-7BC41BCD7C7E}.exe | N/A |
| File created | C:\Windows\{8EFB68F9-6B6B-4ec4-8B53-C47A38E56877}.exe | C:\Windows\{870D9506-2B8E-4fd3-94A0-E4B21AB7C6B9}.exe | N/A |
| File created | C:\Windows\{71861140-3D32-420f-BCDB-976D9D8786E2}.exe | C:\Windows\{C0C09A38-218C-424a-AFE6-93E80DBA1D2B}.exe | N/A |
| File created | C:\Windows\{17765F30-865E-4280-81CA-1A2B9BFA3BCB}.exe | C:\Windows\{71861140-3D32-420f-BCDB-976D9D8786E2}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-10_9261f11bd165c8f1c19177f14d3d1f64_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-10_9261f11bd165c8f1c19177f14d3d1f64_goldeneye.exe"
C:\Windows\{C0C09A38-218C-424a-AFE6-93E80DBA1D2B}.exe
C:\Windows\{C0C09A38-218C-424a-AFE6-93E80DBA1D2B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{71861140-3D32-420f-BCDB-976D9D8786E2}.exe
C:\Windows\{71861140-3D32-420f-BCDB-976D9D8786E2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C0C09~1.EXE > nul
C:\Windows\{17765F30-865E-4280-81CA-1A2B9BFA3BCB}.exe
C:\Windows\{17765F30-865E-4280-81CA-1A2B9BFA3BCB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{71861~1.EXE > nul
C:\Windows\{4BD5788E-F672-4914-A220-0F7D214265FB}.exe
C:\Windows\{4BD5788E-F672-4914-A220-0F7D214265FB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{17765~1.EXE > nul
C:\Windows\{1D082B3A-FBA5-4547-9657-F137337C4BB1}.exe
C:\Windows\{1D082B3A-FBA5-4547-9657-F137337C4BB1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4BD57~1.EXE > nul
C:\Windows\{5FAED625-28E8-4ed6-86D0-09B21354944B}.exe
C:\Windows\{5FAED625-28E8-4ed6-86D0-09B21354944B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1D082~1.EXE > nul
C:\Windows\{AA9C7749-C8A1-4578-925D-7BC41BCD7C7E}.exe
C:\Windows\{AA9C7749-C8A1-4578-925D-7BC41BCD7C7E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5FAED~1.EXE > nul
C:\Windows\{870D9506-2B8E-4fd3-94A0-E4B21AB7C6B9}.exe
C:\Windows\{870D9506-2B8E-4fd3-94A0-E4B21AB7C6B9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{AA9C7~1.EXE > nul
C:\Windows\{8EFB68F9-6B6B-4ec4-8B53-C47A38E56877}.exe
C:\Windows\{8EFB68F9-6B6B-4ec4-8B53-C47A38E56877}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{870D9~1.EXE > nul
C:\Windows\{B280F1E1-4A8B-4928-BC61-0FAA850CAEC1}.exe
C:\Windows\{B280F1E1-4A8B-4928-BC61-0FAA850CAEC1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8EFB6~1.EXE > nul
C:\Windows\{E3C6CA15-E29F-433f-A59E-3255A81E6483}.exe
C:\Windows\{E3C6CA15-E29F-433f-A59E-3255A81E6483}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B280F~1.EXE > nul
C:\Windows\{9E0651DD-81FE-49ba-9DC8-BA855CF42D12}.exe
C:\Windows\{9E0651DD-81FE-49ba-9DC8-BA855CF42D12}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E3C6C~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Windows\{C0C09A38-218C-424a-AFE6-93E80DBA1D2B}.exe
| MD5 | f525c457fd36e3daea2c04c5d583f9de |
| SHA1 | d806961b706b1d9fa312c7ce93f1cf542942303b |
| SHA256 | 32ae747aa704f83b21e32aba3d92c344c0eaec0d686d536fb0f7b4578ae783b9 |
| SHA512 | 15b3f9b2f323f8756d6a291f55f8236fa6299c677535a8bea7b4bd9d8261f80d94a5090553f2b7c6f5ed8941a4ea504f1f5dc7dd369ba16da5c639dc700b97f3 |
C:\Windows\{71861140-3D32-420f-BCDB-976D9D8786E2}.exe
| MD5 | 566002ce1cc37feda46f991a088c5705 |
| SHA1 | 7cf852a1e01e88adb47247d4ca7ab11ec9b91b7f |
| SHA256 | 6822c9e708329ea2a506e35ceb5445f0c0fc02f814d1c86d9ab7b1bcdcddd12e |
| SHA512 | aadeefda1dce920782cd264624b0894bf718b847a25c412ecb8ef56576de407ef5116cc3704e86a8881bff4d54aeac348243cfbb202a65d7b4323142bfc0a41e |
C:\Windows\{17765F30-865E-4280-81CA-1A2B9BFA3BCB}.exe
| MD5 | ec0ddafb0dc5d6d36ebf1e13e7ab8d49 |
| SHA1 | 20109b1ad05b0899d77fa10867b576a80db82e65 |
| SHA256 | 66b4d9c2fdf2c4e726472c92c715c171ed6fc984700031526d3fca7d5d99957e |
| SHA512 | 6bdccb429ae951e4f920fb385540f7a14bc0cd4d2cb54d33a903ef36c6765cbed4761cd8a9874fe0ecb0dee595b3f81054ae9537256177d1224b4777488c1154 |
C:\Windows\{4BD5788E-F672-4914-A220-0F7D214265FB}.exe
| MD5 | 60c5ca33c809537254bce118f01f44b4 |
| SHA1 | 0506c984c999cca3e828fb812df0d84eec68cb7d |
| SHA256 | 53d6098ac477fbd0ebaf0811c0ac21c24ced2f741b0b225f9a0e406230594063 |
| SHA512 | 69b165e45c1c19bffbc58137eec89cbeddd4df037fbf6e5ee0e48a102d51ae9d1d173faf85787f2fffa3bf69c8e8c8f6bf1436ea5eeda951d058823dfeb815b9 |
C:\Windows\{1D082B3A-FBA5-4547-9657-F137337C4BB1}.exe
| MD5 | b0e6c82c4aca7d40dc66480c2ef252b5 |
| SHA1 | 3a29562f24a913be23a87146acf16028e8f73a68 |
| SHA256 | d3d3870dd4857a9e61f97c18077b1c1b7ffa41b0361440d86bf93495219e4a9c |
| SHA512 | 9f2074c3ff8ce282c4df3607e4e3cd3a604d756a057e1986850ed334c2b644091da4bc3e0f24a6e35c7101c4cc14444f2a816fb5b3289e93b78becac983e9715 |
C:\Windows\{5FAED625-28E8-4ed6-86D0-09B21354944B}.exe
| MD5 | 0830fdd3f0c7fb64b0e4ce0a24239db6 |
| SHA1 | d89be98f4dbfe7c7ad238f1cdecacc450b7474b4 |
| SHA256 | ee578b4ffe0f835683980a239fac2fda7f6ece8825901e8134eb460cad3b5b28 |
| SHA512 | 5e6598c477eb906a1ecae5332beeac0b27a79fb8a48b3878326c7b953a8fc40a86fc0acb1884a56eb318bac0745d20c2e613c87898254c41e69f68081a6c5f82 |
C:\Windows\{AA9C7749-C8A1-4578-925D-7BC41BCD7C7E}.exe
| MD5 | 6add06e35dbab36d94e88668ec23d48e |
| SHA1 | 6184b0635e654efe933638d37eb43b853964e1b4 |
| SHA256 | 02b1c25e0defe87a2e8d011947756e1b42f9785b59909bb36899c8907d40e028 |
| SHA512 | 9c2f121dae1c4a8ec479e82102c3553d37aa9f2ddcfaff7f4e65c93a82f6e9043c3eb6030416523eb19ff206caed248a5c40fc8ccb349161fa47cf50b33e6ed8 |
C:\Windows\{870D9506-2B8E-4fd3-94A0-E4B21AB7C6B9}.exe
| MD5 | 673ba67fcc04d970e1598453be0585d3 |
| SHA1 | 57d84d21b033fed4d40ed94439b2202e77bef7b2 |
| SHA256 | 484dfe549d38679b24d4e1b46b1006a06a4e1111021f58df06bedf761744df79 |
| SHA512 | d6f44f21df28aa355183e88fe17f7db1e72847d96ff99c9494e3c63084f684a33449afa169f35d8646dd96ce2a6726224a8dc44366d13525ccea2d76592a5a22 |
C:\Windows\{8EFB68F9-6B6B-4ec4-8B53-C47A38E56877}.exe
| MD5 | 8a0465d4d15eb29937b79bbef8821aca |
| SHA1 | b1bf83b3a25f29bd2d098c20719c1b3e99ad4943 |
| SHA256 | 7e4f1c54d77abf019e4d399780702155faddaf9f0866c4c52c830529273df4e4 |
| SHA512 | ecac6993d2ce71c0df09650aedb2ae24803ba1e4ad997ef5565b3e2a471a77a7b6c9f8fee5e722a5212f5f5a83b3b9ea51625ee65ca25ef51e0cfe6d893ad9f2 |
C:\Windows\{B280F1E1-4A8B-4928-BC61-0FAA850CAEC1}.exe
| MD5 | 054ceae164d6c8a641efc5a169cf7d20 |
| SHA1 | 57c6a886630cfc64fbe0a7076915b0912bb275bf |
| SHA256 | 0bc1fb0e2be107fcebc053b02a49fb99a8a6123c1a924e00062605b2afb40bf3 |
| SHA512 | 3d2831e2ec0a134ea2081ec7fba2147d7dfd419945187233a3b0e87691e139215855f7a9ff863d7add1d9783a67f93554de4e78d94b1f6cf87bf6071a6e74fbc |
C:\Windows\{E3C6CA15-E29F-433f-A59E-3255A81E6483}.exe
| MD5 | 1f508a1a32aad5e17d8b7149eed768e2 |
| SHA1 | 024e5ffec8186ac6792f8f8c4dcc44734ceec6bd |
| SHA256 | 748bb46cd687e1a265ffbdd734ab5637487fa8ee22be6b832d5cde1875455c41 |
| SHA512 | 6446bc486df39b2a390ad2db6f7edf397fcf4729da6b8170973648cc1d31edd642c18845247bf4d5e00ae4b2e6e0d7e0e578ee7447b733f10bead4a01889d34b |
C:\Windows\{9E0651DD-81FE-49ba-9DC8-BA855CF42D12}.exe
| MD5 | a8148d82f247fbbd4c0e911fe02c4571 |
| SHA1 | 7684b0cc7afc227faa70a3773775795a20870841 |
| SHA256 | 0a2b4387212addb43087d27106ac0b69bde961fe504ba8bfe0b72b892f0c7f87 |
| SHA512 | b820da41546ea1e2dfcf2db228fc464624e9d15b8b1986d55d3080fba6d884986b47ed4095222664fed3efe4d9abc1e9ab32cb6462db432841f87d5d204b0062 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 04:36
Reported
2024-06-10 04:44
Platform
win7-20231129-en
Max time kernel
144s
Max time network
120s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{46BA0AB5-4991-4a7f-83AF-C128CF1392BD} | C:\Windows\{9C36FDB4-416B-4c4f-8259-5E4CE953B7C3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F0F2572D-603D-49b2-8CB5-E0079CB51B6F} | C:\Windows\{4E75E4BE-05DA-4c85-9E6B-63D45E11EBD9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F87BF0F4-5D68-4fcd-9CF5-F820EB60748D} | C:\Windows\{6338978F-BCAD-4d63-949C-8573ECCE4DA8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F94291FE-B657-432c-8159-AAC33DDD501E} | C:\Windows\{F87BF0F4-5D68-4fcd-9CF5-F820EB60748D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F94291FE-B657-432c-8159-AAC33DDD501E}\stubpath = "C:\\Windows\\{F94291FE-B657-432c-8159-AAC33DDD501E}.exe" | C:\Windows\{F87BF0F4-5D68-4fcd-9CF5-F820EB60748D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FAE8E632-0485-406e-9849-E49210494B1E}\stubpath = "C:\\Windows\\{FAE8E632-0485-406e-9849-E49210494B1E}.exe" | C:\Windows\{237ED862-B60B-46a2-A742-0FFE06B67861}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4E75E4BE-05DA-4c85-9E6B-63D45E11EBD9} | C:\Users\Admin\AppData\Local\Temp\2024-06-10_9261f11bd165c8f1c19177f14d3d1f64_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F0F2572D-603D-49b2-8CB5-E0079CB51B6F}\stubpath = "C:\\Windows\\{F0F2572D-603D-49b2-8CB5-E0079CB51B6F}.exe" | C:\Windows\{4E75E4BE-05DA-4c85-9E6B-63D45E11EBD9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6338978F-BCAD-4d63-949C-8573ECCE4DA8}\stubpath = "C:\\Windows\\{6338978F-BCAD-4d63-949C-8573ECCE4DA8}.exe" | C:\Windows\{F0F2572D-603D-49b2-8CB5-E0079CB51B6F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9C36FDB4-416B-4c4f-8259-5E4CE953B7C3} | C:\Windows\{FAE8E632-0485-406e-9849-E49210494B1E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{11B590A3-BB8F-4ede-8A4D-562822A67EE9} | C:\Windows\{46BA0AB5-4991-4a7f-83AF-C128CF1392BD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E0F47025-E6BA-4d36-9C7B-70FD95B9B912} | C:\Windows\{F94291FE-B657-432c-8159-AAC33DDD501E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E0F47025-E6BA-4d36-9C7B-70FD95B9B912}\stubpath = "C:\\Windows\\{E0F47025-E6BA-4d36-9C7B-70FD95B9B912}.exe" | C:\Windows\{F94291FE-B657-432c-8159-AAC33DDD501E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FAE8E632-0485-406e-9849-E49210494B1E} | C:\Windows\{237ED862-B60B-46a2-A742-0FFE06B67861}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9C36FDB4-416B-4c4f-8259-5E4CE953B7C3}\stubpath = "C:\\Windows\\{9C36FDB4-416B-4c4f-8259-5E4CE953B7C3}.exe" | C:\Windows\{FAE8E632-0485-406e-9849-E49210494B1E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{46BA0AB5-4991-4a7f-83AF-C128CF1392BD}\stubpath = "C:\\Windows\\{46BA0AB5-4991-4a7f-83AF-C128CF1392BD}.exe" | C:\Windows\{9C36FDB4-416B-4c4f-8259-5E4CE953B7C3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{11B590A3-BB8F-4ede-8A4D-562822A67EE9}\stubpath = "C:\\Windows\\{11B590A3-BB8F-4ede-8A4D-562822A67EE9}.exe" | C:\Windows\{46BA0AB5-4991-4a7f-83AF-C128CF1392BD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4E75E4BE-05DA-4c85-9E6B-63D45E11EBD9}\stubpath = "C:\\Windows\\{4E75E4BE-05DA-4c85-9E6B-63D45E11EBD9}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-10_9261f11bd165c8f1c19177f14d3d1f64_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6338978F-BCAD-4d63-949C-8573ECCE4DA8} | C:\Windows\{F0F2572D-603D-49b2-8CB5-E0079CB51B6F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F87BF0F4-5D68-4fcd-9CF5-F820EB60748D}\stubpath = "C:\\Windows\\{F87BF0F4-5D68-4fcd-9CF5-F820EB60748D}.exe" | C:\Windows\{6338978F-BCAD-4d63-949C-8573ECCE4DA8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{237ED862-B60B-46a2-A742-0FFE06B67861} | C:\Windows\{E0F47025-E6BA-4d36-9C7B-70FD95B9B912}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{237ED862-B60B-46a2-A742-0FFE06B67861}\stubpath = "C:\\Windows\\{237ED862-B60B-46a2-A742-0FFE06B67861}.exe" | C:\Windows\{E0F47025-E6BA-4d36-9C7B-70FD95B9B912}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{4E75E4BE-05DA-4c85-9E6B-63D45E11EBD9}.exe | N/A |
| N/A | N/A | C:\Windows\{F0F2572D-603D-49b2-8CB5-E0079CB51B6F}.exe | N/A |
| N/A | N/A | C:\Windows\{6338978F-BCAD-4d63-949C-8573ECCE4DA8}.exe | N/A |
| N/A | N/A | C:\Windows\{F87BF0F4-5D68-4fcd-9CF5-F820EB60748D}.exe | N/A |
| N/A | N/A | C:\Windows\{F94291FE-B657-432c-8159-AAC33DDD501E}.exe | N/A |
| N/A | N/A | C:\Windows\{E0F47025-E6BA-4d36-9C7B-70FD95B9B912}.exe | N/A |
| N/A | N/A | C:\Windows\{237ED862-B60B-46a2-A742-0FFE06B67861}.exe | N/A |
| N/A | N/A | C:\Windows\{FAE8E632-0485-406e-9849-E49210494B1E}.exe | N/A |
| N/A | N/A | C:\Windows\{9C36FDB4-416B-4c4f-8259-5E4CE953B7C3}.exe | N/A |
| N/A | N/A | C:\Windows\{46BA0AB5-4991-4a7f-83AF-C128CF1392BD}.exe | N/A |
| N/A | N/A | C:\Windows\{11B590A3-BB8F-4ede-8A4D-562822A67EE9}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{46BA0AB5-4991-4a7f-83AF-C128CF1392BD}.exe | C:\Windows\{9C36FDB4-416B-4c4f-8259-5E4CE953B7C3}.exe | N/A |
| File created | C:\Windows\{4E75E4BE-05DA-4c85-9E6B-63D45E11EBD9}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-10_9261f11bd165c8f1c19177f14d3d1f64_goldeneye.exe | N/A |
| File created | C:\Windows\{F0F2572D-603D-49b2-8CB5-E0079CB51B6F}.exe | C:\Windows\{4E75E4BE-05DA-4c85-9E6B-63D45E11EBD9}.exe | N/A |
| File created | C:\Windows\{9C36FDB4-416B-4c4f-8259-5E4CE953B7C3}.exe | C:\Windows\{FAE8E632-0485-406e-9849-E49210494B1E}.exe | N/A |
| File created | C:\Windows\{E0F47025-E6BA-4d36-9C7B-70FD95B9B912}.exe | C:\Windows\{F94291FE-B657-432c-8159-AAC33DDD501E}.exe | N/A |
| File created | C:\Windows\{237ED862-B60B-46a2-A742-0FFE06B67861}.exe | C:\Windows\{E0F47025-E6BA-4d36-9C7B-70FD95B9B912}.exe | N/A |
| File created | C:\Windows\{FAE8E632-0485-406e-9849-E49210494B1E}.exe | C:\Windows\{237ED862-B60B-46a2-A742-0FFE06B67861}.exe | N/A |
| File created | C:\Windows\{11B590A3-BB8F-4ede-8A4D-562822A67EE9}.exe | C:\Windows\{46BA0AB5-4991-4a7f-83AF-C128CF1392BD}.exe | N/A |
| File created | C:\Windows\{6338978F-BCAD-4d63-949C-8573ECCE4DA8}.exe | C:\Windows\{F0F2572D-603D-49b2-8CB5-E0079CB51B6F}.exe | N/A |
| File created | C:\Windows\{F87BF0F4-5D68-4fcd-9CF5-F820EB60748D}.exe | C:\Windows\{6338978F-BCAD-4d63-949C-8573ECCE4DA8}.exe | N/A |
| File created | C:\Windows\{F94291FE-B657-432c-8159-AAC33DDD501E}.exe | C:\Windows\{F87BF0F4-5D68-4fcd-9CF5-F820EB60748D}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-10_9261f11bd165c8f1c19177f14d3d1f64_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-10_9261f11bd165c8f1c19177f14d3d1f64_goldeneye.exe"
C:\Windows\{4E75E4BE-05DA-4c85-9E6B-63D45E11EBD9}.exe
C:\Windows\{4E75E4BE-05DA-4c85-9E6B-63D45E11EBD9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{F0F2572D-603D-49b2-8CB5-E0079CB51B6F}.exe
C:\Windows\{F0F2572D-603D-49b2-8CB5-E0079CB51B6F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4E75E~1.EXE > nul
C:\Windows\{6338978F-BCAD-4d63-949C-8573ECCE4DA8}.exe
C:\Windows\{6338978F-BCAD-4d63-949C-8573ECCE4DA8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F0F25~1.EXE > nul
C:\Windows\{F87BF0F4-5D68-4fcd-9CF5-F820EB60748D}.exe
C:\Windows\{F87BF0F4-5D68-4fcd-9CF5-F820EB60748D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{63389~1.EXE > nul
C:\Windows\{F94291FE-B657-432c-8159-AAC33DDD501E}.exe
C:\Windows\{F94291FE-B657-432c-8159-AAC33DDD501E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F87BF~1.EXE > nul
C:\Windows\{E0F47025-E6BA-4d36-9C7B-70FD95B9B912}.exe
C:\Windows\{E0F47025-E6BA-4d36-9C7B-70FD95B9B912}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F9429~1.EXE > nul
C:\Windows\{237ED862-B60B-46a2-A742-0FFE06B67861}.exe
C:\Windows\{237ED862-B60B-46a2-A742-0FFE06B67861}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E0F47~1.EXE > nul
C:\Windows\{FAE8E632-0485-406e-9849-E49210494B1E}.exe
C:\Windows\{FAE8E632-0485-406e-9849-E49210494B1E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{237ED~1.EXE > nul
C:\Windows\{9C36FDB4-416B-4c4f-8259-5E4CE953B7C3}.exe
C:\Windows\{9C36FDB4-416B-4c4f-8259-5E4CE953B7C3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FAE8E~1.EXE > nul
C:\Windows\{46BA0AB5-4991-4a7f-83AF-C128CF1392BD}.exe
C:\Windows\{46BA0AB5-4991-4a7f-83AF-C128CF1392BD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9C36F~1.EXE > nul
C:\Windows\{11B590A3-BB8F-4ede-8A4D-562822A67EE9}.exe
C:\Windows\{11B590A3-BB8F-4ede-8A4D-562822A67EE9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{46BA0~1.EXE > nul
Network
Files
C:\Windows\{4E75E4BE-05DA-4c85-9E6B-63D45E11EBD9}.exe
| MD5 | 2a08099eafaf0bbe3823a83c1832edf5 |
| SHA1 | dab3e972e7fd146afe18b16d4b0d77e634bd01bd |
| SHA256 | 7082473916159f7fac92ffbb31d520042ee369d8d06dddad8ff4412b7e1224d2 |
| SHA512 | 9ae3c513c2970ee3cd147369c10f9afa6f45c96fbc7a81b3ffc5bc33261914ca32299556352187c7aea6d13049846d0c4b50122b9123bebb9327147a7ce60b8a |
C:\Windows\{F0F2572D-603D-49b2-8CB5-E0079CB51B6F}.exe
| MD5 | 906dcd9f351d59f90e3e0c845ce8b4cc |
| SHA1 | 6e903394b6674d5d8abf0eada1b6ad21bbd31f81 |
| SHA256 | 911a0a0e65b36365090d49fc0f5e2718557a8a382e8cf9788bce2ffc900c46d3 |
| SHA512 | af5b9bc3238c447df6101e27ba9429d71e41afbb9565e54c7757c5d0f48f18890bd64026f0db7b7099c948fdf886e588069fbb26c81c3dd2fb987eaea0bcfd20 |
C:\Windows\{6338978F-BCAD-4d63-949C-8573ECCE4DA8}.exe
| MD5 | 8554308bed12145c16cb3dbc272887d8 |
| SHA1 | ff486d4aea1de99d79ab614ad1da3e8d6b094605 |
| SHA256 | 807309d49a17d872ddccdcf0b117f5720ed4f0b5778982245937d1c04550b8ae |
| SHA512 | e90dbb482836d734b993cca683abb68e3aafe38ec0f57db8225fa3c7d410bf973bcd7d64f47aab25bd6a0ae0898a5848f80e8ee628d73e7c1e97f766cf7ef44b |
C:\Windows\{F87BF0F4-5D68-4fcd-9CF5-F820EB60748D}.exe
| MD5 | f2d228b795efe4cbb5871d2c81b620ec |
| SHA1 | b6e07f7f4a38e749fa1f2a8fb7f9487095612705 |
| SHA256 | 8ca3afdf5bf9bf5241f7e110e2f194e1ae7129e906460fde0c7b9a28733051db |
| SHA512 | 01c651ab81469cb2ead698ee88eaf5ae47e8d3bb2fbf1ddef92e54d78736cfa451931e7664ba5130063b94963dd85ce14e183bec51f8c33a85e116199212a88b |
C:\Windows\{F94291FE-B657-432c-8159-AAC33DDD501E}.exe
| MD5 | a25120adad0fbf02b217e74f315ff8fe |
| SHA1 | f0ea5ad2888c4b4d5f6d6a121e148b5e6da388b1 |
| SHA256 | 19bb956bf55904efc20c191ef7914ac7e52f17d69896432532eb0a92d1e9fc3b |
| SHA512 | 1dd4b046c2e55d269db88c8195c3de98bd4c8437bba623665ccc3ba40b19229f8c99fbc469f623d60a0f8cc68f24c0da526815b79403580dbf46b9f44de40acc |
C:\Windows\{E0F47025-E6BA-4d36-9C7B-70FD95B9B912}.exe
| MD5 | b0b36adedea9cd24c8cc204607b6bd25 |
| SHA1 | 80ab7514685d107b8d2444010d91af05b8a88eb3 |
| SHA256 | b45b36bdc844dab6ac79d38ef1e5173f78dbd9e6c5e81a3ac9958fca530e71a1 |
| SHA512 | 4d2a5b0bc6e1ce24bf011e3e1d3b784ef3517317574258ed8f2b90d9afa33ce7cac5420955d03e5a1ddae9b40b430301556098bc4794b02c94549a5ce381130b |
C:\Windows\{237ED862-B60B-46a2-A742-0FFE06B67861}.exe
| MD5 | 2438c121fad1801bd2971fa4c01ccc3d |
| SHA1 | d22d455b618f5a0130ac1780c260fb0a1c236235 |
| SHA256 | 9780af70f2538843fba5d6f03b25eb1556f5b07337829c69504a004c4a2184e9 |
| SHA512 | bafb443a2b08cc665dd2a3351a934b65e4d4a656f7c5fdee67346032afdbe95946ea911a008a550f23ec9f0fde57a0359ad40fd264ef729c9cd33c6737580630 |
C:\Windows\{FAE8E632-0485-406e-9849-E49210494B1E}.exe
| MD5 | cca3c3f0993e2143a45d30020b85a103 |
| SHA1 | 914617912e7dc70f67973d435319cd681281866d |
| SHA256 | f131e4ab9f0b288d90c0a761c413728df6e5a3a9bc84f215c9f16ddeca0dbf01 |
| SHA512 | 75e1b04aba611083706061d3093d5c764d5d02f9e19907acd15d66c337e0f6e59256203279208482df03af56b0f84f233cd4a3e0092ba21d01922bbbbb034f24 |
C:\Windows\{9C36FDB4-416B-4c4f-8259-5E4CE953B7C3}.exe
| MD5 | 4ea4f34111352841d7189f82758b7518 |
| SHA1 | c7e647f598b9e4089aaa30f9ea4b19fbf74a9a3a |
| SHA256 | 5760270864fccb8a833a7ff759e99888e8ac1776698eca23990e94caf97659d5 |
| SHA512 | 50856173bde070e928872e4676216e12adf44480ce71e99fd0bfc0bc4d0e2533cf608b7bd59ea972d66f93c612b961ef9fa7dd122050b4c4fdaabb1267560c31 |
C:\Windows\{46BA0AB5-4991-4a7f-83AF-C128CF1392BD}.exe
| MD5 | 40cb3e66b6ce3f9527f4644121c3b720 |
| SHA1 | aa1f54aeebd7f5073bc9ef58e4ddd1ef802e4f60 |
| SHA256 | 8d55bad02b17f7aa7ec3cc0614a6f1ff67d97b561da974bc20478a3c425c4974 |
| SHA512 | e3a2f4761b62590e3f484efd1e19fb2c7e1991016dd5ee7118c7ae80571529d6d551188b09617c4010ac40e409b8d6c058446ceb0a090af18614ec0514c8f029 |
C:\Windows\{11B590A3-BB8F-4ede-8A4D-562822A67EE9}.exe
| MD5 | 8594730746e040a31d48ef1afa462cc9 |
| SHA1 | 2107fd8ddda8b42d7888606a7327109c04a54144 |
| SHA256 | 97fdf06e38852d02360891e244b039855e9eaa48d69d8856abd661e194e84d0f |
| SHA512 | a8d5e09af37c51efb664ee4fb369315672b3ccc3a97af2b5b35b1e536d021d621974a4ace77bfc30ff03e2deda276dbf4b240927b0f84b927a0cc073624b9e24 |