Analysis Overview
SHA256
a165df81640d91fa0676d16d7c2e604afa1055dc5ae45dc6907bb79806be5bee
Threat Level: Known bad
The file 2024-06-13_50c172c6f6287f85183ca033525e3bd8_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:51
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:51
Reported
2024-06-13 02:54
Platform
win7-20240221-en
Max time kernel
144s
Max time network
122s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{817878BB-966C-4369-ABB2-4CCEC114C9C6}\stubpath = "C:\\Windows\\{817878BB-966C-4369-ABB2-4CCEC114C9C6}.exe" | C:\Windows\{D9DCEBAD-200A-49d2-8295-9AC2E41660D5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AE6E48FC-AE7C-4731-A316-20DE21DF2C91}\stubpath = "C:\\Windows\\{AE6E48FC-AE7C-4731-A316-20DE21DF2C91}.exe" | C:\Windows\{40BB1530-EA53-482e-B63E-594765E3390A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1E45B0C3-8C3E-4423-8D79-3669119EC76E} | C:\Windows\{09ACA319-E429-4a76-A9D4-DBBF23A5FC06}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C62F2553-5BF4-4b31-9444-DDF82792DD7E} | C:\Windows\{1E45B0C3-8C3E-4423-8D79-3669119EC76E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0AB3B16E-1D7C-4a3d-BFC7-C156B42B11C6} | C:\Windows\{53F569C1-F86A-4333-8D4A-2F40C686676F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D9DCEBAD-200A-49d2-8295-9AC2E41660D5}\stubpath = "C:\\Windows\\{D9DCEBAD-200A-49d2-8295-9AC2E41660D5}.exe" | C:\Windows\{0AB3B16E-1D7C-4a3d-BFC7-C156B42B11C6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{53F569C1-F86A-4333-8D4A-2F40C686676F}\stubpath = "C:\\Windows\\{53F569C1-F86A-4333-8D4A-2F40C686676F}.exe" | C:\Windows\{C62F2553-5BF4-4b31-9444-DDF82792DD7E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0AB3B16E-1D7C-4a3d-BFC7-C156B42B11C6}\stubpath = "C:\\Windows\\{0AB3B16E-1D7C-4a3d-BFC7-C156B42B11C6}.exe" | C:\Windows\{53F569C1-F86A-4333-8D4A-2F40C686676F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{817878BB-966C-4369-ABB2-4CCEC114C9C6} | C:\Windows\{D9DCEBAD-200A-49d2-8295-9AC2E41660D5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{59E6CBE0-9C82-4a3e-AB45-8BF0B9FED937}\stubpath = "C:\\Windows\\{59E6CBE0-9C82-4a3e-AB45-8BF0B9FED937}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_50c172c6f6287f85183ca033525e3bd8_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{40BB1530-EA53-482e-B63E-594765E3390A}\stubpath = "C:\\Windows\\{40BB1530-EA53-482e-B63E-594765E3390A}.exe" | C:\Windows\{2A0F94BD-1FE3-41a7-8328-8FFFA3BA77B0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{09ACA319-E429-4a76-A9D4-DBBF23A5FC06} | C:\Windows\{AE6E48FC-AE7C-4731-A316-20DE21DF2C91}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C62F2553-5BF4-4b31-9444-DDF82792DD7E}\stubpath = "C:\\Windows\\{C62F2553-5BF4-4b31-9444-DDF82792DD7E}.exe" | C:\Windows\{1E45B0C3-8C3E-4423-8D79-3669119EC76E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{53F569C1-F86A-4333-8D4A-2F40C686676F} | C:\Windows\{C62F2553-5BF4-4b31-9444-DDF82792DD7E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2A0F94BD-1FE3-41a7-8328-8FFFA3BA77B0}\stubpath = "C:\\Windows\\{2A0F94BD-1FE3-41a7-8328-8FFFA3BA77B0}.exe" | C:\Windows\{59E6CBE0-9C82-4a3e-AB45-8BF0B9FED937}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{40BB1530-EA53-482e-B63E-594765E3390A} | C:\Windows\{2A0F94BD-1FE3-41a7-8328-8FFFA3BA77B0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{09ACA319-E429-4a76-A9D4-DBBF23A5FC06}\stubpath = "C:\\Windows\\{09ACA319-E429-4a76-A9D4-DBBF23A5FC06}.exe" | C:\Windows\{AE6E48FC-AE7C-4731-A316-20DE21DF2C91}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1E45B0C3-8C3E-4423-8D79-3669119EC76E}\stubpath = "C:\\Windows\\{1E45B0C3-8C3E-4423-8D79-3669119EC76E}.exe" | C:\Windows\{09ACA319-E429-4a76-A9D4-DBBF23A5FC06}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{59E6CBE0-9C82-4a3e-AB45-8BF0B9FED937} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_50c172c6f6287f85183ca033525e3bd8_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2A0F94BD-1FE3-41a7-8328-8FFFA3BA77B0} | C:\Windows\{59E6CBE0-9C82-4a3e-AB45-8BF0B9FED937}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AE6E48FC-AE7C-4731-A316-20DE21DF2C91} | C:\Windows\{40BB1530-EA53-482e-B63E-594765E3390A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D9DCEBAD-200A-49d2-8295-9AC2E41660D5} | C:\Windows\{0AB3B16E-1D7C-4a3d-BFC7-C156B42B11C6}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{59E6CBE0-9C82-4a3e-AB45-8BF0B9FED937}.exe | N/A |
| N/A | N/A | C:\Windows\{2A0F94BD-1FE3-41a7-8328-8FFFA3BA77B0}.exe | N/A |
| N/A | N/A | C:\Windows\{40BB1530-EA53-482e-B63E-594765E3390A}.exe | N/A |
| N/A | N/A | C:\Windows\{AE6E48FC-AE7C-4731-A316-20DE21DF2C91}.exe | N/A |
| N/A | N/A | C:\Windows\{09ACA319-E429-4a76-A9D4-DBBF23A5FC06}.exe | N/A |
| N/A | N/A | C:\Windows\{1E45B0C3-8C3E-4423-8D79-3669119EC76E}.exe | N/A |
| N/A | N/A | C:\Windows\{C62F2553-5BF4-4b31-9444-DDF82792DD7E}.exe | N/A |
| N/A | N/A | C:\Windows\{53F569C1-F86A-4333-8D4A-2F40C686676F}.exe | N/A |
| N/A | N/A | C:\Windows\{0AB3B16E-1D7C-4a3d-BFC7-C156B42B11C6}.exe | N/A |
| N/A | N/A | C:\Windows\{D9DCEBAD-200A-49d2-8295-9AC2E41660D5}.exe | N/A |
| N/A | N/A | C:\Windows\{817878BB-966C-4369-ABB2-4CCEC114C9C6}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{40BB1530-EA53-482e-B63E-594765E3390A}.exe | C:\Windows\{2A0F94BD-1FE3-41a7-8328-8FFFA3BA77B0}.exe | N/A |
| File created | C:\Windows\{1E45B0C3-8C3E-4423-8D79-3669119EC76E}.exe | C:\Windows\{09ACA319-E429-4a76-A9D4-DBBF23A5FC06}.exe | N/A |
| File created | C:\Windows\{53F569C1-F86A-4333-8D4A-2F40C686676F}.exe | C:\Windows\{C62F2553-5BF4-4b31-9444-DDF82792DD7E}.exe | N/A |
| File created | C:\Windows\{D9DCEBAD-200A-49d2-8295-9AC2E41660D5}.exe | C:\Windows\{0AB3B16E-1D7C-4a3d-BFC7-C156B42B11C6}.exe | N/A |
| File created | C:\Windows\{817878BB-966C-4369-ABB2-4CCEC114C9C6}.exe | C:\Windows\{D9DCEBAD-200A-49d2-8295-9AC2E41660D5}.exe | N/A |
| File created | C:\Windows\{59E6CBE0-9C82-4a3e-AB45-8BF0B9FED937}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_50c172c6f6287f85183ca033525e3bd8_goldeneye.exe | N/A |
| File created | C:\Windows\{2A0F94BD-1FE3-41a7-8328-8FFFA3BA77B0}.exe | C:\Windows\{59E6CBE0-9C82-4a3e-AB45-8BF0B9FED937}.exe | N/A |
| File created | C:\Windows\{AE6E48FC-AE7C-4731-A316-20DE21DF2C91}.exe | C:\Windows\{40BB1530-EA53-482e-B63E-594765E3390A}.exe | N/A |
| File created | C:\Windows\{09ACA319-E429-4a76-A9D4-DBBF23A5FC06}.exe | C:\Windows\{AE6E48FC-AE7C-4731-A316-20DE21DF2C91}.exe | N/A |
| File created | C:\Windows\{C62F2553-5BF4-4b31-9444-DDF82792DD7E}.exe | C:\Windows\{1E45B0C3-8C3E-4423-8D79-3669119EC76E}.exe | N/A |
| File created | C:\Windows\{0AB3B16E-1D7C-4a3d-BFC7-C156B42B11C6}.exe | C:\Windows\{53F569C1-F86A-4333-8D4A-2F40C686676F}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_50c172c6f6287f85183ca033525e3bd8_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_50c172c6f6287f85183ca033525e3bd8_goldeneye.exe"
C:\Windows\{59E6CBE0-9C82-4a3e-AB45-8BF0B9FED937}.exe
C:\Windows\{59E6CBE0-9C82-4a3e-AB45-8BF0B9FED937}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{2A0F94BD-1FE3-41a7-8328-8FFFA3BA77B0}.exe
C:\Windows\{2A0F94BD-1FE3-41a7-8328-8FFFA3BA77B0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{59E6C~1.EXE > nul
C:\Windows\{40BB1530-EA53-482e-B63E-594765E3390A}.exe
C:\Windows\{40BB1530-EA53-482e-B63E-594765E3390A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2A0F9~1.EXE > nul
C:\Windows\{AE6E48FC-AE7C-4731-A316-20DE21DF2C91}.exe
C:\Windows\{AE6E48FC-AE7C-4731-A316-20DE21DF2C91}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{40BB1~1.EXE > nul
C:\Windows\{09ACA319-E429-4a76-A9D4-DBBF23A5FC06}.exe
C:\Windows\{09ACA319-E429-4a76-A9D4-DBBF23A5FC06}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{AE6E4~1.EXE > nul
C:\Windows\{1E45B0C3-8C3E-4423-8D79-3669119EC76E}.exe
C:\Windows\{1E45B0C3-8C3E-4423-8D79-3669119EC76E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{09ACA~1.EXE > nul
C:\Windows\{C62F2553-5BF4-4b31-9444-DDF82792DD7E}.exe
C:\Windows\{C62F2553-5BF4-4b31-9444-DDF82792DD7E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1E45B~1.EXE > nul
C:\Windows\{53F569C1-F86A-4333-8D4A-2F40C686676F}.exe
C:\Windows\{53F569C1-F86A-4333-8D4A-2F40C686676F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C62F2~1.EXE > nul
C:\Windows\{0AB3B16E-1D7C-4a3d-BFC7-C156B42B11C6}.exe
C:\Windows\{0AB3B16E-1D7C-4a3d-BFC7-C156B42B11C6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{53F56~1.EXE > nul
C:\Windows\{D9DCEBAD-200A-49d2-8295-9AC2E41660D5}.exe
C:\Windows\{D9DCEBAD-200A-49d2-8295-9AC2E41660D5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0AB3B~1.EXE > nul
C:\Windows\{817878BB-966C-4369-ABB2-4CCEC114C9C6}.exe
C:\Windows\{817878BB-966C-4369-ABB2-4CCEC114C9C6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D9DCE~1.EXE > nul
Network
Files
C:\Windows\{59E6CBE0-9C82-4a3e-AB45-8BF0B9FED937}.exe
| MD5 | ae47fd39e0f524895da97319b80587ac |
| SHA1 | 0033db7047bc88bdbbe8bc7af059dd084aa63de0 |
| SHA256 | 0a66691c7b8244f9d10db0d448fed9f960b04dea2f91735358cca6f5e2319f1f |
| SHA512 | 217ced15ab0543b3f2bfa4b591df74ce9d686966cc04048833c221f86c647d95127198bb42e5234712f8c51a4f51cc794da7f7301792008760ca2052652ee736 |
C:\Windows\{2A0F94BD-1FE3-41a7-8328-8FFFA3BA77B0}.exe
| MD5 | e9b4e42e9ffa52439529cb9736ded565 |
| SHA1 | d56f67306b06d4e8a5eb94718a921da8bd3901e1 |
| SHA256 | 2bb97e956d9d3f366f0d7d6e034a6d03a0aa35ff9fd535d2fd74eff856139028 |
| SHA512 | dc357b5b4840ba1fd4fc0eb79c0b93b770980289340192501c8e6a453df5216737d7f1c97911e6e5896d2427402afa7b4051f22a7fa5c69806c00b9702524323 |
C:\Windows\{40BB1530-EA53-482e-B63E-594765E3390A}.exe
| MD5 | 230b1e0d572eca2cac4686e3ad668ede |
| SHA1 | f75ff287e912990e17b50597d7aee10660669667 |
| SHA256 | fb87f438f5cab1d7df302820272bdf30fa83a0d46ef8c9deb6a1f357a5941771 |
| SHA512 | 2d313b39db72020e9639e0aa403e3bee0040d4e6b874e1eba626a437fd0ce16a83f0dcfbac183e986a2e684747562c9ab70d4307f63bf2bf83e76c9d96d29913 |
C:\Windows\{AE6E48FC-AE7C-4731-A316-20DE21DF2C91}.exe
| MD5 | 10318d868331c153afc3ad9ad75ce019 |
| SHA1 | 0bd18dc0de878dd2c2042d383cb44deb09b4edf3 |
| SHA256 | 262b6071d87b78168afa3623a91a53e86f6a1ee44b6b826d66273aa5ff56ac6b |
| SHA512 | eeb38cd2851b3a3e134c282a65c5c0de7a79d75bafe2c3c6cba641abefe9fe55b4521d661618ae3048d8d7e84ac7972f85ec8ee98fe0009a2cef22c3c46a2d53 |
C:\Windows\{09ACA319-E429-4a76-A9D4-DBBF23A5FC06}.exe
| MD5 | 96cc21f0343d9c4f983d0d37a6256e2f |
| SHA1 | 6a6c24e969e4f5a1e807cdaa88efc145489e9993 |
| SHA256 | b0324fe3896d6baf88ed4546deb43970e70680968b7ff50509858fd4b4412f84 |
| SHA512 | 530a12bd544d9f3195db75ce9f743a973e7d9de5853928f3b242a45caf1c858c545da6a70646505a00ab408b36f902865a65986d7c157c49607106e5b54da088 |
C:\Windows\{1E45B0C3-8C3E-4423-8D79-3669119EC76E}.exe
| MD5 | 627062d829ddb37a34b8818aa006c478 |
| SHA1 | 451f2e47ae915c40a9cf6dbbff4136703b0fe2db |
| SHA256 | c7da0bb704e161189f7f2369773557a9b815be4513eb5c3985d327f68eab1726 |
| SHA512 | 7c1a40593fbe5414aada9204c878c22d9046a3e007adfa3c7d55cbeb3b35d019d336ef410c693944db611886fdfe5068b6c5418d900ee62896d4d4ae040a9415 |
C:\Windows\{C62F2553-5BF4-4b31-9444-DDF82792DD7E}.exe
| MD5 | 4b7e0b0b7f4f5e45b1924e9221a96d9a |
| SHA1 | 226f37cd2b90834110a46e3b2450d7e0aa0a1a9b |
| SHA256 | b7588cf0ec394bfe53eaa4dd360fedfd6490769d677d899a6057ddec549d46d7 |
| SHA512 | e6963164c1b52597046612e9be7503d25209292d167b718c8636ad6698dd0a361314c27e9b5808f62be87716d2d101d83d7533bc4cf808e63cef9198390050ea |
C:\Windows\{53F569C1-F86A-4333-8D4A-2F40C686676F}.exe
| MD5 | e5178df96b38d059e2ad26451ed0aa0f |
| SHA1 | 6decfdfb1ec0642cac8f7528e9a6efde253dad07 |
| SHA256 | 55ecca47dbb34c581165d5a257823f6d2eda8c6ec9a542c22482ad6d2e79ced6 |
| SHA512 | e7da5fb0fe62525736aa68cfc07e29db84d75f8d715aafdc5197187ed0c57baf97c79ae02fe4a74d5ec4f45f64ecb0528ee8044fb1dbbd208eede2539007a046 |
C:\Windows\{0AB3B16E-1D7C-4a3d-BFC7-C156B42B11C6}.exe
| MD5 | 2725a46010d284ed99c6e7b50549b804 |
| SHA1 | 86f777348071a904fb7189a80dfe039e787e2147 |
| SHA256 | 8fa5baefa4e5b79df73c1c0400dbbab10ff50427f6abfb455bb4feff878f5458 |
| SHA512 | 085bb09a135e5615b9ff99e35c38f74135b039084b361e1f8ef68ab945bcb5543e34803710e297d9def7c884b0a8e7d2c2d0f2712a99112161b482c3f385f7e6 |
C:\Windows\{D9DCEBAD-200A-49d2-8295-9AC2E41660D5}.exe
| MD5 | 19cf994a5beea939d499563c317e24fe |
| SHA1 | 10b596eff1ed0ea2517e8fc1be9f80c7951cdcff |
| SHA256 | 16efe45fff092ca786eaae1179bb11ae2ff7ca2336ee95d39d31d3ef997414ff |
| SHA512 | 45274bed8bf1cd74b95e69816444c84f3823b60c1770a79301e20afd67c1bd01d725faa886d0abc6ecd7e936513f30f5304b4594387b39d59b51dd0b387eabe6 |
C:\Windows\{817878BB-966C-4369-ABB2-4CCEC114C9C6}.exe
| MD5 | b9fc9f60a3929548681fcacb721807f1 |
| SHA1 | 4cddc683dd374594becbb58b91f77c18ab5aad8d |
| SHA256 | df9e5ba9618b93fde82bbb7ebc917d61c44e62e85e4635f72bbf538e4bcda61a |
| SHA512 | ec34d81426c5c66421c91a9abb66e4db9d185cad5ded86dd221ed89fd7265b48211ba0e6b0c9406a65de191db631b53954ce9f93470444e95a5f0c89020625a7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 02:51
Reported
2024-06-13 02:54
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
125s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4F843788-F64B-44ad-B95B-6C670784A565} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_50c172c6f6287f85183ca033525e3bd8_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C5078ECA-D536-43c5-80B0-7E0DD231F52C}\stubpath = "C:\\Windows\\{C5078ECA-D536-43c5-80B0-7E0DD231F52C}.exe" | C:\Windows\{F1AF340E-DC64-481a-8A99-1BEB784648D1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{34B0EF9C-25C7-4368-8DF2-6A012490CAB5} | C:\Windows\{D3FD3DD8-321B-4a8b-816F-E68C5D1E05F8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4FC4B2F3-C43D-48eb-9332-E6E1384B348C} | C:\Windows\{34B0EF9C-25C7-4368-8DF2-6A012490CAB5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{771A53E0-C418-49bb-B824-D572D968ABDB} | C:\Windows\{4FC4B2F3-C43D-48eb-9332-E6E1384B348C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A718273E-E3E6-40e0-8A61-8B0BA487DABE} | C:\Windows\{779DB1F5-A4F5-477e-B22A-4BBDFD501BA8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A718273E-E3E6-40e0-8A61-8B0BA487DABE}\stubpath = "C:\\Windows\\{A718273E-E3E6-40e0-8A61-8B0BA487DABE}.exe" | C:\Windows\{779DB1F5-A4F5-477e-B22A-4BBDFD501BA8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{34B0EF9C-25C7-4368-8DF2-6A012490CAB5}\stubpath = "C:\\Windows\\{34B0EF9C-25C7-4368-8DF2-6A012490CAB5}.exe" | C:\Windows\{D3FD3DD8-321B-4a8b-816F-E68C5D1E05F8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4FC4B2F3-C43D-48eb-9332-E6E1384B348C}\stubpath = "C:\\Windows\\{4FC4B2F3-C43D-48eb-9332-E6E1384B348C}.exe" | C:\Windows\{34B0EF9C-25C7-4368-8DF2-6A012490CAB5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2BA82FB4-8392-4848-A949-93357B0D7EB7} | C:\Windows\{771A53E0-C418-49bb-B824-D572D968ABDB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2BA82FB4-8392-4848-A949-93357B0D7EB7}\stubpath = "C:\\Windows\\{2BA82FB4-8392-4848-A949-93357B0D7EB7}.exe" | C:\Windows\{771A53E0-C418-49bb-B824-D572D968ABDB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CA861259-F217-40a7-A2B8-0157213E5EAB}\stubpath = "C:\\Windows\\{CA861259-F217-40a7-A2B8-0157213E5EAB}.exe" | C:\Windows\{2BA82FB4-8392-4848-A949-93357B0D7EB7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{779DB1F5-A4F5-477e-B22A-4BBDFD501BA8} | C:\Windows\{CA861259-F217-40a7-A2B8-0157213E5EAB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4F843788-F64B-44ad-B95B-6C670784A565}\stubpath = "C:\\Windows\\{4F843788-F64B-44ad-B95B-6C670784A565}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_50c172c6f6287f85183ca033525e3bd8_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F1AF340E-DC64-481a-8A99-1BEB784648D1} | C:\Windows\{4F843788-F64B-44ad-B95B-6C670784A565}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F1AF340E-DC64-481a-8A99-1BEB784648D1}\stubpath = "C:\\Windows\\{F1AF340E-DC64-481a-8A99-1BEB784648D1}.exe" | C:\Windows\{4F843788-F64B-44ad-B95B-6C670784A565}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C5078ECA-D536-43c5-80B0-7E0DD231F52C} | C:\Windows\{F1AF340E-DC64-481a-8A99-1BEB784648D1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{771A53E0-C418-49bb-B824-D572D968ABDB}\stubpath = "C:\\Windows\\{771A53E0-C418-49bb-B824-D572D968ABDB}.exe" | C:\Windows\{4FC4B2F3-C43D-48eb-9332-E6E1384B348C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CA861259-F217-40a7-A2B8-0157213E5EAB} | C:\Windows\{2BA82FB4-8392-4848-A949-93357B0D7EB7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{779DB1F5-A4F5-477e-B22A-4BBDFD501BA8}\stubpath = "C:\\Windows\\{779DB1F5-A4F5-477e-B22A-4BBDFD501BA8}.exe" | C:\Windows\{CA861259-F217-40a7-A2B8-0157213E5EAB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A7F8CAB6-D8AC-4b5f-A101-74386E3F033C}\stubpath = "C:\\Windows\\{A7F8CAB6-D8AC-4b5f-A101-74386E3F033C}.exe" | C:\Windows\{A718273E-E3E6-40e0-8A61-8B0BA487DABE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D3FD3DD8-321B-4a8b-816F-E68C5D1E05F8} | C:\Windows\{C5078ECA-D536-43c5-80B0-7E0DD231F52C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D3FD3DD8-321B-4a8b-816F-E68C5D1E05F8}\stubpath = "C:\\Windows\\{D3FD3DD8-321B-4a8b-816F-E68C5D1E05F8}.exe" | C:\Windows\{C5078ECA-D536-43c5-80B0-7E0DD231F52C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A7F8CAB6-D8AC-4b5f-A101-74386E3F033C} | C:\Windows\{A718273E-E3E6-40e0-8A61-8B0BA487DABE}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{4F843788-F64B-44ad-B95B-6C670784A565}.exe | N/A |
| N/A | N/A | C:\Windows\{F1AF340E-DC64-481a-8A99-1BEB784648D1}.exe | N/A |
| N/A | N/A | C:\Windows\{C5078ECA-D536-43c5-80B0-7E0DD231F52C}.exe | N/A |
| N/A | N/A | C:\Windows\{D3FD3DD8-321B-4a8b-816F-E68C5D1E05F8}.exe | N/A |
| N/A | N/A | C:\Windows\{34B0EF9C-25C7-4368-8DF2-6A012490CAB5}.exe | N/A |
| N/A | N/A | C:\Windows\{4FC4B2F3-C43D-48eb-9332-E6E1384B348C}.exe | N/A |
| N/A | N/A | C:\Windows\{771A53E0-C418-49bb-B824-D572D968ABDB}.exe | N/A |
| N/A | N/A | C:\Windows\{2BA82FB4-8392-4848-A949-93357B0D7EB7}.exe | N/A |
| N/A | N/A | C:\Windows\{CA861259-F217-40a7-A2B8-0157213E5EAB}.exe | N/A |
| N/A | N/A | C:\Windows\{779DB1F5-A4F5-477e-B22A-4BBDFD501BA8}.exe | N/A |
| N/A | N/A | C:\Windows\{A718273E-E3E6-40e0-8A61-8B0BA487DABE}.exe | N/A |
| N/A | N/A | C:\Windows\{A7F8CAB6-D8AC-4b5f-A101-74386E3F033C}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{A7F8CAB6-D8AC-4b5f-A101-74386E3F033C}.exe | C:\Windows\{A718273E-E3E6-40e0-8A61-8B0BA487DABE}.exe | N/A |
| File created | C:\Windows\{4F843788-F64B-44ad-B95B-6C670784A565}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_50c172c6f6287f85183ca033525e3bd8_goldeneye.exe | N/A |
| File created | C:\Windows\{F1AF340E-DC64-481a-8A99-1BEB784648D1}.exe | C:\Windows\{4F843788-F64B-44ad-B95B-6C670784A565}.exe | N/A |
| File created | C:\Windows\{D3FD3DD8-321B-4a8b-816F-E68C5D1E05F8}.exe | C:\Windows\{C5078ECA-D536-43c5-80B0-7E0DD231F52C}.exe | N/A |
| File created | C:\Windows\{34B0EF9C-25C7-4368-8DF2-6A012490CAB5}.exe | C:\Windows\{D3FD3DD8-321B-4a8b-816F-E68C5D1E05F8}.exe | N/A |
| File created | C:\Windows\{4FC4B2F3-C43D-48eb-9332-E6E1384B348C}.exe | C:\Windows\{34B0EF9C-25C7-4368-8DF2-6A012490CAB5}.exe | N/A |
| File created | C:\Windows\{2BA82FB4-8392-4848-A949-93357B0D7EB7}.exe | C:\Windows\{771A53E0-C418-49bb-B824-D572D968ABDB}.exe | N/A |
| File created | C:\Windows\{CA861259-F217-40a7-A2B8-0157213E5EAB}.exe | C:\Windows\{2BA82FB4-8392-4848-A949-93357B0D7EB7}.exe | N/A |
| File created | C:\Windows\{C5078ECA-D536-43c5-80B0-7E0DD231F52C}.exe | C:\Windows\{F1AF340E-DC64-481a-8A99-1BEB784648D1}.exe | N/A |
| File created | C:\Windows\{771A53E0-C418-49bb-B824-D572D968ABDB}.exe | C:\Windows\{4FC4B2F3-C43D-48eb-9332-E6E1384B348C}.exe | N/A |
| File created | C:\Windows\{779DB1F5-A4F5-477e-B22A-4BBDFD501BA8}.exe | C:\Windows\{CA861259-F217-40a7-A2B8-0157213E5EAB}.exe | N/A |
| File created | C:\Windows\{A718273E-E3E6-40e0-8A61-8B0BA487DABE}.exe | C:\Windows\{779DB1F5-A4F5-477e-B22A-4BBDFD501BA8}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_50c172c6f6287f85183ca033525e3bd8_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_50c172c6f6287f85183ca033525e3bd8_goldeneye.exe"
C:\Windows\{4F843788-F64B-44ad-B95B-6C670784A565}.exe
C:\Windows\{4F843788-F64B-44ad-B95B-6C670784A565}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{F1AF340E-DC64-481a-8A99-1BEB784648D1}.exe
C:\Windows\{F1AF340E-DC64-481a-8A99-1BEB784648D1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4F843~1.EXE > nul
C:\Windows\{C5078ECA-D536-43c5-80B0-7E0DD231F52C}.exe
C:\Windows\{C5078ECA-D536-43c5-80B0-7E0DD231F52C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F1AF3~1.EXE > nul
C:\Windows\{D3FD3DD8-321B-4a8b-816F-E68C5D1E05F8}.exe
C:\Windows\{D3FD3DD8-321B-4a8b-816F-E68C5D1E05F8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C5078~1.EXE > nul
C:\Windows\{34B0EF9C-25C7-4368-8DF2-6A012490CAB5}.exe
C:\Windows\{34B0EF9C-25C7-4368-8DF2-6A012490CAB5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D3FD3~1.EXE > nul
C:\Windows\{4FC4B2F3-C43D-48eb-9332-E6E1384B348C}.exe
C:\Windows\{4FC4B2F3-C43D-48eb-9332-E6E1384B348C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{34B0E~1.EXE > nul
C:\Windows\{771A53E0-C418-49bb-B824-D572D968ABDB}.exe
C:\Windows\{771A53E0-C418-49bb-B824-D572D968ABDB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4FC4B~1.EXE > nul
C:\Windows\{2BA82FB4-8392-4848-A949-93357B0D7EB7}.exe
C:\Windows\{2BA82FB4-8392-4848-A949-93357B0D7EB7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{771A5~1.EXE > nul
C:\Windows\{CA861259-F217-40a7-A2B8-0157213E5EAB}.exe
C:\Windows\{CA861259-F217-40a7-A2B8-0157213E5EAB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2BA82~1.EXE > nul
C:\Windows\{779DB1F5-A4F5-477e-B22A-4BBDFD501BA8}.exe
C:\Windows\{779DB1F5-A4F5-477e-B22A-4BBDFD501BA8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CA861~1.EXE > nul
C:\Windows\{A718273E-E3E6-40e0-8A61-8B0BA487DABE}.exe
C:\Windows\{A718273E-E3E6-40e0-8A61-8B0BA487DABE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{779DB~1.EXE > nul
C:\Windows\{A7F8CAB6-D8AC-4b5f-A101-74386E3F033C}.exe
C:\Windows\{A7F8CAB6-D8AC-4b5f-A101-74386E3F033C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A7182~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
C:\Windows\{4F843788-F64B-44ad-B95B-6C670784A565}.exe
| MD5 | b89657c7e702ef4d7a6cea1bec1169e8 |
| SHA1 | c23a69964dce154d4042635ebd08e446fa97dc99 |
| SHA256 | e69775230e12152805a9bcff09e72dd9d4954931791ad3f8455d5f6c72c73eb3 |
| SHA512 | c70a839cc31e26615c3569348eaa12b25d40800514c1726b27a6f7f98f77c2f57f7bd04879e20ca296c7b4885972f945886a03e937c9547582a4d241d9279573 |
C:\Windows\{F1AF340E-DC64-481a-8A99-1BEB784648D1}.exe
| MD5 | 6db088a1e022df4c408a08db8f23ff64 |
| SHA1 | 156ff8abe6a8f7b0b7518cb08641fd7daf81b670 |
| SHA256 | 3f7d2df4413f5df0cbd97eb2b84059a524e1d9f67bd6c66963d7d43fee6a4547 |
| SHA512 | 28191ef13b47c1507525155f0e0b734b9ac85529ca94c81b6865b72447486ce1a9aeb5de730fa3d1870e1d5844a0b5c727b0a2004bcaea045eabe2dcebbdb9d6 |
C:\Windows\{C5078ECA-D536-43c5-80B0-7E0DD231F52C}.exe
| MD5 | 44a90b37638cb4171d3b0a74a77162c3 |
| SHA1 | 310cc9eccfebda6570c2b03256914dcd9b9d6b6a |
| SHA256 | 5c5fc3feeda89b0e975e940128a571369b5d5f12d3a37343e9aee1e9fc2d5093 |
| SHA512 | a99f00afedcfa7921faf81ad96d398347e41a1325697576d249ec166bf6b80457aebfe2a7344226ea28aef6683ea9e262cd31e0655087294b09ecb33f213bdfc |
C:\Windows\{D3FD3DD8-321B-4a8b-816F-E68C5D1E05F8}.exe
| MD5 | c9ada1c51fd7eba11c33494abfbac023 |
| SHA1 | 4788d3da0342b2e356af53ebf1f38e29dd072fb4 |
| SHA256 | a84ca2fdb34453453429664f80a1712ff5a606d9dbd4b9937e2c3fa3ca0da339 |
| SHA512 | 4399c1da324311a17d071f182ceeea994f6e3f0f8ef92cacd25a915a8a38bd1f97942fb60f0d45868fa44ed67c0b2d4466f311c11d12970eacb62083812dc364 |
C:\Windows\{34B0EF9C-25C7-4368-8DF2-6A012490CAB5}.exe
| MD5 | 06d32f774cb84196adbc72eff1f35b3f |
| SHA1 | cd0ab5ebde66b86579772de54b439051355070be |
| SHA256 | 82c85e703eee45f47809aa4c075183c7de1669744e9cb86a50dce7b72aa11fdf |
| SHA512 | 1faccd294f44e6cd629854cd8145d2c65dcb85bbeb708d9417082605b92dde89fbb66b58f59b98f4fe1d9fd7c0477b927c6ab6acd71cd65ba7a2fb8958ff1ad0 |
C:\Windows\{4FC4B2F3-C43D-48eb-9332-E6E1384B348C}.exe
| MD5 | 44f71f161c4e940ff3260d6198a2ab81 |
| SHA1 | 3373ca01be9a271887e1b6a487ebfeea64a4cf3c |
| SHA256 | dc848bb1146e07ee7b0785354ed269dab541802d0c53ea6c2bfee6809775ae2d |
| SHA512 | 0bc79a3f76aa3eb3ff75b44dc4ccc85aad3998d7b274bfde7ecb5678ce6308bfc444705e87811bc4d1ab8cfcb7c51dc0a9292cbbd46d8c6fb48335784150758f |
C:\Windows\{771A53E0-C418-49bb-B824-D572D968ABDB}.exe
| MD5 | 652d19dde2855a10bee674ef1677ac02 |
| SHA1 | ea945fab2b6fcfd3358bcd364e27de3bda452d00 |
| SHA256 | 6ae55cc754cdb46a5a482c01507fd5ac391646e339c49811dd948d9301ec4322 |
| SHA512 | e773d84f42ccf2473918d28675b779faa1dbe65da3da1a46129f16531d0774364bca8f13b002f1197f0696f732a04314e6085258605fe96e6aa70efcafd8ee7c |
C:\Windows\{2BA82FB4-8392-4848-A949-93357B0D7EB7}.exe
| MD5 | 21befc1bafdc474d1ccdc5b1954c0d3b |
| SHA1 | b839e4bda4f42963df81e03e81521e9414c79b5a |
| SHA256 | 8f2937100e3262a8e0e279db16d054bee2251b2e40aac91df7dbe4edbada6305 |
| SHA512 | 3a6f61c53798f32e33e54a2b8575930d93821454ced14f965df903e6f344ebc2637e1185f5c8c3495e42cf6d379c8103b24902f3a564fd5f5fd3f00c157d438d |
C:\Windows\{CA861259-F217-40a7-A2B8-0157213E5EAB}.exe
| MD5 | 8aef2c3b5c4c217a40ec4d7df533622d |
| SHA1 | b832540f2b158c4c13ddd069f345d3b2193a5244 |
| SHA256 | d50223332e6450d3707cecade2b9be4af602394c1078f9b449ad2317fde7a367 |
| SHA512 | d2ff4f5dd5cb646108f05baa682aaa271f1705b080ccc8e148b07a01e1fb4da3d5a6fc04e8f4df03bdc70b0bd720f3f80039d60b1eee7ee0eaed219a5acd2c6b |
C:\Windows\{779DB1F5-A4F5-477e-B22A-4BBDFD501BA8}.exe
| MD5 | 7a1e886f5340e214e0905a0e15ce7b22 |
| SHA1 | 3dec64c294ac0506f404a6a81b3a8b50080bad68 |
| SHA256 | 63679f8e68e6b2a1ce7902dbb7c9f2779f225c424641f0d3f8363254cd0e40c5 |
| SHA512 | 3c2796aad4b9521c4527484e1b2de199bf5e6ec4285e7b7bfe6e5989760fa0d9bc3c4d855f85b501efe8ae4797d00a5f4b13d65a5e371e25e612c377f399f007 |
C:\Windows\{A718273E-E3E6-40e0-8A61-8B0BA487DABE}.exe
| MD5 | 3f22fb8492a9e69014feb5ac8bad3aba |
| SHA1 | 572b728ddf9ad05a818fe90fd139b2589f39c873 |
| SHA256 | 5a3e75e0c9df5f67de888065d61005c1b5c3f3cf2c63eb21182c3a7a31fa0a99 |
| SHA512 | 38fb19239de8af719ed3ad4549f1f07a5d1a3183d977a9b11943aeaf715bbf0277252940c151d5aac7d9bd9a1c71020ee56fadd6052749ae9dec5a848438098a |
C:\Windows\{A7F8CAB6-D8AC-4b5f-A101-74386E3F033C}.exe
| MD5 | b4de64a21004a3388d1f6b02a2939cf1 |
| SHA1 | c1089455c38b20a1bd9aa4e0dddbe11ebffa5818 |
| SHA256 | b61e65584be9e2b55b1b68700626c6b7d86f269345009b8fbedac0041a5c1fea |
| SHA512 | 48c20e18d38a540fd127de5dee2512b89175f707883222eec7ae13c7050bfd256bacb2b6d173f5f9f75a509c281bd7539f70dafc25eaf83eacb17497a18cf5af |