Analysis Overview
SHA256
a8177f1a02ae27411c3159ad5289da8b29017045f942d5311f915d3f4db22dd6
Threat Level: Known bad
The file 2024-06-13_7301feddda6b25fa3a7b33330cbcf8a5_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:53
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:53
Reported
2024-06-13 02:56
Platform
win7-20240611-en
Max time kernel
144s
Max time network
121s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4146CD63-A845-48bb-94E8-46F23B4C1B00}\stubpath = "C:\\Windows\\{4146CD63-A845-48bb-94E8-46F23B4C1B00}.exe" | C:\Windows\{E018DAAC-59BA-4949-825E-FDD20F8D3471}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{007DDBD6-9988-46e1-8AAA-B66F4433442E} | C:\Windows\{4146CD63-A845-48bb-94E8-46F23B4C1B00}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E46322FF-AECA-4833-9C9A-59B270BF2CD9} | C:\Windows\{6ABFBEF5-4EF0-44c3-901F-19A3BE366DDC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F90C77FB-8F73-426e-A96D-4CD2AABC4ACF} | C:\Windows\{FB7C568B-3ECD-446e-B7FB-F8CE9F37951E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7961BFF7-4303-47ba-B75A-A6A0F2B39CE4} | C:\Windows\{F90C77FB-8F73-426e-A96D-4CD2AABC4ACF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E018DAAC-59BA-4949-825E-FDD20F8D3471} | C:\Windows\{7961BFF7-4303-47ba-B75A-A6A0F2B39CE4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FB7C568B-3ECD-446e-B7FB-F8CE9F37951E}\stubpath = "C:\\Windows\\{FB7C568B-3ECD-446e-B7FB-F8CE9F37951E}.exe" | C:\Windows\{0A25C888-D129-4792-9A56-53C11A3732C3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7961BFF7-4303-47ba-B75A-A6A0F2B39CE4}\stubpath = "C:\\Windows\\{7961BFF7-4303-47ba-B75A-A6A0F2B39CE4}.exe" | C:\Windows\{F90C77FB-8F73-426e-A96D-4CD2AABC4ACF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E018DAAC-59BA-4949-825E-FDD20F8D3471}\stubpath = "C:\\Windows\\{E018DAAC-59BA-4949-825E-FDD20F8D3471}.exe" | C:\Windows\{7961BFF7-4303-47ba-B75A-A6A0F2B39CE4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{906F201D-0C39-4d31-A74E-F84956A77A1D} | C:\Windows\{46278B0F-4043-47fb-A50E-1FCED2060369}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0A25C888-D129-4792-9A56-53C11A3732C3} | C:\Windows\{906F201D-0C39-4d31-A74E-F84956A77A1D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FB7C568B-3ECD-446e-B7FB-F8CE9F37951E} | C:\Windows\{0A25C888-D129-4792-9A56-53C11A3732C3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E46322FF-AECA-4833-9C9A-59B270BF2CD9}\stubpath = "C:\\Windows\\{E46322FF-AECA-4833-9C9A-59B270BF2CD9}.exe" | C:\Windows\{6ABFBEF5-4EF0-44c3-901F-19A3BE366DDC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0A25C888-D129-4792-9A56-53C11A3732C3}\stubpath = "C:\\Windows\\{0A25C888-D129-4792-9A56-53C11A3732C3}.exe" | C:\Windows\{906F201D-0C39-4d31-A74E-F84956A77A1D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F90C77FB-8F73-426e-A96D-4CD2AABC4ACF}\stubpath = "C:\\Windows\\{F90C77FB-8F73-426e-A96D-4CD2AABC4ACF}.exe" | C:\Windows\{FB7C568B-3ECD-446e-B7FB-F8CE9F37951E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6ABFBEF5-4EF0-44c3-901F-19A3BE366DDC} | C:\Windows\{007DDBD6-9988-46e1-8AAA-B66F4433442E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4146CD63-A845-48bb-94E8-46F23B4C1B00} | C:\Windows\{E018DAAC-59BA-4949-825E-FDD20F8D3471}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{007DDBD6-9988-46e1-8AAA-B66F4433442E}\stubpath = "C:\\Windows\\{007DDBD6-9988-46e1-8AAA-B66F4433442E}.exe" | C:\Windows\{4146CD63-A845-48bb-94E8-46F23B4C1B00}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6ABFBEF5-4EF0-44c3-901F-19A3BE366DDC}\stubpath = "C:\\Windows\\{6ABFBEF5-4EF0-44c3-901F-19A3BE366DDC}.exe" | C:\Windows\{007DDBD6-9988-46e1-8AAA-B66F4433442E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{46278B0F-4043-47fb-A50E-1FCED2060369} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_7301feddda6b25fa3a7b33330cbcf8a5_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{46278B0F-4043-47fb-A50E-1FCED2060369}\stubpath = "C:\\Windows\\{46278B0F-4043-47fb-A50E-1FCED2060369}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_7301feddda6b25fa3a7b33330cbcf8a5_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{906F201D-0C39-4d31-A74E-F84956A77A1D}\stubpath = "C:\\Windows\\{906F201D-0C39-4d31-A74E-F84956A77A1D}.exe" | C:\Windows\{46278B0F-4043-47fb-A50E-1FCED2060369}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{46278B0F-4043-47fb-A50E-1FCED2060369}.exe | N/A |
| N/A | N/A | C:\Windows\{906F201D-0C39-4d31-A74E-F84956A77A1D}.exe | N/A |
| N/A | N/A | C:\Windows\{0A25C888-D129-4792-9A56-53C11A3732C3}.exe | N/A |
| N/A | N/A | C:\Windows\{FB7C568B-3ECD-446e-B7FB-F8CE9F37951E}.exe | N/A |
| N/A | N/A | C:\Windows\{F90C77FB-8F73-426e-A96D-4CD2AABC4ACF}.exe | N/A |
| N/A | N/A | C:\Windows\{7961BFF7-4303-47ba-B75A-A6A0F2B39CE4}.exe | N/A |
| N/A | N/A | C:\Windows\{E018DAAC-59BA-4949-825E-FDD20F8D3471}.exe | N/A |
| N/A | N/A | C:\Windows\{4146CD63-A845-48bb-94E8-46F23B4C1B00}.exe | N/A |
| N/A | N/A | C:\Windows\{007DDBD6-9988-46e1-8AAA-B66F4433442E}.exe | N/A |
| N/A | N/A | C:\Windows\{6ABFBEF5-4EF0-44c3-901F-19A3BE366DDC}.exe | N/A |
| N/A | N/A | C:\Windows\{E46322FF-AECA-4833-9C9A-59B270BF2CD9}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{46278B0F-4043-47fb-A50E-1FCED2060369}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_7301feddda6b25fa3a7b33330cbcf8a5_goldeneye.exe | N/A |
| File created | C:\Windows\{FB7C568B-3ECD-446e-B7FB-F8CE9F37951E}.exe | C:\Windows\{0A25C888-D129-4792-9A56-53C11A3732C3}.exe | N/A |
| File created | C:\Windows\{F90C77FB-8F73-426e-A96D-4CD2AABC4ACF}.exe | C:\Windows\{FB7C568B-3ECD-446e-B7FB-F8CE9F37951E}.exe | N/A |
| File created | C:\Windows\{4146CD63-A845-48bb-94E8-46F23B4C1B00}.exe | C:\Windows\{E018DAAC-59BA-4949-825E-FDD20F8D3471}.exe | N/A |
| File created | C:\Windows\{007DDBD6-9988-46e1-8AAA-B66F4433442E}.exe | C:\Windows\{4146CD63-A845-48bb-94E8-46F23B4C1B00}.exe | N/A |
| File created | C:\Windows\{906F201D-0C39-4d31-A74E-F84956A77A1D}.exe | C:\Windows\{46278B0F-4043-47fb-A50E-1FCED2060369}.exe | N/A |
| File created | C:\Windows\{0A25C888-D129-4792-9A56-53C11A3732C3}.exe | C:\Windows\{906F201D-0C39-4d31-A74E-F84956A77A1D}.exe | N/A |
| File created | C:\Windows\{7961BFF7-4303-47ba-B75A-A6A0F2B39CE4}.exe | C:\Windows\{F90C77FB-8F73-426e-A96D-4CD2AABC4ACF}.exe | N/A |
| File created | C:\Windows\{E018DAAC-59BA-4949-825E-FDD20F8D3471}.exe | C:\Windows\{7961BFF7-4303-47ba-B75A-A6A0F2B39CE4}.exe | N/A |
| File created | C:\Windows\{6ABFBEF5-4EF0-44c3-901F-19A3BE366DDC}.exe | C:\Windows\{007DDBD6-9988-46e1-8AAA-B66F4433442E}.exe | N/A |
| File created | C:\Windows\{E46322FF-AECA-4833-9C9A-59B270BF2CD9}.exe | C:\Windows\{6ABFBEF5-4EF0-44c3-901F-19A3BE366DDC}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_7301feddda6b25fa3a7b33330cbcf8a5_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_7301feddda6b25fa3a7b33330cbcf8a5_goldeneye.exe"
C:\Windows\{46278B0F-4043-47fb-A50E-1FCED2060369}.exe
C:\Windows\{46278B0F-4043-47fb-A50E-1FCED2060369}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{906F201D-0C39-4d31-A74E-F84956A77A1D}.exe
C:\Windows\{906F201D-0C39-4d31-A74E-F84956A77A1D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{46278~1.EXE > nul
C:\Windows\{0A25C888-D129-4792-9A56-53C11A3732C3}.exe
C:\Windows\{0A25C888-D129-4792-9A56-53C11A3732C3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{906F2~1.EXE > nul
C:\Windows\{FB7C568B-3ECD-446e-B7FB-F8CE9F37951E}.exe
C:\Windows\{FB7C568B-3ECD-446e-B7FB-F8CE9F37951E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0A25C~1.EXE > nul
C:\Windows\{F90C77FB-8F73-426e-A96D-4CD2AABC4ACF}.exe
C:\Windows\{F90C77FB-8F73-426e-A96D-4CD2AABC4ACF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FB7C5~1.EXE > nul
C:\Windows\{7961BFF7-4303-47ba-B75A-A6A0F2B39CE4}.exe
C:\Windows\{7961BFF7-4303-47ba-B75A-A6A0F2B39CE4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F90C7~1.EXE > nul
C:\Windows\{E018DAAC-59BA-4949-825E-FDD20F8D3471}.exe
C:\Windows\{E018DAAC-59BA-4949-825E-FDD20F8D3471}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7961B~1.EXE > nul
C:\Windows\{4146CD63-A845-48bb-94E8-46F23B4C1B00}.exe
C:\Windows\{4146CD63-A845-48bb-94E8-46F23B4C1B00}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E018D~1.EXE > nul
C:\Windows\{007DDBD6-9988-46e1-8AAA-B66F4433442E}.exe
C:\Windows\{007DDBD6-9988-46e1-8AAA-B66F4433442E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4146C~1.EXE > nul
C:\Windows\{6ABFBEF5-4EF0-44c3-901F-19A3BE366DDC}.exe
C:\Windows\{6ABFBEF5-4EF0-44c3-901F-19A3BE366DDC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{007DD~1.EXE > nul
C:\Windows\{E46322FF-AECA-4833-9C9A-59B270BF2CD9}.exe
C:\Windows\{E46322FF-AECA-4833-9C9A-59B270BF2CD9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6ABFB~1.EXE > nul
Network
Files
C:\Windows\{46278B0F-4043-47fb-A50E-1FCED2060369}.exe
| MD5 | 55aaaba87a62f2f3f6459960d8e1d1d4 |
| SHA1 | e1907a9168fe31641f7291edbd38fc777c4ca95b |
| SHA256 | 2e32f27df0e0c74a759f9784752d0a3d084ab1805d9dd6353ef697af90d7af19 |
| SHA512 | 5ad8bfe2894338cc884fc00457bfa02c34dea98a1c934f1b1097827cdd5d3fb25294aac3108622937c824c318cacf3f464e20748a5325d59f8ae20325eac1124 |
C:\Windows\{906F201D-0C39-4d31-A74E-F84956A77A1D}.exe
| MD5 | def3018e209126e15b1c740077b487b9 |
| SHA1 | d811aa7e484115f0b2babff355b11b52e58a2ad7 |
| SHA256 | 533b506cec1b392724d8fc09dad4e3fb19b58022185c38b54f48123ee9c69b26 |
| SHA512 | e13c5e75f47ae9d4220482a373b204457ca5b69b8d8891d3562f48beb179fd0c01fb3f2daf975548ea967d7ea207bcefce34a1191ffd1cda09eeae572aae9046 |
C:\Windows\{0A25C888-D129-4792-9A56-53C11A3732C3}.exe
| MD5 | 297f6583a5fced8be664100c42bc2d67 |
| SHA1 | bcc789cfc9b56fbf00056aa094afa8e21d7d5aeb |
| SHA256 | 3fbd275283109adad4941e19828b71b256e80c0c92a1993d91a21470f92cde44 |
| SHA512 | 88912286bf5b64f792bb36399c57ba57bdea12a60c5322dc63c7e02a9249404a0bfa2289100fabdc7c68c0dde85f1e575fc30e9c85d25c6b646444deb6415bbe |
C:\Windows\{FB7C568B-3ECD-446e-B7FB-F8CE9F37951E}.exe
| MD5 | a9550d59ed1abe686f4462fb89ac90c8 |
| SHA1 | b5121504b2508612e16960c61d581fd6619b666b |
| SHA256 | 91736213f7d7b6fe7be8a9a0441ee881e2d1618e7786ef755aed589012474d3d |
| SHA512 | 98224248879f78c264fc07601969a8c63cd337e475098436929451ec9de2e2a347c03fed160ce779072892e88b44a49e6428badb7061c34560a9f23e421e94c0 |
C:\Windows\{F90C77FB-8F73-426e-A96D-4CD2AABC4ACF}.exe
| MD5 | 94cc08fa8199f447355a32121a4dcbff |
| SHA1 | 95c7b2c2192ab2dab8ac86b651aa9d2219edc42b |
| SHA256 | 65f7ce1a48d3f44bc9c931c02c7d0dfccf7ff044b8baf4c6d98e4f62e416baaf |
| SHA512 | c27286938ec5b54946b82976d6ffc07343ceaa2c88339e48c6e29bfb22ab2a98112ae1b7b17b5a5b6db5f63b8d3d82648d018ba636012040f95d4858471bf6d7 |
C:\Windows\{7961BFF7-4303-47ba-B75A-A6A0F2B39CE4}.exe
| MD5 | ea8d4bf158e86f0fb50513540219db52 |
| SHA1 | 55dadf6838ec51bd0589d20d703a3603843594df |
| SHA256 | a2c5aa845591326ec1d2faa677d0343c54c97afc8544eeca4a85c26b4e164007 |
| SHA512 | c26da445bfaacc58e5783f36268910df6ce86d591395a6a06e7da94cb07b0539d9ab717236c4a4737a6e2e3b568387483e8dbf93a2175388f30d4674a47d56b5 |
C:\Windows\{E018DAAC-59BA-4949-825E-FDD20F8D3471}.exe
| MD5 | bd5cabe38e079f5a82d333c0d9b7c4ba |
| SHA1 | 1bfb607e0c97fafdd8584481d7d8e1ceb51db9b5 |
| SHA256 | adc4c05e5efd574d2880e636c612bc332b987a7aeb7091e16f408bcfeb46ed7c |
| SHA512 | 05640df943f7966153e74819d9c07bb479e3246d34b7685a956ef39bb8d8c26a9b737758d9f92e165626b1dc8c8c232819f740e0af7e7c8ab579d742c08fc112 |
C:\Windows\{4146CD63-A845-48bb-94E8-46F23B4C1B00}.exe
| MD5 | 982764a00e3260a199ccbe8cd32b58eb |
| SHA1 | b7784096af12f8cc9e7dfaa1ca5ab52fbea39533 |
| SHA256 | 2a8035ec7a7f048da96ed2d3c88f2be9f6d9e4d206b7c107b9f88e7a76c46442 |
| SHA512 | 71d736bc7e6e9b9bac3dcf854db59673540aeeda4d2090bc8b92dd10ebc1bea9bd6baddbb8eeda291d2078ad0d8a5e13c6db1689af0ca060937066a4a904677c |
C:\Windows\{007DDBD6-9988-46e1-8AAA-B66F4433442E}.exe
| MD5 | a92d37bb2767f36006d3805b07d641fd |
| SHA1 | 687712868c531210174efc24e4f403f8c122132d |
| SHA256 | 3fa619535f34c28837e40db0fa653872974f8659c45c5e02654b104f6944a86c |
| SHA512 | be94cdde076b27f66441a4d08558cb4e010e46537c31427b0784e228c6b6a4eb03507e10ea92ed7f3134e9b5248db39be7efb6f9b4b407cb4eb9fe599d23faa3 |
C:\Windows\{6ABFBEF5-4EF0-44c3-901F-19A3BE366DDC}.exe
| MD5 | 0169cf074fd10b5ac0fcad1dab8905f8 |
| SHA1 | d24a0370986a4a09cd6be372dcf95f33db5814a6 |
| SHA256 | 02ec44738f286c2c33e9a997f1c2beda95b1ab03ab7150d0abd59ffd43d86173 |
| SHA512 | b778a67b170acaf3f8d03c990c28a921433421c5a7d90d89d1e9a2bfa08a561121ce8e086699bdfef315da457dcf5dae166a8c9bb05ea741da58c788cfa26264 |
C:\Windows\{E46322FF-AECA-4833-9C9A-59B270BF2CD9}.exe
| MD5 | afabff026ddc63bc812d505dc58ed98e |
| SHA1 | b52d6c0ac7645740536c7e4c958adfcbbe7d55d4 |
| SHA256 | 3d6f3296fb632f6a44990e6fc98579ba039d93daa541cb3e72b43bb2642ee658 |
| SHA512 | 83ef68c6b1a5c4f0a19a6a75c77194940a8dd6fb6e936a5a5baeb8dda3888aec315ed8d1861303179dc1e940af0198f81ee3255cd238fa49a9b52e3209304711 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 02:53
Reported
2024-06-13 02:56
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
148s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C85AB625-E491-462d-8270-736D06A74AED} | C:\Windows\{745A7151-D33A-42d6-8100-84C40E16808C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3A6A4427-3EE7-44ba-8A45-7056AE3814BE} | C:\Windows\{B54D74C3-F42C-43b4-A0D4-720E7D846D5B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A5BAC9A3-FD65-442b-83B0-69CA7A5A36DA}\stubpath = "C:\\Windows\\{A5BAC9A3-FD65-442b-83B0-69CA7A5A36DA}.exe" | C:\Windows\{3B5A615D-D3C0-4e3e-8D52-CBF71DCE1AF9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6AACC7A4-AE4D-4cb1-A476-A7ECDB7790EA} | C:\Windows\{D82807A2-D1FA-4700-B5A6-8137FD08D78D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{203CB95E-55E7-403e-86DE-B31D77DA65B9}\stubpath = "C:\\Windows\\{203CB95E-55E7-403e-86DE-B31D77DA65B9}.exe" | C:\Windows\{6AACC7A4-AE4D-4cb1-A476-A7ECDB7790EA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{40816058-FC3B-4b2b-9998-C3C35FF02714} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_7301feddda6b25fa3a7b33330cbcf8a5_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C85AB625-E491-462d-8270-736D06A74AED}\stubpath = "C:\\Windows\\{C85AB625-E491-462d-8270-736D06A74AED}.exe" | C:\Windows\{745A7151-D33A-42d6-8100-84C40E16808C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3A6A4427-3EE7-44ba-8A45-7056AE3814BE}\stubpath = "C:\\Windows\\{3A6A4427-3EE7-44ba-8A45-7056AE3814BE}.exe" | C:\Windows\{B54D74C3-F42C-43b4-A0D4-720E7D846D5B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2C47EC50-6B8F-40ee-B50F-FBD4D0BB6207} | C:\Windows\{1DC37446-A826-46d9-A9D5-7BED0927E3A8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3B5A615D-D3C0-4e3e-8D52-CBF71DCE1AF9}\stubpath = "C:\\Windows\\{3B5A615D-D3C0-4e3e-8D52-CBF71DCE1AF9}.exe" | C:\Windows\{2C47EC50-6B8F-40ee-B50F-FBD4D0BB6207}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D82807A2-D1FA-4700-B5A6-8137FD08D78D} | C:\Windows\{A5BAC9A3-FD65-442b-83B0-69CA7A5A36DA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{745A7151-D33A-42d6-8100-84C40E16808C}\stubpath = "C:\\Windows\\{745A7151-D33A-42d6-8100-84C40E16808C}.exe" | C:\Windows\{40816058-FC3B-4b2b-9998-C3C35FF02714}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1DC37446-A826-46d9-A9D5-7BED0927E3A8} | C:\Windows\{3A6A4427-3EE7-44ba-8A45-7056AE3814BE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1DC37446-A826-46d9-A9D5-7BED0927E3A8}\stubpath = "C:\\Windows\\{1DC37446-A826-46d9-A9D5-7BED0927E3A8}.exe" | C:\Windows\{3A6A4427-3EE7-44ba-8A45-7056AE3814BE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3B5A615D-D3C0-4e3e-8D52-CBF71DCE1AF9} | C:\Windows\{2C47EC50-6B8F-40ee-B50F-FBD4D0BB6207}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D82807A2-D1FA-4700-B5A6-8137FD08D78D}\stubpath = "C:\\Windows\\{D82807A2-D1FA-4700-B5A6-8137FD08D78D}.exe" | C:\Windows\{A5BAC9A3-FD65-442b-83B0-69CA7A5A36DA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6AACC7A4-AE4D-4cb1-A476-A7ECDB7790EA}\stubpath = "C:\\Windows\\{6AACC7A4-AE4D-4cb1-A476-A7ECDB7790EA}.exe" | C:\Windows\{D82807A2-D1FA-4700-B5A6-8137FD08D78D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{203CB95E-55E7-403e-86DE-B31D77DA65B9} | C:\Windows\{6AACC7A4-AE4D-4cb1-A476-A7ECDB7790EA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{40816058-FC3B-4b2b-9998-C3C35FF02714}\stubpath = "C:\\Windows\\{40816058-FC3B-4b2b-9998-C3C35FF02714}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_7301feddda6b25fa3a7b33330cbcf8a5_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{745A7151-D33A-42d6-8100-84C40E16808C} | C:\Windows\{40816058-FC3B-4b2b-9998-C3C35FF02714}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B54D74C3-F42C-43b4-A0D4-720E7D846D5B} | C:\Windows\{C85AB625-E491-462d-8270-736D06A74AED}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B54D74C3-F42C-43b4-A0D4-720E7D846D5B}\stubpath = "C:\\Windows\\{B54D74C3-F42C-43b4-A0D4-720E7D846D5B}.exe" | C:\Windows\{C85AB625-E491-462d-8270-736D06A74AED}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2C47EC50-6B8F-40ee-B50F-FBD4D0BB6207}\stubpath = "C:\\Windows\\{2C47EC50-6B8F-40ee-B50F-FBD4D0BB6207}.exe" | C:\Windows\{1DC37446-A826-46d9-A9D5-7BED0927E3A8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A5BAC9A3-FD65-442b-83B0-69CA7A5A36DA} | C:\Windows\{3B5A615D-D3C0-4e3e-8D52-CBF71DCE1AF9}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{40816058-FC3B-4b2b-9998-C3C35FF02714}.exe | N/A |
| N/A | N/A | C:\Windows\{745A7151-D33A-42d6-8100-84C40E16808C}.exe | N/A |
| N/A | N/A | C:\Windows\{C85AB625-E491-462d-8270-736D06A74AED}.exe | N/A |
| N/A | N/A | C:\Windows\{B54D74C3-F42C-43b4-A0D4-720E7D846D5B}.exe | N/A |
| N/A | N/A | C:\Windows\{3A6A4427-3EE7-44ba-8A45-7056AE3814BE}.exe | N/A |
| N/A | N/A | C:\Windows\{1DC37446-A826-46d9-A9D5-7BED0927E3A8}.exe | N/A |
| N/A | N/A | C:\Windows\{2C47EC50-6B8F-40ee-B50F-FBD4D0BB6207}.exe | N/A |
| N/A | N/A | C:\Windows\{3B5A615D-D3C0-4e3e-8D52-CBF71DCE1AF9}.exe | N/A |
| N/A | N/A | C:\Windows\{A5BAC9A3-FD65-442b-83B0-69CA7A5A36DA}.exe | N/A |
| N/A | N/A | C:\Windows\{D82807A2-D1FA-4700-B5A6-8137FD08D78D}.exe | N/A |
| N/A | N/A | C:\Windows\{6AACC7A4-AE4D-4cb1-A476-A7ECDB7790EA}.exe | N/A |
| N/A | N/A | C:\Windows\{203CB95E-55E7-403e-86DE-B31D77DA65B9}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{D82807A2-D1FA-4700-B5A6-8137FD08D78D}.exe | C:\Windows\{A5BAC9A3-FD65-442b-83B0-69CA7A5A36DA}.exe | N/A |
| File created | C:\Windows\{40816058-FC3B-4b2b-9998-C3C35FF02714}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_7301feddda6b25fa3a7b33330cbcf8a5_goldeneye.exe | N/A |
| File created | C:\Windows\{745A7151-D33A-42d6-8100-84C40E16808C}.exe | C:\Windows\{40816058-FC3B-4b2b-9998-C3C35FF02714}.exe | N/A |
| File created | C:\Windows\{B54D74C3-F42C-43b4-A0D4-720E7D846D5B}.exe | C:\Windows\{C85AB625-E491-462d-8270-736D06A74AED}.exe | N/A |
| File created | C:\Windows\{3A6A4427-3EE7-44ba-8A45-7056AE3814BE}.exe | C:\Windows\{B54D74C3-F42C-43b4-A0D4-720E7D846D5B}.exe | N/A |
| File created | C:\Windows\{1DC37446-A826-46d9-A9D5-7BED0927E3A8}.exe | C:\Windows\{3A6A4427-3EE7-44ba-8A45-7056AE3814BE}.exe | N/A |
| File created | C:\Windows\{3B5A615D-D3C0-4e3e-8D52-CBF71DCE1AF9}.exe | C:\Windows\{2C47EC50-6B8F-40ee-B50F-FBD4D0BB6207}.exe | N/A |
| File created | C:\Windows\{A5BAC9A3-FD65-442b-83B0-69CA7A5A36DA}.exe | C:\Windows\{3B5A615D-D3C0-4e3e-8D52-CBF71DCE1AF9}.exe | N/A |
| File created | C:\Windows\{C85AB625-E491-462d-8270-736D06A74AED}.exe | C:\Windows\{745A7151-D33A-42d6-8100-84C40E16808C}.exe | N/A |
| File created | C:\Windows\{2C47EC50-6B8F-40ee-B50F-FBD4D0BB6207}.exe | C:\Windows\{1DC37446-A826-46d9-A9D5-7BED0927E3A8}.exe | N/A |
| File created | C:\Windows\{6AACC7A4-AE4D-4cb1-A476-A7ECDB7790EA}.exe | C:\Windows\{D82807A2-D1FA-4700-B5A6-8137FD08D78D}.exe | N/A |
| File created | C:\Windows\{203CB95E-55E7-403e-86DE-B31D77DA65B9}.exe | C:\Windows\{6AACC7A4-AE4D-4cb1-A476-A7ECDB7790EA}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_7301feddda6b25fa3a7b33330cbcf8a5_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_7301feddda6b25fa3a7b33330cbcf8a5_goldeneye.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4008,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4140 /prefetch:8
C:\Windows\{40816058-FC3B-4b2b-9998-C3C35FF02714}.exe
C:\Windows\{40816058-FC3B-4b2b-9998-C3C35FF02714}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{745A7151-D33A-42d6-8100-84C40E16808C}.exe
C:\Windows\{745A7151-D33A-42d6-8100-84C40E16808C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{40816~1.EXE > nul
C:\Windows\{C85AB625-E491-462d-8270-736D06A74AED}.exe
C:\Windows\{C85AB625-E491-462d-8270-736D06A74AED}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{745A7~1.EXE > nul
C:\Windows\{B54D74C3-F42C-43b4-A0D4-720E7D846D5B}.exe
C:\Windows\{B54D74C3-F42C-43b4-A0D4-720E7D846D5B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C85AB~1.EXE > nul
C:\Windows\{3A6A4427-3EE7-44ba-8A45-7056AE3814BE}.exe
C:\Windows\{3A6A4427-3EE7-44ba-8A45-7056AE3814BE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B54D7~1.EXE > nul
C:\Windows\{1DC37446-A826-46d9-A9D5-7BED0927E3A8}.exe
C:\Windows\{1DC37446-A826-46d9-A9D5-7BED0927E3A8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3A6A4~1.EXE > nul
C:\Windows\{2C47EC50-6B8F-40ee-B50F-FBD4D0BB6207}.exe
C:\Windows\{2C47EC50-6B8F-40ee-B50F-FBD4D0BB6207}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1DC37~1.EXE > nul
C:\Windows\{3B5A615D-D3C0-4e3e-8D52-CBF71DCE1AF9}.exe
C:\Windows\{3B5A615D-D3C0-4e3e-8D52-CBF71DCE1AF9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2C47E~1.EXE > nul
C:\Windows\{A5BAC9A3-FD65-442b-83B0-69CA7A5A36DA}.exe
C:\Windows\{A5BAC9A3-FD65-442b-83B0-69CA7A5A36DA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3B5A6~1.EXE > nul
C:\Windows\{D82807A2-D1FA-4700-B5A6-8137FD08D78D}.exe
C:\Windows\{D82807A2-D1FA-4700-B5A6-8137FD08D78D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A5BAC~1.EXE > nul
C:\Windows\{6AACC7A4-AE4D-4cb1-A476-A7ECDB7790EA}.exe
C:\Windows\{6AACC7A4-AE4D-4cb1-A476-A7ECDB7790EA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D8280~1.EXE > nul
C:\Windows\{203CB95E-55E7-403e-86DE-B31D77DA65B9}.exe
C:\Windows\{203CB95E-55E7-403e-86DE-B31D77DA65B9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6AACC~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| NL | 52.142.223.178:80 | tcp |
Files
C:\Windows\{40816058-FC3B-4b2b-9998-C3C35FF02714}.exe
| MD5 | 8bab5288e28d67b1c98b12c26d18aaa7 |
| SHA1 | f251f0800f3e5249de34ba817128035e4c4ab8b9 |
| SHA256 | f09a1dff2659c4ba32bb90209718996eddc5058d92e836587939677c48a5953a |
| SHA512 | 228e5923396551da85e6e52ff5f573efb3222b633243cecefe7343c3d98db0e89be0a3d597a48cd85500a137101134eceb926c46dad40ee913a89d49f9f6b55f |
C:\Windows\{745A7151-D33A-42d6-8100-84C40E16808C}.exe
| MD5 | 560f3773250f57a82e78bb3d693d3fee |
| SHA1 | cdb02f767cfbf083000a2e92a6fa4cf91e0efb4d |
| SHA256 | 966666210ed4962cddaa2afba0d0311817040591e85d6ef760a35950bc2cd8f3 |
| SHA512 | 65a8422fc6ea4e742bdaf9a00bcf4eee5b0abb2ea98e83fa1569ea46144df29536d8381359ab88d12ae881f8feab270e2f0a134c48c667be4b948a78466f5506 |
C:\Windows\{C85AB625-E491-462d-8270-736D06A74AED}.exe
| MD5 | b188edbb6479739588ca079ba1fc1906 |
| SHA1 | 794e84f9f49f0beb3a62a66d61c639ed168657c5 |
| SHA256 | 4366eb8132ba93034efe7c0c830510e14338044dafeed1a36ce2c872d7d553e1 |
| SHA512 | 67cb3e1c83160054d4634cd9e25871a63b634c5e15e3b1be6ca1962ba4f458498d410cd31b036fce1b8da96faf9f31e4955f0ee68f506b6ac662fc43931bee2e |
C:\Windows\{B54D74C3-F42C-43b4-A0D4-720E7D846D5B}.exe
| MD5 | c0023af99790eb659bbc943690811a1a |
| SHA1 | c87423a6c86833052a1018a9b54e7f5b862c4ff6 |
| SHA256 | 92dc5ecb773a66f3ae79a15e9458104eb07fe28c1c4c48b8f8f771b2c71d9ae3 |
| SHA512 | 6a92a4943b3ae9edc78e540dd263896256428d99ecc242f74deebdcfa0b5b3ca59b69f2abb55751f049de0a6e472fd0ef4ae5475d0d6f40014d6bb83077d71ca |
C:\Windows\{3A6A4427-3EE7-44ba-8A45-7056AE3814BE}.exe
| MD5 | bb0d7dbf70fcb3eb7c2aab1910544c1b |
| SHA1 | f7f79bdba230bfb424d1b78bb009c381f36c51f6 |
| SHA256 | 82dd2512b9531a82a1667c5527653b3ff9a5bae4ba504321053c65affe2aaa7b |
| SHA512 | b2e97388d8300bd38c1d1dfc7b0db1e4ed8f065831ba2b597e542ab40063dc58a4c7c5e3c7e45a89550d1066d53289473ebf9a1db82eea517ad75f8e73c319d0 |
C:\Windows\{1DC37446-A826-46d9-A9D5-7BED0927E3A8}.exe
| MD5 | 1c225a8e30c24c177a42dbab35099dae |
| SHA1 | f360de89f0134703cb8c73405af13f3090bb54fc |
| SHA256 | 430351d777aeb1a634f2ccf707a2436ca67f4a56d3c4eb2e1422609116a6f8ab |
| SHA512 | cf2ba9abd27977f84e64bf1a98285fd4a107d459c7b304e7601a2c286fe6b9b6f4b5dc7d55061509295e8745f8fb4ee3eef745d531709f96f33d746796af8dbe |
C:\Windows\{2C47EC50-6B8F-40ee-B50F-FBD4D0BB6207}.exe
| MD5 | b7ff04d1ecf7739b4593fe4402d76940 |
| SHA1 | 65bd588410af4558689c5da2d578af2045ff7fa1 |
| SHA256 | 1c3b48cfd02eba2560857467f8d6a69fad18128ddd77f5465f9d5eacd6705787 |
| SHA512 | 5808c73d113705c397e957c1845532b353a57879b98f4ec62dac92f24b9cfb6102877943e0946807b33d88101252e443d4b6d642ea5f8908b8c65c44c46f71cc |
C:\Windows\{3B5A615D-D3C0-4e3e-8D52-CBF71DCE1AF9}.exe
| MD5 | 01fac01c77833bd82e7445f312315e48 |
| SHA1 | d9c44f78728ae715433f26dd1601e1056604f72d |
| SHA256 | 5c2304b380a30c52abd02d435bb1e5c94074fd1f5ab3841d3dd14aca1d1c9901 |
| SHA512 | ccd58cd150913cba37b75919f8739dc3c0b1034149859ebc4126d8383ad19c6c6827228c11db64bd939ecfba89087a976d7209ce2a184b68f583e08ad287eb4a |
C:\Windows\{A5BAC9A3-FD65-442b-83B0-69CA7A5A36DA}.exe
| MD5 | b08ecfb098d70aa9fc7f0715193384e2 |
| SHA1 | b1253f1c7a427629a172b31f06c53a04687bcb24 |
| SHA256 | 7cb446dcedd5b6476f37383596c6d3002ee808b77ac65a267778853936766b61 |
| SHA512 | c1e6816f8ee0c5d27baa1555bf589eee95eec1df51e18ee38faa40a51285ff98dc3d4ad2253fc96b8626b663ded00b3ef41a8639105e7e7f1587473341b3a46f |
C:\Windows\{D82807A2-D1FA-4700-B5A6-8137FD08D78D}.exe
| MD5 | 7ebc1dd71550ffb5ceff19135ea43cc0 |
| SHA1 | 121e975c1ec13ae8bd5ef1e464f1de2a6a48c13a |
| SHA256 | cf46f1c071151757163ca2897ad7db84222b744d8261630e4709ccbf626246ba |
| SHA512 | 612c82f5ef01e72ab5e570ffc41c2394d3815953fba27ec2288c5050a65132d86c4de0b6fa8e03dcbeb6bc139c327c03b16766ad05fa86bfc5be1edf5f32ddf5 |
C:\Windows\{6AACC7A4-AE4D-4cb1-A476-A7ECDB7790EA}.exe
| MD5 | 9bc42c076954695fb15dd6d0503cac2d |
| SHA1 | 06d20b5c9cdbdd700d92cd99328f6286c3e38f5a |
| SHA256 | 1968c6aae22c19b23b0066b5e783bb646eb739c80777b58f859dd752174d3a35 |
| SHA512 | 28e994732161bd9f1b87800d355fe464aed37dd696822ab931e269143f538882ee1a22b50e947b3818aa169fbe85dec4208328fb3708362b990e9b7bd90332b3 |
C:\Windows\{203CB95E-55E7-403e-86DE-B31D77DA65B9}.exe
| MD5 | 295a4d9fea30d8fec0781c449055b887 |
| SHA1 | c8ea3984d8418df944753efc66109ce2488bbbf9 |
| SHA256 | 0a5ee3395a0b588c0c38ec5e341b5f33dd6708625b1eb06c83ca73c3d5364956 |
| SHA512 | 3c4781bebea903b065a0e376ead21464b61e74af428bb46abcee65922f2f796eac62b16cde7228b161884c01c5778205a2bc81ec3d25bacbc7b50b387aa924e3 |