Analysis Overview
SHA256
572fa7e5bc407aa57cc5d75092843b5552b40ef7ce6cac2138d7c9ef69bd62ce
Threat Level: Known bad
The file 2024-06-13_808dd2fd506c4d92529be8ef0b673040_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Executes dropped EXE
Deletes itself
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:55
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:55
Reported
2024-06-13 02:57
Platform
win7-20240221-en
Max time kernel
144s
Max time network
121s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E17C9E3E-3466-43f5-A766-21779C09E6BB}\stubpath = "C:\\Windows\\{E17C9E3E-3466-43f5-A766-21779C09E6BB}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_808dd2fd506c4d92529be8ef0b673040_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7DFB390D-AD6B-459a-8B16-B1C8BB9D8203}\stubpath = "C:\\Windows\\{7DFB390D-AD6B-459a-8B16-B1C8BB9D8203}.exe" | C:\Windows\{7E16E6D2-4914-4ff8-BEC6-752F8792FFA0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D626C78A-83E7-4151-A7F7-F46927379BAA} | C:\Windows\{7DFB390D-AD6B-459a-8B16-B1C8BB9D8203}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5DCA0619-A6B6-4cfe-88E4-919D3CDF50BA} | C:\Windows\{A5FABF7C-1C11-4d8a-930B-088E024C05C7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CA4DC051-A22E-4d62-9599-D6B570F049ED} | C:\Windows\{5DCA0619-A6B6-4cfe-88E4-919D3CDF50BA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6A2673D7-CF52-43e4-9206-A0E4816020D2}\stubpath = "C:\\Windows\\{6A2673D7-CF52-43e4-9206-A0E4816020D2}.exe" | C:\Windows\{CA4DC051-A22E-4d62-9599-D6B570F049ED}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A859487E-8325-454c-8E3D-93E4909EE838}\stubpath = "C:\\Windows\\{A859487E-8325-454c-8E3D-93E4909EE838}.exe" | C:\Windows\{6A2673D7-CF52-43e4-9206-A0E4816020D2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8BE55C28-3045-4ce9-88CF-3E56AD957577} | C:\Windows\{E17C9E3E-3466-43f5-A766-21779C09E6BB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8BE55C28-3045-4ce9-88CF-3E56AD957577}\stubpath = "C:\\Windows\\{8BE55C28-3045-4ce9-88CF-3E56AD957577}.exe" | C:\Windows\{E17C9E3E-3466-43f5-A766-21779C09E6BB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{96FBDB4A-BB6F-4376-8958-F3A0A8309044} | C:\Windows\{8BE55C28-3045-4ce9-88CF-3E56AD957577}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E17C9E3E-3466-43f5-A766-21779C09E6BB} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_808dd2fd506c4d92529be8ef0b673040_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7E16E6D2-4914-4ff8-BEC6-752F8792FFA0}\stubpath = "C:\\Windows\\{7E16E6D2-4914-4ff8-BEC6-752F8792FFA0}.exe" | C:\Windows\{96FBDB4A-BB6F-4376-8958-F3A0A8309044}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A5FABF7C-1C11-4d8a-930B-088E024C05C7} | C:\Windows\{D626C78A-83E7-4151-A7F7-F46927379BAA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A5FABF7C-1C11-4d8a-930B-088E024C05C7}\stubpath = "C:\\Windows\\{A5FABF7C-1C11-4d8a-930B-088E024C05C7}.exe" | C:\Windows\{D626C78A-83E7-4151-A7F7-F46927379BAA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5DCA0619-A6B6-4cfe-88E4-919D3CDF50BA}\stubpath = "C:\\Windows\\{5DCA0619-A6B6-4cfe-88E4-919D3CDF50BA}.exe" | C:\Windows\{A5FABF7C-1C11-4d8a-930B-088E024C05C7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CA4DC051-A22E-4d62-9599-D6B570F049ED}\stubpath = "C:\\Windows\\{CA4DC051-A22E-4d62-9599-D6B570F049ED}.exe" | C:\Windows\{5DCA0619-A6B6-4cfe-88E4-919D3CDF50BA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A859487E-8325-454c-8E3D-93E4909EE838} | C:\Windows\{6A2673D7-CF52-43e4-9206-A0E4816020D2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{96FBDB4A-BB6F-4376-8958-F3A0A8309044}\stubpath = "C:\\Windows\\{96FBDB4A-BB6F-4376-8958-F3A0A8309044}.exe" | C:\Windows\{8BE55C28-3045-4ce9-88CF-3E56AD957577}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7E16E6D2-4914-4ff8-BEC6-752F8792FFA0} | C:\Windows\{96FBDB4A-BB6F-4376-8958-F3A0A8309044}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7DFB390D-AD6B-459a-8B16-B1C8BB9D8203} | C:\Windows\{7E16E6D2-4914-4ff8-BEC6-752F8792FFA0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D626C78A-83E7-4151-A7F7-F46927379BAA}\stubpath = "C:\\Windows\\{D626C78A-83E7-4151-A7F7-F46927379BAA}.exe" | C:\Windows\{7DFB390D-AD6B-459a-8B16-B1C8BB9D8203}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6A2673D7-CF52-43e4-9206-A0E4816020D2} | C:\Windows\{CA4DC051-A22E-4d62-9599-D6B570F049ED}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{E17C9E3E-3466-43f5-A766-21779C09E6BB}.exe | N/A |
| N/A | N/A | C:\Windows\{8BE55C28-3045-4ce9-88CF-3E56AD957577}.exe | N/A |
| N/A | N/A | C:\Windows\{96FBDB4A-BB6F-4376-8958-F3A0A8309044}.exe | N/A |
| N/A | N/A | C:\Windows\{7E16E6D2-4914-4ff8-BEC6-752F8792FFA0}.exe | N/A |
| N/A | N/A | C:\Windows\{7DFB390D-AD6B-459a-8B16-B1C8BB9D8203}.exe | N/A |
| N/A | N/A | C:\Windows\{D626C78A-83E7-4151-A7F7-F46927379BAA}.exe | N/A |
| N/A | N/A | C:\Windows\{A5FABF7C-1C11-4d8a-930B-088E024C05C7}.exe | N/A |
| N/A | N/A | C:\Windows\{5DCA0619-A6B6-4cfe-88E4-919D3CDF50BA}.exe | N/A |
| N/A | N/A | C:\Windows\{CA4DC051-A22E-4d62-9599-D6B570F049ED}.exe | N/A |
| N/A | N/A | C:\Windows\{6A2673D7-CF52-43e4-9206-A0E4816020D2}.exe | N/A |
| N/A | N/A | C:\Windows\{A859487E-8325-454c-8E3D-93E4909EE838}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{8BE55C28-3045-4ce9-88CF-3E56AD957577}.exe | C:\Windows\{E17C9E3E-3466-43f5-A766-21779C09E6BB}.exe | N/A |
| File created | C:\Windows\{7DFB390D-AD6B-459a-8B16-B1C8BB9D8203}.exe | C:\Windows\{7E16E6D2-4914-4ff8-BEC6-752F8792FFA0}.exe | N/A |
| File created | C:\Windows\{A5FABF7C-1C11-4d8a-930B-088E024C05C7}.exe | C:\Windows\{D626C78A-83E7-4151-A7F7-F46927379BAA}.exe | N/A |
| File created | C:\Windows\{CA4DC051-A22E-4d62-9599-D6B570F049ED}.exe | C:\Windows\{5DCA0619-A6B6-4cfe-88E4-919D3CDF50BA}.exe | N/A |
| File created | C:\Windows\{6A2673D7-CF52-43e4-9206-A0E4816020D2}.exe | C:\Windows\{CA4DC051-A22E-4d62-9599-D6B570F049ED}.exe | N/A |
| File created | C:\Windows\{A859487E-8325-454c-8E3D-93E4909EE838}.exe | C:\Windows\{6A2673D7-CF52-43e4-9206-A0E4816020D2}.exe | N/A |
| File created | C:\Windows\{E17C9E3E-3466-43f5-A766-21779C09E6BB}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_808dd2fd506c4d92529be8ef0b673040_goldeneye.exe | N/A |
| File created | C:\Windows\{7E16E6D2-4914-4ff8-BEC6-752F8792FFA0}.exe | C:\Windows\{96FBDB4A-BB6F-4376-8958-F3A0A8309044}.exe | N/A |
| File created | C:\Windows\{D626C78A-83E7-4151-A7F7-F46927379BAA}.exe | C:\Windows\{7DFB390D-AD6B-459a-8B16-B1C8BB9D8203}.exe | N/A |
| File created | C:\Windows\{5DCA0619-A6B6-4cfe-88E4-919D3CDF50BA}.exe | C:\Windows\{A5FABF7C-1C11-4d8a-930B-088E024C05C7}.exe | N/A |
| File created | C:\Windows\{96FBDB4A-BB6F-4376-8958-F3A0A8309044}.exe | C:\Windows\{8BE55C28-3045-4ce9-88CF-3E56AD957577}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_808dd2fd506c4d92529be8ef0b673040_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_808dd2fd506c4d92529be8ef0b673040_goldeneye.exe"
C:\Windows\{E17C9E3E-3466-43f5-A766-21779C09E6BB}.exe
C:\Windows\{E17C9E3E-3466-43f5-A766-21779C09E6BB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{8BE55C28-3045-4ce9-88CF-3E56AD957577}.exe
C:\Windows\{8BE55C28-3045-4ce9-88CF-3E56AD957577}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E17C9~1.EXE > nul
C:\Windows\{96FBDB4A-BB6F-4376-8958-F3A0A8309044}.exe
C:\Windows\{96FBDB4A-BB6F-4376-8958-F3A0A8309044}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8BE55~1.EXE > nul
C:\Windows\{7E16E6D2-4914-4ff8-BEC6-752F8792FFA0}.exe
C:\Windows\{7E16E6D2-4914-4ff8-BEC6-752F8792FFA0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{96FBD~1.EXE > nul
C:\Windows\{7DFB390D-AD6B-459a-8B16-B1C8BB9D8203}.exe
C:\Windows\{7DFB390D-AD6B-459a-8B16-B1C8BB9D8203}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7E16E~1.EXE > nul
C:\Windows\{D626C78A-83E7-4151-A7F7-F46927379BAA}.exe
C:\Windows\{D626C78A-83E7-4151-A7F7-F46927379BAA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7DFB3~1.EXE > nul
C:\Windows\{A5FABF7C-1C11-4d8a-930B-088E024C05C7}.exe
C:\Windows\{A5FABF7C-1C11-4d8a-930B-088E024C05C7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D626C~1.EXE > nul
C:\Windows\{5DCA0619-A6B6-4cfe-88E4-919D3CDF50BA}.exe
C:\Windows\{5DCA0619-A6B6-4cfe-88E4-919D3CDF50BA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A5FAB~1.EXE > nul
C:\Windows\{CA4DC051-A22E-4d62-9599-D6B570F049ED}.exe
C:\Windows\{CA4DC051-A22E-4d62-9599-D6B570F049ED}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5DCA0~1.EXE > nul
C:\Windows\{6A2673D7-CF52-43e4-9206-A0E4816020D2}.exe
C:\Windows\{6A2673D7-CF52-43e4-9206-A0E4816020D2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CA4DC~1.EXE > nul
C:\Windows\{A859487E-8325-454c-8E3D-93E4909EE838}.exe
C:\Windows\{A859487E-8325-454c-8E3D-93E4909EE838}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6A267~1.EXE > nul
Network
Files
C:\Windows\{E17C9E3E-3466-43f5-A766-21779C09E6BB}.exe
| MD5 | 6df5ee1f39fc95475fa99ac9ab20d8e1 |
| SHA1 | 0b6d285047a57279a62339a48f371f5caab846f0 |
| SHA256 | c504c8118632e1c318b14ff163a25d2c18fc67b851bc84530a166c624ff1c977 |
| SHA512 | 8294759a20c2585ef4baf4d94fd68402e97bdd75c2ea910a7d1100d9225b9d72522446883b873be74de5828ef46ae659566a3c393a1b0cf97d6f8e7b8b93c6ee |
C:\Windows\{8BE55C28-3045-4ce9-88CF-3E56AD957577}.exe
| MD5 | 6dc09cdcc1fa03cb3e0f6f254eb912d0 |
| SHA1 | f58d9e6df97b18801fb392a4ed5be5fb505b9d2d |
| SHA256 | b5f6399ef9b28e31eab8b65889c1dda74a38d6869aca4b2540b589747aeda8e7 |
| SHA512 | a1973841d6d46655bc06cbe00d3270d48048dd12581164393a7ae66e826584c4cd681177f0eeb7f5d68db5300c76f8978ff4c9d7ac42ce4b9edbd96d99c50380 |
C:\Windows\{96FBDB4A-BB6F-4376-8958-F3A0A8309044}.exe
| MD5 | cedd8fedfdfb9223d4d025e4c1fc7348 |
| SHA1 | 8e87fafe5728c26fb920522760ff3ae011a18a02 |
| SHA256 | 7e16afd2e326d12b1203de5b7e4119ec09e47bd2434022f5a542c61e9daa0386 |
| SHA512 | 67b42c8bcb4318762fb43dcc427c9350866267836a3a3ee5037c779113d6c00df073bf33439094158dc5da7a809238ebaebdf31c1ef4fbf52dd934b7a42ad815 |
C:\Windows\{7E16E6D2-4914-4ff8-BEC6-752F8792FFA0}.exe
| MD5 | 6115c3580dbd03d74c8fc9f463163a79 |
| SHA1 | 69fbf3eb591ab7ae9ab4b13b2bec69ab60b859c1 |
| SHA256 | 7a71fc736efb3b6b02a4ba4f5763b08732d669b3b695d7e4f4996581be6009dc |
| SHA512 | 9ce28142af4f32e9748fe748cbe28e9d9de9adda001604140b7e10804d34d11fc6959fe64636c5c58cdc6ed3c278e3095557ed90ca29e210bb622b451de53b4a |
C:\Windows\{7DFB390D-AD6B-459a-8B16-B1C8BB9D8203}.exe
| MD5 | 7f16f2a0e573d4459b713b57af5f7b44 |
| SHA1 | df7ee56151ba777cc104e7f33b166c9d1a75155c |
| SHA256 | 7c2367a5393587117a004e53987bd66b4f203a7006230bfc8a791269a22e5af1 |
| SHA512 | c9ef1af09a47e01be2773bb841726b40b923833500c35bf2a5bd5fe801e0c690da975a8a4ceb6184580652bac11a6670ad41bad28e5ab27cd045f6638c7d035b |
C:\Windows\{D626C78A-83E7-4151-A7F7-F46927379BAA}.exe
| MD5 | 3ef9c932a68298aab1cbe01299a1a4fd |
| SHA1 | ad6d195bcaf691b202cb0e49cdc179fe84de6033 |
| SHA256 | 0e9ebf3b9822bca1ce2632b19db33b4fd413d80445c661d27dba6daca2c30c03 |
| SHA512 | ad70bc8152b16492d08663bef11d286362156e1400147018f62b917b58957f216427db21b46f360fa98b4b9dccb0b2944c0564b1bbf6856a79654306e6127fae |
C:\Windows\{A5FABF7C-1C11-4d8a-930B-088E024C05C7}.exe
| MD5 | 1fe66a40bb5b7c04dd8436006fa699ef |
| SHA1 | 96ed928c25e0768abb4bd95980ca80fcfd1e69e1 |
| SHA256 | 0b4c24d2cd1689bad939a3dd5c682b35ee365e3ec369e43e21f30ff83b6b0134 |
| SHA512 | 5cc9a89b1f7ced1864af417229c87f766e714bcfe11069f75f5d6ef630d63fc7e167a51be1059722050ce1c1534c3bf249cf424517f2e8ea1b3b4329f093b2f1 |
C:\Windows\{5DCA0619-A6B6-4cfe-88E4-919D3CDF50BA}.exe
| MD5 | 363e2e407bf57dd59447e1ae33b3a836 |
| SHA1 | deaa3cfdefe08d73f38a936c1b55637507eed925 |
| SHA256 | 2c703ef60f94637b846ae8921aafb9208de07c91c8302fc6f7c57ec6a387e491 |
| SHA512 | df496568b31eb4ff0084eaac0684bfaa8eba604c2fb2d6ea280a63adf47f09637d3db4f3dddcf467646437ea2313369f55206763fa4be7f6b742e5e460a27bac |
C:\Windows\{CA4DC051-A22E-4d62-9599-D6B570F049ED}.exe
| MD5 | 39bcb74b065e99595b1d32fd84e851df |
| SHA1 | f1cfceeb949fc8e3ac04a0afb69c06b2d2158840 |
| SHA256 | 866d4fee8040b07440bad146a45e82547c2a563ec6f60306403a4f11d217c8c9 |
| SHA512 | 77eccc3d75b0abf81c8f814639c5e69d930d2ca632c9fae49c902ea1231ee02a182822b8f22bfe0a76ba4270de4257ed9ca25b1b13f9902d6b7ce94f11a58f9b |
C:\Windows\{6A2673D7-CF52-43e4-9206-A0E4816020D2}.exe
| MD5 | fe8e93d5d20f985fb5f16f80a49c243e |
| SHA1 | 5b8916d73e308173a0f6c1684a824874fca731de |
| SHA256 | ba4cd8bc6f56701ce8c144d68a062e28bd3f643806b9c6b15f7fc4799741e3db |
| SHA512 | 929d391b491d43fbb0ffd3816196daeebc53ff7259edfda2ba1f606f20caae588ac030ed2318c53447ea9f1cabbbb4dda14a9cae07c175416fb02f8263dc2ad6 |
C:\Windows\{A859487E-8325-454c-8E3D-93E4909EE838}.exe
| MD5 | 829c4e10ed1f24a033b7ba866f02e509 |
| SHA1 | 742376d092681d37c59bab4155fafc5f8ee2a4b5 |
| SHA256 | 20e9e34efd98d524041b19e72b064085942c621110f20ebedc16eb428fe1dc33 |
| SHA512 | d0fdf0c00e40aa21703af6d8d4f445b95c02a0137f5514b83caa51f25e99ad0555a9f04f5ab79221ed52f97e7893457dbc8b777a1845c77d08388c0b47ebbec5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 02:55
Reported
2024-06-13 02:57
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
154s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8D1FCD4D-ECC6-4487-80EF-55C5573675FE} | C:\Windows\{B4AE891E-3A43-4164-811A-D03F47D183E5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5837A597-461B-4a8f-A9D8-49D44A9311B2}\stubpath = "C:\\Windows\\{5837A597-461B-4a8f-A9D8-49D44A9311B2}.exe" | C:\Windows\{9EBAF336-78EC-42c8-8F6E-5B48DDDE8D12}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E63EAD84-7173-4299-AB65-6C900D8DCB73}\stubpath = "C:\\Windows\\{E63EAD84-7173-4299-AB65-6C900D8DCB73}.exe" | C:\Windows\{5837A597-461B-4a8f-A9D8-49D44A9311B2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B851E686-75BC-4092-BC1A-2433BB1F0176} | C:\Windows\{1B476960-3C08-450b-B0C3-5552F3692FE5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B27C587A-1F18-4f2a-92B5-37E0C89FA49B} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_808dd2fd506c4d92529be8ef0b673040_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B27C587A-1F18-4f2a-92B5-37E0C89FA49B}\stubpath = "C:\\Windows\\{B27C587A-1F18-4f2a-92B5-37E0C89FA49B}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_808dd2fd506c4d92529be8ef0b673040_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B4AE891E-3A43-4164-811A-D03F47D183E5}\stubpath = "C:\\Windows\\{B4AE891E-3A43-4164-811A-D03F47D183E5}.exe" | C:\Windows\{60436E5B-62E8-4d58-A140-EEBCBFBB1AE6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{81D11098-9169-482f-BF38-52CEF81E2947} | C:\Windows\{8D1FCD4D-ECC6-4487-80EF-55C5573675FE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{81D11098-9169-482f-BF38-52CEF81E2947}\stubpath = "C:\\Windows\\{81D11098-9169-482f-BF38-52CEF81E2947}.exe" | C:\Windows\{8D1FCD4D-ECC6-4487-80EF-55C5573675FE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9EBAF336-78EC-42c8-8F6E-5B48DDDE8D12}\stubpath = "C:\\Windows\\{9EBAF336-78EC-42c8-8F6E-5B48DDDE8D12}.exe" | C:\Windows\{81D11098-9169-482f-BF38-52CEF81E2947}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5DD5C137-36C1-41ac-B9FE-18A316C3608B} | C:\Windows\{45CC51EF-594A-4e1c-8E9C-4DFDDF776D52}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B4AE891E-3A43-4164-811A-D03F47D183E5} | C:\Windows\{60436E5B-62E8-4d58-A140-EEBCBFBB1AE6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E63EAD84-7173-4299-AB65-6C900D8DCB73} | C:\Windows\{5837A597-461B-4a8f-A9D8-49D44A9311B2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1B476960-3C08-450b-B0C3-5552F3692FE5} | C:\Windows\{E63EAD84-7173-4299-AB65-6C900D8DCB73}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B851E686-75BC-4092-BC1A-2433BB1F0176}\stubpath = "C:\\Windows\\{B851E686-75BC-4092-BC1A-2433BB1F0176}.exe" | C:\Windows\{1B476960-3C08-450b-B0C3-5552F3692FE5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{45CC51EF-594A-4e1c-8E9C-4DFDDF776D52} | C:\Windows\{B27C587A-1F18-4f2a-92B5-37E0C89FA49B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{45CC51EF-594A-4e1c-8E9C-4DFDDF776D52}\stubpath = "C:\\Windows\\{45CC51EF-594A-4e1c-8E9C-4DFDDF776D52}.exe" | C:\Windows\{B27C587A-1F18-4f2a-92B5-37E0C89FA49B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5DD5C137-36C1-41ac-B9FE-18A316C3608B}\stubpath = "C:\\Windows\\{5DD5C137-36C1-41ac-B9FE-18A316C3608B}.exe" | C:\Windows\{45CC51EF-594A-4e1c-8E9C-4DFDDF776D52}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{60436E5B-62E8-4d58-A140-EEBCBFBB1AE6} | C:\Windows\{5DD5C137-36C1-41ac-B9FE-18A316C3608B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{60436E5B-62E8-4d58-A140-EEBCBFBB1AE6}\stubpath = "C:\\Windows\\{60436E5B-62E8-4d58-A140-EEBCBFBB1AE6}.exe" | C:\Windows\{5DD5C137-36C1-41ac-B9FE-18A316C3608B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8D1FCD4D-ECC6-4487-80EF-55C5573675FE}\stubpath = "C:\\Windows\\{8D1FCD4D-ECC6-4487-80EF-55C5573675FE}.exe" | C:\Windows\{B4AE891E-3A43-4164-811A-D03F47D183E5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9EBAF336-78EC-42c8-8F6E-5B48DDDE8D12} | C:\Windows\{81D11098-9169-482f-BF38-52CEF81E2947}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5837A597-461B-4a8f-A9D8-49D44A9311B2} | C:\Windows\{9EBAF336-78EC-42c8-8F6E-5B48DDDE8D12}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1B476960-3C08-450b-B0C3-5552F3692FE5}\stubpath = "C:\\Windows\\{1B476960-3C08-450b-B0C3-5552F3692FE5}.exe" | C:\Windows\{E63EAD84-7173-4299-AB65-6C900D8DCB73}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{B27C587A-1F18-4f2a-92B5-37E0C89FA49B}.exe | N/A |
| N/A | N/A | C:\Windows\{45CC51EF-594A-4e1c-8E9C-4DFDDF776D52}.exe | N/A |
| N/A | N/A | C:\Windows\{5DD5C137-36C1-41ac-B9FE-18A316C3608B}.exe | N/A |
| N/A | N/A | C:\Windows\{60436E5B-62E8-4d58-A140-EEBCBFBB1AE6}.exe | N/A |
| N/A | N/A | C:\Windows\{B4AE891E-3A43-4164-811A-D03F47D183E5}.exe | N/A |
| N/A | N/A | C:\Windows\{8D1FCD4D-ECC6-4487-80EF-55C5573675FE}.exe | N/A |
| N/A | N/A | C:\Windows\{81D11098-9169-482f-BF38-52CEF81E2947}.exe | N/A |
| N/A | N/A | C:\Windows\{9EBAF336-78EC-42c8-8F6E-5B48DDDE8D12}.exe | N/A |
| N/A | N/A | C:\Windows\{5837A597-461B-4a8f-A9D8-49D44A9311B2}.exe | N/A |
| N/A | N/A | C:\Windows\{E63EAD84-7173-4299-AB65-6C900D8DCB73}.exe | N/A |
| N/A | N/A | C:\Windows\{1B476960-3C08-450b-B0C3-5552F3692FE5}.exe | N/A |
| N/A | N/A | C:\Windows\{B851E686-75BC-4092-BC1A-2433BB1F0176}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{5837A597-461B-4a8f-A9D8-49D44A9311B2}.exe | C:\Windows\{9EBAF336-78EC-42c8-8F6E-5B48DDDE8D12}.exe | N/A |
| File created | C:\Windows\{B27C587A-1F18-4f2a-92B5-37E0C89FA49B}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_808dd2fd506c4d92529be8ef0b673040_goldeneye.exe | N/A |
| File created | C:\Windows\{45CC51EF-594A-4e1c-8E9C-4DFDDF776D52}.exe | C:\Windows\{B27C587A-1F18-4f2a-92B5-37E0C89FA49B}.exe | N/A |
| File created | C:\Windows\{5DD5C137-36C1-41ac-B9FE-18A316C3608B}.exe | C:\Windows\{45CC51EF-594A-4e1c-8E9C-4DFDDF776D52}.exe | N/A |
| File created | C:\Windows\{60436E5B-62E8-4d58-A140-EEBCBFBB1AE6}.exe | C:\Windows\{5DD5C137-36C1-41ac-B9FE-18A316C3608B}.exe | N/A |
| File created | C:\Windows\{8D1FCD4D-ECC6-4487-80EF-55C5573675FE}.exe | C:\Windows\{B4AE891E-3A43-4164-811A-D03F47D183E5}.exe | N/A |
| File created | C:\Windows\{81D11098-9169-482f-BF38-52CEF81E2947}.exe | C:\Windows\{8D1FCD4D-ECC6-4487-80EF-55C5573675FE}.exe | N/A |
| File created | C:\Windows\{9EBAF336-78EC-42c8-8F6E-5B48DDDE8D12}.exe | C:\Windows\{81D11098-9169-482f-BF38-52CEF81E2947}.exe | N/A |
| File created | C:\Windows\{B851E686-75BC-4092-BC1A-2433BB1F0176}.exe | C:\Windows\{1B476960-3C08-450b-B0C3-5552F3692FE5}.exe | N/A |
| File created | C:\Windows\{B4AE891E-3A43-4164-811A-D03F47D183E5}.exe | C:\Windows\{60436E5B-62E8-4d58-A140-EEBCBFBB1AE6}.exe | N/A |
| File created | C:\Windows\{E63EAD84-7173-4299-AB65-6C900D8DCB73}.exe | C:\Windows\{5837A597-461B-4a8f-A9D8-49D44A9311B2}.exe | N/A |
| File created | C:\Windows\{1B476960-3C08-450b-B0C3-5552F3692FE5}.exe | C:\Windows\{E63EAD84-7173-4299-AB65-6C900D8DCB73}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_808dd2fd506c4d92529be8ef0b673040_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_808dd2fd506c4d92529be8ef0b673040_goldeneye.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4272,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=3772 /prefetch:8
C:\Windows\{B27C587A-1F18-4f2a-92B5-37E0C89FA49B}.exe
C:\Windows\{B27C587A-1F18-4f2a-92B5-37E0C89FA49B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{45CC51EF-594A-4e1c-8E9C-4DFDDF776D52}.exe
C:\Windows\{45CC51EF-594A-4e1c-8E9C-4DFDDF776D52}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B27C5~1.EXE > nul
C:\Windows\{5DD5C137-36C1-41ac-B9FE-18A316C3608B}.exe
C:\Windows\{5DD5C137-36C1-41ac-B9FE-18A316C3608B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{45CC5~1.EXE > nul
C:\Windows\{60436E5B-62E8-4d58-A140-EEBCBFBB1AE6}.exe
C:\Windows\{60436E5B-62E8-4d58-A140-EEBCBFBB1AE6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5DD5C~1.EXE > nul
C:\Windows\{B4AE891E-3A43-4164-811A-D03F47D183E5}.exe
C:\Windows\{B4AE891E-3A43-4164-811A-D03F47D183E5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{60436~1.EXE > nul
C:\Windows\{8D1FCD4D-ECC6-4487-80EF-55C5573675FE}.exe
C:\Windows\{8D1FCD4D-ECC6-4487-80EF-55C5573675FE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B4AE8~1.EXE > nul
C:\Windows\{81D11098-9169-482f-BF38-52CEF81E2947}.exe
C:\Windows\{81D11098-9169-482f-BF38-52CEF81E2947}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8D1FC~1.EXE > nul
C:\Windows\{9EBAF336-78EC-42c8-8F6E-5B48DDDE8D12}.exe
C:\Windows\{9EBAF336-78EC-42c8-8F6E-5B48DDDE8D12}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{81D11~1.EXE > nul
C:\Windows\{5837A597-461B-4a8f-A9D8-49D44A9311B2}.exe
C:\Windows\{5837A597-461B-4a8f-A9D8-49D44A9311B2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9EBAF~1.EXE > nul
C:\Windows\{E63EAD84-7173-4299-AB65-6C900D8DCB73}.exe
C:\Windows\{E63EAD84-7173-4299-AB65-6C900D8DCB73}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5837A~1.EXE > nul
C:\Windows\{1B476960-3C08-450b-B0C3-5552F3692FE5}.exe
C:\Windows\{1B476960-3C08-450b-B0C3-5552F3692FE5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E63EA~1.EXE > nul
C:\Windows\{B851E686-75BC-4092-BC1A-2433BB1F0176}.exe
C:\Windows\{B851E686-75BC-4092-BC1A-2433BB1F0176}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1B476~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
C:\Windows\{B27C587A-1F18-4f2a-92B5-37E0C89FA49B}.exe
| MD5 | 8d2f52f913abeab6c755be40f125a396 |
| SHA1 | e27e83c5f427fd226aa6d93f7173ac533e2f7852 |
| SHA256 | 0ff46febdccf66e8da26a47ee734835512b144227b776214f06c49f3da06b2de |
| SHA512 | 3270394c6722fcab40674c5090556d97108fe26bac915e13bb891c1a72b4426318970e3380d3dd9a7cd1e70dc0f50f108fea5b2871cd51c1e719bbb59a1e8f20 |
C:\Windows\{45CC51EF-594A-4e1c-8E9C-4DFDDF776D52}.exe
| MD5 | 59ef2810097875e233b0ead9b40d23cb |
| SHA1 | 166503cec8a4e77cdf7ac0729389243f6eae4afb |
| SHA256 | 7c47687f0f97147f63905518c78d6708fcb4463e95c44fe0566f5a42bb0a1992 |
| SHA512 | 4ad9a95e53282df49885263f57ae8dff21ba07e4e888fbb7f95368fbb3579d344f8a19b0e67779ff515afd91079ab5be82f20af0cfabc522ae287ab814c09e86 |
C:\Windows\{5DD5C137-36C1-41ac-B9FE-18A316C3608B}.exe
| MD5 | 166b5eaae9d5b3756cd28ed9d9b3161e |
| SHA1 | 13e502dab36c34ac18a20374aee82cb205db7aa7 |
| SHA256 | 300734407bc65bb23b8c6adfebf2006661fc462b0b3af2e748e3911b7a35c313 |
| SHA512 | 43d78a4e7a97b5d3029de4b2d02241edbafb391761273b87bfb1b8fb0527be8908adf50e0548808081f2191c18d6bab376a9ecbf5aa777147c6e8c8c21144ecf |
C:\Windows\{60436E5B-62E8-4d58-A140-EEBCBFBB1AE6}.exe
| MD5 | ae4ba5c8ce27e086ca6a7a8f65776171 |
| SHA1 | cb6d8a28fbca3a0c3b8d2502a2edbaf501f3506a |
| SHA256 | 946c0bb531d095be4bf7f30fb98c1fb8ca7611e0cc5aec011f4055a5e53db76a |
| SHA512 | 10c9f81fe0c388430063b840b9024240e30fe08c2871382bd9ed86cad6ce893b2ab73695851151cd985fc592dcdad8a4f4908262ba625f79f9c136d155e797ad |
C:\Windows\{B4AE891E-3A43-4164-811A-D03F47D183E5}.exe
| MD5 | ccde5ac447ac759ec753fc9edb3ca7a8 |
| SHA1 | 89e06dcd329dc797b82defc2086073915f66f624 |
| SHA256 | dddefa08c82b94f2b5fef36183fff270cac12e6648e6b25f48f1416fa07a3649 |
| SHA512 | b8458f4462d8c7e2e28c18b9823c43b58a311c59222c5d2c286eee9141932ce47e60a792a0ca4dbef6070deb2bcaad4eb1d3fdef8ea8eb76fab080f864708808 |
C:\Windows\{8D1FCD4D-ECC6-4487-80EF-55C5573675FE}.exe
| MD5 | de046aed84640e0dc35ff53bb273665f |
| SHA1 | e7fc0e5f270db3461040bc7b46c1f3763ea25e6f |
| SHA256 | 56a82456cc39f240b3dda2173328190e289b464325483d5d7c9f44188a430ea3 |
| SHA512 | eeb310dffb88037e92793bd9dd5314e4d09e4c29c90c9d0f9fefae960d1b42a971d13fc9ca116491719034aeec4a001953975e11d9e3336f26e2de3a5b14e2e5 |
C:\Windows\{81D11098-9169-482f-BF38-52CEF81E2947}.exe
| MD5 | a81a71b2f0d83401f9e8b7e590d077fd |
| SHA1 | e0d72060eb651e02901e5d428bd8f8644961a510 |
| SHA256 | 2a46a6e2c4b3032f7baf56c665a08dbb73de0834f5eedc3b2240d352c09165cc |
| SHA512 | 2242d365e9262fe2c3a4324db39b1dddad95c3b62d35e3957e0a61d25589bfb561fe3d947e968d77ae659daef54d4148c3438333848b7a2d21e02b9c9c9a62e9 |
C:\Windows\{9EBAF336-78EC-42c8-8F6E-5B48DDDE8D12}.exe
| MD5 | cf16d470f24707bdb25b7015564dced8 |
| SHA1 | aabbb4333d2c2a05a1b90ef272511be90b41e807 |
| SHA256 | a4923e55e323ed771a26136404378d85e823b42004d9d66b53d611b5b4803f36 |
| SHA512 | aa6b1ae44ad64620719674beda4418fd4fd9dbfd5a3759888aaf0cbb631aa4d476763a572a07275a802506b2c026976341fd890d01d6fe601e0c18a7f6bb2011 |
C:\Windows\{5837A597-461B-4a8f-A9D8-49D44A9311B2}.exe
| MD5 | 3924b39d3adc7612033ffcd312c3d1e2 |
| SHA1 | 045551653c42c327cfd03f0c26979e13e2bf6cdf |
| SHA256 | ef17338a4ab70d428f5fe17be422b123490833f7742f1d1a1ec12fea6a4456d1 |
| SHA512 | 5da9a8807197660678590d8ccb9ffcaf51646c4ae416117e69694e80d5e12d15a67542f9e8aa1812c1a9b7e5b479a3402c5e6c111f80025e8dd37b3a1c539fe6 |
C:\Windows\{E63EAD84-7173-4299-AB65-6C900D8DCB73}.exe
| MD5 | 7c4be8786c00c05681b0925e7b208d77 |
| SHA1 | b365df9469965472abd06ae6e04fa6e3316e9d4a |
| SHA256 | 31b1f829e8c982d9cd79f4422c925807967a8d9c93602aeffd381b06e0603b15 |
| SHA512 | 872a2e3f5c147925391a8baabc508c5bce81bf413e2143f6471441420c959f9c2008f5ff7c1eadd80b484099f7c07981893603258ddd70bdd45717dd52249c83 |
C:\Windows\{1B476960-3C08-450b-B0C3-5552F3692FE5}.exe
| MD5 | dbf7461fd5839cedb9405c47c9f30e46 |
| SHA1 | 32b5da2f00b239e1e386e18918bfea787a7286af |
| SHA256 | 4c2ead10aa02b2be3cce00f2de29558c761fb3148bfac2d0728ce49d681e343d |
| SHA512 | 5c6b55d2e035aa1d22e677374ca608f509c83bfe2063a3500ea412c1f48d47ecc767c64b3256e61fa5d3d3b404dba3e6b749db10016021d59cff6193733a20d7 |
C:\Windows\{B851E686-75BC-4092-BC1A-2433BB1F0176}.exe
| MD5 | 0a7060902691fd20bee43ad7a3e519c0 |
| SHA1 | cb90eb0d935cebfd85380cbba717c4e1a71feb06 |
| SHA256 | 24c81bfaf6eec2a2dc80a05ab870508b7a193d40ba80a1075d441e1fc3f6876a |
| SHA512 | b211439b1b3ac8c8ed99cbf7ab1e950bc2a58aa91c7a42b047bbc16daed6a270b121d635bcda0f23e1f867c4120d55792420ee8e569464ab6ea1c5a67d775aeb |