Analysis Overview
SHA256
f9738adc7c4192099c2b6f71d1e418f0454a91e495b4e191a429d0b6e33db30b
Threat Level: Known bad
The file 2024-06-13_a931f967e8db0c3bd0a224afcf3aab42_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:58
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:58
Reported
2024-06-13 03:01
Platform
win7-20240221-en
Max time kernel
144s
Max time network
119s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5091EA96-9C29-4ab7-A07E-788B362C5C74} | C:\Windows\{FF434AC5-0A8E-45fd-95DB-1428121D2480}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5601C328-91DB-43d9-A6FB-9ABB01B2EA69} | C:\Windows\{F158C67F-D1D1-492b-A124-8E92C7574E33}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2F5EFFFB-479B-442c-8C85-374463A60BB6} | C:\Windows\{5601C328-91DB-43d9-A6FB-9ABB01B2EA69}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{27C4BFA1-4FF8-4b9b-8B1C-B21D87A07D60}\stubpath = "C:\\Windows\\{27C4BFA1-4FF8-4b9b-8B1C-B21D87A07D60}.exe" | C:\Windows\{8E9F8066-FB6F-48b2-BE38-C9107BF57126}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8E9F8066-FB6F-48b2-BE38-C9107BF57126} | C:\Windows\{BD3CE87D-1845-4d52-878D-643AF679DE28}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8E9F8066-FB6F-48b2-BE38-C9107BF57126}\stubpath = "C:\\Windows\\{8E9F8066-FB6F-48b2-BE38-C9107BF57126}.exe" | C:\Windows\{BD3CE87D-1845-4d52-878D-643AF679DE28}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C1547E39-D772-47e4-9DE8-9E06C2ADD787} | C:\Windows\{35DB900F-D0B3-485b-8FAA-57F53E615043}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C1547E39-D772-47e4-9DE8-9E06C2ADD787}\stubpath = "C:\\Windows\\{C1547E39-D772-47e4-9DE8-9E06C2ADD787}.exe" | C:\Windows\{35DB900F-D0B3-485b-8FAA-57F53E615043}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EDEC2EED-C2B2-40fa-BA63-C06FABB358CD} | C:\Windows\{C1547E39-D772-47e4-9DE8-9E06C2ADD787}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F158C67F-D1D1-492b-A124-8E92C7574E33} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_a931f967e8db0c3bd0a224afcf3aab42_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F158C67F-D1D1-492b-A124-8E92C7574E33}\stubpath = "C:\\Windows\\{F158C67F-D1D1-492b-A124-8E92C7574E33}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_a931f967e8db0c3bd0a224afcf3aab42_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BD3CE87D-1845-4d52-878D-643AF679DE28} | C:\Windows\{2F5EFFFB-479B-442c-8C85-374463A60BB6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5601C328-91DB-43d9-A6FB-9ABB01B2EA69}\stubpath = "C:\\Windows\\{5601C328-91DB-43d9-A6FB-9ABB01B2EA69}.exe" | C:\Windows\{F158C67F-D1D1-492b-A124-8E92C7574E33}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{27C4BFA1-4FF8-4b9b-8B1C-B21D87A07D60} | C:\Windows\{8E9F8066-FB6F-48b2-BE38-C9107BF57126}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EDEC2EED-C2B2-40fa-BA63-C06FABB358CD}\stubpath = "C:\\Windows\\{EDEC2EED-C2B2-40fa-BA63-C06FABB358CD}.exe" | C:\Windows\{C1547E39-D772-47e4-9DE8-9E06C2ADD787}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FF434AC5-0A8E-45fd-95DB-1428121D2480}\stubpath = "C:\\Windows\\{FF434AC5-0A8E-45fd-95DB-1428121D2480}.exe" | C:\Windows\{27C4BFA1-4FF8-4b9b-8B1C-B21D87A07D60}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5091EA96-9C29-4ab7-A07E-788B362C5C74}\stubpath = "C:\\Windows\\{5091EA96-9C29-4ab7-A07E-788B362C5C74}.exe" | C:\Windows\{FF434AC5-0A8E-45fd-95DB-1428121D2480}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{35DB900F-D0B3-485b-8FAA-57F53E615043} | C:\Windows\{5091EA96-9C29-4ab7-A07E-788B362C5C74}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{35DB900F-D0B3-485b-8FAA-57F53E615043}\stubpath = "C:\\Windows\\{35DB900F-D0B3-485b-8FAA-57F53E615043}.exe" | C:\Windows\{5091EA96-9C29-4ab7-A07E-788B362C5C74}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2F5EFFFB-479B-442c-8C85-374463A60BB6}\stubpath = "C:\\Windows\\{2F5EFFFB-479B-442c-8C85-374463A60BB6}.exe" | C:\Windows\{5601C328-91DB-43d9-A6FB-9ABB01B2EA69}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BD3CE87D-1845-4d52-878D-643AF679DE28}\stubpath = "C:\\Windows\\{BD3CE87D-1845-4d52-878D-643AF679DE28}.exe" | C:\Windows\{2F5EFFFB-479B-442c-8C85-374463A60BB6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FF434AC5-0A8E-45fd-95DB-1428121D2480} | C:\Windows\{27C4BFA1-4FF8-4b9b-8B1C-B21D87A07D60}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{F158C67F-D1D1-492b-A124-8E92C7574E33}.exe | N/A |
| N/A | N/A | C:\Windows\{5601C328-91DB-43d9-A6FB-9ABB01B2EA69}.exe | N/A |
| N/A | N/A | C:\Windows\{2F5EFFFB-479B-442c-8C85-374463A60BB6}.exe | N/A |
| N/A | N/A | C:\Windows\{BD3CE87D-1845-4d52-878D-643AF679DE28}.exe | N/A |
| N/A | N/A | C:\Windows\{8E9F8066-FB6F-48b2-BE38-C9107BF57126}.exe | N/A |
| N/A | N/A | C:\Windows\{27C4BFA1-4FF8-4b9b-8B1C-B21D87A07D60}.exe | N/A |
| N/A | N/A | C:\Windows\{FF434AC5-0A8E-45fd-95DB-1428121D2480}.exe | N/A |
| N/A | N/A | C:\Windows\{5091EA96-9C29-4ab7-A07E-788B362C5C74}.exe | N/A |
| N/A | N/A | C:\Windows\{35DB900F-D0B3-485b-8FAA-57F53E615043}.exe | N/A |
| N/A | N/A | C:\Windows\{C1547E39-D772-47e4-9DE8-9E06C2ADD787}.exe | N/A |
| N/A | N/A | C:\Windows\{EDEC2EED-C2B2-40fa-BA63-C06FABB358CD}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{BD3CE87D-1845-4d52-878D-643AF679DE28}.exe | C:\Windows\{2F5EFFFB-479B-442c-8C85-374463A60BB6}.exe | N/A |
| File created | C:\Windows\{27C4BFA1-4FF8-4b9b-8B1C-B21D87A07D60}.exe | C:\Windows\{8E9F8066-FB6F-48b2-BE38-C9107BF57126}.exe | N/A |
| File created | C:\Windows\{FF434AC5-0A8E-45fd-95DB-1428121D2480}.exe | C:\Windows\{27C4BFA1-4FF8-4b9b-8B1C-B21D87A07D60}.exe | N/A |
| File created | C:\Windows\{C1547E39-D772-47e4-9DE8-9E06C2ADD787}.exe | C:\Windows\{35DB900F-D0B3-485b-8FAA-57F53E615043}.exe | N/A |
| File created | C:\Windows\{2F5EFFFB-479B-442c-8C85-374463A60BB6}.exe | C:\Windows\{5601C328-91DB-43d9-A6FB-9ABB01B2EA69}.exe | N/A |
| File created | C:\Windows\{5601C328-91DB-43d9-A6FB-9ABB01B2EA69}.exe | C:\Windows\{F158C67F-D1D1-492b-A124-8E92C7574E33}.exe | N/A |
| File created | C:\Windows\{8E9F8066-FB6F-48b2-BE38-C9107BF57126}.exe | C:\Windows\{BD3CE87D-1845-4d52-878D-643AF679DE28}.exe | N/A |
| File created | C:\Windows\{5091EA96-9C29-4ab7-A07E-788B362C5C74}.exe | C:\Windows\{FF434AC5-0A8E-45fd-95DB-1428121D2480}.exe | N/A |
| File created | C:\Windows\{35DB900F-D0B3-485b-8FAA-57F53E615043}.exe | C:\Windows\{5091EA96-9C29-4ab7-A07E-788B362C5C74}.exe | N/A |
| File created | C:\Windows\{EDEC2EED-C2B2-40fa-BA63-C06FABB358CD}.exe | C:\Windows\{C1547E39-D772-47e4-9DE8-9E06C2ADD787}.exe | N/A |
| File created | C:\Windows\{F158C67F-D1D1-492b-A124-8E92C7574E33}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_a931f967e8db0c3bd0a224afcf3aab42_goldeneye.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_a931f967e8db0c3bd0a224afcf3aab42_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_a931f967e8db0c3bd0a224afcf3aab42_goldeneye.exe"
C:\Windows\{F158C67F-D1D1-492b-A124-8E92C7574E33}.exe
C:\Windows\{F158C67F-D1D1-492b-A124-8E92C7574E33}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{5601C328-91DB-43d9-A6FB-9ABB01B2EA69}.exe
C:\Windows\{5601C328-91DB-43d9-A6FB-9ABB01B2EA69}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F158C~1.EXE > nul
C:\Windows\{2F5EFFFB-479B-442c-8C85-374463A60BB6}.exe
C:\Windows\{2F5EFFFB-479B-442c-8C85-374463A60BB6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5601C~1.EXE > nul
C:\Windows\{BD3CE87D-1845-4d52-878D-643AF679DE28}.exe
C:\Windows\{BD3CE87D-1845-4d52-878D-643AF679DE28}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2F5EF~1.EXE > nul
C:\Windows\{8E9F8066-FB6F-48b2-BE38-C9107BF57126}.exe
C:\Windows\{8E9F8066-FB6F-48b2-BE38-C9107BF57126}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BD3CE~1.EXE > nul
C:\Windows\{27C4BFA1-4FF8-4b9b-8B1C-B21D87A07D60}.exe
C:\Windows\{27C4BFA1-4FF8-4b9b-8B1C-B21D87A07D60}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8E9F8~1.EXE > nul
C:\Windows\{FF434AC5-0A8E-45fd-95DB-1428121D2480}.exe
C:\Windows\{FF434AC5-0A8E-45fd-95DB-1428121D2480}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{27C4B~1.EXE > nul
C:\Windows\{5091EA96-9C29-4ab7-A07E-788B362C5C74}.exe
C:\Windows\{5091EA96-9C29-4ab7-A07E-788B362C5C74}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FF434~1.EXE > nul
C:\Windows\{35DB900F-D0B3-485b-8FAA-57F53E615043}.exe
C:\Windows\{35DB900F-D0B3-485b-8FAA-57F53E615043}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5091E~1.EXE > nul
C:\Windows\{C1547E39-D772-47e4-9DE8-9E06C2ADD787}.exe
C:\Windows\{C1547E39-D772-47e4-9DE8-9E06C2ADD787}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{35DB9~1.EXE > nul
C:\Windows\{EDEC2EED-C2B2-40fa-BA63-C06FABB358CD}.exe
C:\Windows\{EDEC2EED-C2B2-40fa-BA63-C06FABB358CD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C1547~1.EXE > nul
Network
Files
C:\Windows\{F158C67F-D1D1-492b-A124-8E92C7574E33}.exe
| MD5 | fe716d60c2a8510159fbc495a028cbc1 |
| SHA1 | e49afb01c760f188537bf12df5316acac7388867 |
| SHA256 | a193a19a12a46444810603f02685277dd37ed0b920850723b2ef2d9083bc70d8 |
| SHA512 | 6d2448bf004154958db0ea07ddeac1153e6ff0130a09f0a427abb6a2eaac1c952e4043b6dc183c4ca444cb9cdf4e7d213f386612500e82f837eeb96fdd755dc5 |
C:\Windows\{5601C328-91DB-43d9-A6FB-9ABB01B2EA69}.exe
| MD5 | 2f6971789c3ed18309912068dae80fc6 |
| SHA1 | 44e2615e342fee5a166c363645fc177f217ea259 |
| SHA256 | d8d28326f07c04fec4df3f9deca2931fbe1d2f06e4449b236a20059de3e3a490 |
| SHA512 | 6851fe2da543e8f9b18f14480a38ce95c08dc071c7dda50e903136641e1a144e8d1ef18b4621468968ce4892c6eb04d01abc1c12b9a1a8457e82f47a30410855 |
C:\Windows\{2F5EFFFB-479B-442c-8C85-374463A60BB6}.exe
| MD5 | dbce29277c7a60e45c1f149ac9d084d4 |
| SHA1 | b8d992d368d2cf992138fdc82173ebdefc9fb49c |
| SHA256 | 7c97fca961bc7e20cef35fbeaa5ee371ff31ed8afc4f460d8b9891bde920fa7b |
| SHA512 | 1bc0b208dee7c78c5453d119351dac6e30bcfcd3d5b3db56447a5326c438b75f9476c1aed0fff1168f40687f5654dbf9e18c05d2fe935232ec54ff40fcff46e3 |
C:\Windows\{BD3CE87D-1845-4d52-878D-643AF679DE28}.exe
| MD5 | d1bff12f16b6cceba731036c59ada6d6 |
| SHA1 | bc6e39e1b936d6fa6abe9d3e94b54f2c203cd454 |
| SHA256 | b0e3c4f7ec7d4992a8eb4fc0b2be6ad20055ec2bc6b49146b626be519e6ffc05 |
| SHA512 | 0a765f91ceb3b6ec2016c2de41ee3134a2e0049e6f60cb0b8a1a5e07d663925ece8001f3d29f296a82816b2b056e449d9e31f214d1390baf1c27b5eea5fc45ca |
C:\Windows\{8E9F8066-FB6F-48b2-BE38-C9107BF57126}.exe
| MD5 | 0abb693df35d7b640b6e357c1b6eba1a |
| SHA1 | 871482ef68fa618b592856d538473d0112832690 |
| SHA256 | 6dbdb922c863d84d7090c52931c5b158cdde51d55ad8497b8cc85e15640767ee |
| SHA512 | 6f6f2c040b5a7d0106956d3ca3ef603a0e54de3ce922bf567f2f02b3167ccd9e961e202e3bb0d6fe69de70397d7d20e92e65d37c0f092730a8eb0a7c16265dbd |
C:\Windows\{27C4BFA1-4FF8-4b9b-8B1C-B21D87A07D60}.exe
| MD5 | 8a389ae803c8476915ff5ff0f80b24c6 |
| SHA1 | b5539e4d8b5ccb10ef0c7ebebee9df7fe4f5854e |
| SHA256 | 35c185a6d8b368d844bc3f8a7e979c2da7448f6b5f7474d56200ec2d6b975797 |
| SHA512 | 371ee0612acf8fe9ac9f3d3159633c53915e47cd6182f802ce189ed6bf95a9ea27ffe715ea16e925a26958aaeb798f76e3dd1b57485436342f0ff1e4eca16a41 |
C:\Windows\{FF434AC5-0A8E-45fd-95DB-1428121D2480}.exe
| MD5 | f4d858234fcf0bd800aa58177e5ca277 |
| SHA1 | 407bdbfcf5a6ef7c8016901357032891e25fa390 |
| SHA256 | c424eb2db923a1e478a89c336c7804613aa72b14074343838659bc5d32b62787 |
| SHA512 | 1de1da714c462708a70a3681db44ce64740af4198993436481dbb01b9d593622de95a38cdb329b59f741ac1276eb8998c984802c4629fe619ddb0bb38e563e26 |
C:\Windows\{5091EA96-9C29-4ab7-A07E-788B362C5C74}.exe
| MD5 | 2eb3e4cef2a65f6c90252fe26277ab1b |
| SHA1 | 5c0e5c210e28a859f4005f6e2ba9f13a1da83bf5 |
| SHA256 | 2d93e459e60d4f68c685525600d67ed39429653ced28363d3089574c232f81fa |
| SHA512 | 067e6c20898afdb86c86476bf297cde6224fd6897f1b9aeaa1d891e6e93769234d402d17066bf24fbbcbee6ecbd92f4497d0db308d9e02f41806fe829fb51100 |
C:\Windows\{35DB900F-D0B3-485b-8FAA-57F53E615043}.exe
| MD5 | 3b9376c0c2fb11f63ca7041f1296cf52 |
| SHA1 | 872e758cc4aa18943c531cfe6f48b8e885e7b10d |
| SHA256 | 8f70f8db49f461a160f3967e87e736d62c8d8f391eabb6a2ade2ebc88c268eaf |
| SHA512 | 289e73d11ef4a2d670a824a1d2403203d6072e4550fb352c33f49606fa85f4862ff6e8e0d3145054943dc93dbb18004b44ab21823f5f557239725645fdbce3f5 |
C:\Windows\{C1547E39-D772-47e4-9DE8-9E06C2ADD787}.exe
| MD5 | 30a5663821118c9eac2e684648b7502c |
| SHA1 | 976054537a701f55eebbdfd25e54fa88e0f101b5 |
| SHA256 | 5bbfe1fb8512d2c1054b93c30683e1278bb02aa214e9959ff19eee73a191b4f0 |
| SHA512 | e4b01341d146eb73f9235b1870e213254a8426554fd4fe701dc95f62639443f69f4f78c7021968657d62a22b51ff9a320341aacf0216a7983fa733739fc99ce1 |
C:\Windows\{EDEC2EED-C2B2-40fa-BA63-C06FABB358CD}.exe
| MD5 | 5381f894dde7aeab47caf8e42b0478ad |
| SHA1 | 49d2d2ee20b5759d8702241cdc8ff73ee07cb5e1 |
| SHA256 | 23dccae6c627212372d63983e16af7d80804c46bf6d0ce9b9d7caa8ddce89ad7 |
| SHA512 | 7b6549e6016190ad3bfdd9903134bcd89b8d307fc3bc685559c04b3ce5ec519e5da0f939fc3e7afaf3beb478bad39438e017d9d2792d5716ea55fb6eb32fd0ba |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 02:58
Reported
2024-06-13 03:01
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DC8F3EF0-A276-4bf6-86DF-1C26A03EB559}\stubpath = "C:\\Windows\\{DC8F3EF0-A276-4bf6-86DF-1C26A03EB559}.exe" | C:\Windows\{58C45481-53BE-435e-A8AC-32E437CDA743}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{74C260AE-9474-4ab5-84BD-3D63AD17CC20} | C:\Windows\{DC8F3EF0-A276-4bf6-86DF-1C26A03EB559}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AC4E7948-DFBC-48be-BC90-DEBF5DE2CEE3}\stubpath = "C:\\Windows\\{AC4E7948-DFBC-48be-BC90-DEBF5DE2CEE3}.exe" | C:\Windows\{74C260AE-9474-4ab5-84BD-3D63AD17CC20}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{00FA62CC-2E3D-4d50-8E6A-CF1D890AD93A} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_a931f967e8db0c3bd0a224afcf3aab42_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C73C53D9-5EE9-4506-B17C-11AEEEF41477}\stubpath = "C:\\Windows\\{C73C53D9-5EE9-4506-B17C-11AEEEF41477}.exe" | C:\Windows\{B12C335B-DFD3-4043-9E7A-74C1AB1C6070}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{93F7ABA6-D49D-446b-8BAD-2E24BF50CCD2}\stubpath = "C:\\Windows\\{93F7ABA6-D49D-446b-8BAD-2E24BF50CCD2}.exe" | C:\Windows\{8D10975F-6623-4288-81BA-BD3BC45D50D3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{006E2F90-B989-4291-A49C-E1EBF58CEFCC} | C:\Windows\{93F7ABA6-D49D-446b-8BAD-2E24BF50CCD2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{006E2F90-B989-4291-A49C-E1EBF58CEFCC}\stubpath = "C:\\Windows\\{006E2F90-B989-4291-A49C-E1EBF58CEFCC}.exe" | C:\Windows\{93F7ABA6-D49D-446b-8BAD-2E24BF50CCD2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7F87608F-8F99-4189-B750-F6F4444D77CC} | C:\Windows\{198CDCAF-F434-4575-B716-B7AB834BD0A1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{198CDCAF-F434-4575-B716-B7AB834BD0A1} | C:\Windows\{AC4E7948-DFBC-48be-BC90-DEBF5DE2CEE3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{00FA62CC-2E3D-4d50-8E6A-CF1D890AD93A}\stubpath = "C:\\Windows\\{00FA62CC-2E3D-4d50-8E6A-CF1D890AD93A}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_a931f967e8db0c3bd0a224afcf3aab42_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B12C335B-DFD3-4043-9E7A-74C1AB1C6070}\stubpath = "C:\\Windows\\{B12C335B-DFD3-4043-9E7A-74C1AB1C6070}.exe" | C:\Windows\{00FA62CC-2E3D-4d50-8E6A-CF1D890AD93A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8D10975F-6623-4288-81BA-BD3BC45D50D3} | C:\Windows\{C73C53D9-5EE9-4506-B17C-11AEEEF41477}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8D10975F-6623-4288-81BA-BD3BC45D50D3}\stubpath = "C:\\Windows\\{8D10975F-6623-4288-81BA-BD3BC45D50D3}.exe" | C:\Windows\{C73C53D9-5EE9-4506-B17C-11AEEEF41477}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AC4E7948-DFBC-48be-BC90-DEBF5DE2CEE3} | C:\Windows\{74C260AE-9474-4ab5-84BD-3D63AD17CC20}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C73C53D9-5EE9-4506-B17C-11AEEEF41477} | C:\Windows\{B12C335B-DFD3-4043-9E7A-74C1AB1C6070}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{58C45481-53BE-435e-A8AC-32E437CDA743} | C:\Windows\{006E2F90-B989-4291-A49C-E1EBF58CEFCC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{58C45481-53BE-435e-A8AC-32E437CDA743}\stubpath = "C:\\Windows\\{58C45481-53BE-435e-A8AC-32E437CDA743}.exe" | C:\Windows\{006E2F90-B989-4291-A49C-E1EBF58CEFCC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{198CDCAF-F434-4575-B716-B7AB834BD0A1}\stubpath = "C:\\Windows\\{198CDCAF-F434-4575-B716-B7AB834BD0A1}.exe" | C:\Windows\{AC4E7948-DFBC-48be-BC90-DEBF5DE2CEE3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B12C335B-DFD3-4043-9E7A-74C1AB1C6070} | C:\Windows\{00FA62CC-2E3D-4d50-8E6A-CF1D890AD93A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{93F7ABA6-D49D-446b-8BAD-2E24BF50CCD2} | C:\Windows\{8D10975F-6623-4288-81BA-BD3BC45D50D3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DC8F3EF0-A276-4bf6-86DF-1C26A03EB559} | C:\Windows\{58C45481-53BE-435e-A8AC-32E437CDA743}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{74C260AE-9474-4ab5-84BD-3D63AD17CC20}\stubpath = "C:\\Windows\\{74C260AE-9474-4ab5-84BD-3D63AD17CC20}.exe" | C:\Windows\{DC8F3EF0-A276-4bf6-86DF-1C26A03EB559}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7F87608F-8F99-4189-B750-F6F4444D77CC}\stubpath = "C:\\Windows\\{7F87608F-8F99-4189-B750-F6F4444D77CC}.exe" | C:\Windows\{198CDCAF-F434-4575-B716-B7AB834BD0A1}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{00FA62CC-2E3D-4d50-8E6A-CF1D890AD93A}.exe | N/A |
| N/A | N/A | C:\Windows\{B12C335B-DFD3-4043-9E7A-74C1AB1C6070}.exe | N/A |
| N/A | N/A | C:\Windows\{C73C53D9-5EE9-4506-B17C-11AEEEF41477}.exe | N/A |
| N/A | N/A | C:\Windows\{8D10975F-6623-4288-81BA-BD3BC45D50D3}.exe | N/A |
| N/A | N/A | C:\Windows\{93F7ABA6-D49D-446b-8BAD-2E24BF50CCD2}.exe | N/A |
| N/A | N/A | C:\Windows\{006E2F90-B989-4291-A49C-E1EBF58CEFCC}.exe | N/A |
| N/A | N/A | C:\Windows\{58C45481-53BE-435e-A8AC-32E437CDA743}.exe | N/A |
| N/A | N/A | C:\Windows\{DC8F3EF0-A276-4bf6-86DF-1C26A03EB559}.exe | N/A |
| N/A | N/A | C:\Windows\{74C260AE-9474-4ab5-84BD-3D63AD17CC20}.exe | N/A |
| N/A | N/A | C:\Windows\{AC4E7948-DFBC-48be-BC90-DEBF5DE2CEE3}.exe | N/A |
| N/A | N/A | C:\Windows\{198CDCAF-F434-4575-B716-B7AB834BD0A1}.exe | N/A |
| N/A | N/A | C:\Windows\{7F87608F-8F99-4189-B750-F6F4444D77CC}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{7F87608F-8F99-4189-B750-F6F4444D77CC}.exe | C:\Windows\{198CDCAF-F434-4575-B716-B7AB834BD0A1}.exe | N/A |
| File created | C:\Windows\{C73C53D9-5EE9-4506-B17C-11AEEEF41477}.exe | C:\Windows\{B12C335B-DFD3-4043-9E7A-74C1AB1C6070}.exe | N/A |
| File created | C:\Windows\{93F7ABA6-D49D-446b-8BAD-2E24BF50CCD2}.exe | C:\Windows\{8D10975F-6623-4288-81BA-BD3BC45D50D3}.exe | N/A |
| File created | C:\Windows\{006E2F90-B989-4291-A49C-E1EBF58CEFCC}.exe | C:\Windows\{93F7ABA6-D49D-446b-8BAD-2E24BF50CCD2}.exe | N/A |
| File created | C:\Windows\{58C45481-53BE-435e-A8AC-32E437CDA743}.exe | C:\Windows\{006E2F90-B989-4291-A49C-E1EBF58CEFCC}.exe | N/A |
| File created | C:\Windows\{DC8F3EF0-A276-4bf6-86DF-1C26A03EB559}.exe | C:\Windows\{58C45481-53BE-435e-A8AC-32E437CDA743}.exe | N/A |
| File created | C:\Windows\{74C260AE-9474-4ab5-84BD-3D63AD17CC20}.exe | C:\Windows\{DC8F3EF0-A276-4bf6-86DF-1C26A03EB559}.exe | N/A |
| File created | C:\Windows\{00FA62CC-2E3D-4d50-8E6A-CF1D890AD93A}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_a931f967e8db0c3bd0a224afcf3aab42_goldeneye.exe | N/A |
| File created | C:\Windows\{B12C335B-DFD3-4043-9E7A-74C1AB1C6070}.exe | C:\Windows\{00FA62CC-2E3D-4d50-8E6A-CF1D890AD93A}.exe | N/A |
| File created | C:\Windows\{8D10975F-6623-4288-81BA-BD3BC45D50D3}.exe | C:\Windows\{C73C53D9-5EE9-4506-B17C-11AEEEF41477}.exe | N/A |
| File created | C:\Windows\{AC4E7948-DFBC-48be-BC90-DEBF5DE2CEE3}.exe | C:\Windows\{74C260AE-9474-4ab5-84BD-3D63AD17CC20}.exe | N/A |
| File created | C:\Windows\{198CDCAF-F434-4575-B716-B7AB834BD0A1}.exe | C:\Windows\{AC4E7948-DFBC-48be-BC90-DEBF5DE2CEE3}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_a931f967e8db0c3bd0a224afcf3aab42_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_a931f967e8db0c3bd0a224afcf3aab42_goldeneye.exe"
C:\Windows\{00FA62CC-2E3D-4d50-8E6A-CF1D890AD93A}.exe
C:\Windows\{00FA62CC-2E3D-4d50-8E6A-CF1D890AD93A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{B12C335B-DFD3-4043-9E7A-74C1AB1C6070}.exe
C:\Windows\{B12C335B-DFD3-4043-9E7A-74C1AB1C6070}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{00FA6~1.EXE > nul
C:\Windows\{C73C53D9-5EE9-4506-B17C-11AEEEF41477}.exe
C:\Windows\{C73C53D9-5EE9-4506-B17C-11AEEEF41477}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B12C3~1.EXE > nul
C:\Windows\{8D10975F-6623-4288-81BA-BD3BC45D50D3}.exe
C:\Windows\{8D10975F-6623-4288-81BA-BD3BC45D50D3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C73C5~1.EXE > nul
C:\Windows\{93F7ABA6-D49D-446b-8BAD-2E24BF50CCD2}.exe
C:\Windows\{93F7ABA6-D49D-446b-8BAD-2E24BF50CCD2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8D109~1.EXE > nul
C:\Windows\{006E2F90-B989-4291-A49C-E1EBF58CEFCC}.exe
C:\Windows\{006E2F90-B989-4291-A49C-E1EBF58CEFCC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{93F7A~1.EXE > nul
C:\Windows\{58C45481-53BE-435e-A8AC-32E437CDA743}.exe
C:\Windows\{58C45481-53BE-435e-A8AC-32E437CDA743}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{006E2~1.EXE > nul
C:\Windows\{DC8F3EF0-A276-4bf6-86DF-1C26A03EB559}.exe
C:\Windows\{DC8F3EF0-A276-4bf6-86DF-1C26A03EB559}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{58C45~1.EXE > nul
C:\Windows\{74C260AE-9474-4ab5-84BD-3D63AD17CC20}.exe
C:\Windows\{74C260AE-9474-4ab5-84BD-3D63AD17CC20}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{DC8F3~1.EXE > nul
C:\Windows\{AC4E7948-DFBC-48be-BC90-DEBF5DE2CEE3}.exe
C:\Windows\{AC4E7948-DFBC-48be-BC90-DEBF5DE2CEE3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{74C26~1.EXE > nul
C:\Windows\{198CDCAF-F434-4575-B716-B7AB834BD0A1}.exe
C:\Windows\{198CDCAF-F434-4575-B716-B7AB834BD0A1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{AC4E7~1.EXE > nul
C:\Windows\{7F87608F-8F99-4189-B750-F6F4444D77CC}.exe
C:\Windows\{7F87608F-8F99-4189-B750-F6F4444D77CC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{198CD~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.193.132.51.in-addr.arpa | udp |
Files
C:\Windows\{00FA62CC-2E3D-4d50-8E6A-CF1D890AD93A}.exe
| MD5 | 190690cac14a45c9e847d114af8a517d |
| SHA1 | 663088586b000b25c50d3d74b2a5bac8bb2fae49 |
| SHA256 | 1f843a32b35eb0011cf017088bb3b52112725282bf98f58c92debfded7469425 |
| SHA512 | 2b6636b4b15906ab87e04b814e97dfea84fc383f6f24f66af81b81118ee454ff1fcb4a7717f4e80ac49f30487b41d56fe13db3c69c2b4c3e8616ee58c78091f2 |
C:\Windows\{B12C335B-DFD3-4043-9E7A-74C1AB1C6070}.exe
| MD5 | 3191d81882b0ee7038307ab0f0eb8db4 |
| SHA1 | f762880be2d61afeaf08f5bf951279dea3a3b52b |
| SHA256 | 7cd48e7e5b27b0102851d607da4d53bede4b21aa38d02742534db5b4652bfaff |
| SHA512 | 8fb18ee01f16a520080f94490830d4fc9c6ad7bff0d596c5669ca730b9b906f6a309f237889fd9d7e892fb4f3a5ab6fa355dc1535e51e8433b4bb256945902de |
C:\Windows\{C73C53D9-5EE9-4506-B17C-11AEEEF41477}.exe
| MD5 | e66e2ff1ab5df66c33dd1cefd54b3b6c |
| SHA1 | f077d1301caa24b5dce5a96d528be37504d53453 |
| SHA256 | 42feaa2743e0259b8706781fe0834e7c63fc0daa2b15be348a74eee83e4a100a |
| SHA512 | 960d2d95dcaaf15bab395a2073caffbc95e5fafcff13a3b02623799e4d3b69337368521449c0cdc1c6446ceb1080f78420f2309ed2927b7be09a29d548a17613 |
C:\Windows\{8D10975F-6623-4288-81BA-BD3BC45D50D3}.exe
| MD5 | c77ac7f4feb5be4482f7a809e36e10b3 |
| SHA1 | 0bae0e6f0735705b657a9aafa96e9f5fe8df6052 |
| SHA256 | 43b98fb47f5646c4ccefa76e6cad2ba83d07c2e446e1dbd92f7ba21299082499 |
| SHA512 | c311520ef09f5123263dc744ebaa64e389c44738fc7dbe533a496678c7752d2f2dac6d183fddeb75d4d7ccd317e3e94ebca9908f904f48288e56de5404ff540f |
C:\Windows\{93F7ABA6-D49D-446b-8BAD-2E24BF50CCD2}.exe
| MD5 | 59dacbb4a3f84281387fd78f702b495c |
| SHA1 | 5599acba349bc5945fbe6a6fa15b88be85895858 |
| SHA256 | 251db9317b9f314f452e07ceeee03a9a622adb0644d524ebe54222bff3dabd5b |
| SHA512 | 450a5b05e92f82c13aed8a4ea1f55ab16d46ba7d3b03e85f00360c4fe868bbd25b2e32da7e4a1a513a0d767931a68bbeba629e6724abdfb268cefb3cb6a69381 |
C:\Windows\{006E2F90-B989-4291-A49C-E1EBF58CEFCC}.exe
| MD5 | d50b7852f79d5fb43e57224d0e785e25 |
| SHA1 | d903eb1a6b7a8627cdda67b0b5b54c34ab901a6b |
| SHA256 | 16ab46d9d56cc981aa8061880610e6f602234886a4bcd8b598a7c19f3021f022 |
| SHA512 | 4e4103ee40b5d5209bcadd5bb5628522a11ee0a96e6271d8757330f95230ecf251c0762f62bf2ee24e6711e8c92709bf4652bd243b05b3091eb79fb8109515f0 |
C:\Windows\{58C45481-53BE-435e-A8AC-32E437CDA743}.exe
| MD5 | 3c563723d97c9389c873f51c833a6a0d |
| SHA1 | 21958907127a2f0afdc221c87ccd9d6889a8ee8b |
| SHA256 | a75e103be75837bcc95689aa973ad23bb3c853812590bb9ef6ec7b9cf2a33130 |
| SHA512 | a9af720e606724b0aae43aa050dc9766d236be4276051aabbb9aab55cefc36bf126303a9d46c07286c99b78a82aab59a7387fda8acaca537f32d6eed2110d459 |
C:\Windows\{DC8F3EF0-A276-4bf6-86DF-1C26A03EB559}.exe
| MD5 | 52e6668c154dbf89b7fb0adc04984a8a |
| SHA1 | a07d84e45673e8c95ee9a9651025a359beae3b90 |
| SHA256 | 821a8fa0acb44a973728b57a06e74bc1bd2574de5d398bd070292e799d45b847 |
| SHA512 | 55fb836b44f56c683c4ecf07ea15597e83cc5107cd3a1845553089adf2bff1f780fcf2d3fcdc1f821ab3a2405d785ab5fb5e79d572d810e2af6f532f0b915944 |
C:\Windows\{74C260AE-9474-4ab5-84BD-3D63AD17CC20}.exe
| MD5 | deb07259251b7cd2e478afa276d15558 |
| SHA1 | 9df403463c2282a0b03c5d86fc1cee93ff350d29 |
| SHA256 | c355e8d916719b2603dd612636819da8984c942696a1355f16d7115728abb828 |
| SHA512 | d56626c6d48c726e55457d193df5089e61b998687d5b17a625f85e79a287c8f4d65f157b931403ccd5775fa2a8f22c99ffb7a155fde24ddb919ba2e2fbf06f58 |
C:\Windows\{AC4E7948-DFBC-48be-BC90-DEBF5DE2CEE3}.exe
| MD5 | 38dc0bf3933c255d3f6e481524c9f881 |
| SHA1 | 8388176c6dfd1b8c389e3f3d086af24dbf8efb5f |
| SHA256 | 7a6e9bb454d104422b48f2cbd989892767ec4e056e71943bbef63c1cefac4f90 |
| SHA512 | 952a804c2aaff2123f17d8537951f983ecd538d49e8a59e0f062a827710459fa4fd21d36949e4c85f115f28c2242a0e22100228d20108b444bad397d0a0e70de |
C:\Windows\{198CDCAF-F434-4575-B716-B7AB834BD0A1}.exe
| MD5 | 61c179c0acad5362a9e62348b7e510e3 |
| SHA1 | c0c32a468b977cd41f1457e334e2adf5f3e85547 |
| SHA256 | 2f0693927b3eafc10364fe2877ab2a69f89ef925ac1bf9034be88ad9c951cb88 |
| SHA512 | 0c2a42859ba7bc462895d1247bdd0e34a971c4e7d00797ad98049309c2b4490545b3426741f4cf1c046fef6d6a0ec90f16d807ae12bd78881605646749361515 |
C:\Windows\{7F87608F-8F99-4189-B750-F6F4444D77CC}.exe
| MD5 | 15676094836b3b8399c262ad3526d64a |
| SHA1 | ce17dce317b63171a7a0d3667728cb6bf4260082 |
| SHA256 | ff197c16c13fe8cae6dcd7203ea5e273703467108e35bd544be1ff46edf89e62 |
| SHA512 | 26f521270b5597959d8e9ce9273f019038302f03d6c9dab56cae17abf5c877e73bf204d5fa3d0668eba20653637a59fb4f09a18abd592ab4bbaefa3a7ff7fe41 |