Analysis Overview
SHA256
f35621aab2fc20118dba8044a6df93130dbb06f5c0591795ba38b924c53c09df
Threat Level: Known bad
The file 2024-06-13_fbeea84d00bb9479e71007bdc5820210_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 03:01
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 03:01
Reported
2024-06-13 03:03
Platform
win7-20231129-en
Max time kernel
144s
Max time network
123s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{00BAE471-F6AF-426a-8828-7471583F7076}\stubpath = "C:\\Windows\\{00BAE471-F6AF-426a-8828-7471583F7076}.exe" | C:\Windows\{2BDE5D93-2118-4c6d-B025-87E0F06CDDCD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{261451B0-2F63-4148-A56E-9689F90D836C}\stubpath = "C:\\Windows\\{261451B0-2F63-4148-A56E-9689F90D836C}.exe" | C:\Windows\{C3E5EAEF-93EB-45ad-A804-234B7E289129}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2BDE5D93-2118-4c6d-B025-87E0F06CDDCD} | C:\Windows\{ED5CC736-ABB0-4e32-8B39-145E6F3300F7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2BDE5D93-2118-4c6d-B025-87E0F06CDDCD}\stubpath = "C:\\Windows\\{2BDE5D93-2118-4c6d-B025-87E0F06CDDCD}.exe" | C:\Windows\{ED5CC736-ABB0-4e32-8B39-145E6F3300F7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F0595E5D-B1B3-498c-B437-7D53AC51D169}\stubpath = "C:\\Windows\\{F0595E5D-B1B3-498c-B437-7D53AC51D169}.exe" | C:\Windows\{95EA840D-B222-46c0-BE01-6A92442C5FB1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{ED5CC736-ABB0-4e32-8B39-145E6F3300F7}\stubpath = "C:\\Windows\\{ED5CC736-ABB0-4e32-8B39-145E6F3300F7}.exe" | C:\Windows\{76854266-3DA0-4ad3-B186-E5DF1A068574}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BFB420ED-BAF6-4cf0-802C-DB114CC000A3} | C:\Windows\{6C20941D-DA46-449f-BC27-2B1B7A3E1FFB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D789ECF2-37B0-4d65-996C-D4BE903A494C}\stubpath = "C:\\Windows\\{D789ECF2-37B0-4d65-996C-D4BE903A494C}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_fbeea84d00bb9479e71007bdc5820210_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C3E5EAEF-93EB-45ad-A804-234B7E289129}\stubpath = "C:\\Windows\\{C3E5EAEF-93EB-45ad-A804-234B7E289129}.exe" | C:\Windows\{D789ECF2-37B0-4d65-996C-D4BE903A494C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F0595E5D-B1B3-498c-B437-7D53AC51D169} | C:\Windows\{95EA840D-B222-46c0-BE01-6A92442C5FB1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76854266-3DA0-4ad3-B186-E5DF1A068574}\stubpath = "C:\\Windows\\{76854266-3DA0-4ad3-B186-E5DF1A068574}.exe" | C:\Windows\{F0595E5D-B1B3-498c-B437-7D53AC51D169}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{ED5CC736-ABB0-4e32-8B39-145E6F3300F7} | C:\Windows\{76854266-3DA0-4ad3-B186-E5DF1A068574}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6C20941D-DA46-449f-BC27-2B1B7A3E1FFB} | C:\Windows\{00BAE471-F6AF-426a-8828-7471583F7076}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6C20941D-DA46-449f-BC27-2B1B7A3E1FFB}\stubpath = "C:\\Windows\\{6C20941D-DA46-449f-BC27-2B1B7A3E1FFB}.exe" | C:\Windows\{00BAE471-F6AF-426a-8828-7471583F7076}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D789ECF2-37B0-4d65-996C-D4BE903A494C} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_fbeea84d00bb9479e71007bdc5820210_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{95EA840D-B222-46c0-BE01-6A92442C5FB1}\stubpath = "C:\\Windows\\{95EA840D-B222-46c0-BE01-6A92442C5FB1}.exe" | C:\Windows\{261451B0-2F63-4148-A56E-9689F90D836C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76854266-3DA0-4ad3-B186-E5DF1A068574} | C:\Windows\{F0595E5D-B1B3-498c-B437-7D53AC51D169}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{00BAE471-F6AF-426a-8828-7471583F7076} | C:\Windows\{2BDE5D93-2118-4c6d-B025-87E0F06CDDCD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BFB420ED-BAF6-4cf0-802C-DB114CC000A3}\stubpath = "C:\\Windows\\{BFB420ED-BAF6-4cf0-802C-DB114CC000A3}.exe" | C:\Windows\{6C20941D-DA46-449f-BC27-2B1B7A3E1FFB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C3E5EAEF-93EB-45ad-A804-234B7E289129} | C:\Windows\{D789ECF2-37B0-4d65-996C-D4BE903A494C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{261451B0-2F63-4148-A56E-9689F90D836C} | C:\Windows\{C3E5EAEF-93EB-45ad-A804-234B7E289129}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{95EA840D-B222-46c0-BE01-6A92442C5FB1} | C:\Windows\{261451B0-2F63-4148-A56E-9689F90D836C}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{D789ECF2-37B0-4d65-996C-D4BE903A494C}.exe | N/A |
| N/A | N/A | C:\Windows\{C3E5EAEF-93EB-45ad-A804-234B7E289129}.exe | N/A |
| N/A | N/A | C:\Windows\{261451B0-2F63-4148-A56E-9689F90D836C}.exe | N/A |
| N/A | N/A | C:\Windows\{95EA840D-B222-46c0-BE01-6A92442C5FB1}.exe | N/A |
| N/A | N/A | C:\Windows\{F0595E5D-B1B3-498c-B437-7D53AC51D169}.exe | N/A |
| N/A | N/A | C:\Windows\{76854266-3DA0-4ad3-B186-E5DF1A068574}.exe | N/A |
| N/A | N/A | C:\Windows\{ED5CC736-ABB0-4e32-8B39-145E6F3300F7}.exe | N/A |
| N/A | N/A | C:\Windows\{2BDE5D93-2118-4c6d-B025-87E0F06CDDCD}.exe | N/A |
| N/A | N/A | C:\Windows\{00BAE471-F6AF-426a-8828-7471583F7076}.exe | N/A |
| N/A | N/A | C:\Windows\{6C20941D-DA46-449f-BC27-2B1B7A3E1FFB}.exe | N/A |
| N/A | N/A | C:\Windows\{BFB420ED-BAF6-4cf0-802C-DB114CC000A3}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{261451B0-2F63-4148-A56E-9689F90D836C}.exe | C:\Windows\{C3E5EAEF-93EB-45ad-A804-234B7E289129}.exe | N/A |
| File created | C:\Windows\{F0595E5D-B1B3-498c-B437-7D53AC51D169}.exe | C:\Windows\{95EA840D-B222-46c0-BE01-6A92442C5FB1}.exe | N/A |
| File created | C:\Windows\{2BDE5D93-2118-4c6d-B025-87E0F06CDDCD}.exe | C:\Windows\{ED5CC736-ABB0-4e32-8B39-145E6F3300F7}.exe | N/A |
| File created | C:\Windows\{6C20941D-DA46-449f-BC27-2B1B7A3E1FFB}.exe | C:\Windows\{00BAE471-F6AF-426a-8828-7471583F7076}.exe | N/A |
| File created | C:\Windows\{BFB420ED-BAF6-4cf0-802C-DB114CC000A3}.exe | C:\Windows\{6C20941D-DA46-449f-BC27-2B1B7A3E1FFB}.exe | N/A |
| File created | C:\Windows\{D789ECF2-37B0-4d65-996C-D4BE903A494C}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_fbeea84d00bb9479e71007bdc5820210_goldeneye.exe | N/A |
| File created | C:\Windows\{C3E5EAEF-93EB-45ad-A804-234B7E289129}.exe | C:\Windows\{D789ECF2-37B0-4d65-996C-D4BE903A494C}.exe | N/A |
| File created | C:\Windows\{95EA840D-B222-46c0-BE01-6A92442C5FB1}.exe | C:\Windows\{261451B0-2F63-4148-A56E-9689F90D836C}.exe | N/A |
| File created | C:\Windows\{76854266-3DA0-4ad3-B186-E5DF1A068574}.exe | C:\Windows\{F0595E5D-B1B3-498c-B437-7D53AC51D169}.exe | N/A |
| File created | C:\Windows\{ED5CC736-ABB0-4e32-8B39-145E6F3300F7}.exe | C:\Windows\{76854266-3DA0-4ad3-B186-E5DF1A068574}.exe | N/A |
| File created | C:\Windows\{00BAE471-F6AF-426a-8828-7471583F7076}.exe | C:\Windows\{2BDE5D93-2118-4c6d-B025-87E0F06CDDCD}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_fbeea84d00bb9479e71007bdc5820210_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_fbeea84d00bb9479e71007bdc5820210_goldeneye.exe"
C:\Windows\{D789ECF2-37B0-4d65-996C-D4BE903A494C}.exe
C:\Windows\{D789ECF2-37B0-4d65-996C-D4BE903A494C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{C3E5EAEF-93EB-45ad-A804-234B7E289129}.exe
C:\Windows\{C3E5EAEF-93EB-45ad-A804-234B7E289129}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D789E~1.EXE > nul
C:\Windows\{261451B0-2F63-4148-A56E-9689F90D836C}.exe
C:\Windows\{261451B0-2F63-4148-A56E-9689F90D836C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C3E5E~1.EXE > nul
C:\Windows\{95EA840D-B222-46c0-BE01-6A92442C5FB1}.exe
C:\Windows\{95EA840D-B222-46c0-BE01-6A92442C5FB1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{26145~1.EXE > nul
C:\Windows\{F0595E5D-B1B3-498c-B437-7D53AC51D169}.exe
C:\Windows\{F0595E5D-B1B3-498c-B437-7D53AC51D169}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{95EA8~1.EXE > nul
C:\Windows\{76854266-3DA0-4ad3-B186-E5DF1A068574}.exe
C:\Windows\{76854266-3DA0-4ad3-B186-E5DF1A068574}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F0595~1.EXE > nul
C:\Windows\{ED5CC736-ABB0-4e32-8B39-145E6F3300F7}.exe
C:\Windows\{ED5CC736-ABB0-4e32-8B39-145E6F3300F7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{76854~1.EXE > nul
C:\Windows\{2BDE5D93-2118-4c6d-B025-87E0F06CDDCD}.exe
C:\Windows\{2BDE5D93-2118-4c6d-B025-87E0F06CDDCD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{ED5CC~1.EXE > nul
C:\Windows\{00BAE471-F6AF-426a-8828-7471583F7076}.exe
C:\Windows\{00BAE471-F6AF-426a-8828-7471583F7076}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2BDE5~1.EXE > nul
C:\Windows\{6C20941D-DA46-449f-BC27-2B1B7A3E1FFB}.exe
C:\Windows\{6C20941D-DA46-449f-BC27-2B1B7A3E1FFB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{00BAE~1.EXE > nul
C:\Windows\{BFB420ED-BAF6-4cf0-802C-DB114CC000A3}.exe
C:\Windows\{BFB420ED-BAF6-4cf0-802C-DB114CC000A3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6C209~1.EXE > nul
Network
Files
C:\Windows\{D789ECF2-37B0-4d65-996C-D4BE903A494C}.exe
| MD5 | 49bf259557f3944ab1bd50e6b484d941 |
| SHA1 | 0b30cd30b47f44dfab6ee27d8ec4b5d0684f158f |
| SHA256 | 9cb1e77859c969456215e80bc40c0f75c99c701caeea491675a30b805ce9fc45 |
| SHA512 | 3a19fec75362a915978517371f0ab33d36f0991868eebb1390fb4455fd172dd4617a936deea19d106096557905f317b31209afb2d8cdf325db9a256125553ff1 |
C:\Windows\{C3E5EAEF-93EB-45ad-A804-234B7E289129}.exe
| MD5 | e8283fb6d9eac3912b248485dbf42f2c |
| SHA1 | 19a6e0a12b668d16538081c3baeee51e18c2c20f |
| SHA256 | e724d5802849c6bdc233833cff35bebe6cbc199f5f0e2c4998e9de5ae8b0a551 |
| SHA512 | 6ecc034b1f92a8143458fec1560233eb021e0bf9f5522947a7840fc977ad2708b11e382c7e2ad7f6ab8786403bfcdb5723ec196ba10c278952e087b68a63da66 |
C:\Windows\{261451B0-2F63-4148-A56E-9689F90D836C}.exe
| MD5 | 6365d9d7e300143a435fa3dd6ce7781a |
| SHA1 | 523eba579e83a1c7580d3d3d86022b8d8c738c1c |
| SHA256 | 5881be739c7562ad7bbdbf7dc7e13b8e097edf1b88c85e797e382df33a0d5c0f |
| SHA512 | 20155b988a0d15ef11836567692b2cc565f2f9971f1781a7e40ab2f28e71936a5af50c0499ed710539d97e1a52793fb53179680a246bcd9e1ff652262a48da7c |
C:\Windows\{95EA840D-B222-46c0-BE01-6A92442C5FB1}.exe
| MD5 | 76344081b7ca3282e90a563200392ed3 |
| SHA1 | 640bbe05e704f18ac00d4fd8e58d4da6ad9ceed9 |
| SHA256 | 8ba2d7b51e2f1accfe780457ff4e416bcb2e78241bf8712348278cb0cde1f5ac |
| SHA512 | 8f48e7be14f4414cf1042eaca7cd1a7c2b85495a3a547d8499f5ae886ff1ded37d74bea3c66535b5177fb811ef37cd9689d73fb927a7ad9b7d410d0b6de4d57d |
C:\Windows\{F0595E5D-B1B3-498c-B437-7D53AC51D169}.exe
| MD5 | cc022214516ea46325657b2397453db7 |
| SHA1 | af001888dc3e37965a82a89f602f53cd92aeda94 |
| SHA256 | a9b80541a53ce3a74b089a6ec5b9cfca9a8d4caf4669baa2823c0bdf08d62b3d |
| SHA512 | 67ac22baa0a5bcd83f644d50f0ad1bd2d66522ba39890438605345b9b0ca8a76e7adecee891016eaebdaa49890d3d2e224baaa7f2dd55f4f4c4db60aedafa0d8 |
C:\Windows\{76854266-3DA0-4ad3-B186-E5DF1A068574}.exe
| MD5 | 84e0958734ebe011e2990888049533e2 |
| SHA1 | 0871de77d46b6768e07c2790e6d47de0d30825df |
| SHA256 | 999fdfb67d4febd3e21a3c0af83458765bcf926751f4e54e268eaa84c7cf9d44 |
| SHA512 | 1054be3fcaaa8b2fe3294bcb535c82446779ab46f19f1afc45ae78bb231e11966f5abca2ba9af4318a4826a8e82fef0b06fbd2224a6844e44d52f18f3011234d |
C:\Windows\{ED5CC736-ABB0-4e32-8B39-145E6F3300F7}.exe
| MD5 | 57555f1ff76f861b77dedc137fe01e7f |
| SHA1 | 6ca64cc6abaf6d38135ef359bc5ae982862173a3 |
| SHA256 | 19f58ba965cf30ba60423f691180d1bf6af55f363194bf0a88c9e379809969df |
| SHA512 | f69aad35615f2be87e7959e063c00b1b1749074935b30d09a407503bcefd402b8dd54dca42ef43244878ca09d736741ad41c72b013797244c6c6a103fe58e0d0 |
C:\Windows\{2BDE5D93-2118-4c6d-B025-87E0F06CDDCD}.exe
| MD5 | 053114bb3993ff52dca5e4aca92d4269 |
| SHA1 | f7592df6925ed4c7c154d07e1f56d826cb367b86 |
| SHA256 | 7baf34ad5c8da3a58995a70bd5c1e342a996cd3292d5ae3a9e604033f3a8c227 |
| SHA512 | db541e23a99b1c2021d16c3a522027d49a417e498a932d7c4fc13f2d52a99f7f17cde2b8d553445b1128bcac9202e3d2938a80113b89c4bb457767f02d1da202 |
C:\Windows\{00BAE471-F6AF-426a-8828-7471583F7076}.exe
| MD5 | 869caf3c20e9f225a0ef69cc622a1bd0 |
| SHA1 | 63ff00d621800305ff888badd29d9c094fd10803 |
| SHA256 | 6092420745681101d3bb17e50b861d84ac9b5521839c22cbd7e744fe505b81db |
| SHA512 | 8bbc81a97ad05926a0704542615d1289d87773eaa00f865fb940fff8d13c27c61556003208d7feaa11d699e27640538d1afa5f7903083d168ee2006c2dfa8bd8 |
C:\Windows\{6C20941D-DA46-449f-BC27-2B1B7A3E1FFB}.exe
| MD5 | a35bbbab0b15767418f09174933aac0d |
| SHA1 | 114fb3fa21462832bb97319176032b46f8d1ca10 |
| SHA256 | 58f5af7edcf88a7d8282dfa6323b879c26bf43aad1fd417a5f8c0feda68bb3b5 |
| SHA512 | 081954dbbe7b56f0f706793f45918144b3c6d9af6f0eb3e175c000182fb8f592359ea33484f9df9b2204002852a67b5d11ba1f52fcfbb9a1748411d58e2ffe48 |
C:\Windows\{BFB420ED-BAF6-4cf0-802C-DB114CC000A3}.exe
| MD5 | 707e97c2e43ce7eccc2896b232c0d2fc |
| SHA1 | 0ba19861096e61e7bbdbad88b4846ab414a0a4e2 |
| SHA256 | f6a39d3157c8901e6f365bdb9a89ed95fda24cef3a83f1ff89927ad72e034be8 |
| SHA512 | 1cb19a0a7ba9a1e62ea142499670d5411f4c26e3c777057e0edc5474a795abed6e78bf4f8a2334bff38cad2c8ff7e6fbcda6ab9f37ded4d52f168e605ebe6f4f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 03:01
Reported
2024-06-13 03:03
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E466BD88-E85A-4f34-A2CB-3AF48F00D6BF}\stubpath = "C:\\Windows\\{E466BD88-E85A-4f34-A2CB-3AF48F00D6BF}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_fbeea84d00bb9479e71007bdc5820210_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{67FBACF6-8C4F-4938-B618-021E61E03591} | C:\Windows\{BF257F86-31C6-4b4e-BB35-AAA17C1BC152}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A4E0CBCA-B53E-40ae-A9F3-B125EAA19930}\stubpath = "C:\\Windows\\{A4E0CBCA-B53E-40ae-A9F3-B125EAA19930}.exe" | C:\Windows\{02A5597E-6E2C-4695-86C3-091AFCC328B4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F3903947-4E68-42a6-B475-344F664C2B2F}\stubpath = "C:\\Windows\\{F3903947-4E68-42a6-B475-344F664C2B2F}.exe" | C:\Windows\{A4E0CBCA-B53E-40ae-A9F3-B125EAA19930}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{969E6608-122D-42ac-B075-52CE382D302D} | C:\Windows\{F3903947-4E68-42a6-B475-344F664C2B2F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{31957973-B232-4c81-8A52-3961BB0B51ED}\stubpath = "C:\\Windows\\{31957973-B232-4c81-8A52-3961BB0B51ED}.exe" | C:\Windows\{E466BD88-E85A-4f34-A2CB-3AF48F00D6BF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BF257F86-31C6-4b4e-BB35-AAA17C1BC152} | C:\Windows\{31957973-B232-4c81-8A52-3961BB0B51ED}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BF257F86-31C6-4b4e-BB35-AAA17C1BC152}\stubpath = "C:\\Windows\\{BF257F86-31C6-4b4e-BB35-AAA17C1BC152}.exe" | C:\Windows\{31957973-B232-4c81-8A52-3961BB0B51ED}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{16D97D4C-A3D7-42db-B2A7-5DB34351D04D} | C:\Windows\{B2C5A952-E9F5-46d5-9C05-F4530BF8BA4E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AEC04F8F-1524-4160-915C-2BABEFFFBD09} | C:\Windows\{3DB7D47A-2957-4da5-B2AD-3B9075172BB7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AEC04F8F-1524-4160-915C-2BABEFFFBD09}\stubpath = "C:\\Windows\\{AEC04F8F-1524-4160-915C-2BABEFFFBD09}.exe" | C:\Windows\{3DB7D47A-2957-4da5-B2AD-3B9075172BB7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{31957973-B232-4c81-8A52-3961BB0B51ED} | C:\Windows\{E466BD88-E85A-4f34-A2CB-3AF48F00D6BF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A4E0CBCA-B53E-40ae-A9F3-B125EAA19930} | C:\Windows\{02A5597E-6E2C-4695-86C3-091AFCC328B4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B2C5A952-E9F5-46d5-9C05-F4530BF8BA4E}\stubpath = "C:\\Windows\\{B2C5A952-E9F5-46d5-9C05-F4530BF8BA4E}.exe" | C:\Windows\{969E6608-122D-42ac-B075-52CE382D302D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{16D97D4C-A3D7-42db-B2A7-5DB34351D04D}\stubpath = "C:\\Windows\\{16D97D4C-A3D7-42db-B2A7-5DB34351D04D}.exe" | C:\Windows\{B2C5A952-E9F5-46d5-9C05-F4530BF8BA4E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3DB7D47A-2957-4da5-B2AD-3B9075172BB7} | C:\Windows\{16D97D4C-A3D7-42db-B2A7-5DB34351D04D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E466BD88-E85A-4f34-A2CB-3AF48F00D6BF} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_fbeea84d00bb9479e71007bdc5820210_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{67FBACF6-8C4F-4938-B618-021E61E03591}\stubpath = "C:\\Windows\\{67FBACF6-8C4F-4938-B618-021E61E03591}.exe" | C:\Windows\{BF257F86-31C6-4b4e-BB35-AAA17C1BC152}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{02A5597E-6E2C-4695-86C3-091AFCC328B4} | C:\Windows\{67FBACF6-8C4F-4938-B618-021E61E03591}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{02A5597E-6E2C-4695-86C3-091AFCC328B4}\stubpath = "C:\\Windows\\{02A5597E-6E2C-4695-86C3-091AFCC328B4}.exe" | C:\Windows\{67FBACF6-8C4F-4938-B618-021E61E03591}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F3903947-4E68-42a6-B475-344F664C2B2F} | C:\Windows\{A4E0CBCA-B53E-40ae-A9F3-B125EAA19930}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{969E6608-122D-42ac-B075-52CE382D302D}\stubpath = "C:\\Windows\\{969E6608-122D-42ac-B075-52CE382D302D}.exe" | C:\Windows\{F3903947-4E68-42a6-B475-344F664C2B2F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B2C5A952-E9F5-46d5-9C05-F4530BF8BA4E} | C:\Windows\{969E6608-122D-42ac-B075-52CE382D302D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3DB7D47A-2957-4da5-B2AD-3B9075172BB7}\stubpath = "C:\\Windows\\{3DB7D47A-2957-4da5-B2AD-3B9075172BB7}.exe" | C:\Windows\{16D97D4C-A3D7-42db-B2A7-5DB34351D04D}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{E466BD88-E85A-4f34-A2CB-3AF48F00D6BF}.exe | N/A |
| N/A | N/A | C:\Windows\{31957973-B232-4c81-8A52-3961BB0B51ED}.exe | N/A |
| N/A | N/A | C:\Windows\{BF257F86-31C6-4b4e-BB35-AAA17C1BC152}.exe | N/A |
| N/A | N/A | C:\Windows\{67FBACF6-8C4F-4938-B618-021E61E03591}.exe | N/A |
| N/A | N/A | C:\Windows\{02A5597E-6E2C-4695-86C3-091AFCC328B4}.exe | N/A |
| N/A | N/A | C:\Windows\{A4E0CBCA-B53E-40ae-A9F3-B125EAA19930}.exe | N/A |
| N/A | N/A | C:\Windows\{F3903947-4E68-42a6-B475-344F664C2B2F}.exe | N/A |
| N/A | N/A | C:\Windows\{969E6608-122D-42ac-B075-52CE382D302D}.exe | N/A |
| N/A | N/A | C:\Windows\{B2C5A952-E9F5-46d5-9C05-F4530BF8BA4E}.exe | N/A |
| N/A | N/A | C:\Windows\{16D97D4C-A3D7-42db-B2A7-5DB34351D04D}.exe | N/A |
| N/A | N/A | C:\Windows\{3DB7D47A-2957-4da5-B2AD-3B9075172BB7}.exe | N/A |
| N/A | N/A | C:\Windows\{AEC04F8F-1524-4160-915C-2BABEFFFBD09}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{67FBACF6-8C4F-4938-B618-021E61E03591}.exe | C:\Windows\{BF257F86-31C6-4b4e-BB35-AAA17C1BC152}.exe | N/A |
| File created | C:\Windows\{02A5597E-6E2C-4695-86C3-091AFCC328B4}.exe | C:\Windows\{67FBACF6-8C4F-4938-B618-021E61E03591}.exe | N/A |
| File created | C:\Windows\{F3903947-4E68-42a6-B475-344F664C2B2F}.exe | C:\Windows\{A4E0CBCA-B53E-40ae-A9F3-B125EAA19930}.exe | N/A |
| File created | C:\Windows\{969E6608-122D-42ac-B075-52CE382D302D}.exe | C:\Windows\{F3903947-4E68-42a6-B475-344F664C2B2F}.exe | N/A |
| File created | C:\Windows\{3DB7D47A-2957-4da5-B2AD-3B9075172BB7}.exe | C:\Windows\{16D97D4C-A3D7-42db-B2A7-5DB34351D04D}.exe | N/A |
| File created | C:\Windows\{AEC04F8F-1524-4160-915C-2BABEFFFBD09}.exe | C:\Windows\{3DB7D47A-2957-4da5-B2AD-3B9075172BB7}.exe | N/A |
| File created | C:\Windows\{E466BD88-E85A-4f34-A2CB-3AF48F00D6BF}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_fbeea84d00bb9479e71007bdc5820210_goldeneye.exe | N/A |
| File created | C:\Windows\{31957973-B232-4c81-8A52-3961BB0B51ED}.exe | C:\Windows\{E466BD88-E85A-4f34-A2CB-3AF48F00D6BF}.exe | N/A |
| File created | C:\Windows\{BF257F86-31C6-4b4e-BB35-AAA17C1BC152}.exe | C:\Windows\{31957973-B232-4c81-8A52-3961BB0B51ED}.exe | N/A |
| File created | C:\Windows\{A4E0CBCA-B53E-40ae-A9F3-B125EAA19930}.exe | C:\Windows\{02A5597E-6E2C-4695-86C3-091AFCC328B4}.exe | N/A |
| File created | C:\Windows\{B2C5A952-E9F5-46d5-9C05-F4530BF8BA4E}.exe | C:\Windows\{969E6608-122D-42ac-B075-52CE382D302D}.exe | N/A |
| File created | C:\Windows\{16D97D4C-A3D7-42db-B2A7-5DB34351D04D}.exe | C:\Windows\{B2C5A952-E9F5-46d5-9C05-F4530BF8BA4E}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_fbeea84d00bb9479e71007bdc5820210_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_fbeea84d00bb9479e71007bdc5820210_goldeneye.exe"
C:\Windows\{E466BD88-E85A-4f34-A2CB-3AF48F00D6BF}.exe
C:\Windows\{E466BD88-E85A-4f34-A2CB-3AF48F00D6BF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{31957973-B232-4c81-8A52-3961BB0B51ED}.exe
C:\Windows\{31957973-B232-4c81-8A52-3961BB0B51ED}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E466B~1.EXE > nul
C:\Windows\{BF257F86-31C6-4b4e-BB35-AAA17C1BC152}.exe
C:\Windows\{BF257F86-31C6-4b4e-BB35-AAA17C1BC152}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{31957~1.EXE > nul
C:\Windows\{67FBACF6-8C4F-4938-B618-021E61E03591}.exe
C:\Windows\{67FBACF6-8C4F-4938-B618-021E61E03591}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BF257~1.EXE > nul
C:\Windows\{02A5597E-6E2C-4695-86C3-091AFCC328B4}.exe
C:\Windows\{02A5597E-6E2C-4695-86C3-091AFCC328B4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{67FBA~1.EXE > nul
C:\Windows\{A4E0CBCA-B53E-40ae-A9F3-B125EAA19930}.exe
C:\Windows\{A4E0CBCA-B53E-40ae-A9F3-B125EAA19930}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{02A55~1.EXE > nul
C:\Windows\{F3903947-4E68-42a6-B475-344F664C2B2F}.exe
C:\Windows\{F3903947-4E68-42a6-B475-344F664C2B2F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A4E0C~1.EXE > nul
C:\Windows\{969E6608-122D-42ac-B075-52CE382D302D}.exe
C:\Windows\{969E6608-122D-42ac-B075-52CE382D302D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F3903~1.EXE > nul
C:\Windows\{B2C5A952-E9F5-46d5-9C05-F4530BF8BA4E}.exe
C:\Windows\{B2C5A952-E9F5-46d5-9C05-F4530BF8BA4E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{969E6~1.EXE > nul
C:\Windows\{16D97D4C-A3D7-42db-B2A7-5DB34351D04D}.exe
C:\Windows\{16D97D4C-A3D7-42db-B2A7-5DB34351D04D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B2C5A~1.EXE > nul
C:\Windows\{3DB7D47A-2957-4da5-B2AD-3B9075172BB7}.exe
C:\Windows\{3DB7D47A-2957-4da5-B2AD-3B9075172BB7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{16D97~1.EXE > nul
C:\Windows\{AEC04F8F-1524-4160-915C-2BABEFFFBD09}.exe
C:\Windows\{AEC04F8F-1524-4160-915C-2BABEFFFBD09}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3DB7D~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
Files
C:\Windows\{E466BD88-E85A-4f34-A2CB-3AF48F00D6BF}.exe
| MD5 | 907957e7ccd94dc18368da9f308e1e7e |
| SHA1 | 4f928cb02a8ee78b72eb5374895e92e56f68f9c4 |
| SHA256 | 7f69442d25e4118e59512d03e2fd14932b530f0f7711fed1a083d4b5e05cbf23 |
| SHA512 | e7fda5184564f4955e5ae1aed6215127f61c82051fe3af68aca795b68da92d5f8cd5f8e72e028b42e3478623a41e16eaaf8672ad421c548601d325fd5d327e7a |
C:\Windows\{31957973-B232-4c81-8A52-3961BB0B51ED}.exe
| MD5 | a820191a322f2efff417675038d74229 |
| SHA1 | 604c6be4fd5a9ddd51f3af22b221187b7e703479 |
| SHA256 | ef8d8ddc70c8828b46eb4d10cae337e86cbb77ec3a8d65669299914eac609e2a |
| SHA512 | 8abd7cc82b06f09c459e3e5c7465df1bb954f0faebcab15983c407834104732961386a2c6406859b7989e005b4fdbc369106d994080eee083ab756e403dda14c |
C:\Windows\{BF257F86-31C6-4b4e-BB35-AAA17C1BC152}.exe
| MD5 | f9a0c2f67c02621c94f0f0599f093410 |
| SHA1 | 27bb1deb2cac51e2fb37c66f96c5c341596a9d5a |
| SHA256 | 96b07e9c4a3f839bbbb560ef4d36f22b1d94173aed6391a61b5b656a1532ec82 |
| SHA512 | 40a56d732314d849d1448d8e481c8fc0f1f750a837dd8fdb8b91e7c858e45284b1a8d44c59be9198af3c4ee68980ec4051b9e1699380b92107402ed1a0a8d991 |
C:\Windows\{67FBACF6-8C4F-4938-B618-021E61E03591}.exe
| MD5 | 72e3097c6cf384e3c521bef171746a71 |
| SHA1 | e2b88d161a3e96dedcc320a5b9b82b2f3cd130f1 |
| SHA256 | 8114e024f32c07982fc08320054eb8cfdc87eb8d00f8be32a98f1882c45b15d3 |
| SHA512 | 3d9479dad9f7dd5ae577821ba7ad4ed8536f31f570767d3e188e015c6398e34991742c21eaddf392d30b26e6ca691ac884114aaf8807f22034b14ae11dcfdce2 |
C:\Windows\{02A5597E-6E2C-4695-86C3-091AFCC328B4}.exe
| MD5 | 469572f52ee4cc3dd7f23a61f1e623d6 |
| SHA1 | cade0937547403c553b342e4837c55b54c28b0a8 |
| SHA256 | 501e9be14237cc6c59e88511344b093a2d8f95f9bbbff0d68ba539ebd1b0660f |
| SHA512 | 157b096161bfba16d9945db62848936a33e8a698b31db15e32a7fe3d9d44aa76094f6330e1d64ba26f6fdcb3e7f1967739fcaf84922846eed4d6204847bd08e2 |
C:\Windows\{A4E0CBCA-B53E-40ae-A9F3-B125EAA19930}.exe
| MD5 | 177710861c60d9e9d131173fef5d1dac |
| SHA1 | 9069a36fca21c12cf2b83d5158501ac7db1e84b1 |
| SHA256 | e61adf2ff6a4b82b92c27484a3e8bfa51b4c9fad68e6bdbf22a05c93eaab4447 |
| SHA512 | 482838b2731cf2a69c6e49664ad9a845a8a9133b28ba187f59bdc47211acf09fe6017dbd73a733745b1c33c8fce1aade614024bc9812117c307eefeb648a9f49 |
C:\Windows\{F3903947-4E68-42a6-B475-344F664C2B2F}.exe
| MD5 | 54f8a4d3073eefed59ca17dc46b4d1c5 |
| SHA1 | 2073244e4c420bad05bcd830eaecdd8266ff7149 |
| SHA256 | aa9460f93e93876d6a1be3088d12bd95467ba74c7ed3c8344dca67b788d2bb73 |
| SHA512 | 0549d7b22f7745a67549192ca1d685ca52ec97558bb9646ef7cbeaec391908d3abf677a6966286d680fb983bdab2b367fb67eadf7ebe4dd65edba66c4d34a6d1 |
C:\Windows\{969E6608-122D-42ac-B075-52CE382D302D}.exe
| MD5 | b5b8cf05e8cb82fffb6575497a420f94 |
| SHA1 | 9992040b84174e0d51c97962b2bdd307127b31c1 |
| SHA256 | ac76f3349b34133f297a88dedc5c10d9970a02ccbf19fff4d97cf97e9480b1c0 |
| SHA512 | ac8a518dce74c6e52fd446b7535fd8c08bd3fc80ff3b357f2e0e1936a551e97eeea6db9a8c35e44f871ad6b9b13f41b0d4e7dd33d97e5de6f8a4fdb0c407c94b |
C:\Windows\{B2C5A952-E9F5-46d5-9C05-F4530BF8BA4E}.exe
| MD5 | 03e1c487e4f2bd92163cff5a4729c7fc |
| SHA1 | 8048a12870f215ded54a564c3108f94a04469122 |
| SHA256 | 39806988016adf29788416d848542f54eb341226267d09763a627791336108de |
| SHA512 | 28b809723533dfd2d9978e29fa7bbe1e1c2bb90d845596881828e51f4a2d38e78ebbe2d9e31c2a14c387a1cacb8626d910e8327268102b6fe7eb3be4a5fe7a48 |
C:\Windows\{16D97D4C-A3D7-42db-B2A7-5DB34351D04D}.exe
| MD5 | 23d83d914ed7a260a30ea1999363c5aa |
| SHA1 | 877c6915d785738aa1564ca6e85cb710f71b5314 |
| SHA256 | cdfd4562005a0e0d96c505141a852bf06d8e6c21acaaabfe0eb4319b490ef9bb |
| SHA512 | 275749d92c501e75f5680e6a153b275d9f093b513567838787f07fe8985c08e53f8dbc95c45c854be9f8f0ed1cd19c24adcfaac72f1d3653c6dae81a8077fe74 |
C:\Windows\{3DB7D47A-2957-4da5-B2AD-3B9075172BB7}.exe
| MD5 | 2407ca83178099858573b64c03c7c0e6 |
| SHA1 | b1b7ab23d77b14cd702d360b41c9780a61e0bc17 |
| SHA256 | 3d8eeb354e1590463c198c8ed1bb4ca359b42f95d00ec086ca3cb3865e3ce08c |
| SHA512 | e50667494b4c8269767d09f6d5e75da483bd73647f6ade04fe05169d8626c8d487a1327c9743d4244944d747f3c6144e2cf1cfd954fa3598cf0832983116b047 |
C:\Windows\{AEC04F8F-1524-4160-915C-2BABEFFFBD09}.exe
| MD5 | bac3b7b574904faf0d9a008870d58b53 |
| SHA1 | 74af36e3479c2d81c5197988df25a1fca0e1bb0f |
| SHA256 | 1ca81e4c44487e6938725ab948899b7b56a93df6dd63c8d2aca3fd43aab5f128 |
| SHA512 | 0d329a323d02f966832508217fa26a06f690edc474b1bb1d0892adbbb13fdebc140fa291d56a002c906f3cf3a63ce8fd32105fd9abbbf653f1d4a7fb3759b8b6 |