Analysis Overview
SHA256
ec7b4a1ae9f2de1893e9cbaa281bfb9a235c28496eb4736d95ec1511c0f608f5
Threat Level: Known bad
The file 2024-06-13_ee45b7191d0d62b1370d393e842ca361_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 03:01
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 03:01
Reported
2024-06-13 03:03
Platform
win7-20240221-en
Max time kernel
144s
Max time network
120s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CC1C5D55-22C0-4376-9BC3-F01E11C725D6} | C:\Windows\{A5D1997A-BAA7-4646-BE29-418A71E7A8B6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4FBD1418-2156-403b-A878-7AD6DFB656DF}\stubpath = "C:\\Windows\\{4FBD1418-2156-403b-A878-7AD6DFB656DF}.exe" | C:\Windows\{F4B310DB-49A5-4a5d-81E4-CB5A4D890BAF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6305DFDE-1FAF-46c6-BBAC-EEC7AEAECF7C}\stubpath = "C:\\Windows\\{6305DFDE-1FAF-46c6-BBAC-EEC7AEAECF7C}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_ee45b7191d0d62b1370d393e842ca361_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CC1C5D55-22C0-4376-9BC3-F01E11C725D6}\stubpath = "C:\\Windows\\{CC1C5D55-22C0-4376-9BC3-F01E11C725D6}.exe" | C:\Windows\{A5D1997A-BAA7-4646-BE29-418A71E7A8B6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BA175B0F-906C-477c-AB1D-CF2F6B05310C}\stubpath = "C:\\Windows\\{BA175B0F-906C-477c-AB1D-CF2F6B05310C}.exe" | C:\Windows\{CC1C5D55-22C0-4376-9BC3-F01E11C725D6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4FBD1418-2156-403b-A878-7AD6DFB656DF} | C:\Windows\{F4B310DB-49A5-4a5d-81E4-CB5A4D890BAF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2E58FAB6-45E2-4edf-978C-47843B0AC6E4}\stubpath = "C:\\Windows\\{2E58FAB6-45E2-4edf-978C-47843B0AC6E4}.exe" | C:\Windows\{4FBD1418-2156-403b-A878-7AD6DFB656DF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{03A5A3EE-6390-4e3a-BCC3-0283AE1846B8} | C:\Windows\{2E58FAB6-45E2-4edf-978C-47843B0AC6E4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{03A5A3EE-6390-4e3a-BCC3-0283AE1846B8}\stubpath = "C:\\Windows\\{03A5A3EE-6390-4e3a-BCC3-0283AE1846B8}.exe" | C:\Windows\{2E58FAB6-45E2-4edf-978C-47843B0AC6E4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{85AF6275-389E-4792-B89F-953D9B0BFC9B}\stubpath = "C:\\Windows\\{85AF6275-389E-4792-B89F-953D9B0BFC9B}.exe" | C:\Windows\{03A5A3EE-6390-4e3a-BCC3-0283AE1846B8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A5D1997A-BAA7-4646-BE29-418A71E7A8B6} | C:\Windows\{B90BFC7A-B066-4740-B2F9-2973B32D5690}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0E8D6BFC-4469-41e9-AB37-6499075FF8F0} | C:\Windows\{6305DFDE-1FAF-46c6-BBAC-EEC7AEAECF7C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0E8D6BFC-4469-41e9-AB37-6499075FF8F0}\stubpath = "C:\\Windows\\{0E8D6BFC-4469-41e9-AB37-6499075FF8F0}.exe" | C:\Windows\{6305DFDE-1FAF-46c6-BBAC-EEC7AEAECF7C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B90BFC7A-B066-4740-B2F9-2973B32D5690} | C:\Windows\{0E8D6BFC-4469-41e9-AB37-6499075FF8F0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A5D1997A-BAA7-4646-BE29-418A71E7A8B6}\stubpath = "C:\\Windows\\{A5D1997A-BAA7-4646-BE29-418A71E7A8B6}.exe" | C:\Windows\{B90BFC7A-B066-4740-B2F9-2973B32D5690}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F4B310DB-49A5-4a5d-81E4-CB5A4D890BAF}\stubpath = "C:\\Windows\\{F4B310DB-49A5-4a5d-81E4-CB5A4D890BAF}.exe" | C:\Windows\{BA175B0F-906C-477c-AB1D-CF2F6B05310C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6305DFDE-1FAF-46c6-BBAC-EEC7AEAECF7C} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_ee45b7191d0d62b1370d393e842ca361_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BA175B0F-906C-477c-AB1D-CF2F6B05310C} | C:\Windows\{CC1C5D55-22C0-4376-9BC3-F01E11C725D6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F4B310DB-49A5-4a5d-81E4-CB5A4D890BAF} | C:\Windows\{BA175B0F-906C-477c-AB1D-CF2F6B05310C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2E58FAB6-45E2-4edf-978C-47843B0AC6E4} | C:\Windows\{4FBD1418-2156-403b-A878-7AD6DFB656DF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{85AF6275-389E-4792-B89F-953D9B0BFC9B} | C:\Windows\{03A5A3EE-6390-4e3a-BCC3-0283AE1846B8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B90BFC7A-B066-4740-B2F9-2973B32D5690}\stubpath = "C:\\Windows\\{B90BFC7A-B066-4740-B2F9-2973B32D5690}.exe" | C:\Windows\{0E8D6BFC-4469-41e9-AB37-6499075FF8F0}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{6305DFDE-1FAF-46c6-BBAC-EEC7AEAECF7C}.exe | N/A |
| N/A | N/A | C:\Windows\{0E8D6BFC-4469-41e9-AB37-6499075FF8F0}.exe | N/A |
| N/A | N/A | C:\Windows\{B90BFC7A-B066-4740-B2F9-2973B32D5690}.exe | N/A |
| N/A | N/A | C:\Windows\{A5D1997A-BAA7-4646-BE29-418A71E7A8B6}.exe | N/A |
| N/A | N/A | C:\Windows\{CC1C5D55-22C0-4376-9BC3-F01E11C725D6}.exe | N/A |
| N/A | N/A | C:\Windows\{BA175B0F-906C-477c-AB1D-CF2F6B05310C}.exe | N/A |
| N/A | N/A | C:\Windows\{F4B310DB-49A5-4a5d-81E4-CB5A4D890BAF}.exe | N/A |
| N/A | N/A | C:\Windows\{4FBD1418-2156-403b-A878-7AD6DFB656DF}.exe | N/A |
| N/A | N/A | C:\Windows\{2E58FAB6-45E2-4edf-978C-47843B0AC6E4}.exe | N/A |
| N/A | N/A | C:\Windows\{03A5A3EE-6390-4e3a-BCC3-0283AE1846B8}.exe | N/A |
| N/A | N/A | C:\Windows\{85AF6275-389E-4792-B89F-953D9B0BFC9B}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{6305DFDE-1FAF-46c6-BBAC-EEC7AEAECF7C}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_ee45b7191d0d62b1370d393e842ca361_goldeneye.exe | N/A |
| File created | C:\Windows\{0E8D6BFC-4469-41e9-AB37-6499075FF8F0}.exe | C:\Windows\{6305DFDE-1FAF-46c6-BBAC-EEC7AEAECF7C}.exe | N/A |
| File created | C:\Windows\{BA175B0F-906C-477c-AB1D-CF2F6B05310C}.exe | C:\Windows\{CC1C5D55-22C0-4376-9BC3-F01E11C725D6}.exe | N/A |
| File created | C:\Windows\{4FBD1418-2156-403b-A878-7AD6DFB656DF}.exe | C:\Windows\{F4B310DB-49A5-4a5d-81E4-CB5A4D890BAF}.exe | N/A |
| File created | C:\Windows\{2E58FAB6-45E2-4edf-978C-47843B0AC6E4}.exe | C:\Windows\{4FBD1418-2156-403b-A878-7AD6DFB656DF}.exe | N/A |
| File created | C:\Windows\{85AF6275-389E-4792-B89F-953D9B0BFC9B}.exe | C:\Windows\{03A5A3EE-6390-4e3a-BCC3-0283AE1846B8}.exe | N/A |
| File created | C:\Windows\{B90BFC7A-B066-4740-B2F9-2973B32D5690}.exe | C:\Windows\{0E8D6BFC-4469-41e9-AB37-6499075FF8F0}.exe | N/A |
| File created | C:\Windows\{A5D1997A-BAA7-4646-BE29-418A71E7A8B6}.exe | C:\Windows\{B90BFC7A-B066-4740-B2F9-2973B32D5690}.exe | N/A |
| File created | C:\Windows\{CC1C5D55-22C0-4376-9BC3-F01E11C725D6}.exe | C:\Windows\{A5D1997A-BAA7-4646-BE29-418A71E7A8B6}.exe | N/A |
| File created | C:\Windows\{F4B310DB-49A5-4a5d-81E4-CB5A4D890BAF}.exe | C:\Windows\{BA175B0F-906C-477c-AB1D-CF2F6B05310C}.exe | N/A |
| File created | C:\Windows\{03A5A3EE-6390-4e3a-BCC3-0283AE1846B8}.exe | C:\Windows\{2E58FAB6-45E2-4edf-978C-47843B0AC6E4}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_ee45b7191d0d62b1370d393e842ca361_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_ee45b7191d0d62b1370d393e842ca361_goldeneye.exe"
C:\Windows\{6305DFDE-1FAF-46c6-BBAC-EEC7AEAECF7C}.exe
C:\Windows\{6305DFDE-1FAF-46c6-BBAC-EEC7AEAECF7C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{0E8D6BFC-4469-41e9-AB37-6499075FF8F0}.exe
C:\Windows\{0E8D6BFC-4469-41e9-AB37-6499075FF8F0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6305D~1.EXE > nul
C:\Windows\{B90BFC7A-B066-4740-B2F9-2973B32D5690}.exe
C:\Windows\{B90BFC7A-B066-4740-B2F9-2973B32D5690}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0E8D6~1.EXE > nul
C:\Windows\{A5D1997A-BAA7-4646-BE29-418A71E7A8B6}.exe
C:\Windows\{A5D1997A-BAA7-4646-BE29-418A71E7A8B6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B90BF~1.EXE > nul
C:\Windows\{CC1C5D55-22C0-4376-9BC3-F01E11C725D6}.exe
C:\Windows\{CC1C5D55-22C0-4376-9BC3-F01E11C725D6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A5D19~1.EXE > nul
C:\Windows\{BA175B0F-906C-477c-AB1D-CF2F6B05310C}.exe
C:\Windows\{BA175B0F-906C-477c-AB1D-CF2F6B05310C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CC1C5~1.EXE > nul
C:\Windows\{F4B310DB-49A5-4a5d-81E4-CB5A4D890BAF}.exe
C:\Windows\{F4B310DB-49A5-4a5d-81E4-CB5A4D890BAF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BA175~1.EXE > nul
C:\Windows\{4FBD1418-2156-403b-A878-7AD6DFB656DF}.exe
C:\Windows\{4FBD1418-2156-403b-A878-7AD6DFB656DF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F4B31~1.EXE > nul
C:\Windows\{2E58FAB6-45E2-4edf-978C-47843B0AC6E4}.exe
C:\Windows\{2E58FAB6-45E2-4edf-978C-47843B0AC6E4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4FBD1~1.EXE > nul
C:\Windows\{03A5A3EE-6390-4e3a-BCC3-0283AE1846B8}.exe
C:\Windows\{03A5A3EE-6390-4e3a-BCC3-0283AE1846B8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2E58F~1.EXE > nul
C:\Windows\{85AF6275-389E-4792-B89F-953D9B0BFC9B}.exe
C:\Windows\{85AF6275-389E-4792-B89F-953D9B0BFC9B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{03A5A~1.EXE > nul
Network
Files
C:\Windows\{6305DFDE-1FAF-46c6-BBAC-EEC7AEAECF7C}.exe
| MD5 | d40facb328595ce41c207a08cfc3007b |
| SHA1 | 1d2a72577670fa5261270c35dbdafbb35982246e |
| SHA256 | 58f914366a29f0f7ece636e4806badd6232050d103104197f8bf2cf24b84c620 |
| SHA512 | d95ed5de391f352c3e1032b4f559ef59febbc8777140643d64e352af39b5963bbfec2f15c77fcae434beea9a152f1d26b43033f8e8ec8efe5956e614a40b1059 |
C:\Windows\{0E8D6BFC-4469-41e9-AB37-6499075FF8F0}.exe
| MD5 | ee5aef0c59a7626895f89911a6317089 |
| SHA1 | 249ea70884924b6bc358c1f37bab2450c8cc4019 |
| SHA256 | 3c6155aae4eb96023efd0253547686d616c80bc55716152fa99f42a041fad4eb |
| SHA512 | 336790f090806aaaf8d1f8d4dff24d165b43db6893bbdf90b493a675c98f2fbe86d50dd59241429f512169b67dd03b8f8f54962c608a253f09a79704ff09f7c6 |
C:\Windows\{B90BFC7A-B066-4740-B2F9-2973B32D5690}.exe
| MD5 | deaa4eee61e323036a27e8264b189ca1 |
| SHA1 | afc4e91e4ca851f5e5691888271a265edd7404a0 |
| SHA256 | afebf7844651d4ba4082855cb7abde181ddea78585e2b9aaedb29b61bc7848e0 |
| SHA512 | ce4a7e8a1e74d7052dd1abf5c70bbb90f76eafb82ff0aefd66443868082b9a4717d4a56b4af25593f9f28d7d7f2fa14f1da7aaa7354aea67d5d226839975ff7a |
C:\Windows\{A5D1997A-BAA7-4646-BE29-418A71E7A8B6}.exe
| MD5 | cb8d689fad9c9598be3b739e29cf6999 |
| SHA1 | c52ea16c6bb23325d1a75c169523f9c284b7aa5e |
| SHA256 | 85146ce968d372d9d9be78fe65a79cf24271c7ad19215eafee9b10e4e279534e |
| SHA512 | 8c6565af70c38c5a2b329ef06f4884b355ae563cd210038dfa7b0b09b05142b226f15f65f667962446974065526f584bc78b2b87a2c7add6a9378d2c2c977ae3 |
C:\Windows\{CC1C5D55-22C0-4376-9BC3-F01E11C725D6}.exe
| MD5 | 70b565a50103d5dc1f9f944e0ba5023f |
| SHA1 | 1466631853fd679cdc29a15acf3a25539747d1e1 |
| SHA256 | ad6b166ac3f8216a0dba7d90be217fc5ace10bc0185d07e447462e77f0477027 |
| SHA512 | 9c56872ee5e949f0e24fc7272ec4b70dcab57eea591f869aad7bf831433d8d530251f221ea06ad876fc3ab91894275b338859f291fc16da35430d84011061c11 |
C:\Windows\{BA175B0F-906C-477c-AB1D-CF2F6B05310C}.exe
| MD5 | 452ebc79300ec2cc74d07578443c3f7c |
| SHA1 | 95b86516da4a213df4d0084c0b2ef5e86575747b |
| SHA256 | f509ac435f2a6a2f6f85679921a48d364acb4c2e0428275cda1f6d4e4f55b5a0 |
| SHA512 | 6c5103b2191c0199e31e83d499b8e09a348c3d4d4233aa9a89478d495648bfecabe231d84413a6fa31b20c9b5278e3157d9e23f186f9546e6f19ebd14477076c |
C:\Windows\{F4B310DB-49A5-4a5d-81E4-CB5A4D890BAF}.exe
| MD5 | 35e9b69aa9106a7cb96e103296f8c5c5 |
| SHA1 | 79d0430fb9dc9f179956e1d6f301546556b7e391 |
| SHA256 | bf10ffa860a00a1b89414265ee5e059694dfca14162ec983c2e24d3e2bcc63e3 |
| SHA512 | c7ec036a0545c5d2a55f47abf4fb820a1ef9e3cf1a2c74bdbfc918b64555cc2583d6ad7acd8efc99e6d6366d0d51e4924c2b3e9b242b6850316b8e5e07f8eeff |
C:\Windows\{4FBD1418-2156-403b-A878-7AD6DFB656DF}.exe
| MD5 | d19a85e6fcbc4505329b00a0f6f90bea |
| SHA1 | b352a0f5c92c3c4051b9cf4312444354061070e7 |
| SHA256 | fd54bf4e8baebbad2ee609f9b2971715f48d580ff308f10982f186a4cae367f9 |
| SHA512 | 18f264c697fc21dcb4e85cad71e107a6662a24bbcdb0ab873ab2bbf2e1138c7c54e782637551df17830a7a58f75c5285a90393a80646b3f23ed587794e5c2bcb |
C:\Windows\{2E58FAB6-45E2-4edf-978C-47843B0AC6E4}.exe
| MD5 | 6c9717664bd0bdbe757786f82ef8bf44 |
| SHA1 | 03ef7a2207cde81e8f76e5e9bc71d04b8bee5575 |
| SHA256 | 16665fbf8d3f4b874f885c6a733d50ee4e1b0f454097db8b08d8214d972807f9 |
| SHA512 | d49605a49929d47fd6434dc934fc09168d908b8c19f3eb08bdc631e5f9a6a6e2442931fcad1e4a1ea13301885b357d377680f46f9e75f70246abdd92be94953b |
C:\Windows\{03A5A3EE-6390-4e3a-BCC3-0283AE1846B8}.exe
| MD5 | c9dd3fd13017b6650b73c33e7d52c3fe |
| SHA1 | d8c63e0d16d9ce8a8ea0261bcb3a654d3d69cf6d |
| SHA256 | fe824d0d776e30a08652ca02e35f33bec2d7850984fbdb09e4286906a08fb715 |
| SHA512 | b391e281b9ebd400a55534cad83321514672dc0c0e950ead841ca3ae4afe9d52ded3e63346f17ffa0b7111a67dbb31b5dfb64894c8b1c17161dadb0e0cbc1509 |
C:\Windows\{85AF6275-389E-4792-B89F-953D9B0BFC9B}.exe
| MD5 | 903d88306df154b11db315b05cd49d84 |
| SHA1 | 61d9532d38a8a249dcd93dfaee4da2d9980dbf20 |
| SHA256 | 2cdee0632ffa75a943a0ccaf9933337fe834ff1affde103f5bd5ed2cc348ea35 |
| SHA512 | b1dd1e2709fc88ccd0a75046bb24ece24016c730fe51ba99c9bd611557ad0a4a4aa9d73cb82dcd3fe592979e57200707e431832dee72dc70100e33b302035f2a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 03:01
Reported
2024-06-13 03:03
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
52s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C85460FA-55DC-4007-94C7-9808C0D6EDB8} | C:\Windows\{2E686DDA-DE15-405d-8753-B43A95286220}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DBD1C45A-AF16-4db2-A431-823B91C1449F}\stubpath = "C:\\Windows\\{DBD1C45A-AF16-4db2-A431-823B91C1449F}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_ee45b7191d0d62b1370d393e842ca361_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{53CE3972-6704-4097-A264-8BDA0ED5B185}\stubpath = "C:\\Windows\\{53CE3972-6704-4097-A264-8BDA0ED5B185}.exe" | C:\Windows\{DBD1C45A-AF16-4db2-A431-823B91C1449F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1AD82C94-7B1B-492f-860B-BD629934DEBC}\stubpath = "C:\\Windows\\{1AD82C94-7B1B-492f-860B-BD629934DEBC}.exe" | C:\Windows\{53CE3972-6704-4097-A264-8BDA0ED5B185}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2B6F4C4C-D6E9-4182-8B1A-71F1617CDF7A} | C:\Windows\{15BE43EA-7D0B-48a5-A38B-EF804634D7BC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BA9E58A7-D2A7-4cce-931C-F713F68A6CFD}\stubpath = "C:\\Windows\\{BA9E58A7-D2A7-4cce-931C-F713F68A6CFD}.exe" | C:\Windows\{2B6F4C4C-D6E9-4182-8B1A-71F1617CDF7A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D7FBBA46-CF4E-463b-B0E9-0D5CDEC1A867}\stubpath = "C:\\Windows\\{D7FBBA46-CF4E-463b-B0E9-0D5CDEC1A867}.exe" | C:\Windows\{BA9E58A7-D2A7-4cce-931C-F713F68A6CFD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1AD82C94-7B1B-492f-860B-BD629934DEBC} | C:\Windows\{53CE3972-6704-4097-A264-8BDA0ED5B185}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4BE32A06-EDFE-4f86-A307-933629691955}\stubpath = "C:\\Windows\\{4BE32A06-EDFE-4f86-A307-933629691955}.exe" | C:\Windows\{1AD82C94-7B1B-492f-860B-BD629934DEBC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B11FB74B-D30B-49ff-B358-8F3D75D29E16} | C:\Windows\{4BE32A06-EDFE-4f86-A307-933629691955}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{15BE43EA-7D0B-48a5-A38B-EF804634D7BC}\stubpath = "C:\\Windows\\{15BE43EA-7D0B-48a5-A38B-EF804634D7BC}.exe" | C:\Windows\{B11FB74B-D30B-49ff-B358-8F3D75D29E16}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BA9E58A7-D2A7-4cce-931C-F713F68A6CFD} | C:\Windows\{2B6F4C4C-D6E9-4182-8B1A-71F1617CDF7A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BA5624B4-F9F8-482d-8C29-184DD4184A5F}\stubpath = "C:\\Windows\\{BA5624B4-F9F8-482d-8C29-184DD4184A5F}.exe" | C:\Windows\{C85460FA-55DC-4007-94C7-9808C0D6EDB8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DBD1C45A-AF16-4db2-A431-823B91C1449F} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_ee45b7191d0d62b1370d393e842ca361_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{53CE3972-6704-4097-A264-8BDA0ED5B185} | C:\Windows\{DBD1C45A-AF16-4db2-A431-823B91C1449F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D7FBBA46-CF4E-463b-B0E9-0D5CDEC1A867} | C:\Windows\{BA9E58A7-D2A7-4cce-931C-F713F68A6CFD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2E686DDA-DE15-405d-8753-B43A95286220}\stubpath = "C:\\Windows\\{2E686DDA-DE15-405d-8753-B43A95286220}.exe" | C:\Windows\{D7FBBA46-CF4E-463b-B0E9-0D5CDEC1A867}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C85460FA-55DC-4007-94C7-9808C0D6EDB8}\stubpath = "C:\\Windows\\{C85460FA-55DC-4007-94C7-9808C0D6EDB8}.exe" | C:\Windows\{2E686DDA-DE15-405d-8753-B43A95286220}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BA5624B4-F9F8-482d-8C29-184DD4184A5F} | C:\Windows\{C85460FA-55DC-4007-94C7-9808C0D6EDB8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4BE32A06-EDFE-4f86-A307-933629691955} | C:\Windows\{1AD82C94-7B1B-492f-860B-BD629934DEBC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B11FB74B-D30B-49ff-B358-8F3D75D29E16}\stubpath = "C:\\Windows\\{B11FB74B-D30B-49ff-B358-8F3D75D29E16}.exe" | C:\Windows\{4BE32A06-EDFE-4f86-A307-933629691955}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{15BE43EA-7D0B-48a5-A38B-EF804634D7BC} | C:\Windows\{B11FB74B-D30B-49ff-B358-8F3D75D29E16}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2B6F4C4C-D6E9-4182-8B1A-71F1617CDF7A}\stubpath = "C:\\Windows\\{2B6F4C4C-D6E9-4182-8B1A-71F1617CDF7A}.exe" | C:\Windows\{15BE43EA-7D0B-48a5-A38B-EF804634D7BC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2E686DDA-DE15-405d-8753-B43A95286220} | C:\Windows\{D7FBBA46-CF4E-463b-B0E9-0D5CDEC1A867}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{DBD1C45A-AF16-4db2-A431-823B91C1449F}.exe | N/A |
| N/A | N/A | C:\Windows\{53CE3972-6704-4097-A264-8BDA0ED5B185}.exe | N/A |
| N/A | N/A | C:\Windows\{1AD82C94-7B1B-492f-860B-BD629934DEBC}.exe | N/A |
| N/A | N/A | C:\Windows\{4BE32A06-EDFE-4f86-A307-933629691955}.exe | N/A |
| N/A | N/A | C:\Windows\{B11FB74B-D30B-49ff-B358-8F3D75D29E16}.exe | N/A |
| N/A | N/A | C:\Windows\{15BE43EA-7D0B-48a5-A38B-EF804634D7BC}.exe | N/A |
| N/A | N/A | C:\Windows\{2B6F4C4C-D6E9-4182-8B1A-71F1617CDF7A}.exe | N/A |
| N/A | N/A | C:\Windows\{BA9E58A7-D2A7-4cce-931C-F713F68A6CFD}.exe | N/A |
| N/A | N/A | C:\Windows\{D7FBBA46-CF4E-463b-B0E9-0D5CDEC1A867}.exe | N/A |
| N/A | N/A | C:\Windows\{2E686DDA-DE15-405d-8753-B43A95286220}.exe | N/A |
| N/A | N/A | C:\Windows\{C85460FA-55DC-4007-94C7-9808C0D6EDB8}.exe | N/A |
| N/A | N/A | C:\Windows\{BA5624B4-F9F8-482d-8C29-184DD4184A5F}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{DBD1C45A-AF16-4db2-A431-823B91C1449F}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_ee45b7191d0d62b1370d393e842ca361_goldeneye.exe | N/A |
| File created | C:\Windows\{53CE3972-6704-4097-A264-8BDA0ED5B185}.exe | C:\Windows\{DBD1C45A-AF16-4db2-A431-823B91C1449F}.exe | N/A |
| File created | C:\Windows\{1AD82C94-7B1B-492f-860B-BD629934DEBC}.exe | C:\Windows\{53CE3972-6704-4097-A264-8BDA0ED5B185}.exe | N/A |
| File created | C:\Windows\{4BE32A06-EDFE-4f86-A307-933629691955}.exe | C:\Windows\{1AD82C94-7B1B-492f-860B-BD629934DEBC}.exe | N/A |
| File created | C:\Windows\{15BE43EA-7D0B-48a5-A38B-EF804634D7BC}.exe | C:\Windows\{B11FB74B-D30B-49ff-B358-8F3D75D29E16}.exe | N/A |
| File created | C:\Windows\{2B6F4C4C-D6E9-4182-8B1A-71F1617CDF7A}.exe | C:\Windows\{15BE43EA-7D0B-48a5-A38B-EF804634D7BC}.exe | N/A |
| File created | C:\Windows\{2E686DDA-DE15-405d-8753-B43A95286220}.exe | C:\Windows\{D7FBBA46-CF4E-463b-B0E9-0D5CDEC1A867}.exe | N/A |
| File created | C:\Windows\{C85460FA-55DC-4007-94C7-9808C0D6EDB8}.exe | C:\Windows\{2E686DDA-DE15-405d-8753-B43A95286220}.exe | N/A |
| File created | C:\Windows\{BA5624B4-F9F8-482d-8C29-184DD4184A5F}.exe | C:\Windows\{C85460FA-55DC-4007-94C7-9808C0D6EDB8}.exe | N/A |
| File created | C:\Windows\{B11FB74B-D30B-49ff-B358-8F3D75D29E16}.exe | C:\Windows\{4BE32A06-EDFE-4f86-A307-933629691955}.exe | N/A |
| File created | C:\Windows\{BA9E58A7-D2A7-4cce-931C-F713F68A6CFD}.exe | C:\Windows\{2B6F4C4C-D6E9-4182-8B1A-71F1617CDF7A}.exe | N/A |
| File created | C:\Windows\{D7FBBA46-CF4E-463b-B0E9-0D5CDEC1A867}.exe | C:\Windows\{BA9E58A7-D2A7-4cce-931C-F713F68A6CFD}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_ee45b7191d0d62b1370d393e842ca361_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_ee45b7191d0d62b1370d393e842ca361_goldeneye.exe"
C:\Windows\{DBD1C45A-AF16-4db2-A431-823B91C1449F}.exe
C:\Windows\{DBD1C45A-AF16-4db2-A431-823B91C1449F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{53CE3972-6704-4097-A264-8BDA0ED5B185}.exe
C:\Windows\{53CE3972-6704-4097-A264-8BDA0ED5B185}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{DBD1C~1.EXE > nul
C:\Windows\{1AD82C94-7B1B-492f-860B-BD629934DEBC}.exe
C:\Windows\{1AD82C94-7B1B-492f-860B-BD629934DEBC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{53CE3~1.EXE > nul
C:\Windows\{4BE32A06-EDFE-4f86-A307-933629691955}.exe
C:\Windows\{4BE32A06-EDFE-4f86-A307-933629691955}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1AD82~1.EXE > nul
C:\Windows\{B11FB74B-D30B-49ff-B358-8F3D75D29E16}.exe
C:\Windows\{B11FB74B-D30B-49ff-B358-8F3D75D29E16}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4BE32~1.EXE > nul
C:\Windows\{15BE43EA-7D0B-48a5-A38B-EF804634D7BC}.exe
C:\Windows\{15BE43EA-7D0B-48a5-A38B-EF804634D7BC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B11FB~1.EXE > nul
C:\Windows\{2B6F4C4C-D6E9-4182-8B1A-71F1617CDF7A}.exe
C:\Windows\{2B6F4C4C-D6E9-4182-8B1A-71F1617CDF7A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{15BE4~1.EXE > nul
C:\Windows\{BA9E58A7-D2A7-4cce-931C-F713F68A6CFD}.exe
C:\Windows\{BA9E58A7-D2A7-4cce-931C-F713F68A6CFD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2B6F4~1.EXE > nul
C:\Windows\{D7FBBA46-CF4E-463b-B0E9-0D5CDEC1A867}.exe
C:\Windows\{D7FBBA46-CF4E-463b-B0E9-0D5CDEC1A867}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BA9E5~1.EXE > nul
C:\Windows\{2E686DDA-DE15-405d-8753-B43A95286220}.exe
C:\Windows\{2E686DDA-DE15-405d-8753-B43A95286220}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D7FBB~1.EXE > nul
C:\Windows\{C85460FA-55DC-4007-94C7-9808C0D6EDB8}.exe
C:\Windows\{C85460FA-55DC-4007-94C7-9808C0D6EDB8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2E686~1.EXE > nul
C:\Windows\{BA5624B4-F9F8-482d-8C29-184DD4184A5F}.exe
C:\Windows\{BA5624B4-F9F8-482d-8C29-184DD4184A5F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C8546~1.EXE > nul
Network
Files
C:\Windows\{DBD1C45A-AF16-4db2-A431-823B91C1449F}.exe
| MD5 | e251a2e188cf4a89a265fd47ca07ef8c |
| SHA1 | 9d66de970c235b9bf54f93ea6cc87d6d20ae738c |
| SHA256 | f043bb97d37660fe1e9275fa5225c670309bb755ab3c640e90b762894f3da530 |
| SHA512 | e2c4f9ac78c1a40ef323350efaa875b5fe72bd91d41271da664031590dc8270700702a5b0ad434d06fe02e89899bee6ca3c2c239c4a6ba52ecc97e62f8ed7f09 |
C:\Windows\{53CE3972-6704-4097-A264-8BDA0ED5B185}.exe
| MD5 | 62035f4e045a86fe1d11d33c0339842d |
| SHA1 | 3a4dc06a18279a65cfb200e83dc44aac2215e13d |
| SHA256 | 37ea1c7c35163e25baddbb67ada45a98cbfaf2a5b17773e2db8d9ee198a58e2d |
| SHA512 | e7a3322a38c24fceb6187eef69a60c4ce1385d183fa02c455689206a4d96ede94043736b88fc6eccb6d52c818b05c773331f487208705bc6234ea76347ccb799 |
C:\Windows\{1AD82C94-7B1B-492f-860B-BD629934DEBC}.exe
| MD5 | b51f3bcc389831fe2bda31f9dfddf3c4 |
| SHA1 | 21684c72703ea969f930dba5a21d01d659811670 |
| SHA256 | 474d5b0048f32c5e38940299ca1aea62e4781b62bd7b53eacbf06964b3d84b66 |
| SHA512 | 56c6102756fcdb3ab32297b679afa28d11847e2e2c017ded55ccdb69c77ea78521f123625b5729ba2fdd54fe1fc8f24448dcf384b9f7415234b5c8c55300e058 |
C:\Windows\{4BE32A06-EDFE-4f86-A307-933629691955}.exe
| MD5 | 889b21b9b44ab798ae9ebb82fb35ff50 |
| SHA1 | 83e743d94f5eccb797b41d92df0f68cfdc364326 |
| SHA256 | bacbe7856a71d7b0c9bca16bb5bb0fc7c78db7584abbbc87097b7d53f4ccc2cc |
| SHA512 | c75c037bdfeab8c2da3b73d4e482a6db503e39159d4a6b360f9092de1c697e22de7172a53d65833e6e01b2fad54ecda60200bc1a7e31144136c3f66e00207b18 |
C:\Windows\{B11FB74B-D30B-49ff-B358-8F3D75D29E16}.exe
| MD5 | 0ec098b147a6e36e1db8f553c8fc209b |
| SHA1 | 2c89241630d592b13522a85d331c021fe924348b |
| SHA256 | 0e19af2a689dd8b8e82f34245541fa6bcab244bb52e157a50b52bba03355ea97 |
| SHA512 | df4865a399f947066ca0751d127c5dc7053e66b7fcb83a2d61df96264bf3056b1f65622ce4768ee1e7acc205bf8ac1be0f6e87778a83e8c7916a7e575ee6dbb8 |
C:\Windows\{15BE43EA-7D0B-48a5-A38B-EF804634D7BC}.exe
| MD5 | 087544091ab8388f601b3ed4e057c1da |
| SHA1 | 7824c38f3349038461d97b9b101ed342df7c71a0 |
| SHA256 | c9241cbea3d8e7f3e04544821bb923ed9de90150bd89897b876fd5f7cf775a71 |
| SHA512 | 3cd9e59ae4c1fbca16832d0f90e1fdd8c62e93a2375929d8e1b52f7a703569cd29cd3ddb4e8401cb17236150dcb52a7bc512543304b676647a1c1f7789608ff2 |
C:\Windows\{2B6F4C4C-D6E9-4182-8B1A-71F1617CDF7A}.exe
| MD5 | 15a4d65d891f65bbbfd9de661c066551 |
| SHA1 | 9363a928cb048d2dbedea384350a5afda6019111 |
| SHA256 | fbd7d754c1ebeac1a4d6adcd3d76598b12f435c917ee9ffa677b1f24f7663ca6 |
| SHA512 | 44855135c38c503356e1b87197bb0ecf6d3a0a7fd8df66b962636a99519c019a49d81e057ea60793dc79c794072142b7fe1da106c1d81dc3b6e87f32a892ebf3 |
C:\Windows\{BA9E58A7-D2A7-4cce-931C-F713F68A6CFD}.exe
| MD5 | e0ab4b3679c904fa25250e2b4d6fc770 |
| SHA1 | 8799a4dd01f32ed25587c63d99270e6860cff0ba |
| SHA256 | 313453cc65c77e124a92f7472fe1f41b1fc18ebf962a7190d9179ecd9296af0d |
| SHA512 | eb06cc392b8deb7edc54549489c051023446646ee4e816cb0dc541fb432a8e2b2d429b48829959e0090952f2a9866424afa74803d7fa80a886101fc9d16c30b8 |
C:\Windows\{D7FBBA46-CF4E-463b-B0E9-0D5CDEC1A867}.exe
| MD5 | ee3f6d1a6aa0bb205d032d0739d975fc |
| SHA1 | b71e2e12a72a8dfc2aef5d3fbdde5d250f1a88d8 |
| SHA256 | 6dccd0607d492aaf302e53d20dc8e5249f52e70ee9f6516447c54f4bd438cac8 |
| SHA512 | 53cbaa3b6a5439549e74faf6e61465ee0c7cff60d44a549b1a24b5fdd1174146e0c41160843e65477d7c3f79c6e1d494732cdc9946dcd42293c08a0904e03d8e |
C:\Windows\{2E686DDA-DE15-405d-8753-B43A95286220}.exe
| MD5 | 04754879906c789818b883d76dc3390e |
| SHA1 | dd57936eadd00b9fb944566e2b7b0e6e5fcaef92 |
| SHA256 | 51beb13b583ce155de7b4726ed5e1f60ee60aeae3b569e084bb71e3bdfccf51a |
| SHA512 | d4072b9e315fce2802fc1435bbcf56cb3ac723cd829af9439c4e0512aef55e3e7094b7ac84bcf453ffc1d4d73635f8c4521169fb1cea9f9fcedd2c3f7e542f8e |
C:\Windows\{C85460FA-55DC-4007-94C7-9808C0D6EDB8}.exe
| MD5 | 66a2175774f3a2e847482e5afee8c3af |
| SHA1 | f5df3c83b1f6c7e54a555da911fcd7808108bac0 |
| SHA256 | df446c2099f2055942197c4839487b9c944ec1605003d5e50f2d1bf2291d148b |
| SHA512 | f12abe8da36d8cbb03792df7ea6efb417452776e9ed8e5e8c463de6b74f420fa507f25ca21410e3c7c57eb3b47a9cb8dd2e6594c9548b630501ec9aea8fc962c |
C:\Windows\{BA5624B4-F9F8-482d-8C29-184DD4184A5F}.exe
| MD5 | c48a5dc6065a42242960932d4696eec6 |
| SHA1 | 0498f875f31ba5b435c647097fa7c25f96527f36 |
| SHA256 | dfa43687a318091086b53c312d790b21c79d65e03ddae21c4c441d127ca05196 |
| SHA512 | eb1da4f16c2b2ea0b2c0b8b7469239f2d9a11293a120b59f2ea70295d72f8b4e7969492a5f1284e2a80d407b8742258e3f62ce9d93c08194de11ec0d707b42a4 |