Analysis Overview
SHA256
04c8afa4242957923aa41ba0d516acc0595176100904f08a53f6bc32df6bb699
Threat Level: Known bad
The file 2024-06-03_270bb9cc20aa5e9bf0182dcf0f72f9a5_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 05:53
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 05:53
Reported
2024-06-03 05:56
Platform
win7-20240419-en
Max time kernel
144s
Max time network
118s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6462627B-7FC9-449c-BA2A-55825C683EC6} | C:\Windows\{1B0EA290-4DE3-4a14-B97D-E3DDA67E8D44}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C8CC77AD-073C-4131-BFD0-DF89B617A114} | C:\Windows\{BF3D3F74-C517-4a93-929A-BC3C4ABF62C5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C8CC77AD-073C-4131-BFD0-DF89B617A114}\stubpath = "C:\\Windows\\{C8CC77AD-073C-4131-BFD0-DF89B617A114}.exe" | C:\Windows\{BF3D3F74-C517-4a93-929A-BC3C4ABF62C5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{592708E2-134B-4f3f-BDBF-656B5A0A1CB7} | C:\Windows\{8BF0987B-FE4A-4862-A794-F58E2A63BD95}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{592708E2-134B-4f3f-BDBF-656B5A0A1CB7}\stubpath = "C:\\Windows\\{592708E2-134B-4f3f-BDBF-656B5A0A1CB7}.exe" | C:\Windows\{8BF0987B-FE4A-4862-A794-F58E2A63BD95}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1B0EA290-4DE3-4a14-B97D-E3DDA67E8D44} | C:\Users\Admin\AppData\Local\Temp\2024-06-03_270bb9cc20aa5e9bf0182dcf0f72f9a5_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0C71F064-6111-4eb1-9184-ED968AFF1C0F} | C:\Windows\{C716F7F0-3265-4c43-B138-0D1FD2E80C8C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0C71F064-6111-4eb1-9184-ED968AFF1C0F}\stubpath = "C:\\Windows\\{0C71F064-6111-4eb1-9184-ED968AFF1C0F}.exe" | C:\Windows\{C716F7F0-3265-4c43-B138-0D1FD2E80C8C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8BF0987B-FE4A-4862-A794-F58E2A63BD95}\stubpath = "C:\\Windows\\{8BF0987B-FE4A-4862-A794-F58E2A63BD95}.exe" | C:\Windows\{9075979E-CFB1-4160-B254-B9772FCDFD64}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C716F7F0-3265-4c43-B138-0D1FD2E80C8C} | C:\Windows\{6462627B-7FC9-449c-BA2A-55825C683EC6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C716F7F0-3265-4c43-B138-0D1FD2E80C8C}\stubpath = "C:\\Windows\\{C716F7F0-3265-4c43-B138-0D1FD2E80C8C}.exe" | C:\Windows\{6462627B-7FC9-449c-BA2A-55825C683EC6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9075979E-CFB1-4160-B254-B9772FCDFD64}\stubpath = "C:\\Windows\\{9075979E-CFB1-4160-B254-B9772FCDFD64}.exe" | C:\Windows\{C8CC77AD-073C-4131-BFD0-DF89B617A114}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1B0EA290-4DE3-4a14-B97D-E3DDA67E8D44}\stubpath = "C:\\Windows\\{1B0EA290-4DE3-4a14-B97D-E3DDA67E8D44}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-03_270bb9cc20aa5e9bf0182dcf0f72f9a5_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6462627B-7FC9-449c-BA2A-55825C683EC6}\stubpath = "C:\\Windows\\{6462627B-7FC9-449c-BA2A-55825C683EC6}.exe" | C:\Windows\{1B0EA290-4DE3-4a14-B97D-E3DDA67E8D44}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{64DE4B61-3FDC-4e5f-82D3-500F45E99E8D} | C:\Windows\{0C71F064-6111-4eb1-9184-ED968AFF1C0F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{64DE4B61-3FDC-4e5f-82D3-500F45E99E8D}\stubpath = "C:\\Windows\\{64DE4B61-3FDC-4e5f-82D3-500F45E99E8D}.exe" | C:\Windows\{0C71F064-6111-4eb1-9184-ED968AFF1C0F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BF3D3F74-C517-4a93-929A-BC3C4ABF62C5} | C:\Windows\{64DE4B61-3FDC-4e5f-82D3-500F45E99E8D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BF3D3F74-C517-4a93-929A-BC3C4ABF62C5}\stubpath = "C:\\Windows\\{BF3D3F74-C517-4a93-929A-BC3C4ABF62C5}.exe" | C:\Windows\{64DE4B61-3FDC-4e5f-82D3-500F45E99E8D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9075979E-CFB1-4160-B254-B9772FCDFD64} | C:\Windows\{C8CC77AD-073C-4131-BFD0-DF89B617A114}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8BF0987B-FE4A-4862-A794-F58E2A63BD95} | C:\Windows\{9075979E-CFB1-4160-B254-B9772FCDFD64}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E8394133-F9BB-4a68-9C3C-D03D9E82879F} | C:\Windows\{592708E2-134B-4f3f-BDBF-656B5A0A1CB7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E8394133-F9BB-4a68-9C3C-D03D9E82879F}\stubpath = "C:\\Windows\\{E8394133-F9BB-4a68-9C3C-D03D9E82879F}.exe" | C:\Windows\{592708E2-134B-4f3f-BDBF-656B5A0A1CB7}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{1B0EA290-4DE3-4a14-B97D-E3DDA67E8D44}.exe | N/A |
| N/A | N/A | C:\Windows\{6462627B-7FC9-449c-BA2A-55825C683EC6}.exe | N/A |
| N/A | N/A | C:\Windows\{C716F7F0-3265-4c43-B138-0D1FD2E80C8C}.exe | N/A |
| N/A | N/A | C:\Windows\{0C71F064-6111-4eb1-9184-ED968AFF1C0F}.exe | N/A |
| N/A | N/A | C:\Windows\{64DE4B61-3FDC-4e5f-82D3-500F45E99E8D}.exe | N/A |
| N/A | N/A | C:\Windows\{BF3D3F74-C517-4a93-929A-BC3C4ABF62C5}.exe | N/A |
| N/A | N/A | C:\Windows\{C8CC77AD-073C-4131-BFD0-DF89B617A114}.exe | N/A |
| N/A | N/A | C:\Windows\{9075979E-CFB1-4160-B254-B9772FCDFD64}.exe | N/A |
| N/A | N/A | C:\Windows\{8BF0987B-FE4A-4862-A794-F58E2A63BD95}.exe | N/A |
| N/A | N/A | C:\Windows\{592708E2-134B-4f3f-BDBF-656B5A0A1CB7}.exe | N/A |
| N/A | N/A | C:\Windows\{E8394133-F9BB-4a68-9C3C-D03D9E82879F}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{6462627B-7FC9-449c-BA2A-55825C683EC6}.exe | C:\Windows\{1B0EA290-4DE3-4a14-B97D-E3DDA67E8D44}.exe | N/A |
| File created | C:\Windows\{C716F7F0-3265-4c43-B138-0D1FD2E80C8C}.exe | C:\Windows\{6462627B-7FC9-449c-BA2A-55825C683EC6}.exe | N/A |
| File created | C:\Windows\{0C71F064-6111-4eb1-9184-ED968AFF1C0F}.exe | C:\Windows\{C716F7F0-3265-4c43-B138-0D1FD2E80C8C}.exe | N/A |
| File created | C:\Windows\{BF3D3F74-C517-4a93-929A-BC3C4ABF62C5}.exe | C:\Windows\{64DE4B61-3FDC-4e5f-82D3-500F45E99E8D}.exe | N/A |
| File created | C:\Windows\{C8CC77AD-073C-4131-BFD0-DF89B617A114}.exe | C:\Windows\{BF3D3F74-C517-4a93-929A-BC3C4ABF62C5}.exe | N/A |
| File created | C:\Windows\{8BF0987B-FE4A-4862-A794-F58E2A63BD95}.exe | C:\Windows\{9075979E-CFB1-4160-B254-B9772FCDFD64}.exe | N/A |
| File created | C:\Windows\{592708E2-134B-4f3f-BDBF-656B5A0A1CB7}.exe | C:\Windows\{8BF0987B-FE4A-4862-A794-F58E2A63BD95}.exe | N/A |
| File created | C:\Windows\{1B0EA290-4DE3-4a14-B97D-E3DDA67E8D44}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-03_270bb9cc20aa5e9bf0182dcf0f72f9a5_goldeneye.exe | N/A |
| File created | C:\Windows\{9075979E-CFB1-4160-B254-B9772FCDFD64}.exe | C:\Windows\{C8CC77AD-073C-4131-BFD0-DF89B617A114}.exe | N/A |
| File created | C:\Windows\{E8394133-F9BB-4a68-9C3C-D03D9E82879F}.exe | C:\Windows\{592708E2-134B-4f3f-BDBF-656B5A0A1CB7}.exe | N/A |
| File created | C:\Windows\{64DE4B61-3FDC-4e5f-82D3-500F45E99E8D}.exe | C:\Windows\{0C71F064-6111-4eb1-9184-ED968AFF1C0F}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-03_270bb9cc20aa5e9bf0182dcf0f72f9a5_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-03_270bb9cc20aa5e9bf0182dcf0f72f9a5_goldeneye.exe"
C:\Windows\{1B0EA290-4DE3-4a14-B97D-E3DDA67E8D44}.exe
C:\Windows\{1B0EA290-4DE3-4a14-B97D-E3DDA67E8D44}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{6462627B-7FC9-449c-BA2A-55825C683EC6}.exe
C:\Windows\{6462627B-7FC9-449c-BA2A-55825C683EC6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1B0EA~1.EXE > nul
C:\Windows\{C716F7F0-3265-4c43-B138-0D1FD2E80C8C}.exe
C:\Windows\{C716F7F0-3265-4c43-B138-0D1FD2E80C8C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{64626~1.EXE > nul
C:\Windows\{0C71F064-6111-4eb1-9184-ED968AFF1C0F}.exe
C:\Windows\{0C71F064-6111-4eb1-9184-ED968AFF1C0F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C716F~1.EXE > nul
C:\Windows\{64DE4B61-3FDC-4e5f-82D3-500F45E99E8D}.exe
C:\Windows\{64DE4B61-3FDC-4e5f-82D3-500F45E99E8D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0C71F~1.EXE > nul
C:\Windows\{BF3D3F74-C517-4a93-929A-BC3C4ABF62C5}.exe
C:\Windows\{BF3D3F74-C517-4a93-929A-BC3C4ABF62C5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{64DE4~1.EXE > nul
C:\Windows\{C8CC77AD-073C-4131-BFD0-DF89B617A114}.exe
C:\Windows\{C8CC77AD-073C-4131-BFD0-DF89B617A114}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BF3D3~1.EXE > nul
C:\Windows\{9075979E-CFB1-4160-B254-B9772FCDFD64}.exe
C:\Windows\{9075979E-CFB1-4160-B254-B9772FCDFD64}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C8CC7~1.EXE > nul
C:\Windows\{8BF0987B-FE4A-4862-A794-F58E2A63BD95}.exe
C:\Windows\{8BF0987B-FE4A-4862-A794-F58E2A63BD95}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{90759~1.EXE > nul
C:\Windows\{592708E2-134B-4f3f-BDBF-656B5A0A1CB7}.exe
C:\Windows\{592708E2-134B-4f3f-BDBF-656B5A0A1CB7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8BF09~1.EXE > nul
C:\Windows\{E8394133-F9BB-4a68-9C3C-D03D9E82879F}.exe
C:\Windows\{E8394133-F9BB-4a68-9C3C-D03D9E82879F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{59270~1.EXE > nul
Network
Files
C:\Windows\{1B0EA290-4DE3-4a14-B97D-E3DDA67E8D44}.exe
| MD5 | a410d7e8936f72a622b380a4b9cbcb55 |
| SHA1 | 013a21eb1f81fc03663c45d7a070b4cd900fd9eb |
| SHA256 | 0095a38adadec752964d2d010af34473a556760759075ddece3a2ea18cad3a35 |
| SHA512 | 2445200e1bccb48298a19f3bbebb745189b1fdc04db0a9f827779106c40d0f0b44b2ce5121602e3b9365801a29eb3c03fc057f4ace00bf9c7ae1c7a38742301c |
C:\Windows\{6462627B-7FC9-449c-BA2A-55825C683EC6}.exe
| MD5 | 3c1a59dda18a438a6cfde5ffc2340ebb |
| SHA1 | eca5cedbe4defe21d6772c388e370c549e16c917 |
| SHA256 | 5e70f7c70ecc5b18e233d6a4c9cf9fcc7f7adb3851cac0ff2be08c2fbeb494f1 |
| SHA512 | 3006983a6e21dd19145b1e87592b227462c3565d5825ad1dd538715d8fb301368bf97f501176e593ce47381e7cc726a5df2758bac543c7fc3af4736f92d25233 |
C:\Windows\{C716F7F0-3265-4c43-B138-0D1FD2E80C8C}.exe
| MD5 | 6c56513468deaab5583b563a81317943 |
| SHA1 | 948a92dd3fe6923cfb2ba8c558f1b1c0a3ecdd69 |
| SHA256 | 5bcb264040b812bd6a975caf1c878bf216852d505a69aaf9518397bf339bb450 |
| SHA512 | bc3f20c41ac5f167c6d1053005215cb544f808a0ba979ef7955d6edd3c9a951eb6a36ce274fe923ef7a4027bfc667ef6d3f72b5af8a2b3e0ac0230537ca42dad |
C:\Windows\{0C71F064-6111-4eb1-9184-ED968AFF1C0F}.exe
| MD5 | 1c567217debb73a85d70fec7aca76982 |
| SHA1 | 75c031a800ca1b80e4ad298290d309dcda991175 |
| SHA256 | 0b778daf4f1b8d3fa73d45cb26920968e73f24648ec2fbf2561ee6460b144d0e |
| SHA512 | 436aa5ead892114bf3674d235cca466145bae8fdcda1e95a0991b4b7a416d5359c9ab676a4e3d0a4ee591a586a59f8bb8ecee376c0b7ac691245dabecbc384aa |
C:\Windows\{64DE4B61-3FDC-4e5f-82D3-500F45E99E8D}.exe
| MD5 | 54cc9630dcd28ae2035e9fca5b1027b9 |
| SHA1 | 6c9a1fccd58418a775085987565c68fbd525f9da |
| SHA256 | 0fcf6680ab8a09eb04bca71d13fdb3db2bee5eb2e10b29074ef56f003da46120 |
| SHA512 | 715023c57ed5cc903bc374863bf0ab8b50400b3024cf741bea22e7b22d882e5dd6b5115ea308d2d2c3437e8d41f36904b7e11bee044c7b0365400311918a8d97 |
C:\Windows\{BF3D3F74-C517-4a93-929A-BC3C4ABF62C5}.exe
| MD5 | bda83dac4bc9bf7802bb51e6486aec94 |
| SHA1 | 1c08cc0769fcce6b2103894368258843da796e47 |
| SHA256 | 796660bc4578fd19d0dc4ce7456111f05f7d61f43e0655f2f25863b3e8f3edd6 |
| SHA512 | 859563ea861b9d55ab9ed5ae93fe4c249dcc376e670f0f13f6ef671897b6ccf4af43750b0979222cf8eb50d15529e62ffe90e4521861bd54bc03091599a099fe |
C:\Windows\{C8CC77AD-073C-4131-BFD0-DF89B617A114}.exe
| MD5 | 29445d6de54c7b77f3eb8245b25b8e01 |
| SHA1 | c0f6fcebb9f5bfee67da7839a402eef374ff8679 |
| SHA256 | 3ec5b54f1758f5d9404c80134498de8c4a58a91436b766e302e66f49fea1c897 |
| SHA512 | ff856bfe8955b89842d8f380fdc3ef054d1d9cc6e04132abc32a6b2c877a982356e0b61a2222a1a945aceddcc61e0b26cd7872027e00149be251d8b7929a549e |
C:\Windows\{9075979E-CFB1-4160-B254-B9772FCDFD64}.exe
| MD5 | 9e841a7e450614d03ede48b95d95b430 |
| SHA1 | a6746be7d2d95716a649b7ac4ae1850d34850030 |
| SHA256 | 8401de49c1bfcab5f9cc1eb9ad513ef89f08f3dce84a2f84e6b9068fc21d6ec8 |
| SHA512 | 3cdca1d634df584b9e0138347ab692b5ec70d072b8d5b66c5f8326a20c7f90481a2f1775a9839df120118cf8928347f0ae8c021decef30c63860b64cdd166140 |
C:\Windows\{8BF0987B-FE4A-4862-A794-F58E2A63BD95}.exe
| MD5 | 24ce7e63d89eb1f54825bc62ada051d4 |
| SHA1 | 1e7f031ac2eb8aedb292d7eeb5cf989c239747c8 |
| SHA256 | d809b9b9555893469b8f0c61dbba5986fbbc4343e22ed1e3ab841cbc3b26fc65 |
| SHA512 | 29183fc294decb72cda1f05bb1d7a26669c248fc97dfde1c373d0acadc5543483cfc807e9716365d050246da65f63a0399d9529fa18eeb15b44a56824cede9c8 |
C:\Windows\{592708E2-134B-4f3f-BDBF-656B5A0A1CB7}.exe
| MD5 | 197520de76e5a287d5df6637b2adda97 |
| SHA1 | cb9ace7010aaa6780d2052884cbc04c0a2c6bfe0 |
| SHA256 | 803dacc64c65d879be1f0727662384cb55cc19e581fcb215e8d67fd34781728a |
| SHA512 | 6f888b48b39debe5b80b223f7ce0506400a56241bf51b0928038b6921afd6ddeb9e2693eeb90611c0776f465c1e0f5e5006cfc733d1846bc23a28a6320f9304b |
C:\Windows\{E8394133-F9BB-4a68-9C3C-D03D9E82879F}.exe
| MD5 | d67601a3811b9e3ad536329ad81625c2 |
| SHA1 | dadb0caab1462029f7877dda75f37c34c4311fbf |
| SHA256 | 9695da8aa5672c9fb3da7b9ce28b7f1dabb8cd866e392f090580f7af01c88a2b |
| SHA512 | 0420f09f57df18cbf3c3d8d952bb587da44eda62534c5ac4c25e47ce0e7f5701c3623809c47b7e44dc102d3a6f46f89a749b61694cb08d0377df4d2190ceb567 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 05:53
Reported
2024-06-03 05:56
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
104s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7B75E2D2-9D5F-4a68-B86B-FE89ED58284D}\stubpath = "C:\\Windows\\{7B75E2D2-9D5F-4a68-B86B-FE89ED58284D}.exe" | C:\Windows\{438CA909-9760-4df7-AD53-AF64F4F4CD4C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8295CBF0-238F-4ca5-8D40-3CF7136357E3} | C:\Windows\{D4D0CE72-2BB5-48b0-8CAC-E9AC39B51BCA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9F0FF8E3-03BF-42da-9EFE-62BFE3CA0D00}\stubpath = "C:\\Windows\\{9F0FF8E3-03BF-42da-9EFE-62BFE3CA0D00}.exe" | C:\Windows\{8295CBF0-238F-4ca5-8D40-3CF7136357E3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{33079A09-1936-4767-8778-42E795ABF30C} | C:\Windows\{3980FF92-6F46-4b51-A7C1-39E64F6E6ECB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{33079A09-1936-4767-8778-42E795ABF30C}\stubpath = "C:\\Windows\\{33079A09-1936-4767-8778-42E795ABF30C}.exe" | C:\Windows\{3980FF92-6F46-4b51-A7C1-39E64F6E6ECB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{81B1F966-2C0B-4e9f-A880-A75DE8085BEF} | C:\Windows\{33079A09-1936-4767-8778-42E795ABF30C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CC6951C4-B08E-498a-9E31-7DEA2AD8DCBD}\stubpath = "C:\\Windows\\{CC6951C4-B08E-498a-9E31-7DEA2AD8DCBD}.exe" | C:\Windows\{EFD246FA-F8EF-4531-B7F7-FB683924658E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{438CA909-9760-4df7-AD53-AF64F4F4CD4C}\stubpath = "C:\\Windows\\{438CA909-9760-4df7-AD53-AF64F4F4CD4C}.exe" | C:\Windows\{CC6951C4-B08E-498a-9E31-7DEA2AD8DCBD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7B75E2D2-9D5F-4a68-B86B-FE89ED58284D} | C:\Windows\{438CA909-9760-4df7-AD53-AF64F4F4CD4C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F16B34B0-5F78-4d95-A680-9350873BFB4B} | C:\Windows\{7B75E2D2-9D5F-4a68-B86B-FE89ED58284D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F16B34B0-5F78-4d95-A680-9350873BFB4B}\stubpath = "C:\\Windows\\{F16B34B0-5F78-4d95-A680-9350873BFB4B}.exe" | C:\Windows\{7B75E2D2-9D5F-4a68-B86B-FE89ED58284D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D4D0CE72-2BB5-48b0-8CAC-E9AC39B51BCA}\stubpath = "C:\\Windows\\{D4D0CE72-2BB5-48b0-8CAC-E9AC39B51BCA}.exe" | C:\Windows\{F16B34B0-5F78-4d95-A680-9350873BFB4B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8295CBF0-238F-4ca5-8D40-3CF7136357E3}\stubpath = "C:\\Windows\\{8295CBF0-238F-4ca5-8D40-3CF7136357E3}.exe" | C:\Windows\{D4D0CE72-2BB5-48b0-8CAC-E9AC39B51BCA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9F0FF8E3-03BF-42da-9EFE-62BFE3CA0D00} | C:\Windows\{8295CBF0-238F-4ca5-8D40-3CF7136357E3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CC6951C4-B08E-498a-9E31-7DEA2AD8DCBD} | C:\Windows\{EFD246FA-F8EF-4531-B7F7-FB683924658E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{81B1F966-2C0B-4e9f-A880-A75DE8085BEF}\stubpath = "C:\\Windows\\{81B1F966-2C0B-4e9f-A880-A75DE8085BEF}.exe" | C:\Windows\{33079A09-1936-4767-8778-42E795ABF30C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3980FF92-6F46-4b51-A7C1-39E64F6E6ECB} | C:\Windows\{D7EEBFC6-E6E7-41f8-B8C2-FC217D1D4D8F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{438CA909-9760-4df7-AD53-AF64F4F4CD4C} | C:\Windows\{CC6951C4-B08E-498a-9E31-7DEA2AD8DCBD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D4D0CE72-2BB5-48b0-8CAC-E9AC39B51BCA} | C:\Windows\{F16B34B0-5F78-4d95-A680-9350873BFB4B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EFD246FA-F8EF-4531-B7F7-FB683924658E} | C:\Users\Admin\AppData\Local\Temp\2024-06-03_270bb9cc20aa5e9bf0182dcf0f72f9a5_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D7EEBFC6-E6E7-41f8-B8C2-FC217D1D4D8F} | C:\Windows\{9F0FF8E3-03BF-42da-9EFE-62BFE3CA0D00}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D7EEBFC6-E6E7-41f8-B8C2-FC217D1D4D8F}\stubpath = "C:\\Windows\\{D7EEBFC6-E6E7-41f8-B8C2-FC217D1D4D8F}.exe" | C:\Windows\{9F0FF8E3-03BF-42da-9EFE-62BFE3CA0D00}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3980FF92-6F46-4b51-A7C1-39E64F6E6ECB}\stubpath = "C:\\Windows\\{3980FF92-6F46-4b51-A7C1-39E64F6E6ECB}.exe" | C:\Windows\{D7EEBFC6-E6E7-41f8-B8C2-FC217D1D4D8F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EFD246FA-F8EF-4531-B7F7-FB683924658E}\stubpath = "C:\\Windows\\{EFD246FA-F8EF-4531-B7F7-FB683924658E}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-03_270bb9cc20aa5e9bf0182dcf0f72f9a5_goldeneye.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{EFD246FA-F8EF-4531-B7F7-FB683924658E}.exe | N/A |
| N/A | N/A | C:\Windows\{CC6951C4-B08E-498a-9E31-7DEA2AD8DCBD}.exe | N/A |
| N/A | N/A | C:\Windows\{438CA909-9760-4df7-AD53-AF64F4F4CD4C}.exe | N/A |
| N/A | N/A | C:\Windows\{7B75E2D2-9D5F-4a68-B86B-FE89ED58284D}.exe | N/A |
| N/A | N/A | C:\Windows\{F16B34B0-5F78-4d95-A680-9350873BFB4B}.exe | N/A |
| N/A | N/A | C:\Windows\{D4D0CE72-2BB5-48b0-8CAC-E9AC39B51BCA}.exe | N/A |
| N/A | N/A | C:\Windows\{8295CBF0-238F-4ca5-8D40-3CF7136357E3}.exe | N/A |
| N/A | N/A | C:\Windows\{9F0FF8E3-03BF-42da-9EFE-62BFE3CA0D00}.exe | N/A |
| N/A | N/A | C:\Windows\{D7EEBFC6-E6E7-41f8-B8C2-FC217D1D4D8F}.exe | N/A |
| N/A | N/A | C:\Windows\{3980FF92-6F46-4b51-A7C1-39E64F6E6ECB}.exe | N/A |
| N/A | N/A | C:\Windows\{33079A09-1936-4767-8778-42E795ABF30C}.exe | N/A |
| N/A | N/A | C:\Windows\{81B1F966-2C0B-4e9f-A880-A75DE8085BEF}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{CC6951C4-B08E-498a-9E31-7DEA2AD8DCBD}.exe | C:\Windows\{EFD246FA-F8EF-4531-B7F7-FB683924658E}.exe | N/A |
| File created | C:\Windows\{438CA909-9760-4df7-AD53-AF64F4F4CD4C}.exe | C:\Windows\{CC6951C4-B08E-498a-9E31-7DEA2AD8DCBD}.exe | N/A |
| File created | C:\Windows\{F16B34B0-5F78-4d95-A680-9350873BFB4B}.exe | C:\Windows\{7B75E2D2-9D5F-4a68-B86B-FE89ED58284D}.exe | N/A |
| File created | C:\Windows\{D4D0CE72-2BB5-48b0-8CAC-E9AC39B51BCA}.exe | C:\Windows\{F16B34B0-5F78-4d95-A680-9350873BFB4B}.exe | N/A |
| File created | C:\Windows\{8295CBF0-238F-4ca5-8D40-3CF7136357E3}.exe | C:\Windows\{D4D0CE72-2BB5-48b0-8CAC-E9AC39B51BCA}.exe | N/A |
| File created | C:\Windows\{9F0FF8E3-03BF-42da-9EFE-62BFE3CA0D00}.exe | C:\Windows\{8295CBF0-238F-4ca5-8D40-3CF7136357E3}.exe | N/A |
| File created | C:\Windows\{D7EEBFC6-E6E7-41f8-B8C2-FC217D1D4D8F}.exe | C:\Windows\{9F0FF8E3-03BF-42da-9EFE-62BFE3CA0D00}.exe | N/A |
| File created | C:\Windows\{EFD246FA-F8EF-4531-B7F7-FB683924658E}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-03_270bb9cc20aa5e9bf0182dcf0f72f9a5_goldeneye.exe | N/A |
| File created | C:\Windows\{33079A09-1936-4767-8778-42E795ABF30C}.exe | C:\Windows\{3980FF92-6F46-4b51-A7C1-39E64F6E6ECB}.exe | N/A |
| File created | C:\Windows\{81B1F966-2C0B-4e9f-A880-A75DE8085BEF}.exe | C:\Windows\{33079A09-1936-4767-8778-42E795ABF30C}.exe | N/A |
| File created | C:\Windows\{3980FF92-6F46-4b51-A7C1-39E64F6E6ECB}.exe | C:\Windows\{D7EEBFC6-E6E7-41f8-B8C2-FC217D1D4D8F}.exe | N/A |
| File created | C:\Windows\{7B75E2D2-9D5F-4a68-B86B-FE89ED58284D}.exe | C:\Windows\{438CA909-9760-4df7-AD53-AF64F4F4CD4C}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-03_270bb9cc20aa5e9bf0182dcf0f72f9a5_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-03_270bb9cc20aa5e9bf0182dcf0f72f9a5_goldeneye.exe"
C:\Windows\{EFD246FA-F8EF-4531-B7F7-FB683924658E}.exe
C:\Windows\{EFD246FA-F8EF-4531-B7F7-FB683924658E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{CC6951C4-B08E-498a-9E31-7DEA2AD8DCBD}.exe
C:\Windows\{CC6951C4-B08E-498a-9E31-7DEA2AD8DCBD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EFD24~1.EXE > nul
C:\Windows\{438CA909-9760-4df7-AD53-AF64F4F4CD4C}.exe
C:\Windows\{438CA909-9760-4df7-AD53-AF64F4F4CD4C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CC695~1.EXE > nul
C:\Windows\{7B75E2D2-9D5F-4a68-B86B-FE89ED58284D}.exe
C:\Windows\{7B75E2D2-9D5F-4a68-B86B-FE89ED58284D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{438CA~1.EXE > nul
C:\Windows\{F16B34B0-5F78-4d95-A680-9350873BFB4B}.exe
C:\Windows\{F16B34B0-5F78-4d95-A680-9350873BFB4B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7B75E~1.EXE > nul
C:\Windows\{D4D0CE72-2BB5-48b0-8CAC-E9AC39B51BCA}.exe
C:\Windows\{D4D0CE72-2BB5-48b0-8CAC-E9AC39B51BCA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F16B3~1.EXE > nul
C:\Windows\{8295CBF0-238F-4ca5-8D40-3CF7136357E3}.exe
C:\Windows\{8295CBF0-238F-4ca5-8D40-3CF7136357E3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D4D0C~1.EXE > nul
C:\Windows\{9F0FF8E3-03BF-42da-9EFE-62BFE3CA0D00}.exe
C:\Windows\{9F0FF8E3-03BF-42da-9EFE-62BFE3CA0D00}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8295C~1.EXE > nul
C:\Windows\{D7EEBFC6-E6E7-41f8-B8C2-FC217D1D4D8F}.exe
C:\Windows\{D7EEBFC6-E6E7-41f8-B8C2-FC217D1D4D8F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9F0FF~1.EXE > nul
C:\Windows\{3980FF92-6F46-4b51-A7C1-39E64F6E6ECB}.exe
C:\Windows\{3980FF92-6F46-4b51-A7C1-39E64F6E6ECB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D7EEB~1.EXE > nul
C:\Windows\{33079A09-1936-4767-8778-42E795ABF30C}.exe
C:\Windows\{33079A09-1936-4767-8778-42E795ABF30C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3980F~1.EXE > nul
C:\Windows\{81B1F966-2C0B-4e9f-A880-A75DE8085BEF}.exe
C:\Windows\{81B1F966-2C0B-4e9f-A880-A75DE8085BEF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{33079~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Windows\{EFD246FA-F8EF-4531-B7F7-FB683924658E}.exe
| MD5 | dc46d1fd3b52426832d99e3c8f7517ff |
| SHA1 | 8bc6686addab13db205bcf965ec9a35b42714305 |
| SHA256 | 9946a83607772223449efe2ac6b0370e44b089c09eee1fa6a44e6856083487d0 |
| SHA512 | 4979ba34c47fec2a235f1682dd32d30ada074325bf53e0896af0f90a409209158db67e9d1111e61c58a1b64565de5ea6fb479e2c8103e7a4911c8612f4e7d881 |
C:\Windows\{CC6951C4-B08E-498a-9E31-7DEA2AD8DCBD}.exe
| MD5 | 9dbc5435a7197ceef8729d73fe4817b5 |
| SHA1 | 746ffd5889cd07dbb5f27be742326bbcb9067cb1 |
| SHA256 | 42539866cb4dd5cf550f1774fe808a8a31efba43a936dee718ab99ee119490dd |
| SHA512 | ae54dff0260d08f07de8cf4d6dbd165a52aa28151ff538227871a8164aea651fd07811ce2633d3e9519ea491618a396d8659f0370ce3e3c085a5f2c161667946 |
C:\Windows\{438CA909-9760-4df7-AD53-AF64F4F4CD4C}.exe
| MD5 | 510eae22fcb23ba5eb59046404090f37 |
| SHA1 | c3e3f3023d6f256921470f94d8f7964b68d2729a |
| SHA256 | 5f8615fe5a67e01b3a46da9c09f8208b6764cea9c701fa5b9af44802089bbf87 |
| SHA512 | 7e3c89d43688dda7e9764c4dc4efa8416e70d5fba71b9068eca8289565334d4c9ee2147711612349eb769bc0897fc14f50e30664a84a87f63ef68d445803cbe5 |
C:\Windows\{7B75E2D2-9D5F-4a68-B86B-FE89ED58284D}.exe
| MD5 | ef41f6d2b658a1c964c8adc287fd6b8b |
| SHA1 | 8bddf797c6f736db3d03b9089fd8769d87c92a41 |
| SHA256 | 793e2bd29a1f454f69d4e16baeb2529ba0999b49eb3cbad9917fee1380071b8e |
| SHA512 | 4f814616180a088f738a91833ad8046c0a95629b98b780c41eefa1e2c7782b79d1804c74d2ce474ea039dc8e6cfc4289c7fc711000eb2a29b7c64359a6408b27 |
C:\Windows\{F16B34B0-5F78-4d95-A680-9350873BFB4B}.exe
| MD5 | c47798d66f1563b455a822ccf2d7f3e4 |
| SHA1 | 6400d20b0a2f6e8d081b49b5824f43f1b118b399 |
| SHA256 | 440c178408dfdbbbf9585f9dc2018d0be221dbb7811286fa9c6448eed57fbd1a |
| SHA512 | 5f00dac81fdd3ff97044a03a944c8b2a9f21471e213eb12f30851815ba47a401c395adeebf750210d1464559192156f1e77360b5d119a37b753b082811b82dd8 |
C:\Windows\{D4D0CE72-2BB5-48b0-8CAC-E9AC39B51BCA}.exe
| MD5 | 7f0643a40c6d5167464c557c491dd344 |
| SHA1 | 1e508a4f71d704321a3d51b3c3f3de250dbc6552 |
| SHA256 | a73362468b8c6c2a399d5e8697947f9072c8f4485be739eeec30f5e1762c3d4d |
| SHA512 | c7d9e906cebb7b50bfe9100542ddb2a8d4ef5664256a305328ddc4e19fc2def1643ade4937e24c866d20cf079a70c9328cecde405a97121a177eedd0b648956f |
C:\Windows\{8295CBF0-238F-4ca5-8D40-3CF7136357E3}.exe
| MD5 | 86df540a7e288ffdca2e44bbeb817982 |
| SHA1 | d4baa39bb68ad963db740ca5e769a3433ddabb04 |
| SHA256 | 97a34981d6f9b0ab0dc8b4d78c78cc699514132171c0b4acbc580ba4f312f5b9 |
| SHA512 | b10510931bc780cf87e8f6a7b6c4f8cbb51b21b2421f71b6fa262ee058ff1e081532268b0e0586019a1c20df40334117cc7a258cbbaa7897c83857c59aa7535d |
C:\Windows\{9F0FF8E3-03BF-42da-9EFE-62BFE3CA0D00}.exe
| MD5 | 19f1fef8788c1e03b69c5c1f874d02d1 |
| SHA1 | 2a33ae5f7e484e9cbf5f988ee109b6ab14faf5f0 |
| SHA256 | 45fdec3caea06725603808ebc157e5ca24edd75b56acfc89b70537c7ef06d223 |
| SHA512 | 6f623e5cdcb537f68f856a4f4006212318c7c66e0c35b77d9af047bb094c35a4f1709dddf93483a2969273f60b52c987d63a8aaf542a896358a13a7873d13930 |
C:\Windows\{D7EEBFC6-E6E7-41f8-B8C2-FC217D1D4D8F}.exe
| MD5 | d3e723e0bfb8c5cfe0626a40475022a1 |
| SHA1 | fc1e39877a7520c91e602842ff5332681dc9b669 |
| SHA256 | 49f72da986368854f71909d35a4abea4ce42980ac2d46a75866f807b0fec87be |
| SHA512 | c48e42bc0128a52d8b8992274ee17101c5d1ad2fa5909f6206e6762c38eec56554831325f2e9a11e3b7a71c368ed04ddb0b7883c80b1f588ed56ca8f2c671ca1 |
C:\Windows\{3980FF92-6F46-4b51-A7C1-39E64F6E6ECB}.exe
| MD5 | 1e9caad06bbb4ead723321252b78a266 |
| SHA1 | 75ddf10f6d62da4365b6a4c59a73048fe5f2fa08 |
| SHA256 | 663e6267d098aa205354f4f737674eae722566ac88db188a84b704db3ec1397c |
| SHA512 | a82b20d827232eaccf0fb9020f4ff796330fe7b4755b5ca403e25ae1ffdbc9f50af9aff7c14211529781831897cb70cbe70e0529815b065ef53a463f4022e0c8 |
C:\Windows\{33079A09-1936-4767-8778-42E795ABF30C}.exe
| MD5 | 1e76a7128714ccccf72ef7ed5ff5d8c9 |
| SHA1 | 18b9453398b76417ff1d9bc46a8899c456945f45 |
| SHA256 | f3aaa68b1cce13d469247bcbe46c90aa43487f572c1d3c3f22046230da2bfb2c |
| SHA512 | 55d8152476673f7e3d99fc89d01d3417525668121c526fbd15a578fce0d6f190cea0f8d6ce99aa8203f22c0f4963046ca151d050aa16fb8beb1d4acf7df853d3 |
C:\Windows\{81B1F966-2C0B-4e9f-A880-A75DE8085BEF}.exe
| MD5 | 45d1ae96bd0201f062083255ae032710 |
| SHA1 | 42cc29a4e60d23bfa8dc76bfb5e63909830cfe4d |
| SHA256 | e626a8e7cdd1406d52f161986a4c108761d34dcb2c226a8efb30fe6b402ac894 |
| SHA512 | 6a78a962f00dfa7cf0d4a96483f6b614936e9fd59763e973cc05418135de9d9c2a267adeceb3cf32473e6ba41eade81f4b3ed8f05fd836f5e6a07808082230c3 |