Analysis Overview
SHA256
0793876b8f6eb4d121477510e83e4c88fdea6c79093fe95d4ee99c7396bf39a9
Threat Level: Known bad
The file 2024-06-10_97860f63b56a11a2225fb7e0eae2928f_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-10 04:41
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 04:41
Reported
2024-06-10 04:44
Platform
win7-20240215-en
Max time kernel
144s
Max time network
122s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0744A0F4-3D3A-4751-B1CA-EB8D3A31ED29}\stubpath = "C:\\Windows\\{0744A0F4-3D3A-4751-B1CA-EB8D3A31ED29}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-10_97860f63b56a11a2225fb7e0eae2928f_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{66572100-77AE-48f3-B508-EC39010AE0BE} | C:\Windows\{3BEF8E85-A5A8-40a6-9F0D-7FBF82C0DC2E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{53A9DA28-407B-4ff4-B9A3-D9AACC8BEF1E}\stubpath = "C:\\Windows\\{53A9DA28-407B-4ff4-B9A3-D9AACC8BEF1E}.exe" | C:\Windows\{66572100-77AE-48f3-B508-EC39010AE0BE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2F16710F-609B-44eb-98AD-6781E8A5C6C0} | C:\Windows\{0744A0F4-3D3A-4751-B1CA-EB8D3A31ED29}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3BEF8E85-A5A8-40a6-9F0D-7FBF82C0DC2E}\stubpath = "C:\\Windows\\{3BEF8E85-A5A8-40a6-9F0D-7FBF82C0DC2E}.exe" | C:\Windows\{2F16710F-609B-44eb-98AD-6781E8A5C6C0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{53A9DA28-407B-4ff4-B9A3-D9AACC8BEF1E} | C:\Windows\{66572100-77AE-48f3-B508-EC39010AE0BE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9DEF195E-C9D6-40ca-9C4F-65CD477818A3} | C:\Windows\{C9E59FBF-8120-4fc1-B334-2317DE71C53E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9DEF195E-C9D6-40ca-9C4F-65CD477818A3}\stubpath = "C:\\Windows\\{9DEF195E-C9D6-40ca-9C4F-65CD477818A3}.exe" | C:\Windows\{C9E59FBF-8120-4fc1-B334-2317DE71C53E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0744A0F4-3D3A-4751-B1CA-EB8D3A31ED29} | C:\Users\Admin\AppData\Local\Temp\2024-06-10_97860f63b56a11a2225fb7e0eae2928f_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{66572100-77AE-48f3-B508-EC39010AE0BE}\stubpath = "C:\\Windows\\{66572100-77AE-48f3-B508-EC39010AE0BE}.exe" | C:\Windows\{3BEF8E85-A5A8-40a6-9F0D-7FBF82C0DC2E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3BF8871E-1E01-45d7-ABEE-9A07E5A8C8D8}\stubpath = "C:\\Windows\\{3BF8871E-1E01-45d7-ABEE-9A07E5A8C8D8}.exe" | C:\Windows\{53A9DA28-407B-4ff4-B9A3-D9AACC8BEF1E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8B787751-39D2-4e56-B66A-B9DCFB2A27DD}\stubpath = "C:\\Windows\\{8B787751-39D2-4e56-B66A-B9DCFB2A27DD}.exe" | C:\Windows\{3BF8871E-1E01-45d7-ABEE-9A07E5A8C8D8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D8737155-FE68-4a3a-9183-4811E2F23581}\stubpath = "C:\\Windows\\{D8737155-FE68-4a3a-9183-4811E2F23581}.exe" | C:\Windows\{8AA32B03-D4C4-4f61-9097-8A2E467D3AC6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C9E59FBF-8120-4fc1-B334-2317DE71C53E} | C:\Windows\{D8737155-FE68-4a3a-9183-4811E2F23581}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2F16710F-609B-44eb-98AD-6781E8A5C6C0}\stubpath = "C:\\Windows\\{2F16710F-609B-44eb-98AD-6781E8A5C6C0}.exe" | C:\Windows\{0744A0F4-3D3A-4751-B1CA-EB8D3A31ED29}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3BEF8E85-A5A8-40a6-9F0D-7FBF82C0DC2E} | C:\Windows\{2F16710F-609B-44eb-98AD-6781E8A5C6C0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3BF8871E-1E01-45d7-ABEE-9A07E5A8C8D8} | C:\Windows\{53A9DA28-407B-4ff4-B9A3-D9AACC8BEF1E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8B787751-39D2-4e56-B66A-B9DCFB2A27DD} | C:\Windows\{3BF8871E-1E01-45d7-ABEE-9A07E5A8C8D8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AA32B03-D4C4-4f61-9097-8A2E467D3AC6} | C:\Windows\{8B787751-39D2-4e56-B66A-B9DCFB2A27DD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AA32B03-D4C4-4f61-9097-8A2E467D3AC6}\stubpath = "C:\\Windows\\{8AA32B03-D4C4-4f61-9097-8A2E467D3AC6}.exe" | C:\Windows\{8B787751-39D2-4e56-B66A-B9DCFB2A27DD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D8737155-FE68-4a3a-9183-4811E2F23581} | C:\Windows\{8AA32B03-D4C4-4f61-9097-8A2E467D3AC6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C9E59FBF-8120-4fc1-B334-2317DE71C53E}\stubpath = "C:\\Windows\\{C9E59FBF-8120-4fc1-B334-2317DE71C53E}.exe" | C:\Windows\{D8737155-FE68-4a3a-9183-4811E2F23581}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{0744A0F4-3D3A-4751-B1CA-EB8D3A31ED29}.exe | N/A |
| N/A | N/A | C:\Windows\{2F16710F-609B-44eb-98AD-6781E8A5C6C0}.exe | N/A |
| N/A | N/A | C:\Windows\{3BEF8E85-A5A8-40a6-9F0D-7FBF82C0DC2E}.exe | N/A |
| N/A | N/A | C:\Windows\{66572100-77AE-48f3-B508-EC39010AE0BE}.exe | N/A |
| N/A | N/A | C:\Windows\{53A9DA28-407B-4ff4-B9A3-D9AACC8BEF1E}.exe | N/A |
| N/A | N/A | C:\Windows\{3BF8871E-1E01-45d7-ABEE-9A07E5A8C8D8}.exe | N/A |
| N/A | N/A | C:\Windows\{8B787751-39D2-4e56-B66A-B9DCFB2A27DD}.exe | N/A |
| N/A | N/A | C:\Windows\{8AA32B03-D4C4-4f61-9097-8A2E467D3AC6}.exe | N/A |
| N/A | N/A | C:\Windows\{D8737155-FE68-4a3a-9183-4811E2F23581}.exe | N/A |
| N/A | N/A | C:\Windows\{C9E59FBF-8120-4fc1-B334-2317DE71C53E}.exe | N/A |
| N/A | N/A | C:\Windows\{9DEF195E-C9D6-40ca-9C4F-65CD477818A3}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{C9E59FBF-8120-4fc1-B334-2317DE71C53E}.exe | C:\Windows\{D8737155-FE68-4a3a-9183-4811E2F23581}.exe | N/A |
| File created | C:\Windows\{9DEF195E-C9D6-40ca-9C4F-65CD477818A3}.exe | C:\Windows\{C9E59FBF-8120-4fc1-B334-2317DE71C53E}.exe | N/A |
| File created | C:\Windows\{0744A0F4-3D3A-4751-B1CA-EB8D3A31ED29}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-10_97860f63b56a11a2225fb7e0eae2928f_goldeneye.exe | N/A |
| File created | C:\Windows\{3BEF8E85-A5A8-40a6-9F0D-7FBF82C0DC2E}.exe | C:\Windows\{2F16710F-609B-44eb-98AD-6781E8A5C6C0}.exe | N/A |
| File created | C:\Windows\{66572100-77AE-48f3-B508-EC39010AE0BE}.exe | C:\Windows\{3BEF8E85-A5A8-40a6-9F0D-7FBF82C0DC2E}.exe | N/A |
| File created | C:\Windows\{3BF8871E-1E01-45d7-ABEE-9A07E5A8C8D8}.exe | C:\Windows\{53A9DA28-407B-4ff4-B9A3-D9AACC8BEF1E}.exe | N/A |
| File created | C:\Windows\{8B787751-39D2-4e56-B66A-B9DCFB2A27DD}.exe | C:\Windows\{3BF8871E-1E01-45d7-ABEE-9A07E5A8C8D8}.exe | N/A |
| File created | C:\Windows\{8AA32B03-D4C4-4f61-9097-8A2E467D3AC6}.exe | C:\Windows\{8B787751-39D2-4e56-B66A-B9DCFB2A27DD}.exe | N/A |
| File created | C:\Windows\{2F16710F-609B-44eb-98AD-6781E8A5C6C0}.exe | C:\Windows\{0744A0F4-3D3A-4751-B1CA-EB8D3A31ED29}.exe | N/A |
| File created | C:\Windows\{53A9DA28-407B-4ff4-B9A3-D9AACC8BEF1E}.exe | C:\Windows\{66572100-77AE-48f3-B508-EC39010AE0BE}.exe | N/A |
| File created | C:\Windows\{D8737155-FE68-4a3a-9183-4811E2F23581}.exe | C:\Windows\{8AA32B03-D4C4-4f61-9097-8A2E467D3AC6}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-10_97860f63b56a11a2225fb7e0eae2928f_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-10_97860f63b56a11a2225fb7e0eae2928f_goldeneye.exe"
C:\Windows\{0744A0F4-3D3A-4751-B1CA-EB8D3A31ED29}.exe
C:\Windows\{0744A0F4-3D3A-4751-B1CA-EB8D3A31ED29}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{2F16710F-609B-44eb-98AD-6781E8A5C6C0}.exe
C:\Windows\{2F16710F-609B-44eb-98AD-6781E8A5C6C0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0744A~1.EXE > nul
C:\Windows\{3BEF8E85-A5A8-40a6-9F0D-7FBF82C0DC2E}.exe
C:\Windows\{3BEF8E85-A5A8-40a6-9F0D-7FBF82C0DC2E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2F167~1.EXE > nul
C:\Windows\{66572100-77AE-48f3-B508-EC39010AE0BE}.exe
C:\Windows\{66572100-77AE-48f3-B508-EC39010AE0BE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3BEF8~1.EXE > nul
C:\Windows\{53A9DA28-407B-4ff4-B9A3-D9AACC8BEF1E}.exe
C:\Windows\{53A9DA28-407B-4ff4-B9A3-D9AACC8BEF1E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{66572~1.EXE > nul
C:\Windows\{3BF8871E-1E01-45d7-ABEE-9A07E5A8C8D8}.exe
C:\Windows\{3BF8871E-1E01-45d7-ABEE-9A07E5A8C8D8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{53A9D~1.EXE > nul
C:\Windows\{8B787751-39D2-4e56-B66A-B9DCFB2A27DD}.exe
C:\Windows\{8B787751-39D2-4e56-B66A-B9DCFB2A27DD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3BF88~1.EXE > nul
C:\Windows\{8AA32B03-D4C4-4f61-9097-8A2E467D3AC6}.exe
C:\Windows\{8AA32B03-D4C4-4f61-9097-8A2E467D3AC6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8B787~1.EXE > nul
C:\Windows\{D8737155-FE68-4a3a-9183-4811E2F23581}.exe
C:\Windows\{D8737155-FE68-4a3a-9183-4811E2F23581}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8AA32~1.EXE > nul
C:\Windows\{C9E59FBF-8120-4fc1-B334-2317DE71C53E}.exe
C:\Windows\{C9E59FBF-8120-4fc1-B334-2317DE71C53E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D8737~1.EXE > nul
C:\Windows\{9DEF195E-C9D6-40ca-9C4F-65CD477818A3}.exe
C:\Windows\{9DEF195E-C9D6-40ca-9C4F-65CD477818A3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C9E59~1.EXE > nul
Network
Files
C:\Windows\{0744A0F4-3D3A-4751-B1CA-EB8D3A31ED29}.exe
| MD5 | d6968f78757bdef61603001fa11b7e82 |
| SHA1 | 877ea307bc94f1e3fdb17164cc636ae2bcdaafd3 |
| SHA256 | 89c23028f1792a1205d543bab26fa602cd51c47da6649d790caa40e50553a57c |
| SHA512 | e841fe3204a41e2ab2359bd301e692bce5696cb3c4a9c6762d90fa79080d23b014a79915db0c085864fe7403f05d70dc133b49f6212cd185b588281d3fb50e13 |
C:\Windows\{2F16710F-609B-44eb-98AD-6781E8A5C6C0}.exe
| MD5 | fbafb884ce838020496b5219ca93e091 |
| SHA1 | 2cf1764ad58b1baf25f7dd194226a7417ff2eea7 |
| SHA256 | b50c4bc9acf8d0d8187415edea4126510ed688f321b62d1c3276cd8be7c59d67 |
| SHA512 | 9d27a44facc5965ab41a3f21a52ba7284d8f659df50b15c27bd73985836e56f37301aa6bf448183d01dd80fe5f6f481d2723c21706c34b69faedc0902c37fc1a |
C:\Windows\{3BEF8E85-A5A8-40a6-9F0D-7FBF82C0DC2E}.exe
| MD5 | c96e6c6112fed39a68fa4e468031661f |
| SHA1 | 3abf59abb1ef313328105ea74e0bf390eeb94b6d |
| SHA256 | 3e91ce757f4b31e999b0b80f44e8275aab6c4228a66cbf6a88f16850672c68e7 |
| SHA512 | 145d0a520b0f8e680449dc87e7bc90d6333b8f1ea3aebc04855ce6b663e209bb788ec2bcde176d021b5589daf428db2a3a7bd0af5d7fa3c2d064a03d640a754d |
C:\Windows\{66572100-77AE-48f3-B508-EC39010AE0BE}.exe
| MD5 | 4a9aca397b58bcf4cb45649f98f3c21f |
| SHA1 | 94ab4e67633bdb71288c5e644b0f37917f463336 |
| SHA256 | 70da9d99425796be7a67ea9a433b8af7220bd92be9e7892fa0e247a151f69be2 |
| SHA512 | f6aed6e8740439ddc14139ac5fd48261b4becc27c52d852e6af859a6224dd6d214adbff9571a5bbd08e9376140e96caac84bc32df70d61e3a7bf818d47a0daa2 |
C:\Windows\{53A9DA28-407B-4ff4-B9A3-D9AACC8BEF1E}.exe
| MD5 | 905a0604a2b3897c188c0bfed862bd9e |
| SHA1 | 1ebf684897d753abbb47f03f896659eb58758be9 |
| SHA256 | 626a1f601772b93ee98a817ea6fa40371b119b8670cd5cec1aefaed1c20a703d |
| SHA512 | 644aa3c1e524e92af85fee0a30a94165ec09ab43e127d983a3d2d495b73afd807a195e29db1e91103f445538a2a86d9a2e5b2dbeb6507a4bf54df14639c92298 |
C:\Windows\{3BF8871E-1E01-45d7-ABEE-9A07E5A8C8D8}.exe
| MD5 | 4fc8e14cbdcbcfa952c045dadd154b1c |
| SHA1 | a48f9b1a0ebf748266b81f504f6f533a1bb1a280 |
| SHA256 | 02d32dd134c7927f2271c69e9e9518b5be28f4b5a42d0f9709ac5d33248bbde3 |
| SHA512 | 61548e6c7555226ec2aa900b28e24c99e16e96831dec91942af859d1a36a6f9266116d564a15541686dca562f143107fc14cb38e7e748cc7a7982f455dee92b8 |
C:\Windows\{8B787751-39D2-4e56-B66A-B9DCFB2A27DD}.exe
| MD5 | aebb1e88604caa4f9d444fd31d47659f |
| SHA1 | fd62fc281139afa9c1fdbcf5d2775fb397a58dc1 |
| SHA256 | 8cc9c1a45c31b6963829661dd71b7ddbe60092071441a392976d71fe2b347616 |
| SHA512 | da0d34c7eefe0dfd6bdd30850d3473373f6cfa28cadf2cc7591584f82178475b56bd4dab4e558b7a9da16f5070b654999f05cad5e2505bf3c4df24961798f074 |
C:\Windows\{8AA32B03-D4C4-4f61-9097-8A2E467D3AC6}.exe
| MD5 | a8d035d2a3fc8aa88df6aae43b17dbd7 |
| SHA1 | edbb869fb2429c6e65143ae2629f580b3b073e05 |
| SHA256 | 287f4998d86a600a7e295ec9dd9320fb62ee20d53192005d781e15ecb3508bd6 |
| SHA512 | f53230ce6d4143b35028bb69139ac01ea3fe519c445d5dce226b1ca74acbefff9ce70e30dca53ec706152d814abd2f41b935cbfc841675ae53ce63cff54c3d73 |
C:\Windows\{D8737155-FE68-4a3a-9183-4811E2F23581}.exe
| MD5 | 3d363cac09b5134cd2b56d0fc250b765 |
| SHA1 | e00ab189d0a0dc246493491e75a2dd7576d80cf4 |
| SHA256 | d8e2303749dc69cbfd6dce9c6e52c0a995f37716395f702373015b8ca503a46c |
| SHA512 | c0bf5137cfb49ee95efeca7f284a478ab7819aa1101b5f69a73d0086afb3fbcac42bb52fcdaae37b1231ebc18be2f4aeea25f7e530bbfade7526859f0834528d |
C:\Windows\{C9E59FBF-8120-4fc1-B334-2317DE71C53E}.exe
| MD5 | adec2a26f204cec484bb5171d4052753 |
| SHA1 | b2e69c5f8613b74e1df6f5369b8e9ce1d7ec3dca |
| SHA256 | 9be68bd6245dec8cb505d6c6e91a157476945e6581732c69b81253fc23ea3928 |
| SHA512 | 01dad3b7b8c84f26880dc94c659a25d50f65fdb4748d08a37975592510f41af99e5c4bf38a0e4ee0158b339e4a996d440906c6e8667bc1ea434bb943207c5a9a |
C:\Windows\{9DEF195E-C9D6-40ca-9C4F-65CD477818A3}.exe
| MD5 | e2255dd83854942a246cd6a729e37879 |
| SHA1 | 9216149a758bbab7e921784cdd788c201ec76528 |
| SHA256 | 8654e26c9a65a65dc532d2f37659661684f55f0d3dbc94e850236c052f6073d0 |
| SHA512 | 3e9a4e88b8bcb6d6ed77a0688f128fe0070c6b3838138af17547359ba1b8808bb4e90ae2d7c17795e0400c71d7e3830543ad8bd7a457cdd09cede821c97fc51e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-10 04:41
Reported
2024-06-10 04:44
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6637B389-4DF6-4011-903A-9067E6D3537F}\stubpath = "C:\\Windows\\{6637B389-4DF6-4011-903A-9067E6D3537F}.exe" | C:\Windows\{E246F3FF-1943-42a7-A797-C3A54A99D3DC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D0B666C7-15FC-49e1-8874-D6D0BE5C43CD}\stubpath = "C:\\Windows\\{D0B666C7-15FC-49e1-8874-D6D0BE5C43CD}.exe" | C:\Windows\{EF4D370F-EF84-417f-A850-C48194A23B68}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C3BA756E-3FA1-472d-83DB-CCA960A2D447} | C:\Windows\{7DC397DE-0841-48d1-8751-CC0E16F24771}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0616B9E9-57E0-48b9-8B57-580031C8D141}\stubpath = "C:\\Windows\\{0616B9E9-57E0-48b9-8B57-580031C8D141}.exe" | C:\Windows\{5D2B49C8-FCC2-4e49-B94A-AC544F7295B5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3B0D99CA-2CE5-4eef-85C3-A88D2E93C57B}\stubpath = "C:\\Windows\\{3B0D99CA-2CE5-4eef-85C3-A88D2E93C57B}.exe" | C:\Windows\{0616B9E9-57E0-48b9-8B57-580031C8D141}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E246F3FF-1943-42a7-A797-C3A54A99D3DC} | C:\Windows\{EF9DABE3-3AF2-4b9e-94FD-B1CBE25A965B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7DC397DE-0841-48d1-8751-CC0E16F24771}\stubpath = "C:\\Windows\\{7DC397DE-0841-48d1-8751-CC0E16F24771}.exe" | C:\Windows\{637A2255-BE5F-451d-AF77-820B161257AB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3CC0F43F-57FB-41d8-B729-39A3E98E98BE} | C:\Users\Admin\AppData\Local\Temp\2024-06-10_97860f63b56a11a2225fb7e0eae2928f_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5D2B49C8-FCC2-4e49-B94A-AC544F7295B5} | C:\Windows\{3CC0F43F-57FB-41d8-B729-39A3E98E98BE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0616B9E9-57E0-48b9-8B57-580031C8D141} | C:\Windows\{5D2B49C8-FCC2-4e49-B94A-AC544F7295B5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EF9DABE3-3AF2-4b9e-94FD-B1CBE25A965B}\stubpath = "C:\\Windows\\{EF9DABE3-3AF2-4b9e-94FD-B1CBE25A965B}.exe" | C:\Windows\{3B0D99CA-2CE5-4eef-85C3-A88D2E93C57B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6637B389-4DF6-4011-903A-9067E6D3537F} | C:\Windows\{E246F3FF-1943-42a7-A797-C3A54A99D3DC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EF4D370F-EF84-417f-A850-C48194A23B68} | C:\Windows\{6637B389-4DF6-4011-903A-9067E6D3537F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{637A2255-BE5F-451d-AF77-820B161257AB} | C:\Windows\{D0B666C7-15FC-49e1-8874-D6D0BE5C43CD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{637A2255-BE5F-451d-AF77-820B161257AB}\stubpath = "C:\\Windows\\{637A2255-BE5F-451d-AF77-820B161257AB}.exe" | C:\Windows\{D0B666C7-15FC-49e1-8874-D6D0BE5C43CD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3CC0F43F-57FB-41d8-B729-39A3E98E98BE}\stubpath = "C:\\Windows\\{3CC0F43F-57FB-41d8-B729-39A3E98E98BE}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-10_97860f63b56a11a2225fb7e0eae2928f_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5D2B49C8-FCC2-4e49-B94A-AC544F7295B5}\stubpath = "C:\\Windows\\{5D2B49C8-FCC2-4e49-B94A-AC544F7295B5}.exe" | C:\Windows\{3CC0F43F-57FB-41d8-B729-39A3E98E98BE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3B0D99CA-2CE5-4eef-85C3-A88D2E93C57B} | C:\Windows\{0616B9E9-57E0-48b9-8B57-580031C8D141}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EF9DABE3-3AF2-4b9e-94FD-B1CBE25A965B} | C:\Windows\{3B0D99CA-2CE5-4eef-85C3-A88D2E93C57B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E246F3FF-1943-42a7-A797-C3A54A99D3DC}\stubpath = "C:\\Windows\\{E246F3FF-1943-42a7-A797-C3A54A99D3DC}.exe" | C:\Windows\{EF9DABE3-3AF2-4b9e-94FD-B1CBE25A965B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EF4D370F-EF84-417f-A850-C48194A23B68}\stubpath = "C:\\Windows\\{EF4D370F-EF84-417f-A850-C48194A23B68}.exe" | C:\Windows\{6637B389-4DF6-4011-903A-9067E6D3537F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D0B666C7-15FC-49e1-8874-D6D0BE5C43CD} | C:\Windows\{EF4D370F-EF84-417f-A850-C48194A23B68}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7DC397DE-0841-48d1-8751-CC0E16F24771} | C:\Windows\{637A2255-BE5F-451d-AF77-820B161257AB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C3BA756E-3FA1-472d-83DB-CCA960A2D447}\stubpath = "C:\\Windows\\{C3BA756E-3FA1-472d-83DB-CCA960A2D447}.exe" | C:\Windows\{7DC397DE-0841-48d1-8751-CC0E16F24771}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{3CC0F43F-57FB-41d8-B729-39A3E98E98BE}.exe | N/A |
| N/A | N/A | C:\Windows\{5D2B49C8-FCC2-4e49-B94A-AC544F7295B5}.exe | N/A |
| N/A | N/A | C:\Windows\{0616B9E9-57E0-48b9-8B57-580031C8D141}.exe | N/A |
| N/A | N/A | C:\Windows\{3B0D99CA-2CE5-4eef-85C3-A88D2E93C57B}.exe | N/A |
| N/A | N/A | C:\Windows\{EF9DABE3-3AF2-4b9e-94FD-B1CBE25A965B}.exe | N/A |
| N/A | N/A | C:\Windows\{E246F3FF-1943-42a7-A797-C3A54A99D3DC}.exe | N/A |
| N/A | N/A | C:\Windows\{6637B389-4DF6-4011-903A-9067E6D3537F}.exe | N/A |
| N/A | N/A | C:\Windows\{EF4D370F-EF84-417f-A850-C48194A23B68}.exe | N/A |
| N/A | N/A | C:\Windows\{D0B666C7-15FC-49e1-8874-D6D0BE5C43CD}.exe | N/A |
| N/A | N/A | C:\Windows\{637A2255-BE5F-451d-AF77-820B161257AB}.exe | N/A |
| N/A | N/A | C:\Windows\{7DC397DE-0841-48d1-8751-CC0E16F24771}.exe | N/A |
| N/A | N/A | C:\Windows\{C3BA756E-3FA1-472d-83DB-CCA960A2D447}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{3CC0F43F-57FB-41d8-B729-39A3E98E98BE}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-10_97860f63b56a11a2225fb7e0eae2928f_goldeneye.exe | N/A |
| File created | C:\Windows\{5D2B49C8-FCC2-4e49-B94A-AC544F7295B5}.exe | C:\Windows\{3CC0F43F-57FB-41d8-B729-39A3E98E98BE}.exe | N/A |
| File created | C:\Windows\{D0B666C7-15FC-49e1-8874-D6D0BE5C43CD}.exe | C:\Windows\{EF4D370F-EF84-417f-A850-C48194A23B68}.exe | N/A |
| File created | C:\Windows\{7DC397DE-0841-48d1-8751-CC0E16F24771}.exe | C:\Windows\{637A2255-BE5F-451d-AF77-820B161257AB}.exe | N/A |
| File created | C:\Windows\{C3BA756E-3FA1-472d-83DB-CCA960A2D447}.exe | C:\Windows\{7DC397DE-0841-48d1-8751-CC0E16F24771}.exe | N/A |
| File created | C:\Windows\{0616B9E9-57E0-48b9-8B57-580031C8D141}.exe | C:\Windows\{5D2B49C8-FCC2-4e49-B94A-AC544F7295B5}.exe | N/A |
| File created | C:\Windows\{3B0D99CA-2CE5-4eef-85C3-A88D2E93C57B}.exe | C:\Windows\{0616B9E9-57E0-48b9-8B57-580031C8D141}.exe | N/A |
| File created | C:\Windows\{EF9DABE3-3AF2-4b9e-94FD-B1CBE25A965B}.exe | C:\Windows\{3B0D99CA-2CE5-4eef-85C3-A88D2E93C57B}.exe | N/A |
| File created | C:\Windows\{E246F3FF-1943-42a7-A797-C3A54A99D3DC}.exe | C:\Windows\{EF9DABE3-3AF2-4b9e-94FD-B1CBE25A965B}.exe | N/A |
| File created | C:\Windows\{6637B389-4DF6-4011-903A-9067E6D3537F}.exe | C:\Windows\{E246F3FF-1943-42a7-A797-C3A54A99D3DC}.exe | N/A |
| File created | C:\Windows\{EF4D370F-EF84-417f-A850-C48194A23B68}.exe | C:\Windows\{6637B389-4DF6-4011-903A-9067E6D3537F}.exe | N/A |
| File created | C:\Windows\{637A2255-BE5F-451d-AF77-820B161257AB}.exe | C:\Windows\{D0B666C7-15FC-49e1-8874-D6D0BE5C43CD}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-10_97860f63b56a11a2225fb7e0eae2928f_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-10_97860f63b56a11a2225fb7e0eae2928f_goldeneye.exe"
C:\Windows\{3CC0F43F-57FB-41d8-B729-39A3E98E98BE}.exe
C:\Windows\{3CC0F43F-57FB-41d8-B729-39A3E98E98BE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{5D2B49C8-FCC2-4e49-B94A-AC544F7295B5}.exe
C:\Windows\{5D2B49C8-FCC2-4e49-B94A-AC544F7295B5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3CC0F~1.EXE > nul
C:\Windows\{0616B9E9-57E0-48b9-8B57-580031C8D141}.exe
C:\Windows\{0616B9E9-57E0-48b9-8B57-580031C8D141}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5D2B4~1.EXE > nul
C:\Windows\{3B0D99CA-2CE5-4eef-85C3-A88D2E93C57B}.exe
C:\Windows\{3B0D99CA-2CE5-4eef-85C3-A88D2E93C57B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0616B~1.EXE > nul
C:\Windows\{EF9DABE3-3AF2-4b9e-94FD-B1CBE25A965B}.exe
C:\Windows\{EF9DABE3-3AF2-4b9e-94FD-B1CBE25A965B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3B0D9~1.EXE > nul
C:\Windows\{E246F3FF-1943-42a7-A797-C3A54A99D3DC}.exe
C:\Windows\{E246F3FF-1943-42a7-A797-C3A54A99D3DC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EF9DA~1.EXE > nul
C:\Windows\{6637B389-4DF6-4011-903A-9067E6D3537F}.exe
C:\Windows\{6637B389-4DF6-4011-903A-9067E6D3537F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E246F~1.EXE > nul
C:\Windows\{EF4D370F-EF84-417f-A850-C48194A23B68}.exe
C:\Windows\{EF4D370F-EF84-417f-A850-C48194A23B68}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6637B~1.EXE > nul
C:\Windows\{D0B666C7-15FC-49e1-8874-D6D0BE5C43CD}.exe
C:\Windows\{D0B666C7-15FC-49e1-8874-D6D0BE5C43CD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EF4D3~1.EXE > nul
C:\Windows\{637A2255-BE5F-451d-AF77-820B161257AB}.exe
C:\Windows\{637A2255-BE5F-451d-AF77-820B161257AB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D0B66~1.EXE > nul
C:\Windows\{7DC397DE-0841-48d1-8751-CC0E16F24771}.exe
C:\Windows\{7DC397DE-0841-48d1-8751-CC0E16F24771}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{637A2~1.EXE > nul
C:\Windows\{C3BA756E-3FA1-472d-83DB-CCA960A2D447}.exe
C:\Windows\{C3BA756E-3FA1-472d-83DB-CCA960A2D447}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7DC39~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Windows\{3CC0F43F-57FB-41d8-B729-39A3E98E98BE}.exe
| MD5 | 4a9f295f12361b31a2be8d9e1874ba6c |
| SHA1 | fdad61ae6432bfb98103f158afb2ec34b6869d52 |
| SHA256 | 5cd30a713122bd08c173a59f5d46e11ae7a96990fa115257b24f06d1d80220db |
| SHA512 | b3181e6058e9aff2c3bb4dd30f471b6e4605890bc176be3632fcae3990df483f967b219c88ef806e536ef91982dbfb85c3dc8c51a70a3d0f83142ede0db88ef1 |
C:\Windows\{5D2B49C8-FCC2-4e49-B94A-AC544F7295B5}.exe
| MD5 | 54c49d60d7db3b5adbe0a228f8e4544e |
| SHA1 | 606d64a86f5ee780e798b076188cd39c797f9de9 |
| SHA256 | abbaa5d7a02b4edca40d8c68e69fb96aaf9ec2c31b24b18e95ec1b91046f4042 |
| SHA512 | 8b3fcd20fd018ac95386062e4e60d1b4408609f8dc0d0884c0029a8ba34633737f26c45d4a94e8d47108a51f7cf1d9ba410387f2167c1e74144eec1d3d136c91 |
C:\Windows\{0616B9E9-57E0-48b9-8B57-580031C8D141}.exe
| MD5 | 75c59107af92dcf89165c131ce744329 |
| SHA1 | 75cdc91b01093ac07de1f45873d28db8710ac647 |
| SHA256 | dd7505560cf1c8d31ae177731438a95710b40213279a583df6fef509139de6a0 |
| SHA512 | 03c94d15306bb7567191a65edb35cf57e03897d7dddc9e17e9ec1e2775dadaf3bb554c8b5d702971ed17ac89a5171c3647683ead90935c3fd195b3a130341ac2 |
C:\Windows\{3B0D99CA-2CE5-4eef-85C3-A88D2E93C57B}.exe
| MD5 | 70a5a8c106a0413b101f09a0540f6c58 |
| SHA1 | 3b82e1b13539786c1f06897d915bf42ba07d97c8 |
| SHA256 | afc38917ab9e8c32188e4dadc125c3fdf8457848dadf61f14f154185535cf8e9 |
| SHA512 | e2f0120d3450cef209df2a8aede7341c487738d0b214a7f4079081a29e6208a79a6f1c1be649f43da0aac69cdb7f6c11481d3a652b93b5f0488c82714b57b06a |
C:\Windows\{EF9DABE3-3AF2-4b9e-94FD-B1CBE25A965B}.exe
| MD5 | 1a19e4de92906450edb23801f7d77d91 |
| SHA1 | 52127d6dfaf3a065c83b38bc8e609724715d9eb8 |
| SHA256 | 4166747fe72ca40f3f0a407157ee2c7e8d348391b3ace545d2ff232a01ece2cb |
| SHA512 | 6b806c89f7a588a16ea787793fa7642df00e95d1813157430757fc650509de88b5c1595ae882fa6070a724f914d950710ad94f51abe694013d03c81f7f07ab9f |
C:\Windows\{E246F3FF-1943-42a7-A797-C3A54A99D3DC}.exe
| MD5 | 35940dc33e05c586e209f0aa0c5b53e4 |
| SHA1 | 99af0e8808164db6b99231b37e7139241821a028 |
| SHA256 | 2c62ec96836f6ceecf118774ac83fbe2270a89a08d46ac4e83c84123cd8460a9 |
| SHA512 | a66fa9bce69ec36e6a5902bc831c8644c44d2941e00fb0cd88d5834021de20aff759ab8dca3dda288fbd51ce14be9fd7c31f58086f7d2e4966fc886cc84eb5ac |
C:\Windows\{6637B389-4DF6-4011-903A-9067E6D3537F}.exe
| MD5 | ff393d52f8fb0c76737e38d234ec86f1 |
| SHA1 | 5055310a968e21c205e51d775dc4b6987f29e78d |
| SHA256 | 95d81901257aa1779a1d6333b639db7483934042d3be474f311fedbc738ee1c6 |
| SHA512 | a70c8d77b70d45c29d063de796205c08bbb05ce4559f951167ab27d5e5139d37419aa134d4a4cd0ceede56800a650bfa889693e6080ce06882a5e5a02066f9c6 |
C:\Windows\{EF4D370F-EF84-417f-A850-C48194A23B68}.exe
| MD5 | 72c6d65afdb9caa5c2371709c2cbb292 |
| SHA1 | b7469549f81ee1d6d4fc0e783b2cf1cff2791852 |
| SHA256 | dc999c0ad01083542f5a4c1888daa8444dd2c61f907ca501fcd3126acaa11ea6 |
| SHA512 | 085727ae3be52eb8bc9594bbb9f33c5eb34929fb53610e85b79baa5ee433049e85b9349a724ddec6da8f41db215b2231877906af1d0c5c20b999ef0fca7a223f |
C:\Windows\{D0B666C7-15FC-49e1-8874-D6D0BE5C43CD}.exe
| MD5 | d7c46603a6f76f15955d4ea38b504dab |
| SHA1 | 32a00578fd77278bd9b6c7597707d4c8efbab5a3 |
| SHA256 | 1ef87b990b6c1ed496161fc6142b1b1051436a66bfa8823be0fb3f7f8d2a78da |
| SHA512 | d03d866c6e3772053dfb1c0d91ddb85507c2f3fc9db242760067d91562568bb16ff9b2e3637f47574dd88b6a312beefb70abcce1c3d496c944f04b24f4917c29 |
C:\Windows\{637A2255-BE5F-451d-AF77-820B161257AB}.exe
| MD5 | dac83364b9dc8f2a6c4903af5a5fd70d |
| SHA1 | 1c10aa8798ca717e160fce55ccc4e80d913e66d4 |
| SHA256 | c4a7f7e5b104ce8c58448da18b79224dbc1f6d0110dbc6be6d23b9e922e3973a |
| SHA512 | ca1ab2e46816c7cff05ab076f391e7d496946abbee1e4f89f2980171c0ba599ab8a6a985235c1371a1e03ab88e58fa5bf0dea11cf3b0aae830994eacbb300fca |
C:\Windows\{7DC397DE-0841-48d1-8751-CC0E16F24771}.exe
| MD5 | 4e8cbe8777372e30faa652861db31a0e |
| SHA1 | fc8016316acdee379902c555be3d5b846cce02f4 |
| SHA256 | becf8d4df316bfa5745344ab15d64b8153c9eb9097317fa9486a773eebc3863d |
| SHA512 | 06a8a6e1f38e888a7e9031438cb668e18a8ff47c0d1655bf2551267f2dfa14b86d4fcca780cb923f44b4edfa606918b334e0f87cffc1a07ae4f0abe2b779ff94 |
C:\Windows\{C3BA756E-3FA1-472d-83DB-CCA960A2D447}.exe
| MD5 | 8d88eaf96f85c6740be57c213c610769 |
| SHA1 | 2e88adb866f12e14d743c370a4565bd3be8af96c |
| SHA256 | c9478e768a735b5bb33b64ffaf4119e7c296d7e21e01f61891b14566b1ddb7ed |
| SHA512 | 810278758452830e4e96e1e08e1e3293c48a32e6a5c1c6ca5b418d06fe46d958022c480857d2d0fb6cd7f30f4c05b712441c7bdbc8d4b69cbdcf5025cca00903 |