Analysis Overview
SHA256
16c8741c332d24feb1e8bcdd9d90a7ce4c0d6b168a091e716dabaa1fc6ae8175
Threat Level: Known bad
The file 2024-06-13_24eadd4d609b1d0fc674c021cf1144f9_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:46
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:46
Reported
2024-06-13 02:48
Platform
win7-20240419-en
Max time kernel
144s
Max time network
119s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A040C519-27C1-4361-8F4D-EE788A4999CB} | C:\Windows\{9172D8C6-A58E-48c0-8C9E-7F2FFA7AFE0D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{860CCA45-D390-4aaa-B743-EEF6A923076A} | C:\Windows\{A040C519-27C1-4361-8F4D-EE788A4999CB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CEE9C394-35EB-4bc2-9392-22007027FEC6} | C:\Windows\{860CCA45-D390-4aaa-B743-EEF6A923076A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CEE9C394-35EB-4bc2-9392-22007027FEC6}\stubpath = "C:\\Windows\\{CEE9C394-35EB-4bc2-9392-22007027FEC6}.exe" | C:\Windows\{860CCA45-D390-4aaa-B743-EEF6A923076A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{26876394-7762-4a75-9B9E-DE6FF40DEAE3}\stubpath = "C:\\Windows\\{26876394-7762-4a75-9B9E-DE6FF40DEAE3}.exe" | C:\Windows\{CEE9C394-35EB-4bc2-9392-22007027FEC6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E40BD509-8E68-4f8c-B1C1-1F61AA1208A7} | C:\Windows\{04985B9E-B464-4f2b-B4CA-584A8E64E879}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3639F753-306D-4545-A65F-F9EF26B1B393} | C:\Windows\{649B4ADB-6932-4d60-8A61-7422D7576C94}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9172D8C6-A58E-48c0-8C9E-7F2FFA7AFE0D} | C:\Windows\{3639F753-306D-4545-A65F-F9EF26B1B393}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B6AC68E8-60B2-4fdb-837B-2FED732128BC} | C:\Windows\{26876394-7762-4a75-9B9E-DE6FF40DEAE3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{04985B9E-B464-4f2b-B4CA-584A8E64E879} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_24eadd4d609b1d0fc674c021cf1144f9_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3639F753-306D-4545-A65F-F9EF26B1B393}\stubpath = "C:\\Windows\\{3639F753-306D-4545-A65F-F9EF26B1B393}.exe" | C:\Windows\{649B4ADB-6932-4d60-8A61-7422D7576C94}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9172D8C6-A58E-48c0-8C9E-7F2FFA7AFE0D}\stubpath = "C:\\Windows\\{9172D8C6-A58E-48c0-8C9E-7F2FFA7AFE0D}.exe" | C:\Windows\{3639F753-306D-4545-A65F-F9EF26B1B393}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{649B4ADB-6932-4d60-8A61-7422D7576C94}\stubpath = "C:\\Windows\\{649B4ADB-6932-4d60-8A61-7422D7576C94}.exe" | C:\Windows\{2C8D1CD7-E64B-4357-8A44-93AEE7AE2AF8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A040C519-27C1-4361-8F4D-EE788A4999CB}\stubpath = "C:\\Windows\\{A040C519-27C1-4361-8F4D-EE788A4999CB}.exe" | C:\Windows\{9172D8C6-A58E-48c0-8C9E-7F2FFA7AFE0D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{860CCA45-D390-4aaa-B743-EEF6A923076A}\stubpath = "C:\\Windows\\{860CCA45-D390-4aaa-B743-EEF6A923076A}.exe" | C:\Windows\{A040C519-27C1-4361-8F4D-EE788A4999CB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{26876394-7762-4a75-9B9E-DE6FF40DEAE3} | C:\Windows\{CEE9C394-35EB-4bc2-9392-22007027FEC6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B6AC68E8-60B2-4fdb-837B-2FED732128BC}\stubpath = "C:\\Windows\\{B6AC68E8-60B2-4fdb-837B-2FED732128BC}.exe" | C:\Windows\{26876394-7762-4a75-9B9E-DE6FF40DEAE3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{04985B9E-B464-4f2b-B4CA-584A8E64E879}\stubpath = "C:\\Windows\\{04985B9E-B464-4f2b-B4CA-584A8E64E879}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_24eadd4d609b1d0fc674c021cf1144f9_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2C8D1CD7-E64B-4357-8A44-93AEE7AE2AF8} | C:\Windows\{E40BD509-8E68-4f8c-B1C1-1F61AA1208A7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2C8D1CD7-E64B-4357-8A44-93AEE7AE2AF8}\stubpath = "C:\\Windows\\{2C8D1CD7-E64B-4357-8A44-93AEE7AE2AF8}.exe" | C:\Windows\{E40BD509-8E68-4f8c-B1C1-1F61AA1208A7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E40BD509-8E68-4f8c-B1C1-1F61AA1208A7}\stubpath = "C:\\Windows\\{E40BD509-8E68-4f8c-B1C1-1F61AA1208A7}.exe" | C:\Windows\{04985B9E-B464-4f2b-B4CA-584A8E64E879}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{649B4ADB-6932-4d60-8A61-7422D7576C94} | C:\Windows\{2C8D1CD7-E64B-4357-8A44-93AEE7AE2AF8}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{04985B9E-B464-4f2b-B4CA-584A8E64E879}.exe | N/A |
| N/A | N/A | C:\Windows\{E40BD509-8E68-4f8c-B1C1-1F61AA1208A7}.exe | N/A |
| N/A | N/A | C:\Windows\{2C8D1CD7-E64B-4357-8A44-93AEE7AE2AF8}.exe | N/A |
| N/A | N/A | C:\Windows\{649B4ADB-6932-4d60-8A61-7422D7576C94}.exe | N/A |
| N/A | N/A | C:\Windows\{3639F753-306D-4545-A65F-F9EF26B1B393}.exe | N/A |
| N/A | N/A | C:\Windows\{9172D8C6-A58E-48c0-8C9E-7F2FFA7AFE0D}.exe | N/A |
| N/A | N/A | C:\Windows\{A040C519-27C1-4361-8F4D-EE788A4999CB}.exe | N/A |
| N/A | N/A | C:\Windows\{860CCA45-D390-4aaa-B743-EEF6A923076A}.exe | N/A |
| N/A | N/A | C:\Windows\{CEE9C394-35EB-4bc2-9392-22007027FEC6}.exe | N/A |
| N/A | N/A | C:\Windows\{26876394-7762-4a75-9B9E-DE6FF40DEAE3}.exe | N/A |
| N/A | N/A | C:\Windows\{B6AC68E8-60B2-4fdb-837B-2FED732128BC}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{CEE9C394-35EB-4bc2-9392-22007027FEC6}.exe | C:\Windows\{860CCA45-D390-4aaa-B743-EEF6A923076A}.exe | N/A |
| File created | C:\Windows\{26876394-7762-4a75-9B9E-DE6FF40DEAE3}.exe | C:\Windows\{CEE9C394-35EB-4bc2-9392-22007027FEC6}.exe | N/A |
| File created | C:\Windows\{B6AC68E8-60B2-4fdb-837B-2FED732128BC}.exe | C:\Windows\{26876394-7762-4a75-9B9E-DE6FF40DEAE3}.exe | N/A |
| File created | C:\Windows\{04985B9E-B464-4f2b-B4CA-584A8E64E879}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_24eadd4d609b1d0fc674c021cf1144f9_goldeneye.exe | N/A |
| File created | C:\Windows\{2C8D1CD7-E64B-4357-8A44-93AEE7AE2AF8}.exe | C:\Windows\{E40BD509-8E68-4f8c-B1C1-1F61AA1208A7}.exe | N/A |
| File created | C:\Windows\{9172D8C6-A58E-48c0-8C9E-7F2FFA7AFE0D}.exe | C:\Windows\{3639F753-306D-4545-A65F-F9EF26B1B393}.exe | N/A |
| File created | C:\Windows\{A040C519-27C1-4361-8F4D-EE788A4999CB}.exe | C:\Windows\{9172D8C6-A58E-48c0-8C9E-7F2FFA7AFE0D}.exe | N/A |
| File created | C:\Windows\{860CCA45-D390-4aaa-B743-EEF6A923076A}.exe | C:\Windows\{A040C519-27C1-4361-8F4D-EE788A4999CB}.exe | N/A |
| File created | C:\Windows\{E40BD509-8E68-4f8c-B1C1-1F61AA1208A7}.exe | C:\Windows\{04985B9E-B464-4f2b-B4CA-584A8E64E879}.exe | N/A |
| File created | C:\Windows\{649B4ADB-6932-4d60-8A61-7422D7576C94}.exe | C:\Windows\{2C8D1CD7-E64B-4357-8A44-93AEE7AE2AF8}.exe | N/A |
| File created | C:\Windows\{3639F753-306D-4545-A65F-F9EF26B1B393}.exe | C:\Windows\{649B4ADB-6932-4d60-8A61-7422D7576C94}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_24eadd4d609b1d0fc674c021cf1144f9_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_24eadd4d609b1d0fc674c021cf1144f9_goldeneye.exe"
C:\Windows\{04985B9E-B464-4f2b-B4CA-584A8E64E879}.exe
C:\Windows\{04985B9E-B464-4f2b-B4CA-584A8E64E879}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{E40BD509-8E68-4f8c-B1C1-1F61AA1208A7}.exe
C:\Windows\{E40BD509-8E68-4f8c-B1C1-1F61AA1208A7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{04985~1.EXE > nul
C:\Windows\{2C8D1CD7-E64B-4357-8A44-93AEE7AE2AF8}.exe
C:\Windows\{2C8D1CD7-E64B-4357-8A44-93AEE7AE2AF8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E40BD~1.EXE > nul
C:\Windows\{649B4ADB-6932-4d60-8A61-7422D7576C94}.exe
C:\Windows\{649B4ADB-6932-4d60-8A61-7422D7576C94}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2C8D1~1.EXE > nul
C:\Windows\{3639F753-306D-4545-A65F-F9EF26B1B393}.exe
C:\Windows\{3639F753-306D-4545-A65F-F9EF26B1B393}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{649B4~1.EXE > nul
C:\Windows\{9172D8C6-A58E-48c0-8C9E-7F2FFA7AFE0D}.exe
C:\Windows\{9172D8C6-A58E-48c0-8C9E-7F2FFA7AFE0D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3639F~1.EXE > nul
C:\Windows\{A040C519-27C1-4361-8F4D-EE788A4999CB}.exe
C:\Windows\{A040C519-27C1-4361-8F4D-EE788A4999CB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9172D~1.EXE > nul
C:\Windows\{860CCA45-D390-4aaa-B743-EEF6A923076A}.exe
C:\Windows\{860CCA45-D390-4aaa-B743-EEF6A923076A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A040C~1.EXE > nul
C:\Windows\{CEE9C394-35EB-4bc2-9392-22007027FEC6}.exe
C:\Windows\{CEE9C394-35EB-4bc2-9392-22007027FEC6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{860CC~1.EXE > nul
C:\Windows\{26876394-7762-4a75-9B9E-DE6FF40DEAE3}.exe
C:\Windows\{26876394-7762-4a75-9B9E-DE6FF40DEAE3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CEE9C~1.EXE > nul
C:\Windows\{B6AC68E8-60B2-4fdb-837B-2FED732128BC}.exe
C:\Windows\{B6AC68E8-60B2-4fdb-837B-2FED732128BC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{26876~1.EXE > nul
Network
Files
C:\Windows\{04985B9E-B464-4f2b-B4CA-584A8E64E879}.exe
| MD5 | 4bdcaacb417d93a45e0de1c3dd03bb71 |
| SHA1 | e29146f85c2fd25beac4d18112faefae3bef6e09 |
| SHA256 | 820d42182f964907afe576e37c197ad66bb2f50ab24cb735c7f01bbfe04e5861 |
| SHA512 | c70de25713ff407f9a794e0c082a2d2023c4dcc3bb226ab4de8b9b8b7e4c7ed215209740a7a6d5dfb676405c930ce62115e77bdf0306439e733877ef552ab3b5 |
C:\Windows\{E40BD509-8E68-4f8c-B1C1-1F61AA1208A7}.exe
| MD5 | 5d3c182cbed4bc96523469d9a6d5b59d |
| SHA1 | c32457f68bc6a257fa81de3fb6573c9ae07790a0 |
| SHA256 | 1a47a527e4fa9361cb95174f5d13c0ea4b63301579912c45a907882474dfc2d9 |
| SHA512 | 98eec11bb00ccf89bcc2271d7c30f5a4115632a21273dc6bbaa049f2fbe81d5a475e1b27ab7dbb07bf22ea0355d620bd8442e25c01785c599a76f35feddf41e8 |
C:\Windows\{2C8D1CD7-E64B-4357-8A44-93AEE7AE2AF8}.exe
| MD5 | 6fe938b77a80e830b1ad1e08e640da74 |
| SHA1 | 115dd4ce07a6ca0cfb2b7b8be0f037392880fecb |
| SHA256 | 43cf001817325a071a449ec74508fa4381ac1367b820bf8f4d21a0b4220ed401 |
| SHA512 | adddbb20dfa7d78e2f2d34542a555058c7e8a0b1d6f273e0435be15ba95a1d84aeaf1ffa8513dca2deb4158c7173470add010c4238dea33361f7cb17821dd0f5 |
C:\Windows\{649B4ADB-6932-4d60-8A61-7422D7576C94}.exe
| MD5 | 59cb914f2c06052837070acf5ff38c23 |
| SHA1 | ee549b72a00eb9ce1934c111955153a118723666 |
| SHA256 | 736a763175cc62fc014a4eb1b2b0d00da9458d09a1f414ad0f2204c171b0b502 |
| SHA512 | 2b5fa1993a276af757698e8e7ff0e08c29e46045e1dfac46f53ecc8d5a7e21a55e0a6a8d9b64a4212c196edbc22142ae353d693b9810b000811bf5f200e66d24 |
C:\Windows\{3639F753-306D-4545-A65F-F9EF26B1B393}.exe
| MD5 | e56ecf9f0f61dc3ba9e14144aede4296 |
| SHA1 | afe40211ea764cc945db026b6fadaaa702d6c8ca |
| SHA256 | 251c4e18fe00a9fcb2c88d3f65e2a58b68ae818419a666d9b661b75089ff170e |
| SHA512 | e2049e25f1ce2e3686e17012f6e4107bf55ad8843218784a95deada507086dc663792ac012434c1bf51d55ea79d54a90e594eba24d5776fcd797ddf0e8dbe442 |
C:\Windows\{9172D8C6-A58E-48c0-8C9E-7F2FFA7AFE0D}.exe
| MD5 | 2e2f87d2cf2cdcfc67419428ca5de118 |
| SHA1 | 880a164227821dc42316abad1f87abb25c9e859a |
| SHA256 | 01d66ee5a9f8249eea0e25f464e03daa0a7d90ada22febf464c7c5d5629c2da8 |
| SHA512 | 2284adf003b0ca87fcf9114f5952f64acb0d92f57ba7ffd9865080e0db01eb43312cbdf1c874e3903bf26bc84ac1d8452998eadf28f068f207aa56113c3a7f16 |
C:\Windows\{A040C519-27C1-4361-8F4D-EE788A4999CB}.exe
| MD5 | 026c6b7fd173bd872809a3b0f369b82e |
| SHA1 | 62a7f030f14dfc4eea2f3f10b1e4f0d29fd3cf8c |
| SHA256 | 368398404a7c94fbf48140322392181480a403ac1f9822501f4453ec4208be1a |
| SHA512 | 3ec6927ccb0d3d39e0f074834a901f18aed881c1b65f57d732a7fd0d64eecf4a94a196615d5c6223a30cc7a092ac6961a51967fcf72bf5507c18fb62040c10c7 |
C:\Windows\{860CCA45-D390-4aaa-B743-EEF6A923076A}.exe
| MD5 | de4e612c33f5cc7ce173afb1e9f42d3e |
| SHA1 | b53bbd2700890d73e1357e8fa4d662108efab76a |
| SHA256 | e2ce5ac8de893b8a6c1502a1dc1da43ddd3567ee66b957d0e982a5267a57dcfb |
| SHA512 | f203e9499b73c8d4baf1a3ae07f045d51d7161607785df40f4b9eb2dc42f21785975a39e758f91b0f486000ee75bafae95963b01390fc720cbe8cb6328f66215 |
C:\Windows\{CEE9C394-35EB-4bc2-9392-22007027FEC6}.exe
| MD5 | b2e66b0a0262df27c28f69839ed87f12 |
| SHA1 | 0e747af242a7d087b83fcaca292c65ce88f0343e |
| SHA256 | c8cb54409ef10a73243370293d9329b97dd67c7daf03c63c6386ffe50c741136 |
| SHA512 | 48100724717dde4ad672919581b0f49a225616b704cbb7233e04f5e4deb46651c0a31159c6fe48f9b14d9f790c853bf595e4be5e6c436a2bcd37ab9ee47d6ea2 |
C:\Windows\{26876394-7762-4a75-9B9E-DE6FF40DEAE3}.exe
| MD5 | 3c967a3462f3fc21f06b0dce61a8266d |
| SHA1 | f10fdddedaca7322f84e012c566a0e019e06338e |
| SHA256 | 5a1adb6c46dd7bf69164fffba9f79bb0be1fef3bfce60381e67cea9a601dd974 |
| SHA512 | f0e787217da56675dddef871e7b806972c3419e64b77beaefbd10db7c3e271a6813ecd512c4b9857e6ba121fffb26fd7ec8c868e208949b4a5f27887049c2173 |
C:\Windows\{B6AC68E8-60B2-4fdb-837B-2FED732128BC}.exe
| MD5 | eae671b30987b1f2acb959844e4b021d |
| SHA1 | c357992d44bdf7f7f0631d113656fc38c5f88c14 |
| SHA256 | f017fc9186ff847797eba4e4abbd276a548476805162c08302584f4ce175513a |
| SHA512 | 62bf5c4d9ae13e993aef9f86245f041b63c2078c9a3a362c63e701da0830e02452c468c6a689707a601c6fb367c6d1e8c25957f8cd905960d271da110afa1c61 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 02:46
Reported
2024-06-13 02:48
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
94s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{46848500-0E00-4449-BDF7-A66C703A28F0} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_24eadd4d609b1d0fc674c021cf1144f9_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{46848500-0E00-4449-BDF7-A66C703A28F0}\stubpath = "C:\\Windows\\{46848500-0E00-4449-BDF7-A66C703A28F0}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_24eadd4d609b1d0fc674c021cf1144f9_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8BAE1876-E743-415f-8237-B09D7EDACB1F} | C:\Windows\{E8E1456F-6660-496f-9657-416278A0ABCB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8BAE1876-E743-415f-8237-B09D7EDACB1F}\stubpath = "C:\\Windows\\{8BAE1876-E743-415f-8237-B09D7EDACB1F}.exe" | C:\Windows\{E8E1456F-6660-496f-9657-416278A0ABCB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{56808A0A-68F6-47b8-9246-2767CF8C15F7}\stubpath = "C:\\Windows\\{56808A0A-68F6-47b8-9246-2767CF8C15F7}.exe" | C:\Windows\{DB3AB642-9FAA-47e7-A9D0-C6275B62F9C5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E8E1456F-6660-496f-9657-416278A0ABCB} | C:\Windows\{53C0F6B1-090F-43e3-99EE-48F6A2704EF9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B06BD1F7-41BB-492e-9606-6C40580821F6}\stubpath = "C:\\Windows\\{B06BD1F7-41BB-492e-9606-6C40580821F6}.exe" | C:\Windows\{8BAE1876-E743-415f-8237-B09D7EDACB1F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B4F22BC1-8921-4322-A9BD-D9731D705996} | C:\Windows\{4DF9EDDB-FD46-40fb-BD7B-E6ACD0384476}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B4F22BC1-8921-4322-A9BD-D9731D705996}\stubpath = "C:\\Windows\\{B4F22BC1-8921-4322-A9BD-D9731D705996}.exe" | C:\Windows\{4DF9EDDB-FD46-40fb-BD7B-E6ACD0384476}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DB3AB642-9FAA-47e7-A9D0-C6275B62F9C5}\stubpath = "C:\\Windows\\{DB3AB642-9FAA-47e7-A9D0-C6275B62F9C5}.exe" | C:\Windows\{481C70F3-8DBC-4a4d-B218-8944C058DEBA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7DE2271D-99BA-41a5-8CA8-522714A8D969} | C:\Windows\{56808A0A-68F6-47b8-9246-2767CF8C15F7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7DE2271D-99BA-41a5-8CA8-522714A8D969}\stubpath = "C:\\Windows\\{7DE2271D-99BA-41a5-8CA8-522714A8D969}.exe" | C:\Windows\{56808A0A-68F6-47b8-9246-2767CF8C15F7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{53C0F6B1-090F-43e3-99EE-48F6A2704EF9} | C:\Windows\{46848500-0E00-4449-BDF7-A66C703A28F0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{53C0F6B1-090F-43e3-99EE-48F6A2704EF9}\stubpath = "C:\\Windows\\{53C0F6B1-090F-43e3-99EE-48F6A2704EF9}.exe" | C:\Windows\{46848500-0E00-4449-BDF7-A66C703A28F0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B06BD1F7-41BB-492e-9606-6C40580821F6} | C:\Windows\{8BAE1876-E743-415f-8237-B09D7EDACB1F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4DF9EDDB-FD46-40fb-BD7B-E6ACD0384476} | C:\Windows\{B06BD1F7-41BB-492e-9606-6C40580821F6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4DF9EDDB-FD46-40fb-BD7B-E6ACD0384476}\stubpath = "C:\\Windows\\{4DF9EDDB-FD46-40fb-BD7B-E6ACD0384476}.exe" | C:\Windows\{B06BD1F7-41BB-492e-9606-6C40580821F6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{481C70F3-8DBC-4a4d-B218-8944C058DEBA}\stubpath = "C:\\Windows\\{481C70F3-8DBC-4a4d-B218-8944C058DEBA}.exe" | C:\Windows\{1BCCAD1C-7D6E-482d-802A-F4376215EF34}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DB3AB642-9FAA-47e7-A9D0-C6275B62F9C5} | C:\Windows\{481C70F3-8DBC-4a4d-B218-8944C058DEBA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E8E1456F-6660-496f-9657-416278A0ABCB}\stubpath = "C:\\Windows\\{E8E1456F-6660-496f-9657-416278A0ABCB}.exe" | C:\Windows\{53C0F6B1-090F-43e3-99EE-48F6A2704EF9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1BCCAD1C-7D6E-482d-802A-F4376215EF34} | C:\Windows\{B4F22BC1-8921-4322-A9BD-D9731D705996}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1BCCAD1C-7D6E-482d-802A-F4376215EF34}\stubpath = "C:\\Windows\\{1BCCAD1C-7D6E-482d-802A-F4376215EF34}.exe" | C:\Windows\{B4F22BC1-8921-4322-A9BD-D9731D705996}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{481C70F3-8DBC-4a4d-B218-8944C058DEBA} | C:\Windows\{1BCCAD1C-7D6E-482d-802A-F4376215EF34}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{56808A0A-68F6-47b8-9246-2767CF8C15F7} | C:\Windows\{DB3AB642-9FAA-47e7-A9D0-C6275B62F9C5}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{46848500-0E00-4449-BDF7-A66C703A28F0}.exe | N/A |
| N/A | N/A | C:\Windows\{53C0F6B1-090F-43e3-99EE-48F6A2704EF9}.exe | N/A |
| N/A | N/A | C:\Windows\{E8E1456F-6660-496f-9657-416278A0ABCB}.exe | N/A |
| N/A | N/A | C:\Windows\{8BAE1876-E743-415f-8237-B09D7EDACB1F}.exe | N/A |
| N/A | N/A | C:\Windows\{B06BD1F7-41BB-492e-9606-6C40580821F6}.exe | N/A |
| N/A | N/A | C:\Windows\{4DF9EDDB-FD46-40fb-BD7B-E6ACD0384476}.exe | N/A |
| N/A | N/A | C:\Windows\{B4F22BC1-8921-4322-A9BD-D9731D705996}.exe | N/A |
| N/A | N/A | C:\Windows\{1BCCAD1C-7D6E-482d-802A-F4376215EF34}.exe | N/A |
| N/A | N/A | C:\Windows\{481C70F3-8DBC-4a4d-B218-8944C058DEBA}.exe | N/A |
| N/A | N/A | C:\Windows\{DB3AB642-9FAA-47e7-A9D0-C6275B62F9C5}.exe | N/A |
| N/A | N/A | C:\Windows\{56808A0A-68F6-47b8-9246-2767CF8C15F7}.exe | N/A |
| N/A | N/A | C:\Windows\{7DE2271D-99BA-41a5-8CA8-522714A8D969}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{46848500-0E00-4449-BDF7-A66C703A28F0}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_24eadd4d609b1d0fc674c021cf1144f9_goldeneye.exe | N/A |
| File created | C:\Windows\{4DF9EDDB-FD46-40fb-BD7B-E6ACD0384476}.exe | C:\Windows\{B06BD1F7-41BB-492e-9606-6C40580821F6}.exe | N/A |
| File created | C:\Windows\{481C70F3-8DBC-4a4d-B218-8944C058DEBA}.exe | C:\Windows\{1BCCAD1C-7D6E-482d-802A-F4376215EF34}.exe | N/A |
| File created | C:\Windows\{7DE2271D-99BA-41a5-8CA8-522714A8D969}.exe | C:\Windows\{56808A0A-68F6-47b8-9246-2767CF8C15F7}.exe | N/A |
| File created | C:\Windows\{53C0F6B1-090F-43e3-99EE-48F6A2704EF9}.exe | C:\Windows\{46848500-0E00-4449-BDF7-A66C703A28F0}.exe | N/A |
| File created | C:\Windows\{E8E1456F-6660-496f-9657-416278A0ABCB}.exe | C:\Windows\{53C0F6B1-090F-43e3-99EE-48F6A2704EF9}.exe | N/A |
| File created | C:\Windows\{8BAE1876-E743-415f-8237-B09D7EDACB1F}.exe | C:\Windows\{E8E1456F-6660-496f-9657-416278A0ABCB}.exe | N/A |
| File created | C:\Windows\{B06BD1F7-41BB-492e-9606-6C40580821F6}.exe | C:\Windows\{8BAE1876-E743-415f-8237-B09D7EDACB1F}.exe | N/A |
| File created | C:\Windows\{B4F22BC1-8921-4322-A9BD-D9731D705996}.exe | C:\Windows\{4DF9EDDB-FD46-40fb-BD7B-E6ACD0384476}.exe | N/A |
| File created | C:\Windows\{1BCCAD1C-7D6E-482d-802A-F4376215EF34}.exe | C:\Windows\{B4F22BC1-8921-4322-A9BD-D9731D705996}.exe | N/A |
| File created | C:\Windows\{DB3AB642-9FAA-47e7-A9D0-C6275B62F9C5}.exe | C:\Windows\{481C70F3-8DBC-4a4d-B218-8944C058DEBA}.exe | N/A |
| File created | C:\Windows\{56808A0A-68F6-47b8-9246-2767CF8C15F7}.exe | C:\Windows\{DB3AB642-9FAA-47e7-A9D0-C6275B62F9C5}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_24eadd4d609b1d0fc674c021cf1144f9_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_24eadd4d609b1d0fc674c021cf1144f9_goldeneye.exe"
C:\Windows\{46848500-0E00-4449-BDF7-A66C703A28F0}.exe
C:\Windows\{46848500-0E00-4449-BDF7-A66C703A28F0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{53C0F6B1-090F-43e3-99EE-48F6A2704EF9}.exe
C:\Windows\{53C0F6B1-090F-43e3-99EE-48F6A2704EF9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{46848~1.EXE > nul
C:\Windows\{E8E1456F-6660-496f-9657-416278A0ABCB}.exe
C:\Windows\{E8E1456F-6660-496f-9657-416278A0ABCB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{53C0F~1.EXE > nul
C:\Windows\{8BAE1876-E743-415f-8237-B09D7EDACB1F}.exe
C:\Windows\{8BAE1876-E743-415f-8237-B09D7EDACB1F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E8E14~1.EXE > nul
C:\Windows\{B06BD1F7-41BB-492e-9606-6C40580821F6}.exe
C:\Windows\{B06BD1F7-41BB-492e-9606-6C40580821F6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8BAE1~1.EXE > nul
C:\Windows\{4DF9EDDB-FD46-40fb-BD7B-E6ACD0384476}.exe
C:\Windows\{4DF9EDDB-FD46-40fb-BD7B-E6ACD0384476}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B06BD~1.EXE > nul
C:\Windows\{B4F22BC1-8921-4322-A9BD-D9731D705996}.exe
C:\Windows\{B4F22BC1-8921-4322-A9BD-D9731D705996}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4DF9E~1.EXE > nul
C:\Windows\{1BCCAD1C-7D6E-482d-802A-F4376215EF34}.exe
C:\Windows\{1BCCAD1C-7D6E-482d-802A-F4376215EF34}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B4F22~1.EXE > nul
C:\Windows\{481C70F3-8DBC-4a4d-B218-8944C058DEBA}.exe
C:\Windows\{481C70F3-8DBC-4a4d-B218-8944C058DEBA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1BCCA~1.EXE > nul
C:\Windows\{DB3AB642-9FAA-47e7-A9D0-C6275B62F9C5}.exe
C:\Windows\{DB3AB642-9FAA-47e7-A9D0-C6275B62F9C5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{481C7~1.EXE > nul
C:\Windows\{56808A0A-68F6-47b8-9246-2767CF8C15F7}.exe
C:\Windows\{56808A0A-68F6-47b8-9246-2767CF8C15F7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{DB3AB~1.EXE > nul
C:\Windows\{7DE2271D-99BA-41a5-8CA8-522714A8D969}.exe
C:\Windows\{7DE2271D-99BA-41a5-8CA8-522714A8D969}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{56808~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
C:\Windows\{46848500-0E00-4449-BDF7-A66C703A28F0}.exe
| MD5 | 6330e82b17dba974b7da345b07b8eb9d |
| SHA1 | 90bff3b8cb6b75426d9587133af92e7350337016 |
| SHA256 | 6bcaa6a1a93d769946638dee71a51c791d9e5095dba52a708bb8360bca50a9ae |
| SHA512 | 6b03eddf2a5f1f73ddda8699253af825fe9478cbc34938a53f9f64e14f19385834bbfc0846759c38ac7e4b39f06f5499b0466f184adec9c21623fab57e73a783 |
C:\Windows\{53C0F6B1-090F-43e3-99EE-48F6A2704EF9}.exe
| MD5 | b18394bf6b68e3bc4951dc885d9389e4 |
| SHA1 | 566132d2844982f4f45ddfcbe25a364cddc4e2e1 |
| SHA256 | 3cae102e44729c752ae612a837abe95d703df08cf82e32f3860f01d6d6f4d3a1 |
| SHA512 | 139fc49e0bef6aefeb2077d3855703f0d93016494643831f79668081ca79dfbbdf1c99f8bf0d3906ec4f088f6a6e1b705019ea87b914ecb1ac6519638e04ae21 |
C:\Windows\{E8E1456F-6660-496f-9657-416278A0ABCB}.exe
| MD5 | 5d8a60b5e2d25aae3ab95d664964346a |
| SHA1 | 730733ae14d90d6c0501f2ce9827680396ce2b27 |
| SHA256 | 73bc6a740c5c5ae48e18ce6c7b3d7a04017ec1b3c6e4e7635729fd15c0120632 |
| SHA512 | 1663d34d89a8fad5aaea48869a93c2ae0e922c4627b1c313f6300df488cf9c6fc9e1a2a604dad06a257035fea482b649fa4c5aad0d2d9f7828660f60a2b40ca3 |
C:\Windows\{8BAE1876-E743-415f-8237-B09D7EDACB1F}.exe
| MD5 | 52818b3ec6105da335c74ed4583ef945 |
| SHA1 | 2899a4610b90acf422bc6c563fb307ecd650c3cb |
| SHA256 | 113143a3bf4f2cab5c14210ffc823c5a6b65ea668f7e1a0670be2bcc71165579 |
| SHA512 | 42433027b6684ed811006451259673197d5369b5639cd66b905f146da2455681d7c1641e19e82a651e5f70bbd30ca13658d1c24844a260ed08ae7f038e2bd022 |
C:\Windows\{B06BD1F7-41BB-492e-9606-6C40580821F6}.exe
| MD5 | d1561b08d909bc5a8ae5ca232e2a390d |
| SHA1 | 9b3458caaa276aa77e45a9ce138cf9e72e9b239d |
| SHA256 | 7e6f111c6afedfe9cf2d562e01d4afa3c60ca2eb1093b462a3f5a06517305abf |
| SHA512 | 7a1ea5e424809bb9925755e2392bfc09a18dc22bac2848e9df1c71932ff129f9cff6f1f4c70c5fd108490ad6330d1c4327306163757d6b4494e72d0474cc4d9c |
C:\Windows\{4DF9EDDB-FD46-40fb-BD7B-E6ACD0384476}.exe
| MD5 | 8c410f82059069f48c5d8412f3d1ff6b |
| SHA1 | 5311c7a63b716e7ec7dadab5c70553aae69f4889 |
| SHA256 | 639f06c6cc5d3f8cc5774fa515f54f52a1e1ee682f916d587ea265dff234e8dd |
| SHA512 | b221455b9165ee45c41d89c09dc0ad68f2eda8839ec48caf710d41c566806e7474f738d83f0d9d431a916564adec80d2d211704d719b668c9ffcf30764bf15ca |
C:\Windows\{B4F22BC1-8921-4322-A9BD-D9731D705996}.exe
| MD5 | 2ab91ea56329d55276ddbdc2dddae5f2 |
| SHA1 | 9029a23e6c049bccc224c9fd9d833872ae086f0a |
| SHA256 | 0d3b0626e425fefb3b792d65f5b6325640ed3ee3a7338035b3834eba87b7d45e |
| SHA512 | 37906f3e5a72ba3b3cb74b80a8512b052624c1fb650b219dfbd3023a6d4147b1178e9fccf050047ce20d62f53a7d89dff06a16151ca488cd33017dfcbd3d29ee |
C:\Windows\{1BCCAD1C-7D6E-482d-802A-F4376215EF34}.exe
| MD5 | 89bc1fdc570ddd668954fdac05fae0c7 |
| SHA1 | bdfcb5fc2071b8be252bf70ea4286abdaf26f367 |
| SHA256 | 4c64e535c7ec1778db20433f798209525368c5f7d7c870b687a3bff27cfe7430 |
| SHA512 | f72aca269bfe99cd51177da17fb5c34592c041f2ac820fd2106ee2cbc06bfc93e59a2f1cd2e2f48881f4a862f1b6536a85538eed71698e8b45a74ff1fd937d8d |
C:\Windows\{481C70F3-8DBC-4a4d-B218-8944C058DEBA}.exe
| MD5 | d3696475b1bea8af8ae23b281a9fba38 |
| SHA1 | cec6c6f87f1a011c6e6ed882b8fa62d9af9eb376 |
| SHA256 | 598503bd08ee9a709f6d7d338b8947f5cc70a1620d7bd61f1ddb20f00387ca5a |
| SHA512 | 715dd4d7aca7161f70c71b421625e4d8533e2b25c6ac831714a010c2f0397d91fe452ebcbcc8c6183e4157219fe7eb5a353e708a3e83bf16e23be1ca21a9bea3 |
C:\Windows\{DB3AB642-9FAA-47e7-A9D0-C6275B62F9C5}.exe
| MD5 | 0851e42f69a0cdd92b311181b1e83f86 |
| SHA1 | eda6f27da237e41114ccdf41889402b7c24425be |
| SHA256 | 6e08abca14bcdd3e6de675159b6494c03252d32de1ca354863caabdfeb7680d5 |
| SHA512 | 7524aee80b418f8f50782c1086dbe96ace304e6f8d0b7d6ec0a6a4da9b8ea49af8a6169b67a540eba9f8e0298e878610d4f1b2d716e00b087501a80668d69a50 |
C:\Windows\{56808A0A-68F6-47b8-9246-2767CF8C15F7}.exe
| MD5 | fe0744636adf1b2d83ca574cff49393d |
| SHA1 | 2ee8880c3e08124e15c5eaaacc825153c4d74041 |
| SHA256 | 4427e477161a3a56cc340733ddca46c2c96a2610d722fbf38b73fc52090c8ff3 |
| SHA512 | 223fa35598639c4a16287a66e8730cd32fca82bdd5dcbec751aba66ced86470713ac3d2c202db9a816551c025893dad74810c9bf48a91443752b5795b52cbecd |
C:\Windows\{7DE2271D-99BA-41a5-8CA8-522714A8D969}.exe
| MD5 | c1a96e40801bcc856fe401ff5a3edfa3 |
| SHA1 | b5b952378ecef2cc0e5c57bea030c96584cadbf3 |
| SHA256 | 167af03c569b595cc015a2af6d5efd1cdc37573520b9aaade1aa1ba60b86a191 |
| SHA512 | d3d79d7d670f5fcd28a40f6ebceef270faa38c8e824eb91060800186a00be1d18868ca944897fc575a82c7ab03c9751c78e6aaf548ff33f7c838a8ab6d5c84f1 |