Analysis Overview
SHA256
af90a6e62c8f374a92eda58540a7cde284dea37c89a4d3a3d05d0dd9b66c5f75
Threat Level: Known bad
The file 2024-06-13_cccf755b68a82444975a1e21d5969aae_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 03:00
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 03:00
Reported
2024-06-13 03:02
Platform
win7-20240508-en
Max time kernel
144s
Max time network
120s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8D3F6C84-C7A0-4fc5-8A4A-8E43BE820FD4}\stubpath = "C:\\Windows\\{8D3F6C84-C7A0-4fc5-8A4A-8E43BE820FD4}.exe" | C:\Windows\{A8DC79B9-2A06-48df-BFF1-B0CB69949875}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B49FFD8F-59D1-4bf4-A61F-D086809E92BE}\stubpath = "C:\\Windows\\{B49FFD8F-59D1-4bf4-A61F-D086809E92BE}.exe" | C:\Windows\{8D3F6C84-C7A0-4fc5-8A4A-8E43BE820FD4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C6E6D61F-81F8-4f56-8E59-CE0EDB548C36} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_cccf755b68a82444975a1e21d5969aae_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C6E6D61F-81F8-4f56-8E59-CE0EDB548C36}\stubpath = "C:\\Windows\\{C6E6D61F-81F8-4f56-8E59-CE0EDB548C36}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_cccf755b68a82444975a1e21d5969aae_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{DA6D16AC-A92C-4df4-AAB2-E5FD6F159765} | C:\Windows\{C6E6D61F-81F8-4f56-8E59-CE0EDB548C36}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{36200092-754A-401c-9F1C-012E6941BCF9} | C:\Windows\{DA6D16AC-A92C-4df4-AAB2-E5FD6F159765}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{36200092-754A-401c-9F1C-012E6941BCF9}\stubpath = "C:\\Windows\\{36200092-754A-401c-9F1C-012E6941BCF9}.exe" | C:\Windows\{DA6D16AC-A92C-4df4-AAB2-E5FD6F159765}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8D3F6C84-C7A0-4fc5-8A4A-8E43BE820FD4} | C:\Windows\{A8DC79B9-2A06-48df-BFF1-B0CB69949875}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B88031E4-0646-4607-A942-E1D28FEF68FE}\stubpath = "C:\\Windows\\{B88031E4-0646-4607-A942-E1D28FEF68FE}.exe" | C:\Windows\{BDAD45E4-1E94-48e4-B1FE-4F275A46AEF9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B88031E4-0646-4607-A942-E1D28FEF68FE} | C:\Windows\{BDAD45E4-1E94-48e4-B1FE-4F275A46AEF9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2BA11765-D1D0-4b47-A1BE-CD8BB6158343}\stubpath = "C:\\Windows\\{2BA11765-D1D0-4b47-A1BE-CD8BB6158343}.exe" | C:\Windows\{36200092-754A-401c-9F1C-012E6941BCF9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4DF00830-D06A-416c-9731-FB600BA526F3} | C:\Windows\{2BA11765-D1D0-4b47-A1BE-CD8BB6158343}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4DF00830-D06A-416c-9731-FB600BA526F3}\stubpath = "C:\\Windows\\{4DF00830-D06A-416c-9731-FB600BA526F3}.exe" | C:\Windows\{2BA11765-D1D0-4b47-A1BE-CD8BB6158343}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3354D93F-19CD-4e69-BBA2-3FA0AF21B9A9}\stubpath = "C:\\Windows\\{3354D93F-19CD-4e69-BBA2-3FA0AF21B9A9}.exe" | C:\Windows\{4DF00830-D06A-416c-9731-FB600BA526F3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A8DC79B9-2A06-48df-BFF1-B0CB69949875} | C:\Windows\{3354D93F-19CD-4e69-BBA2-3FA0AF21B9A9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A8DC79B9-2A06-48df-BFF1-B0CB69949875}\stubpath = "C:\\Windows\\{A8DC79B9-2A06-48df-BFF1-B0CB69949875}.exe" | C:\Windows\{3354D93F-19CD-4e69-BBA2-3FA0AF21B9A9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{DA6D16AC-A92C-4df4-AAB2-E5FD6F159765}\stubpath = "C:\\Windows\\{DA6D16AC-A92C-4df4-AAB2-E5FD6F159765}.exe" | C:\Windows\{C6E6D61F-81F8-4f56-8E59-CE0EDB548C36}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2BA11765-D1D0-4b47-A1BE-CD8BB6158343} | C:\Windows\{36200092-754A-401c-9F1C-012E6941BCF9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3354D93F-19CD-4e69-BBA2-3FA0AF21B9A9} | C:\Windows\{4DF00830-D06A-416c-9731-FB600BA526F3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B49FFD8F-59D1-4bf4-A61F-D086809E92BE} | C:\Windows\{8D3F6C84-C7A0-4fc5-8A4A-8E43BE820FD4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BDAD45E4-1E94-48e4-B1FE-4F275A46AEF9} | C:\Windows\{B49FFD8F-59D1-4bf4-A61F-D086809E92BE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BDAD45E4-1E94-48e4-B1FE-4F275A46AEF9}\stubpath = "C:\\Windows\\{BDAD45E4-1E94-48e4-B1FE-4F275A46AEF9}.exe" | C:\Windows\{B49FFD8F-59D1-4bf4-A61F-D086809E92BE}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{C6E6D61F-81F8-4f56-8E59-CE0EDB548C36}.exe | N/A |
| N/A | N/A | C:\Windows\{DA6D16AC-A92C-4df4-AAB2-E5FD6F159765}.exe | N/A |
| N/A | N/A | C:\Windows\{36200092-754A-401c-9F1C-012E6941BCF9}.exe | N/A |
| N/A | N/A | C:\Windows\{2BA11765-D1D0-4b47-A1BE-CD8BB6158343}.exe | N/A |
| N/A | N/A | C:\Windows\{4DF00830-D06A-416c-9731-FB600BA526F3}.exe | N/A |
| N/A | N/A | C:\Windows\{3354D93F-19CD-4e69-BBA2-3FA0AF21B9A9}.exe | N/A |
| N/A | N/A | C:\Windows\{A8DC79B9-2A06-48df-BFF1-B0CB69949875}.exe | N/A |
| N/A | N/A | C:\Windows\{8D3F6C84-C7A0-4fc5-8A4A-8E43BE820FD4}.exe | N/A |
| N/A | N/A | C:\Windows\{B49FFD8F-59D1-4bf4-A61F-D086809E92BE}.exe | N/A |
| N/A | N/A | C:\Windows\{BDAD45E4-1E94-48e4-B1FE-4F275A46AEF9}.exe | N/A |
| N/A | N/A | C:\Windows\{B88031E4-0646-4607-A942-E1D28FEF68FE}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{A8DC79B9-2A06-48df-BFF1-B0CB69949875}.exe | C:\Windows\{3354D93F-19CD-4e69-BBA2-3FA0AF21B9A9}.exe | N/A |
| File created | C:\Windows\{8D3F6C84-C7A0-4fc5-8A4A-8E43BE820FD4}.exe | C:\Windows\{A8DC79B9-2A06-48df-BFF1-B0CB69949875}.exe | N/A |
| File created | C:\Windows\{B49FFD8F-59D1-4bf4-A61F-D086809E92BE}.exe | C:\Windows\{8D3F6C84-C7A0-4fc5-8A4A-8E43BE820FD4}.exe | N/A |
| File created | C:\Windows\{DA6D16AC-A92C-4df4-AAB2-E5FD6F159765}.exe | C:\Windows\{C6E6D61F-81F8-4f56-8E59-CE0EDB548C36}.exe | N/A |
| File created | C:\Windows\{2BA11765-D1D0-4b47-A1BE-CD8BB6158343}.exe | C:\Windows\{36200092-754A-401c-9F1C-012E6941BCF9}.exe | N/A |
| File created | C:\Windows\{4DF00830-D06A-416c-9731-FB600BA526F3}.exe | C:\Windows\{2BA11765-D1D0-4b47-A1BE-CD8BB6158343}.exe | N/A |
| File created | C:\Windows\{BDAD45E4-1E94-48e4-B1FE-4F275A46AEF9}.exe | C:\Windows\{B49FFD8F-59D1-4bf4-A61F-D086809E92BE}.exe | N/A |
| File created | C:\Windows\{B88031E4-0646-4607-A942-E1D28FEF68FE}.exe | C:\Windows\{BDAD45E4-1E94-48e4-B1FE-4F275A46AEF9}.exe | N/A |
| File created | C:\Windows\{C6E6D61F-81F8-4f56-8E59-CE0EDB548C36}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_cccf755b68a82444975a1e21d5969aae_goldeneye.exe | N/A |
| File created | C:\Windows\{36200092-754A-401c-9F1C-012E6941BCF9}.exe | C:\Windows\{DA6D16AC-A92C-4df4-AAB2-E5FD6F159765}.exe | N/A |
| File created | C:\Windows\{3354D93F-19CD-4e69-BBA2-3FA0AF21B9A9}.exe | C:\Windows\{4DF00830-D06A-416c-9731-FB600BA526F3}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_cccf755b68a82444975a1e21d5969aae_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_cccf755b68a82444975a1e21d5969aae_goldeneye.exe"
C:\Windows\{C6E6D61F-81F8-4f56-8E59-CE0EDB548C36}.exe
C:\Windows\{C6E6D61F-81F8-4f56-8E59-CE0EDB548C36}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{DA6D16AC-A92C-4df4-AAB2-E5FD6F159765}.exe
C:\Windows\{DA6D16AC-A92C-4df4-AAB2-E5FD6F159765}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C6E6D~1.EXE > nul
C:\Windows\{36200092-754A-401c-9F1C-012E6941BCF9}.exe
C:\Windows\{36200092-754A-401c-9F1C-012E6941BCF9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{DA6D1~1.EXE > nul
C:\Windows\{2BA11765-D1D0-4b47-A1BE-CD8BB6158343}.exe
C:\Windows\{2BA11765-D1D0-4b47-A1BE-CD8BB6158343}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{36200~1.EXE > nul
C:\Windows\{4DF00830-D06A-416c-9731-FB600BA526F3}.exe
C:\Windows\{4DF00830-D06A-416c-9731-FB600BA526F3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2BA11~1.EXE > nul
C:\Windows\{3354D93F-19CD-4e69-BBA2-3FA0AF21B9A9}.exe
C:\Windows\{3354D93F-19CD-4e69-BBA2-3FA0AF21B9A9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4DF00~1.EXE > nul
C:\Windows\{A8DC79B9-2A06-48df-BFF1-B0CB69949875}.exe
C:\Windows\{A8DC79B9-2A06-48df-BFF1-B0CB69949875}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3354D~1.EXE > nul
C:\Windows\{8D3F6C84-C7A0-4fc5-8A4A-8E43BE820FD4}.exe
C:\Windows\{8D3F6C84-C7A0-4fc5-8A4A-8E43BE820FD4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A8DC7~1.EXE > nul
C:\Windows\{B49FFD8F-59D1-4bf4-A61F-D086809E92BE}.exe
C:\Windows\{B49FFD8F-59D1-4bf4-A61F-D086809E92BE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8D3F6~1.EXE > nul
C:\Windows\{BDAD45E4-1E94-48e4-B1FE-4F275A46AEF9}.exe
C:\Windows\{BDAD45E4-1E94-48e4-B1FE-4F275A46AEF9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B49FF~1.EXE > nul
C:\Windows\{B88031E4-0646-4607-A942-E1D28FEF68FE}.exe
C:\Windows\{B88031E4-0646-4607-A942-E1D28FEF68FE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BDAD4~1.EXE > nul
Network
Files
C:\Windows\{C6E6D61F-81F8-4f56-8E59-CE0EDB548C36}.exe
| MD5 | f855a5f7c0ede97e7bf7db971374ed98 |
| SHA1 | 59a48754ecc9df477a1e630f80ffe9e43fd8447c |
| SHA256 | 16829277cc7ff48d7cc2b138fe414da1178ffb15d61c4f07a2845cec5a4af375 |
| SHA512 | 0cf53b78f99b7667f19de24f26c18f64c90b8291c0431f01d1a600d8aee99ac12d03581f3a75050158e21b1aee5182f76c0f5141493307ea2828423acc28eb99 |
C:\Windows\{DA6D16AC-A92C-4df4-AAB2-E5FD6F159765}.exe
| MD5 | eaa7f4160b04b5c32a44796cf7522e1e |
| SHA1 | ff1550fbcd90204be804329d3f2324b494f3b7c0 |
| SHA256 | 338138cf2ba668b554ec7fcd0937c83126dc66b25eb60c96275ae5e8b29aee31 |
| SHA512 | f6ebc5bcd2d842521209764300fe03c8972418c48c08aa4fb8cd7359584a038f43d5a8e6238e9a29279a5cb882c0ad211840513ba95f3dcc3d6c626c8df26eea |
C:\Windows\{36200092-754A-401c-9F1C-012E6941BCF9}.exe
| MD5 | 3705e4b2eeca69d937508bbf584f7131 |
| SHA1 | 569e52a143c8812c73e0ad13266850e75354b1ea |
| SHA256 | 789ff8635ac1bf3bd240046153d0263276baaf2b5bba1ddb38c843397d01d237 |
| SHA512 | 3c24f72df7ed27f4fea04048d39b454d0fcf7e353212962d0a0325845420177b46f082a464f0e57bd945993642ecf0edbfc3889c24d05dafe251f8bd45de6f6a |
C:\Windows\{2BA11765-D1D0-4b47-A1BE-CD8BB6158343}.exe
| MD5 | eda1abf7229bbaedfdb0cf77b715c84f |
| SHA1 | 14748127e200793b5673d9ab5b18a179233793da |
| SHA256 | 0d10d0e5ae50720d62096e120272769f81b20a8c497b762d825472f72c45ca5b |
| SHA512 | 55ed08d24ce20493dc3ab4266a237b479dd2dcb687a3f28c80dee55560835c3f26b7171c5822257961686cea4cddd19d29db49f5629d9697b980a4e252cc28f0 |
C:\Windows\{4DF00830-D06A-416c-9731-FB600BA526F3}.exe
| MD5 | 617e3b62135ea8939e7492bbabd76cec |
| SHA1 | 8b07b2419f795d14fb69317c50daf0290f56933d |
| SHA256 | 07f55febf0de6a8e898e049cc5cadfe993a782fc9a6c2e9c1255fe3afd2211f7 |
| SHA512 | e3fa1dd7f8948de7430aa07edade0ceb4cd5b4e718786a8954112deff74e4aa7a98f79ec2893d72174418958779ceead04dfca65a1630f72063ed5e5e7560d61 |
C:\Windows\{3354D93F-19CD-4e69-BBA2-3FA0AF21B9A9}.exe
| MD5 | 6c2db49a469f7a4d31155ff05bfc60bc |
| SHA1 | 90dae359c4d47959e90ec76f1c862079a2aa4ace |
| SHA256 | 9ee92e842171d606faf485589928c5c3de3d8e84d2101d03911d71c75c4618a0 |
| SHA512 | c57aa583b5965d51cef7607997696659ee91cf115962d339bd374077a4e2afdcb9efc19b86c3b5f92b5598597e72c23e0d48a3e48b4eb4fea27246fbc72f7122 |
C:\Windows\{A8DC79B9-2A06-48df-BFF1-B0CB69949875}.exe
| MD5 | 20c0c0bef42cc0c4298e21669cd5815e |
| SHA1 | 5c0f7e016998f5e976840e2b8fc9e11b7a15c918 |
| SHA256 | 4537955c473ea99e7c43622aeb360241e8feea4a28f5e30fb28a322a25b01cad |
| SHA512 | 309d1f458419f38906b51618183d0bc71880cb3a412ec4e7bb877d4d007ad0c04eea629acc3639de42a50a1c3e6a71aefca0cacdf7d00d7def4b9030aa181157 |
C:\Windows\{8D3F6C84-C7A0-4fc5-8A4A-8E43BE820FD4}.exe
| MD5 | c25b2ed3a697455db391b219c9612373 |
| SHA1 | 92ff55fe482d487d0c0c43be3421b1b21fa9bae4 |
| SHA256 | e918d4e0e172e63c227a154b5a45a8c68cd2f734f847b99cf571530c6e934c70 |
| SHA512 | a35440d2426fa4848aa83564740fafe57e43f33f98da19b38f4d473d8fccc31decb83f5790eb881f5b467572fa208397f55cd1b48db5dc13cb402e50b98b378a |
C:\Windows\{B49FFD8F-59D1-4bf4-A61F-D086809E92BE}.exe
| MD5 | bc70eeed8acd033f0e9e91f4003da8c8 |
| SHA1 | 1a23690e07f09e4db443dd14ce6afb8538f30884 |
| SHA256 | 707fa8f3260962ccea7584362a29ecfa989ced6e3f04a22b2fcd34541026afce |
| SHA512 | fc27f48c863d36929fbcc761f6b600ae75c2bd2f358682821c658c3395b861f97f611ddb97117353310e444e79e7b2b6d5c093d0fa8d2b5308c1e5bf1ec26cd6 |
C:\Windows\{BDAD45E4-1E94-48e4-B1FE-4F275A46AEF9}.exe
| MD5 | e40ba5b13feabd030be934cde4a6eced |
| SHA1 | 902ad4647cf4893564f1cee7d55237d30761a0f6 |
| SHA256 | 40d94b4107096cc6c20528df884275f8f9a17720d86655d3cf2b4d3bd2cbb894 |
| SHA512 | eaead01cdbbe108b6defefd44cf053350e4783865aa875eee29d4e5d48afb0ce7273a8cdca3839cda1047056d15faff0ee2f2c0ff0544903638643bd07b76970 |
C:\Windows\{B88031E4-0646-4607-A942-E1D28FEF68FE}.exe
| MD5 | c0fe4c0c005fb2affca605e99164215a |
| SHA1 | 88ae2cb507120d4328012a00f611e390adea721c |
| SHA256 | 0b651fab237189fe3216c8354a9f89439bc1b57eaed0ff580b5ff457161a6039 |
| SHA512 | 93c19e00b24e5f3a1e2d9b5621882041c054b79022b81811809616224f75fb06088a656df65bb23a7b12c5e1cc77d5c6d120dae293b8aab4bc2684f52205c609 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 03:00
Reported
2024-06-13 03:02
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{68C678D8-3E86-4bdb-B4A4-63C6CB2F6A42} | C:\Windows\{D14F289C-7932-4a5f-ACB1-AA202AACA9BD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{68C678D8-3E86-4bdb-B4A4-63C6CB2F6A42}\stubpath = "C:\\Windows\\{68C678D8-3E86-4bdb-B4A4-63C6CB2F6A42}.exe" | C:\Windows\{D14F289C-7932-4a5f-ACB1-AA202AACA9BD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0581C50A-A6A9-4928-9971-CCF774512A5E}\stubpath = "C:\\Windows\\{0581C50A-A6A9-4928-9971-CCF774512A5E}.exe" | C:\Windows\{68C678D8-3E86-4bdb-B4A4-63C6CB2F6A42}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{495D664F-2B4F-406b-906E-DDF4F49B51EB} | C:\Windows\{DFC098DA-315A-461f-85E4-75F3FB1F7407}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{90FCA86F-A1A7-48ce-8F28-D65355F0F406}\stubpath = "C:\\Windows\\{90FCA86F-A1A7-48ce-8F28-D65355F0F406}.exe" | C:\Windows\{B9CBB80F-0116-44fb-8A1B-6E1B169856B0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D14F289C-7932-4a5f-ACB1-AA202AACA9BD}\stubpath = "C:\\Windows\\{D14F289C-7932-4a5f-ACB1-AA202AACA9BD}.exe" | C:\Windows\{A45DD487-223A-40e7-ABD5-624FFC5D7CA9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0581C50A-A6A9-4928-9971-CCF774512A5E} | C:\Windows\{68C678D8-3E86-4bdb-B4A4-63C6CB2F6A42}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D3C1D707-203F-4b0a-9B8F-15DB6521272E} | C:\Windows\{0581C50A-A6A9-4928-9971-CCF774512A5E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D3C1D707-203F-4b0a-9B8F-15DB6521272E}\stubpath = "C:\\Windows\\{D3C1D707-203F-4b0a-9B8F-15DB6521272E}.exe" | C:\Windows\{0581C50A-A6A9-4928-9971-CCF774512A5E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{495D664F-2B4F-406b-906E-DDF4F49B51EB}\stubpath = "C:\\Windows\\{495D664F-2B4F-406b-906E-DDF4F49B51EB}.exe" | C:\Windows\{DFC098DA-315A-461f-85E4-75F3FB1F7407}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B9CBB80F-0116-44fb-8A1B-6E1B169856B0}\stubpath = "C:\\Windows\\{B9CBB80F-0116-44fb-8A1B-6E1B169856B0}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_cccf755b68a82444975a1e21d5969aae_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D14F289C-7932-4a5f-ACB1-AA202AACA9BD} | C:\Windows\{A45DD487-223A-40e7-ABD5-624FFC5D7CA9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DFC098DA-315A-461f-85E4-75F3FB1F7407} | C:\Windows\{8FCC6001-F701-4db1-9271-4E7A91D566C0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DFC098DA-315A-461f-85E4-75F3FB1F7407}\stubpath = "C:\\Windows\\{DFC098DA-315A-461f-85E4-75F3FB1F7407}.exe" | C:\Windows\{8FCC6001-F701-4db1-9271-4E7A91D566C0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{ED4441A2-CE60-4884-8168-009BE5BC635F}\stubpath = "C:\\Windows\\{ED4441A2-CE60-4884-8168-009BE5BC635F}.exe" | C:\Windows\{D3C1D707-203F-4b0a-9B8F-15DB6521272E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8FCC6001-F701-4db1-9271-4E7A91D566C0} | C:\Windows\{ED4441A2-CE60-4884-8168-009BE5BC635F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E0734B71-DBDE-47c0-8E99-FFDE2D57B478} | C:\Windows\{90FCA86F-A1A7-48ce-8F28-D65355F0F406}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E0734B71-DBDE-47c0-8E99-FFDE2D57B478}\stubpath = "C:\\Windows\\{E0734B71-DBDE-47c0-8E99-FFDE2D57B478}.exe" | C:\Windows\{90FCA86F-A1A7-48ce-8F28-D65355F0F406}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A45DD487-223A-40e7-ABD5-624FFC5D7CA9} | C:\Windows\{E0734B71-DBDE-47c0-8E99-FFDE2D57B478}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A45DD487-223A-40e7-ABD5-624FFC5D7CA9}\stubpath = "C:\\Windows\\{A45DD487-223A-40e7-ABD5-624FFC5D7CA9}.exe" | C:\Windows\{E0734B71-DBDE-47c0-8E99-FFDE2D57B478}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{ED4441A2-CE60-4884-8168-009BE5BC635F} | C:\Windows\{D3C1D707-203F-4b0a-9B8F-15DB6521272E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8FCC6001-F701-4db1-9271-4E7A91D566C0}\stubpath = "C:\\Windows\\{8FCC6001-F701-4db1-9271-4E7A91D566C0}.exe" | C:\Windows\{ED4441A2-CE60-4884-8168-009BE5BC635F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B9CBB80F-0116-44fb-8A1B-6E1B169856B0} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_cccf755b68a82444975a1e21d5969aae_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{90FCA86F-A1A7-48ce-8F28-D65355F0F406} | C:\Windows\{B9CBB80F-0116-44fb-8A1B-6E1B169856B0}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{B9CBB80F-0116-44fb-8A1B-6E1B169856B0}.exe | N/A |
| N/A | N/A | C:\Windows\{90FCA86F-A1A7-48ce-8F28-D65355F0F406}.exe | N/A |
| N/A | N/A | C:\Windows\{E0734B71-DBDE-47c0-8E99-FFDE2D57B478}.exe | N/A |
| N/A | N/A | C:\Windows\{A45DD487-223A-40e7-ABD5-624FFC5D7CA9}.exe | N/A |
| N/A | N/A | C:\Windows\{D14F289C-7932-4a5f-ACB1-AA202AACA9BD}.exe | N/A |
| N/A | N/A | C:\Windows\{68C678D8-3E86-4bdb-B4A4-63C6CB2F6A42}.exe | N/A |
| N/A | N/A | C:\Windows\{0581C50A-A6A9-4928-9971-CCF774512A5E}.exe | N/A |
| N/A | N/A | C:\Windows\{D3C1D707-203F-4b0a-9B8F-15DB6521272E}.exe | N/A |
| N/A | N/A | C:\Windows\{ED4441A2-CE60-4884-8168-009BE5BC635F}.exe | N/A |
| N/A | N/A | C:\Windows\{8FCC6001-F701-4db1-9271-4E7A91D566C0}.exe | N/A |
| N/A | N/A | C:\Windows\{DFC098DA-315A-461f-85E4-75F3FB1F7407}.exe | N/A |
| N/A | N/A | C:\Windows\{495D664F-2B4F-406b-906E-DDF4F49B51EB}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{A45DD487-223A-40e7-ABD5-624FFC5D7CA9}.exe | C:\Windows\{E0734B71-DBDE-47c0-8E99-FFDE2D57B478}.exe | N/A |
| File created | C:\Windows\{D14F289C-7932-4a5f-ACB1-AA202AACA9BD}.exe | C:\Windows\{A45DD487-223A-40e7-ABD5-624FFC5D7CA9}.exe | N/A |
| File created | C:\Windows\{0581C50A-A6A9-4928-9971-CCF774512A5E}.exe | C:\Windows\{68C678D8-3E86-4bdb-B4A4-63C6CB2F6A42}.exe | N/A |
| File created | C:\Windows\{ED4441A2-CE60-4884-8168-009BE5BC635F}.exe | C:\Windows\{D3C1D707-203F-4b0a-9B8F-15DB6521272E}.exe | N/A |
| File created | C:\Windows\{495D664F-2B4F-406b-906E-DDF4F49B51EB}.exe | C:\Windows\{DFC098DA-315A-461f-85E4-75F3FB1F7407}.exe | N/A |
| File created | C:\Windows\{B9CBB80F-0116-44fb-8A1B-6E1B169856B0}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_cccf755b68a82444975a1e21d5969aae_goldeneye.exe | N/A |
| File created | C:\Windows\{90FCA86F-A1A7-48ce-8F28-D65355F0F406}.exe | C:\Windows\{B9CBB80F-0116-44fb-8A1B-6E1B169856B0}.exe | N/A |
| File created | C:\Windows\{E0734B71-DBDE-47c0-8E99-FFDE2D57B478}.exe | C:\Windows\{90FCA86F-A1A7-48ce-8F28-D65355F0F406}.exe | N/A |
| File created | C:\Windows\{DFC098DA-315A-461f-85E4-75F3FB1F7407}.exe | C:\Windows\{8FCC6001-F701-4db1-9271-4E7A91D566C0}.exe | N/A |
| File created | C:\Windows\{68C678D8-3E86-4bdb-B4A4-63C6CB2F6A42}.exe | C:\Windows\{D14F289C-7932-4a5f-ACB1-AA202AACA9BD}.exe | N/A |
| File created | C:\Windows\{D3C1D707-203F-4b0a-9B8F-15DB6521272E}.exe | C:\Windows\{0581C50A-A6A9-4928-9971-CCF774512A5E}.exe | N/A |
| File created | C:\Windows\{8FCC6001-F701-4db1-9271-4E7A91D566C0}.exe | C:\Windows\{ED4441A2-CE60-4884-8168-009BE5BC635F}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_cccf755b68a82444975a1e21d5969aae_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_cccf755b68a82444975a1e21d5969aae_goldeneye.exe"
C:\Windows\{B9CBB80F-0116-44fb-8A1B-6E1B169856B0}.exe
C:\Windows\{B9CBB80F-0116-44fb-8A1B-6E1B169856B0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{90FCA86F-A1A7-48ce-8F28-D65355F0F406}.exe
C:\Windows\{90FCA86F-A1A7-48ce-8F28-D65355F0F406}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B9CBB~1.EXE > nul
C:\Windows\{E0734B71-DBDE-47c0-8E99-FFDE2D57B478}.exe
C:\Windows\{E0734B71-DBDE-47c0-8E99-FFDE2D57B478}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{90FCA~1.EXE > nul
C:\Windows\{A45DD487-223A-40e7-ABD5-624FFC5D7CA9}.exe
C:\Windows\{A45DD487-223A-40e7-ABD5-624FFC5D7CA9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E0734~1.EXE > nul
C:\Windows\{D14F289C-7932-4a5f-ACB1-AA202AACA9BD}.exe
C:\Windows\{D14F289C-7932-4a5f-ACB1-AA202AACA9BD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A45DD~1.EXE > nul
C:\Windows\{68C678D8-3E86-4bdb-B4A4-63C6CB2F6A42}.exe
C:\Windows\{68C678D8-3E86-4bdb-B4A4-63C6CB2F6A42}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D14F2~1.EXE > nul
C:\Windows\{0581C50A-A6A9-4928-9971-CCF774512A5E}.exe
C:\Windows\{0581C50A-A6A9-4928-9971-CCF774512A5E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{68C67~1.EXE > nul
C:\Windows\{D3C1D707-203F-4b0a-9B8F-15DB6521272E}.exe
C:\Windows\{D3C1D707-203F-4b0a-9B8F-15DB6521272E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0581C~1.EXE > nul
C:\Windows\{ED4441A2-CE60-4884-8168-009BE5BC635F}.exe
C:\Windows\{ED4441A2-CE60-4884-8168-009BE5BC635F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D3C1D~1.EXE > nul
C:\Windows\{8FCC6001-F701-4db1-9271-4E7A91D566C0}.exe
C:\Windows\{8FCC6001-F701-4db1-9271-4E7A91D566C0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{ED444~1.EXE > nul
C:\Windows\{DFC098DA-315A-461f-85E4-75F3FB1F7407}.exe
C:\Windows\{DFC098DA-315A-461f-85E4-75F3FB1F7407}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8FCC6~1.EXE > nul
C:\Windows\{495D664F-2B4F-406b-906E-DDF4F49B51EB}.exe
C:\Windows\{495D664F-2B4F-406b-906E-DDF4F49B51EB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{DFC09~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
Files
C:\Windows\{B9CBB80F-0116-44fb-8A1B-6E1B169856B0}.exe
| MD5 | 81a3957724280e597bf5210cd96a52bc |
| SHA1 | e85163f7ffdd109af71121578275d10c067899b4 |
| SHA256 | 95630aaf95d5f62b5cad0992bbdc1474a8fa7dd60bc4bbf628a9746e8a7dce01 |
| SHA512 | 84276520aecfb8cd0534896c8c253f013063238c6488926000c2145fb538636dedf26b710d7740df20460c09c2d3e62bdf676af078fd296c7265e3f5fce8b6e5 |
C:\Windows\{90FCA86F-A1A7-48ce-8F28-D65355F0F406}.exe
| MD5 | 14638cf82c24c69d95e70230fc0631d6 |
| SHA1 | 6583fe649d97dc2d8846a937be8eb0ef5c6155f6 |
| SHA256 | 775a5d743ee9a351cdb4af6c5de4d57127f09133c52259a835859d05ce3ddc22 |
| SHA512 | 9725d46095b3b3c0e5cb251996e600133b4f5077147fbac24d8d218651287a8f19687cef07bcd44fac1106938e3efa5b48f225fd498a0a4a8f497caa9c778c9e |
C:\Windows\{E0734B71-DBDE-47c0-8E99-FFDE2D57B478}.exe
| MD5 | 022c84c2d548d3ca3d7fbcd5b22e6ee1 |
| SHA1 | 16e794ef13ad8a2e52284d5e0df5c5671c737ba5 |
| SHA256 | 57f85ad6ec7a7c251d731e5087161723b007ceba24759b22cd708dd470f39219 |
| SHA512 | 3645dedd267f975bee017c43104a77aeba114efb123ae1532288f43f400ba3afb4b72755588356fdfa3e3ca907ff6d90e6da1ff16b4f7de97555617451a2a195 |
C:\Windows\{A45DD487-223A-40e7-ABD5-624FFC5D7CA9}.exe
| MD5 | 368fd3e9748720794b2240597b8b06e4 |
| SHA1 | 5eec33223e536bf82c9eaded7213bf78c891a23f |
| SHA256 | 7edb33534312853952f195a52cf60d445817098103d7212898745bb9226ea450 |
| SHA512 | db121df5a6f04ed726416fda974939d8cefcdb81d5454dba7273977beab09f7488cbafd8d8cd0d363d09f2bd0fdd8da13ec17a4b0bac0dca4340f97221335d4d |
C:\Windows\{D14F289C-7932-4a5f-ACB1-AA202AACA9BD}.exe
| MD5 | b86f58e960768ee14f04587315032129 |
| SHA1 | 799adfedf591516d2aefc155c04a542aa4ca361d |
| SHA256 | f6f697dc3efc0afd4706a55272dc511844f490939f7494e738db968349501ec7 |
| SHA512 | 93b3feb38741e1c1a90e7f0d9c08f005f3096e515df0f7be6a6fd2652b95b552baaba38466a252fae03aa6ddd0aa0756c9b842d70e3dceec82a022d252f52747 |
C:\Windows\{68C678D8-3E86-4bdb-B4A4-63C6CB2F6A42}.exe
| MD5 | dea4be0353d6e7d3f1445409c1456f86 |
| SHA1 | 0dc1c57dcd7888e0950f704f436dcc0dc4bf12f5 |
| SHA256 | f23502322181f4043dc3c721a01cbee58da1d17025daa26cd1c3eccf12e19e7d |
| SHA512 | de926e129d1c6f5306861e57a0fef9564ca9d2999234149d3ff4d8e92e8c84e1e16ed948a621ded6523298f97f57eb1e4ced8a54fbe5c4f148183a4359f08206 |
C:\Windows\{0581C50A-A6A9-4928-9971-CCF774512A5E}.exe
| MD5 | c84f13bfa83bf6634c0aca60ffb1e0dc |
| SHA1 | edf4d2258523f73def361e794512b0e70b9a9604 |
| SHA256 | ac765f11d56e8ba2c52eb6bf493a4865c2d93116a94849fa9d1a5268db6602f4 |
| SHA512 | 29a77c91df589848f8e1e873c77213db15fa36dab03972659fd55679037e2a11f8b33bf22e5c0e054bda4329bee2844f9f425d9e97a02101d8585ea59817cdb8 |
C:\Windows\{D3C1D707-203F-4b0a-9B8F-15DB6521272E}.exe
| MD5 | 149d995226f85a43ccc22dadc18950a5 |
| SHA1 | 4da98f05afe831185b4622d3dc6e03b4d65f7c7d |
| SHA256 | f34e160e87d68348aa09e428b8f95f231719ea1cc4b70360da32f8d2f460596e |
| SHA512 | 674379529a98ef9f25b58741e70cdf10a7aa091ba5611875be083d369c6beb24fdfc2fa27ae2e45ec7936788e5f2d6a5e743d4c0ab4b34b4566a4cd023821419 |
C:\Windows\{ED4441A2-CE60-4884-8168-009BE5BC635F}.exe
| MD5 | 519e1072513c2f0d6a8d423d9c0fdaa0 |
| SHA1 | b8ff378a1bb7ee1fb3d4cdebc0441eb72e6f7308 |
| SHA256 | cf03059e4072f8151bdba0a915acf88bb32a91a2a1d23b848034730580c7d721 |
| SHA512 | 025b8719e3405ca31d221216b79dbd2d1da3a52403bef1318bce06dfb145f19b38c68755c234c9aad24bda7a5d4db73abf0457141ee4fbbcac44ed0369f5834e |
C:\Windows\{8FCC6001-F701-4db1-9271-4E7A91D566C0}.exe
| MD5 | 0c6553a2a317b5004e5553a4c0bae147 |
| SHA1 | 4ac0d697c4c6a5e8b2ee275c221e6ca545f9146f |
| SHA256 | ad1f09b5c70a5177d5a8c5961486765b9caab52ea06094f6c077eb042a4d0dad |
| SHA512 | 64e6903ff3b2035aebc2ee051d256775a43653844f18690a138be04578ad9adadeabfbc5f3789baef1f36e4d8fca9169531c959828cc71dc330bf7c44b52de42 |
C:\Windows\{DFC098DA-315A-461f-85E4-75F3FB1F7407}.exe
| MD5 | 4ef2e38d81e8c40aa1a3f7538a75735b |
| SHA1 | cc18f234200935c3ba91117ad48407b3e35de117 |
| SHA256 | 8d142b3fe777cce11a89ac5fbdc724260ef405e515b455cd407b2fbb2a1be76d |
| SHA512 | 182b9e7d7159de28b9758f75bbd3c308f0c171e4ecd65a7352818e8fdd016252eec2fb8f6ae77bb52457e3a2c1a5cc016ba53d950a2a68c52cf381a9546e12bb |
C:\Windows\{495D664F-2B4F-406b-906E-DDF4F49B51EB}.exe
| MD5 | d8fff0a4594d52f4d0c0bb9e6130c314 |
| SHA1 | 13a8f6d2b088d0dccee9e169a773d3e072e2d0cd |
| SHA256 | d40419fea387b0396d1dba543922b407d32a1424c235a8ec530fe04939a2e7ef |
| SHA512 | bcd25f9458ce196455cba4c7a6ede2d52c22fc1ce9ced104730bf16a22efe12b39b8521dfd44f228a65d7618c3295ecf8c420932e66c4d434080920be518e0e3 |