Analysis Overview
SHA256
be4668006df8565ffaca0357c893aa37abb3944a05dc9e0a78a8fc2a92f6bb65
Threat Level: Known bad
The file 2024-06-13_fd59f458ffdbd6fd780cf66d4043aebb_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 03:02
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 03:02
Reported
2024-06-13 03:04
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
94s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{628CA689-CC90-448f-83D3-B7414AABAD0B}\stubpath = "C:\\Windows\\{628CA689-CC90-448f-83D3-B7414AABAD0B}.exe" | C:\Windows\{DFA844BE-E404-40c8-ACA4-471761615BBE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1573C7FA-F78C-4f1e-8768-B3F1722561B7} | C:\Windows\{628CA689-CC90-448f-83D3-B7414AABAD0B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A7899518-DCCB-4c85-AD87-EE6E8278FB81} | C:\Windows\{4E4EF8AB-A394-4d4e-9AF4-ED0A460F2E77}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5C9EFF1F-CC57-4d0e-9D9F-250A4A8F11C3}\stubpath = "C:\\Windows\\{5C9EFF1F-CC57-4d0e-9D9F-250A4A8F11C3}.exe" | C:\Windows\{A7899518-DCCB-4c85-AD87-EE6E8278FB81}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4E4EF8AB-A394-4d4e-9AF4-ED0A460F2E77}\stubpath = "C:\\Windows\\{4E4EF8AB-A394-4d4e-9AF4-ED0A460F2E77}.exe" | C:\Windows\{63173DD3-A043-4979-9D78-E028F52FA2E5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DFA844BE-E404-40c8-ACA4-471761615BBE} | C:\Windows\{9BD4FF55-399B-40b9-922E-F1A6A34B0D0A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{628CA689-CC90-448f-83D3-B7414AABAD0B} | C:\Windows\{DFA844BE-E404-40c8-ACA4-471761615BBE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1573C7FA-F78C-4f1e-8768-B3F1722561B7}\stubpath = "C:\\Windows\\{1573C7FA-F78C-4f1e-8768-B3F1722561B7}.exe" | C:\Windows\{628CA689-CC90-448f-83D3-B7414AABAD0B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{31015644-E030-45e4-BE8E-BE772204E538} | C:\Windows\{1573C7FA-F78C-4f1e-8768-B3F1722561B7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{31015644-E030-45e4-BE8E-BE772204E538}\stubpath = "C:\\Windows\\{31015644-E030-45e4-BE8E-BE772204E538}.exe" | C:\Windows\{1573C7FA-F78C-4f1e-8768-B3F1722561B7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9BD4FF55-399B-40b9-922E-F1A6A34B0D0A} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_fd59f458ffdbd6fd780cf66d4043aebb_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DFA844BE-E404-40c8-ACA4-471761615BBE}\stubpath = "C:\\Windows\\{DFA844BE-E404-40c8-ACA4-471761615BBE}.exe" | C:\Windows\{9BD4FF55-399B-40b9-922E-F1A6A34B0D0A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{568B1055-CF89-4c07-AACE-23D348D5E479} | C:\Windows\{31015644-E030-45e4-BE8E-BE772204E538}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4E4EF8AB-A394-4d4e-9AF4-ED0A460F2E77} | C:\Windows\{63173DD3-A043-4979-9D78-E028F52FA2E5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2A3B892D-CD44-4b65-BF3B-8F7BA5497211} | C:\Windows\{5C9EFF1F-CC57-4d0e-9D9F-250A4A8F11C3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{63173DD3-A043-4979-9D78-E028F52FA2E5}\stubpath = "C:\\Windows\\{63173DD3-A043-4979-9D78-E028F52FA2E5}.exe" | C:\Windows\{4EFA1471-9856-4ed4-BB02-81D88383EE8D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A7899518-DCCB-4c85-AD87-EE6E8278FB81}\stubpath = "C:\\Windows\\{A7899518-DCCB-4c85-AD87-EE6E8278FB81}.exe" | C:\Windows\{4E4EF8AB-A394-4d4e-9AF4-ED0A460F2E77}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5C9EFF1F-CC57-4d0e-9D9F-250A4A8F11C3} | C:\Windows\{A7899518-DCCB-4c85-AD87-EE6E8278FB81}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9BD4FF55-399B-40b9-922E-F1A6A34B0D0A}\stubpath = "C:\\Windows\\{9BD4FF55-399B-40b9-922E-F1A6A34B0D0A}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_fd59f458ffdbd6fd780cf66d4043aebb_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{568B1055-CF89-4c07-AACE-23D348D5E479}\stubpath = "C:\\Windows\\{568B1055-CF89-4c07-AACE-23D348D5E479}.exe" | C:\Windows\{31015644-E030-45e4-BE8E-BE772204E538}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4EFA1471-9856-4ed4-BB02-81D88383EE8D} | C:\Windows\{568B1055-CF89-4c07-AACE-23D348D5E479}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4EFA1471-9856-4ed4-BB02-81D88383EE8D}\stubpath = "C:\\Windows\\{4EFA1471-9856-4ed4-BB02-81D88383EE8D}.exe" | C:\Windows\{568B1055-CF89-4c07-AACE-23D348D5E479}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{63173DD3-A043-4979-9D78-E028F52FA2E5} | C:\Windows\{4EFA1471-9856-4ed4-BB02-81D88383EE8D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2A3B892D-CD44-4b65-BF3B-8F7BA5497211}\stubpath = "C:\\Windows\\{2A3B892D-CD44-4b65-BF3B-8F7BA5497211}.exe" | C:\Windows\{5C9EFF1F-CC57-4d0e-9D9F-250A4A8F11C3}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{9BD4FF55-399B-40b9-922E-F1A6A34B0D0A}.exe | N/A |
| N/A | N/A | C:\Windows\{DFA844BE-E404-40c8-ACA4-471761615BBE}.exe | N/A |
| N/A | N/A | C:\Windows\{628CA689-CC90-448f-83D3-B7414AABAD0B}.exe | N/A |
| N/A | N/A | C:\Windows\{1573C7FA-F78C-4f1e-8768-B3F1722561B7}.exe | N/A |
| N/A | N/A | C:\Windows\{31015644-E030-45e4-BE8E-BE772204E538}.exe | N/A |
| N/A | N/A | C:\Windows\{568B1055-CF89-4c07-AACE-23D348D5E479}.exe | N/A |
| N/A | N/A | C:\Windows\{4EFA1471-9856-4ed4-BB02-81D88383EE8D}.exe | N/A |
| N/A | N/A | C:\Windows\{63173DD3-A043-4979-9D78-E028F52FA2E5}.exe | N/A |
| N/A | N/A | C:\Windows\{4E4EF8AB-A394-4d4e-9AF4-ED0A460F2E77}.exe | N/A |
| N/A | N/A | C:\Windows\{A7899518-DCCB-4c85-AD87-EE6E8278FB81}.exe | N/A |
| N/A | N/A | C:\Windows\{5C9EFF1F-CC57-4d0e-9D9F-250A4A8F11C3}.exe | N/A |
| N/A | N/A | C:\Windows\{2A3B892D-CD44-4b65-BF3B-8F7BA5497211}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{4EFA1471-9856-4ed4-BB02-81D88383EE8D}.exe | C:\Windows\{568B1055-CF89-4c07-AACE-23D348D5E479}.exe | N/A |
| File created | C:\Windows\{63173DD3-A043-4979-9D78-E028F52FA2E5}.exe | C:\Windows\{4EFA1471-9856-4ed4-BB02-81D88383EE8D}.exe | N/A |
| File created | C:\Windows\{4E4EF8AB-A394-4d4e-9AF4-ED0A460F2E77}.exe | C:\Windows\{63173DD3-A043-4979-9D78-E028F52FA2E5}.exe | N/A |
| File created | C:\Windows\{DFA844BE-E404-40c8-ACA4-471761615BBE}.exe | C:\Windows\{9BD4FF55-399B-40b9-922E-F1A6A34B0D0A}.exe | N/A |
| File created | C:\Windows\{628CA689-CC90-448f-83D3-B7414AABAD0B}.exe | C:\Windows\{DFA844BE-E404-40c8-ACA4-471761615BBE}.exe | N/A |
| File created | C:\Windows\{1573C7FA-F78C-4f1e-8768-B3F1722561B7}.exe | C:\Windows\{628CA689-CC90-448f-83D3-B7414AABAD0B}.exe | N/A |
| File created | C:\Windows\{31015644-E030-45e4-BE8E-BE772204E538}.exe | C:\Windows\{1573C7FA-F78C-4f1e-8768-B3F1722561B7}.exe | N/A |
| File created | C:\Windows\{568B1055-CF89-4c07-AACE-23D348D5E479}.exe | C:\Windows\{31015644-E030-45e4-BE8E-BE772204E538}.exe | N/A |
| File created | C:\Windows\{A7899518-DCCB-4c85-AD87-EE6E8278FB81}.exe | C:\Windows\{4E4EF8AB-A394-4d4e-9AF4-ED0A460F2E77}.exe | N/A |
| File created | C:\Windows\{5C9EFF1F-CC57-4d0e-9D9F-250A4A8F11C3}.exe | C:\Windows\{A7899518-DCCB-4c85-AD87-EE6E8278FB81}.exe | N/A |
| File created | C:\Windows\{2A3B892D-CD44-4b65-BF3B-8F7BA5497211}.exe | C:\Windows\{5C9EFF1F-CC57-4d0e-9D9F-250A4A8F11C3}.exe | N/A |
| File created | C:\Windows\{9BD4FF55-399B-40b9-922E-F1A6A34B0D0A}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_fd59f458ffdbd6fd780cf66d4043aebb_goldeneye.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_fd59f458ffdbd6fd780cf66d4043aebb_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_fd59f458ffdbd6fd780cf66d4043aebb_goldeneye.exe"
C:\Windows\{9BD4FF55-399B-40b9-922E-F1A6A34B0D0A}.exe
C:\Windows\{9BD4FF55-399B-40b9-922E-F1A6A34B0D0A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{DFA844BE-E404-40c8-ACA4-471761615BBE}.exe
C:\Windows\{DFA844BE-E404-40c8-ACA4-471761615BBE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9BD4F~1.EXE > nul
C:\Windows\{628CA689-CC90-448f-83D3-B7414AABAD0B}.exe
C:\Windows\{628CA689-CC90-448f-83D3-B7414AABAD0B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{DFA84~1.EXE > nul
C:\Windows\{1573C7FA-F78C-4f1e-8768-B3F1722561B7}.exe
C:\Windows\{1573C7FA-F78C-4f1e-8768-B3F1722561B7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{628CA~1.EXE > nul
C:\Windows\{31015644-E030-45e4-BE8E-BE772204E538}.exe
C:\Windows\{31015644-E030-45e4-BE8E-BE772204E538}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1573C~1.EXE > nul
C:\Windows\{568B1055-CF89-4c07-AACE-23D348D5E479}.exe
C:\Windows\{568B1055-CF89-4c07-AACE-23D348D5E479}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{31015~1.EXE > nul
C:\Windows\{4EFA1471-9856-4ed4-BB02-81D88383EE8D}.exe
C:\Windows\{4EFA1471-9856-4ed4-BB02-81D88383EE8D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{568B1~1.EXE > nul
C:\Windows\{63173DD3-A043-4979-9D78-E028F52FA2E5}.exe
C:\Windows\{63173DD3-A043-4979-9D78-E028F52FA2E5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4EFA1~1.EXE > nul
C:\Windows\{4E4EF8AB-A394-4d4e-9AF4-ED0A460F2E77}.exe
C:\Windows\{4E4EF8AB-A394-4d4e-9AF4-ED0A460F2E77}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{63173~1.EXE > nul
C:\Windows\{A7899518-DCCB-4c85-AD87-EE6E8278FB81}.exe
C:\Windows\{A7899518-DCCB-4c85-AD87-EE6E8278FB81}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4E4EF~1.EXE > nul
C:\Windows\{5C9EFF1F-CC57-4d0e-9D9F-250A4A8F11C3}.exe
C:\Windows\{5C9EFF1F-CC57-4d0e-9D9F-250A4A8F11C3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A7899~1.EXE > nul
C:\Windows\{2A3B892D-CD44-4b65-BF3B-8F7BA5497211}.exe
C:\Windows\{2A3B892D-CD44-4b65-BF3B-8F7BA5497211}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5C9EF~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
C:\Windows\{9BD4FF55-399B-40b9-922E-F1A6A34B0D0A}.exe
| MD5 | c3e4cd3a98fedbce4b137d8c61a340e9 |
| SHA1 | 49b0dfd78387f69d819915c03393a50967b0451a |
| SHA256 | befaa21709cb8178114e01f177f5603c91790771c04a400de4a0552053e8277f |
| SHA512 | 3a86716ab780446162f428fc1dd14cf5cd67c3e5b064d5dbf4c5944ec5b828052586b2d8bb10c3ba923ef0463b30a3499b6d915477af737facf1079b41f7e915 |
C:\Windows\{DFA844BE-E404-40c8-ACA4-471761615BBE}.exe
| MD5 | d7c37531e6d354102a6c02b0b3cc426b |
| SHA1 | d305b6ae208ded5a8b3021515f648b4d9caf2b80 |
| SHA256 | 956bfb2d95d884f45f79d15f5892b3236acf71d0b7ec50183721e194a6f55346 |
| SHA512 | 056197117223e6d260faa476e4f701509523affa769e31b442c539876c15eddfd5ed0e9deaaaee6b0de809d64502dd5d2a9956d67cc99d0a2683260b98b8c08a |
C:\Windows\{628CA689-CC90-448f-83D3-B7414AABAD0B}.exe
| MD5 | eea3e89d2b6afa41a4d7f71a9e00d99c |
| SHA1 | 51ccf437e4bb08230ddc21e467ae6476fa321585 |
| SHA256 | 40041684112ed3dda81196d08fd6c8f3d910c0ac08be366e37ff7bfe450f3351 |
| SHA512 | 5c0fb69cac2a294d1637b4871cccd0af3bbdfcef37ed230a6e23cb58191d2cd907ba9c35c9e3606bebd163ef538e6e29c3a22e6cd9f660f3f1570f2d2cabad1d |
C:\Windows\{1573C7FA-F78C-4f1e-8768-B3F1722561B7}.exe
| MD5 | e84873160be697875f352a82a4d8b275 |
| SHA1 | 24f2e83470406eeeb2acfc920687443690e9a1af |
| SHA256 | c13a7b6526f90f814fc4e67d8aa79e30ae480ffc603352377316dd3e48cb2023 |
| SHA512 | 5ba4feb8affacab3abd67d95b9fd09bc32ae423a3d153fd71e42418ae03917f6c2a6a8fa30e953a7a3f5a8f1061c2328dbea06752c82c3d98da116de189c8fd6 |
C:\Windows\{31015644-E030-45e4-BE8E-BE772204E538}.exe
| MD5 | c6b24235cb41e5bb32db197b9c2f7c99 |
| SHA1 | 8da9eb0081f1de4a8331aa114788cb1878b00712 |
| SHA256 | f9fb9137561271d55a951337faf079b60776c20dd569b2c8aa87b1501ad0765d |
| SHA512 | 445fcb3168067f478e9c9d03778c139961a920ddfff1154853cfceb78bd06d1842f652011d836da457ca01c27eb57f4faee8c44e2a3342fa185b1b540130fcc2 |
C:\Windows\{568B1055-CF89-4c07-AACE-23D348D5E479}.exe
| MD5 | cee35a362ffee8933ccd39f77a63c4c2 |
| SHA1 | 4440ca21946d6587d3061dac645064b1fbe7cba2 |
| SHA256 | 756ffa87119c70627001ed2d1bd1b16f79113bcc24676b7c44c3c018cf854565 |
| SHA512 | d838a10a3843d95ee58011e1091316c366fcbd570e99117df008c8e01e84f4be1eed0a839e806a6623315edb83c900926071468cf39b90bd126c9d13b39876e9 |
C:\Windows\{4EFA1471-9856-4ed4-BB02-81D88383EE8D}.exe
| MD5 | 5fe3091c52aec97f0b5b63576ede7fd2 |
| SHA1 | f0a50a78a449efc17f80d7df5129c49f4b1c4428 |
| SHA256 | 0d168d60fd6a4817bf93442bda74531cd40fac4d627c56369d40f05afaaeb94f |
| SHA512 | 48cb8462c5f8a89876595c3d852f758d0193c77e8632b2af93696730e6f8673b9c8e6ca8a905bc5ad7f9a9bc234d54df6043d4fa8126d4c477613077687ec4c3 |
C:\Windows\{63173DD3-A043-4979-9D78-E028F52FA2E5}.exe
| MD5 | c53965db35f14292fd0d6c4754c843ab |
| SHA1 | cc6623136da41f91152fdd8839e18bd6935b1d78 |
| SHA256 | c171790a57ba714f917a1691a2751ba2e4938ab1d7c0950af7adfef1581ee147 |
| SHA512 | e59524214fe46a92a345c67a129bb59bdcd1a5131dfe7b00679824354b11bb3311a5540b2f2b070a99b786606685f5239b25e8c896a062158e2aad0c9d242ebf |
C:\Windows\{4E4EF8AB-A394-4d4e-9AF4-ED0A460F2E77}.exe
| MD5 | 13db847aa1d7e91e191cf2647a16d6d1 |
| SHA1 | ca07b79d9a52979273d0965ab3a57997aaef6c9a |
| SHA256 | c83893160f759f68cd2aedee155a9f48caad915df06322c01cb41d64116da325 |
| SHA512 | 62e6275de20583d9a4fdb1afb190f8c8547423c6a369422ec19d45f0289f32a99d061385c24994ae1b3a614a487d48886d665c860e842b31de99e7000e2f1002 |
C:\Windows\{A7899518-DCCB-4c85-AD87-EE6E8278FB81}.exe
| MD5 | 088cd0f5392af6db48f8de12c28c6eb2 |
| SHA1 | 4aa15906842ae3809bcab4819f81844436eb36a0 |
| SHA256 | 55fa12f7a6777995e18f940aa3df69a88ff6a66ab9ebd5d7ee72674f9179953a |
| SHA512 | 6413540821b37d68201e15bb53c178d865099b1485cd115c8643350fb23dfdcd408847729cb08ba0ecf6d32af6abc4083ad66fc45949a0119fe3b48f781976d9 |
C:\Windows\{5C9EFF1F-CC57-4d0e-9D9F-250A4A8F11C3}.exe
| MD5 | 6f86b77ef26d267b0c9224edcdba5654 |
| SHA1 | 63941b3562747992f02ffe7c74ed330076712704 |
| SHA256 | e62c207dea502abe39fcbbee3c6fb7718f6fbc153fd8995a548b86f4eed4ad0a |
| SHA512 | f0ed37f484ace6a3898f073930c27399ef3f8e862046d038ac92141d134db449884f0848f053250864f4ef46c483e92040ed429a581612401297e66543659f17 |
C:\Windows\{2A3B892D-CD44-4b65-BF3B-8F7BA5497211}.exe
| MD5 | 008ff386c292783e6c9dc7bdb4c19ec2 |
| SHA1 | 8e9d6e2b1d80f3d7f7c5ea7c9af9ee65ea997969 |
| SHA256 | 938c212a27a18f33bf10abdcd8a2f94a92abf9074cd81b79585863f71ab7fbc0 |
| SHA512 | 3e55b63fcf501b77a0759e38c822036896ed693c9b4afff4201a2e9ab6460362f3ee9eb99d12df10e0160a17b32954fa1a36c2eb78f5b51bd6969d46aa33ec9c |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 03:02
Reported
2024-06-13 03:04
Platform
win7-20240419-en
Max time kernel
144s
Max time network
122s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1128C0BB-8342-470e-BBBC-AFB033ED5229} | C:\Windows\{6B79612B-1DB9-4070-8D1B-C85FCA73B53D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B7DDC141-0E8E-4c93-8B68-7CB6DB0BBBAE}\stubpath = "C:\\Windows\\{B7DDC141-0E8E-4c93-8B68-7CB6DB0BBBAE}.exe" | C:\Windows\{E714727A-2982-4ae4-86BC-FC053852EF8A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4470A3E8-65D9-455f-879D-31F4196DB91E}\stubpath = "C:\\Windows\\{4470A3E8-65D9-455f-879D-31F4196DB91E}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_fd59f458ffdbd6fd780cf66d4043aebb_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6B79612B-1DB9-4070-8D1B-C85FCA73B53D} | C:\Windows\{63A108BA-3DAB-4d62-AE26-66B7D73A0EE7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{63A108BA-3DAB-4d62-AE26-66B7D73A0EE7} | C:\Windows\{0193B062-FD41-4fa9-A774-E5AFF0D41A80}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F56BD96D-3B56-4d2b-B0D6-A542B9A00F26} | C:\Windows\{1128C0BB-8342-470e-BBBC-AFB033ED5229}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4470A3E8-65D9-455f-879D-31F4196DB91E} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_fd59f458ffdbd6fd780cf66d4043aebb_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0C5B1313-83EF-484b-83BA-14348167C68B} | C:\Windows\{4470A3E8-65D9-455f-879D-31F4196DB91E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0193B062-FD41-4fa9-A774-E5AFF0D41A80}\stubpath = "C:\\Windows\\{0193B062-FD41-4fa9-A774-E5AFF0D41A80}.exe" | C:\Windows\{0C5B1313-83EF-484b-83BA-14348167C68B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1128C0BB-8342-470e-BBBC-AFB033ED5229}\stubpath = "C:\\Windows\\{1128C0BB-8342-470e-BBBC-AFB033ED5229}.exe" | C:\Windows\{6B79612B-1DB9-4070-8D1B-C85FCA73B53D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F56BD96D-3B56-4d2b-B0D6-A542B9A00F26}\stubpath = "C:\\Windows\\{F56BD96D-3B56-4d2b-B0D6-A542B9A00F26}.exe" | C:\Windows\{1128C0BB-8342-470e-BBBC-AFB033ED5229}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{55AE66F0-0BF4-4022-9F66-94B7070DE00E} | C:\Windows\{F56BD96D-3B56-4d2b-B0D6-A542B9A00F26}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E714727A-2982-4ae4-86BC-FC053852EF8A} | C:\Windows\{55AE66F0-0BF4-4022-9F66-94B7070DE00E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0C5B1313-83EF-484b-83BA-14348167C68B}\stubpath = "C:\\Windows\\{0C5B1313-83EF-484b-83BA-14348167C68B}.exe" | C:\Windows\{4470A3E8-65D9-455f-879D-31F4196DB91E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0193B062-FD41-4fa9-A774-E5AFF0D41A80} | C:\Windows\{0C5B1313-83EF-484b-83BA-14348167C68B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{55AE66F0-0BF4-4022-9F66-94B7070DE00E}\stubpath = "C:\\Windows\\{55AE66F0-0BF4-4022-9F66-94B7070DE00E}.exe" | C:\Windows\{F56BD96D-3B56-4d2b-B0D6-A542B9A00F26}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E714727A-2982-4ae4-86BC-FC053852EF8A}\stubpath = "C:\\Windows\\{E714727A-2982-4ae4-86BC-FC053852EF8A}.exe" | C:\Windows\{55AE66F0-0BF4-4022-9F66-94B7070DE00E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B7DDC141-0E8E-4c93-8B68-7CB6DB0BBBAE} | C:\Windows\{E714727A-2982-4ae4-86BC-FC053852EF8A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{79BED50E-D700-48cb-86FA-B074367F767D} | C:\Windows\{B7DDC141-0E8E-4c93-8B68-7CB6DB0BBBAE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{79BED50E-D700-48cb-86FA-B074367F767D}\stubpath = "C:\\Windows\\{79BED50E-D700-48cb-86FA-B074367F767D}.exe" | C:\Windows\{B7DDC141-0E8E-4c93-8B68-7CB6DB0BBBAE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{63A108BA-3DAB-4d62-AE26-66B7D73A0EE7}\stubpath = "C:\\Windows\\{63A108BA-3DAB-4d62-AE26-66B7D73A0EE7}.exe" | C:\Windows\{0193B062-FD41-4fa9-A774-E5AFF0D41A80}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6B79612B-1DB9-4070-8D1B-C85FCA73B53D}\stubpath = "C:\\Windows\\{6B79612B-1DB9-4070-8D1B-C85FCA73B53D}.exe" | C:\Windows\{63A108BA-3DAB-4d62-AE26-66B7D73A0EE7}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{4470A3E8-65D9-455f-879D-31F4196DB91E}.exe | N/A |
| N/A | N/A | C:\Windows\{0C5B1313-83EF-484b-83BA-14348167C68B}.exe | N/A |
| N/A | N/A | C:\Windows\{0193B062-FD41-4fa9-A774-E5AFF0D41A80}.exe | N/A |
| N/A | N/A | C:\Windows\{63A108BA-3DAB-4d62-AE26-66B7D73A0EE7}.exe | N/A |
| N/A | N/A | C:\Windows\{6B79612B-1DB9-4070-8D1B-C85FCA73B53D}.exe | N/A |
| N/A | N/A | C:\Windows\{1128C0BB-8342-470e-BBBC-AFB033ED5229}.exe | N/A |
| N/A | N/A | C:\Windows\{F56BD96D-3B56-4d2b-B0D6-A542B9A00F26}.exe | N/A |
| N/A | N/A | C:\Windows\{55AE66F0-0BF4-4022-9F66-94B7070DE00E}.exe | N/A |
| N/A | N/A | C:\Windows\{E714727A-2982-4ae4-86BC-FC053852EF8A}.exe | N/A |
| N/A | N/A | C:\Windows\{B7DDC141-0E8E-4c93-8B68-7CB6DB0BBBAE}.exe | N/A |
| N/A | N/A | C:\Windows\{79BED50E-D700-48cb-86FA-B074367F767D}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{E714727A-2982-4ae4-86BC-FC053852EF8A}.exe | C:\Windows\{55AE66F0-0BF4-4022-9F66-94B7070DE00E}.exe | N/A |
| File created | C:\Windows\{B7DDC141-0E8E-4c93-8B68-7CB6DB0BBBAE}.exe | C:\Windows\{E714727A-2982-4ae4-86BC-FC053852EF8A}.exe | N/A |
| File created | C:\Windows\{4470A3E8-65D9-455f-879D-31F4196DB91E}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_fd59f458ffdbd6fd780cf66d4043aebb_goldeneye.exe | N/A |
| File created | C:\Windows\{0C5B1313-83EF-484b-83BA-14348167C68B}.exe | C:\Windows\{4470A3E8-65D9-455f-879D-31F4196DB91E}.exe | N/A |
| File created | C:\Windows\{0193B062-FD41-4fa9-A774-E5AFF0D41A80}.exe | C:\Windows\{0C5B1313-83EF-484b-83BA-14348167C68B}.exe | N/A |
| File created | C:\Windows\{6B79612B-1DB9-4070-8D1B-C85FCA73B53D}.exe | C:\Windows\{63A108BA-3DAB-4d62-AE26-66B7D73A0EE7}.exe | N/A |
| File created | C:\Windows\{1128C0BB-8342-470e-BBBC-AFB033ED5229}.exe | C:\Windows\{6B79612B-1DB9-4070-8D1B-C85FCA73B53D}.exe | N/A |
| File created | C:\Windows\{F56BD96D-3B56-4d2b-B0D6-A542B9A00F26}.exe | C:\Windows\{1128C0BB-8342-470e-BBBC-AFB033ED5229}.exe | N/A |
| File created | C:\Windows\{79BED50E-D700-48cb-86FA-B074367F767D}.exe | C:\Windows\{B7DDC141-0E8E-4c93-8B68-7CB6DB0BBBAE}.exe | N/A |
| File created | C:\Windows\{63A108BA-3DAB-4d62-AE26-66B7D73A0EE7}.exe | C:\Windows\{0193B062-FD41-4fa9-A774-E5AFF0D41A80}.exe | N/A |
| File created | C:\Windows\{55AE66F0-0BF4-4022-9F66-94B7070DE00E}.exe | C:\Windows\{F56BD96D-3B56-4d2b-B0D6-A542B9A00F26}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_fd59f458ffdbd6fd780cf66d4043aebb_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_fd59f458ffdbd6fd780cf66d4043aebb_goldeneye.exe"
C:\Windows\{4470A3E8-65D9-455f-879D-31F4196DB91E}.exe
C:\Windows\{4470A3E8-65D9-455f-879D-31F4196DB91E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{0C5B1313-83EF-484b-83BA-14348167C68B}.exe
C:\Windows\{0C5B1313-83EF-484b-83BA-14348167C68B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4470A~1.EXE > nul
C:\Windows\{0193B062-FD41-4fa9-A774-E5AFF0D41A80}.exe
C:\Windows\{0193B062-FD41-4fa9-A774-E5AFF0D41A80}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0C5B1~1.EXE > nul
C:\Windows\{63A108BA-3DAB-4d62-AE26-66B7D73A0EE7}.exe
C:\Windows\{63A108BA-3DAB-4d62-AE26-66B7D73A0EE7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0193B~1.EXE > nul
C:\Windows\{6B79612B-1DB9-4070-8D1B-C85FCA73B53D}.exe
C:\Windows\{6B79612B-1DB9-4070-8D1B-C85FCA73B53D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{63A10~1.EXE > nul
C:\Windows\{1128C0BB-8342-470e-BBBC-AFB033ED5229}.exe
C:\Windows\{1128C0BB-8342-470e-BBBC-AFB033ED5229}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6B796~1.EXE > nul
C:\Windows\{F56BD96D-3B56-4d2b-B0D6-A542B9A00F26}.exe
C:\Windows\{F56BD96D-3B56-4d2b-B0D6-A542B9A00F26}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1128C~1.EXE > nul
C:\Windows\{55AE66F0-0BF4-4022-9F66-94B7070DE00E}.exe
C:\Windows\{55AE66F0-0BF4-4022-9F66-94B7070DE00E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F56BD~1.EXE > nul
C:\Windows\{E714727A-2982-4ae4-86BC-FC053852EF8A}.exe
C:\Windows\{E714727A-2982-4ae4-86BC-FC053852EF8A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{55AE6~1.EXE > nul
C:\Windows\{B7DDC141-0E8E-4c93-8B68-7CB6DB0BBBAE}.exe
C:\Windows\{B7DDC141-0E8E-4c93-8B68-7CB6DB0BBBAE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E7147~1.EXE > nul
C:\Windows\{79BED50E-D700-48cb-86FA-B074367F767D}.exe
C:\Windows\{79BED50E-D700-48cb-86FA-B074367F767D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B7DDC~1.EXE > nul
Network
Files
C:\Windows\{4470A3E8-65D9-455f-879D-31F4196DB91E}.exe
| MD5 | 45315cff198914617b7ec94037ad8219 |
| SHA1 | 0442681b80d79bacf0a127be87bb1442a9fdee11 |
| SHA256 | ebf9dfab2cc24f3ad799424872b7653c497cdd4e9921026f7d11fe6ab8d58333 |
| SHA512 | f920920f3cb0c46b73e8b0ad7eb91ef6e88f99c6fcdf7b52d4f8ba0e5d1621134830388607f0463ea66aada362ca87bfe54df0a83330380cb33adfd0ea1ed3c6 |
C:\Windows\{0C5B1313-83EF-484b-83BA-14348167C68B}.exe
| MD5 | 4e4ec4489013e2c823299e3013fbad35 |
| SHA1 | 11797e160c39595a32eebff4b9775242a363ac90 |
| SHA256 | e7b23415d7e28114dec43ffd6e8f7cb619ffb2f39cc7b02bfaad03bf2efcb6f4 |
| SHA512 | f936eabefbe4b57b72a75f6b99e8bb2b4d695f4c5d1810f3527113283c5abeccf83f10684e02fe71ee050d64b12ed3a0fc9c947731d7d662fc9e71e3547933e9 |
C:\Windows\{0193B062-FD41-4fa9-A774-E5AFF0D41A80}.exe
| MD5 | ad7cd4285f3ac793d0f1532c6ebc50ef |
| SHA1 | 7ad35822f18ea40c3e6bdbe80bffd48f23f87c0a |
| SHA256 | 3e897bfb03731a652a9fe82542c7f4a5e45b8cf9ee5936ff9471383576889f9d |
| SHA512 | 80bc442be21e624f6806f6bfaf0432239b05d99527bba077507bb021f6fc328ff8f9e5608660f03cd443752726e75c7db0a6fdeacccb4a648463f781dbf11618 |
C:\Windows\{63A108BA-3DAB-4d62-AE26-66B7D73A0EE7}.exe
| MD5 | 1d04baaf5af29c4303db18f7c2887853 |
| SHA1 | 4f424d5997b97f83977cce4cd8ff87d3504a8f08 |
| SHA256 | 7281bfd677c867f14802da8d39ffaca37fa09e0ab029e8592281f1e40cbccdc2 |
| SHA512 | 56c6e7ed628e348c824391e3bd3a0efdac4558ce2dd4883fca84cc1e05126628490783d40e1441c2bd9d4751a22637cd0202a057889adda7d6ec93faff15f5fb |
C:\Windows\{6B79612B-1DB9-4070-8D1B-C85FCA73B53D}.exe
| MD5 | ac40d05dfbdbd0e5849c8c5e8efad53e |
| SHA1 | 9b0bf6574effe39266a2bc112eb40ae6d02099d5 |
| SHA256 | b9dd0fa01b6980ceca6758f28e7b6481331f66c030a6546b295f83494ad91127 |
| SHA512 | 45e109952298940725b19364877bb8b5ec29aaf4fa1b60524672f23dbfa56cbd21433f928268909bbd5862bd336a3f1b057075447753e99871777b8a2aa04a71 |
C:\Windows\{1128C0BB-8342-470e-BBBC-AFB033ED5229}.exe
| MD5 | 0820f88fad6ab39619f2ad512d865321 |
| SHA1 | 46eda2d6f27989fe04921533c98e01486d87babc |
| SHA256 | 5287a488f26f925461b5369bcf8938d1ee9233bd8ee1d7de6490ea0dce98ebac |
| SHA512 | ee4ba22d710e8d3e873c6c6d155791882e2563e6010fa9de6de4b420934da65cec12eb2e7e4c9e6918a935c058b12354eec9f3d66c11f5f1312d238960d243dc |
C:\Windows\{F56BD96D-3B56-4d2b-B0D6-A542B9A00F26}.exe
| MD5 | 3626896ea6a122f17d2bfc764f70e3e5 |
| SHA1 | c3b6355069efca61a4ff9921f00bc3c0d76b8065 |
| SHA256 | b557fd8273045648a70f952b00aeda01a810fca44f039bc82180e0ca1bcf2075 |
| SHA512 | c1bf2192209824573fbd150c0404bd618e238d77f61f85e6ab4ec4783465602d5f2d736e0fc15508d1ce7055ffc36df41ee9f6f3d63fd4a68cfacacf5b047d36 |
C:\Windows\{55AE66F0-0BF4-4022-9F66-94B7070DE00E}.exe
| MD5 | a0df4faa276fc99164e5214944d0dff9 |
| SHA1 | 82d30a4f48b6eaf9ca0a58e87f9bd78b12b55519 |
| SHA256 | 86ad733337eec74094bab41d39404db29f004440b70dfdd35ef6997ad8b40baf |
| SHA512 | 17dc3a29415d931267c49654695ffa443a7b24fb50d27a4989687fad8884b1b8e438279b1a0e83f872451c27c8d4dcae1118e77f16bc49346b12d67d5c560640 |
C:\Windows\{E714727A-2982-4ae4-86BC-FC053852EF8A}.exe
| MD5 | 881f0ba88927ee23132b8f6ff4a13242 |
| SHA1 | aa5ef0cff21ba35f248441500962de5cb052ee1c |
| SHA256 | 2dd5bfd5996dac0863a2eddd2b1614cd13c733c404b19f547f5f4af0f08c4cf3 |
| SHA512 | 879f6dcb0e2e873d1d8c6e8361b96d3c8b56fdcb250e69f132ea44b534f5c074587ec05cfd8cd1645279b7df8d33dd7e4c6c294567eadd90a01309218346a13f |
C:\Windows\{B7DDC141-0E8E-4c93-8B68-7CB6DB0BBBAE}.exe
| MD5 | 270ae327d09718b032bdc9ff577802cc |
| SHA1 | cc21feb8e6e089ac6e5b392f4d61b841827524f2 |
| SHA256 | 4664cd3f4381a0aaf29922fa184616788fc2fc8666c33effcd792c992e64b06e |
| SHA512 | cd81847a92ab02e015d90e4e856d6380c06a703bc03a862fabac5532c303ca249eedf92855488bb91d5981adbe2d3f0abddcdec0310f3c224f9213e3fa00b525 |
C:\Windows\{79BED50E-D700-48cb-86FA-B074367F767D}.exe
| MD5 | 06941ebeccc9206b7edc159e3d8d3c96 |
| SHA1 | 44131edaab1b888b2b444b11929d1b41f615e475 |
| SHA256 | 04d81bdda3456d8b46c2d756e5a761ab20784b600688f80cef7d85394cb86aa7 |
| SHA512 | 1e6fe55386af120326c91620b28d01b5f1104b96f3c38b457ff0d7bfb1f5484aeaec39f21c619d08ad31c4fc51b55a02a6f73777d5dc206f6e92569592b9bac9 |