Analysis Overview
SHA256
07490cb10169d4341dce83e183cf3cb2daec726e0c991bcb2c9d959ba3b57615
Threat Level: Known bad
The file 2024-03-02_5563717ece795b8d9bcdf32e23573d0e_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Executes dropped EXE
Deletes itself
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-02 23:26
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-02 23:26
Reported
2024-03-02 23:28
Platform
win7-20240221-en
Max time kernel
144s
Max time network
126s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4ADE3DED-D8B0-48f2-8DA3-1CEAFA088E3B} | C:\Windows\{A845F28C-F7C1-44ed-9F8B-A8959B9D1D2C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A081A041-FB51-4b83-A4F2-DB029A990789}\stubpath = "C:\\Windows\\{A081A041-FB51-4b83-A4F2-DB029A990789}.exe" | C:\Windows\{73BE235A-C140-4c57-82F5-4A2B196B5C95}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D442DA56-6D21-4011-9C2A-9A090EDD21E7} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_5563717ece795b8d9bcdf32e23573d0e_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D7D9C351-A5C8-4e19-A87B-4D6D49A71BAD}\stubpath = "C:\\Windows\\{D7D9C351-A5C8-4e19-A87B-4D6D49A71BAD}.exe" | C:\Windows\{D442DA56-6D21-4011-9C2A-9A090EDD21E7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4ADE3DED-D8B0-48f2-8DA3-1CEAFA088E3B}\stubpath = "C:\\Windows\\{4ADE3DED-D8B0-48f2-8DA3-1CEAFA088E3B}.exe" | C:\Windows\{A845F28C-F7C1-44ed-9F8B-A8959B9D1D2C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{467F62E4-A9F6-4496-8D3A-12761792D9FE} | C:\Windows\{4AE6B544-9626-4129-85B6-66F9CFA910A8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A081A041-FB51-4b83-A4F2-DB029A990789} | C:\Windows\{73BE235A-C140-4c57-82F5-4A2B196B5C95}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4AE6B544-9626-4129-85B6-66F9CFA910A8} | C:\Windows\{4ADE3DED-D8B0-48f2-8DA3-1CEAFA088E3B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{ADC1DFDD-0244-4506-97BB-3F84CE6D3318}\stubpath = "C:\\Windows\\{ADC1DFDD-0244-4506-97BB-3F84CE6D3318}.exe" | C:\Windows\{467F62E4-A9F6-4496-8D3A-12761792D9FE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{433668F4-6242-4c2e-A412-0D1760A89D27}\stubpath = "C:\\Windows\\{433668F4-6242-4c2e-A412-0D1760A89D27}.exe" | C:\Windows\{ADC1DFDD-0244-4506-97BB-3F84CE6D3318}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D442DA56-6D21-4011-9C2A-9A090EDD21E7}\stubpath = "C:\\Windows\\{D442DA56-6D21-4011-9C2A-9A090EDD21E7}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_5563717ece795b8d9bcdf32e23573d0e_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D7D9C351-A5C8-4e19-A87B-4D6D49A71BAD} | C:\Windows\{D442DA56-6D21-4011-9C2A-9A090EDD21E7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A845F28C-F7C1-44ed-9F8B-A8959B9D1D2C} | C:\Windows\{D7D9C351-A5C8-4e19-A87B-4D6D49A71BAD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A845F28C-F7C1-44ed-9F8B-A8959B9D1D2C}\stubpath = "C:\\Windows\\{A845F28C-F7C1-44ed-9F8B-A8959B9D1D2C}.exe" | C:\Windows\{D7D9C351-A5C8-4e19-A87B-4D6D49A71BAD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4AE6B544-9626-4129-85B6-66F9CFA910A8}\stubpath = "C:\\Windows\\{4AE6B544-9626-4129-85B6-66F9CFA910A8}.exe" | C:\Windows\{4ADE3DED-D8B0-48f2-8DA3-1CEAFA088E3B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{467F62E4-A9F6-4496-8D3A-12761792D9FE}\stubpath = "C:\\Windows\\{467F62E4-A9F6-4496-8D3A-12761792D9FE}.exe" | C:\Windows\{4AE6B544-9626-4129-85B6-66F9CFA910A8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{ADC1DFDD-0244-4506-97BB-3F84CE6D3318} | C:\Windows\{467F62E4-A9F6-4496-8D3A-12761792D9FE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{433668F4-6242-4c2e-A412-0D1760A89D27} | C:\Windows\{ADC1DFDD-0244-4506-97BB-3F84CE6D3318}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{73BE235A-C140-4c57-82F5-4A2B196B5C95} | C:\Windows\{433668F4-6242-4c2e-A412-0D1760A89D27}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{73BE235A-C140-4c57-82F5-4A2B196B5C95}\stubpath = "C:\\Windows\\{73BE235A-C140-4c57-82F5-4A2B196B5C95}.exe" | C:\Windows\{433668F4-6242-4c2e-A412-0D1760A89D27}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{D442DA56-6D21-4011-9C2A-9A090EDD21E7}.exe | N/A |
| N/A | N/A | C:\Windows\{D7D9C351-A5C8-4e19-A87B-4D6D49A71BAD}.exe | N/A |
| N/A | N/A | C:\Windows\{A845F28C-F7C1-44ed-9F8B-A8959B9D1D2C}.exe | N/A |
| N/A | N/A | C:\Windows\{4ADE3DED-D8B0-48f2-8DA3-1CEAFA088E3B}.exe | N/A |
| N/A | N/A | C:\Windows\{4AE6B544-9626-4129-85B6-66F9CFA910A8}.exe | N/A |
| N/A | N/A | C:\Windows\{467F62E4-A9F6-4496-8D3A-12761792D9FE}.exe | N/A |
| N/A | N/A | C:\Windows\{ADC1DFDD-0244-4506-97BB-3F84CE6D3318}.exe | N/A |
| N/A | N/A | C:\Windows\{433668F4-6242-4c2e-A412-0D1760A89D27}.exe | N/A |
| N/A | N/A | C:\Windows\{73BE235A-C140-4c57-82F5-4A2B196B5C95}.exe | N/A |
| N/A | N/A | C:\Windows\{A081A041-FB51-4b83-A4F2-DB029A990789}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{A845F28C-F7C1-44ed-9F8B-A8959B9D1D2C}.exe | C:\Windows\{D7D9C351-A5C8-4e19-A87B-4D6D49A71BAD}.exe | N/A |
| File created | C:\Windows\{4ADE3DED-D8B0-48f2-8DA3-1CEAFA088E3B}.exe | C:\Windows\{A845F28C-F7C1-44ed-9F8B-A8959B9D1D2C}.exe | N/A |
| File created | C:\Windows\{ADC1DFDD-0244-4506-97BB-3F84CE6D3318}.exe | C:\Windows\{467F62E4-A9F6-4496-8D3A-12761792D9FE}.exe | N/A |
| File created | C:\Windows\{A081A041-FB51-4b83-A4F2-DB029A990789}.exe | C:\Windows\{73BE235A-C140-4c57-82F5-4A2B196B5C95}.exe | N/A |
| File created | C:\Windows\{D442DA56-6D21-4011-9C2A-9A090EDD21E7}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_5563717ece795b8d9bcdf32e23573d0e_goldeneye.exe | N/A |
| File created | C:\Windows\{D7D9C351-A5C8-4e19-A87B-4D6D49A71BAD}.exe | C:\Windows\{D442DA56-6D21-4011-9C2A-9A090EDD21E7}.exe | N/A |
| File created | C:\Windows\{4AE6B544-9626-4129-85B6-66F9CFA910A8}.exe | C:\Windows\{4ADE3DED-D8B0-48f2-8DA3-1CEAFA088E3B}.exe | N/A |
| File created | C:\Windows\{467F62E4-A9F6-4496-8D3A-12761792D9FE}.exe | C:\Windows\{4AE6B544-9626-4129-85B6-66F9CFA910A8}.exe | N/A |
| File created | C:\Windows\{433668F4-6242-4c2e-A412-0D1760A89D27}.exe | C:\Windows\{ADC1DFDD-0244-4506-97BB-3F84CE6D3318}.exe | N/A |
| File created | C:\Windows\{73BE235A-C140-4c57-82F5-4A2B196B5C95}.exe | C:\Windows\{433668F4-6242-4c2e-A412-0D1760A89D27}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_5563717ece795b8d9bcdf32e23573d0e_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_5563717ece795b8d9bcdf32e23573d0e_goldeneye.exe"
C:\Windows\{D442DA56-6D21-4011-9C2A-9A090EDD21E7}.exe
C:\Windows\{D442DA56-6D21-4011-9C2A-9A090EDD21E7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{D7D9C351-A5C8-4e19-A87B-4D6D49A71BAD}.exe
C:\Windows\{D7D9C351-A5C8-4e19-A87B-4D6D49A71BAD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D442D~1.EXE > nul
C:\Windows\{A845F28C-F7C1-44ed-9F8B-A8959B9D1D2C}.exe
C:\Windows\{A845F28C-F7C1-44ed-9F8B-A8959B9D1D2C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D7D9C~1.EXE > nul
C:\Windows\{4ADE3DED-D8B0-48f2-8DA3-1CEAFA088E3B}.exe
C:\Windows\{4ADE3DED-D8B0-48f2-8DA3-1CEAFA088E3B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A845F~1.EXE > nul
C:\Windows\{4AE6B544-9626-4129-85B6-66F9CFA910A8}.exe
C:\Windows\{4AE6B544-9626-4129-85B6-66F9CFA910A8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4ADE3~1.EXE > nul
C:\Windows\{467F62E4-A9F6-4496-8D3A-12761792D9FE}.exe
C:\Windows\{467F62E4-A9F6-4496-8D3A-12761792D9FE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4AE6B~1.EXE > nul
C:\Windows\{ADC1DFDD-0244-4506-97BB-3F84CE6D3318}.exe
C:\Windows\{ADC1DFDD-0244-4506-97BB-3F84CE6D3318}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{467F6~1.EXE > nul
C:\Windows\{433668F4-6242-4c2e-A412-0D1760A89D27}.exe
C:\Windows\{433668F4-6242-4c2e-A412-0D1760A89D27}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{ADC1D~1.EXE > nul
C:\Windows\{73BE235A-C140-4c57-82F5-4A2B196B5C95}.exe
C:\Windows\{73BE235A-C140-4c57-82F5-4A2B196B5C95}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{43366~1.EXE > nul
C:\Windows\{A081A041-FB51-4b83-A4F2-DB029A990789}.exe
C:\Windows\{A081A041-FB51-4b83-A4F2-DB029A990789}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{73BE2~1.EXE > nul
Network
Files
C:\Windows\{D442DA56-6D21-4011-9C2A-9A090EDD21E7}.exe
| MD5 | 2ce0b4053f2e21485822e3f3b2384418 |
| SHA1 | e5eab5b79aa8aaca244b2ea18cdd2f0bfdf21780 |
| SHA256 | 0f5630f8d3f48aa9a3edb9b2d8151e5717fd3a5337540ee7cac53098dba8acdf |
| SHA512 | 86163ad58b73ba8fbcf7183e87b7d5d02630049a7ee59f0397fa13dc7e418dd1b069aa37ed3ba99080dd1782673fd3b6b6bfd3422fbca92c5fbc28d5a1c08291 |
C:\Windows\{D442DA56-6D21-4011-9C2A-9A090EDD21E7}.exe
| MD5 | dced0a3c1d041f2fcb706e6f962b402a |
| SHA1 | 6797bc1f4a8baed184c85735ddad0a23090eb837 |
| SHA256 | e52366a6556982967a3c8aaf1ded9e8a542cd439cbea425956e1e99cfd6fa3d4 |
| SHA512 | c20acdfff30caecf2b3f36c1b351e1ce1d07772c94c3f9007d6dfce7217d51054af3563cb1d8084456fafc3a47351ccc77fab4e1b697b12813f301ecfafb3544 |
C:\Windows\{D442DA56-6D21-4011-9C2A-9A090EDD21E7}.exe
| MD5 | 07f48b6695face04080bcf29eb53f18d |
| SHA1 | fa23341aa93bbf220603c133cb478ba5585bcffd |
| SHA256 | 14beea22ce46f1c5041f82e3a0f38e47722b2f4dcbcdb2c3a456621ac095c640 |
| SHA512 | 42ffd741bb4f3b3fb944d48fff5ca9f1f805ca9e395dd3528c82c6faacf4f995b7ccc04ad7d6c5fc29aae5624f9a08c4b2ed5ff17d4297cb70a98846cfce0488 |
C:\Windows\{D7D9C351-A5C8-4e19-A87B-4D6D49A71BAD}.exe
| MD5 | 3857a898f9e9e2fc078f13e00414eb2d |
| SHA1 | 0ad990dff042eeb4846367c468036f10ad7e6d3e |
| SHA256 | d58f5cddac02ed231266560fe9b0c14138542184623c61c773be8285328de63a |
| SHA512 | 535f816deec5472cd49ec2da6d0d4bd57cf92d4a6298300af73a645399134f358cd7db1fb2f63193ce1465c041fab0bf2d3047cdc5572108033b37b4dffe7056 |
C:\Windows\{A845F28C-F7C1-44ed-9F8B-A8959B9D1D2C}.exe
| MD5 | 0f736fdecc7a78c09c5767e7dd375d4b |
| SHA1 | c0335e4fe82e3b82989af7ef7b1d0b03e121b472 |
| SHA256 | 6c378c3cf2a88ddceb778fd1b645ebdfdb18775fc1429ba40e09c00ca54ae844 |
| SHA512 | 9d463dc532374c629e954f84b1b76fb570046f966821fcd3ccacf48ec4bb6bc8acab2ef80d3b3e20451001002738a3b7ed6194c4db847d3840d3234bd81e82db |
C:\Windows\{4ADE3DED-D8B0-48f2-8DA3-1CEAFA088E3B}.exe
| MD5 | f0c49411699a6322532563223601d959 |
| SHA1 | 1a2e2e57808141909bbe3157a4f48a7ab31d78c1 |
| SHA256 | 4aad20ac973aad8128a05439926c7f446e6e5744594a349d47bb851daa472e28 |
| SHA512 | f45d98e1fcd2ba4fffb16ad03a1f0a2ba7cce3c8a24b1920843d08a606c791cd80e4567ff94fd88a7348a3b18a94f26c8cef7ad9be4b388e72d9eadd5b44041d |
C:\Windows\{4AE6B544-9626-4129-85B6-66F9CFA910A8}.exe
| MD5 | dd4645c9aeb2b0966587bdb8f27f5646 |
| SHA1 | 4fc98d2eb8850f3707816927c8826275eaebe184 |
| SHA256 | f95a4b55b4aa6eddceeb58b5efb9412ca223aa4b89105a46000d7f3192031302 |
| SHA512 | 19d1815041ea4d2d98b8f30572c8ea7f3ba3c6deb300eaf34147a1a19336b2add464d11d06b5317ca687928b9a56a9a660d49d1d4d5db9ee1a94cb8f604bc3d4 |
C:\Windows\{467F62E4-A9F6-4496-8D3A-12761792D9FE}.exe
| MD5 | 8b8e854f32b8d27f81972379dda156dc |
| SHA1 | 250a2d041b6ddf6e1716b96ed36f111a454fe028 |
| SHA256 | b6903abd071477d67f89a97e7520cbdae6c5127a92863c3df1c0dd243c3d58e4 |
| SHA512 | 165f3a87f2eef26837201f719d8585772f6e7151cbd59db5f3f6bfbac7a03efa1ce75c437bd98991a4b8eb1822bb1a707982fde8034eacd7b49d2ea399f873a4 |
C:\Windows\{ADC1DFDD-0244-4506-97BB-3F84CE6D3318}.exe
| MD5 | 98063389c3f8bd8f2f95c1d313b0e7f3 |
| SHA1 | fa28e9808d48b2b26d91ee2eac369d0d2aaeee6f |
| SHA256 | b0098d332c4c5bb6adae0b3bc8ead451bbf49035c417b1aced56e4299e6dd120 |
| SHA512 | 20d3430e54a5138b1479f24ee9b82437b4493f6c0f85c1f552c36829f5d808e1abc53f64afda44da24b7828c0da8a95539808aa425a1f6a793c104cf36d02bca |
C:\Windows\{433668F4-6242-4c2e-A412-0D1760A89D27}.exe
| MD5 | 6e8d91f8ec471520e97c8fca40c26afa |
| SHA1 | e0c94df57408cf42667c5f1c5814138de90f2386 |
| SHA256 | d59ad072aab0e1bb5a539f540dbf2838b76086784dc5936859cdbec33cce83ea |
| SHA512 | 712fa21dbb9b5f4957b00fba12689fad495d5aba1a6bf93d20cb40405916eee27d8ccc74c30e27b9257043bf13ee5f4f121426b3cf1b1408b8454ab0c122960e |
C:\Windows\{73BE235A-C140-4c57-82F5-4A2B196B5C95}.exe
| MD5 | 8a8a9e54ab5f3e9ef5e571e3697d2450 |
| SHA1 | b41ecbd632760f9a88cae67941c8718e4b5f06fb |
| SHA256 | 5d54f9f7df2225f2502013e11e5f6c99ea8471a6bec9938db8c8a691b39d19b1 |
| SHA512 | 7af4510303f4f9b954ac27623e02968106769d004c98484612b122a35defb464b44bd03d81e8e5a0e36d01abce5dbeb8d12d571a4412b5bdf65d8bbd672b05a3 |
C:\Windows\{A081A041-FB51-4b83-A4F2-DB029A990789}.exe
| MD5 | 934822e66a124a591ef45fbc90a70da0 |
| SHA1 | b0e6ed8f13f9eebb72b901566710eb463f35d3dc |
| SHA256 | 065e9a0767f62e53846da57f017aff07b4ed58b78755dc61c466c4c7550b3940 |
| SHA512 | e5f8965202a65f3892e4872f480d08f136c16ec79f618fca5259ffcfe0a0533c5a34c4e1d96b415208b0fde7ae657754bfe51604816be4e34dbb366c158194d3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-02 23:26
Reported
2024-03-02 23:29
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
156s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B4D81ACD-DC42-49bb-9146-35E13A5AB7C5} | C:\Windows\{522C254F-592F-4129-836C-CD7F331029B6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8CB5A265-6D71-4ddd-BE2F-A6FA3C12FD62}\stubpath = "C:\\Windows\\{8CB5A265-6D71-4ddd-BE2F-A6FA3C12FD62}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_5563717ece795b8d9bcdf32e23573d0e_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D5EA819D-A84E-4dd3-80E8-1CD9B83DD1A8} | C:\Windows\{E1DA00B8-5DCB-4fe4-BAEC-59842DAAAD02}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{290E7FFA-9EDD-4d68-80DE-E574B5267DDA}\stubpath = "C:\\Windows\\{290E7FFA-9EDD-4d68-80DE-E574B5267DDA}.exe" | C:\Windows\{D5EA819D-A84E-4dd3-80E8-1CD9B83DD1A8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{05D8EDEB-0AEC-43ea-9027-4613FF1458A2}\stubpath = "C:\\Windows\\{05D8EDEB-0AEC-43ea-9027-4613FF1458A2}.exe" | C:\Windows\{290E7FFA-9EDD-4d68-80DE-E574B5267DDA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{522C254F-592F-4129-836C-CD7F331029B6} | C:\Windows\{64B36113-3956-4e8a-AB00-6E5E880DE7D5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{522C254F-592F-4129-836C-CD7F331029B6}\stubpath = "C:\\Windows\\{522C254F-592F-4129-836C-CD7F331029B6}.exe" | C:\Windows\{64B36113-3956-4e8a-AB00-6E5E880DE7D5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{64B36113-3956-4e8a-AB00-6E5E880DE7D5} | C:\Windows\{57276813-B02B-47df-9D70-1E3C0B09D1DE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8CB5A265-6D71-4ddd-BE2F-A6FA3C12FD62} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_5563717ece795b8d9bcdf32e23573d0e_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E1DA00B8-5DCB-4fe4-BAEC-59842DAAAD02}\stubpath = "C:\\Windows\\{E1DA00B8-5DCB-4fe4-BAEC-59842DAAAD02}.exe" | C:\Windows\{E6122B18-6B08-4ea9-8089-6B830B04D3E4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{290E7FFA-9EDD-4d68-80DE-E574B5267DDA} | C:\Windows\{D5EA819D-A84E-4dd3-80E8-1CD9B83DD1A8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{05D8EDEB-0AEC-43ea-9027-4613FF1458A2} | C:\Windows\{290E7FFA-9EDD-4d68-80DE-E574B5267DDA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{57276813-B02B-47df-9D70-1E3C0B09D1DE} | C:\Windows\{9D190816-1739-44f8-AE4E-86F59A3B8F8D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{57276813-B02B-47df-9D70-1E3C0B09D1DE}\stubpath = "C:\\Windows\\{57276813-B02B-47df-9D70-1E3C0B09D1DE}.exe" | C:\Windows\{9D190816-1739-44f8-AE4E-86F59A3B8F8D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9A28CDB9-93CA-4b3f-A6AA-C3B4FAE447F4} | C:\Windows\{8CB5A265-6D71-4ddd-BE2F-A6FA3C12FD62}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9D190816-1739-44f8-AE4E-86F59A3B8F8D}\stubpath = "C:\\Windows\\{9D190816-1739-44f8-AE4E-86F59A3B8F8D}.exe" | C:\Windows\{05D8EDEB-0AEC-43ea-9027-4613FF1458A2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{64B36113-3956-4e8a-AB00-6E5E880DE7D5}\stubpath = "C:\\Windows\\{64B36113-3956-4e8a-AB00-6E5E880DE7D5}.exe" | C:\Windows\{57276813-B02B-47df-9D70-1E3C0B09D1DE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B4D81ACD-DC42-49bb-9146-35E13A5AB7C5}\stubpath = "C:\\Windows\\{B4D81ACD-DC42-49bb-9146-35E13A5AB7C5}.exe" | C:\Windows\{522C254F-592F-4129-836C-CD7F331029B6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9A28CDB9-93CA-4b3f-A6AA-C3B4FAE447F4}\stubpath = "C:\\Windows\\{9A28CDB9-93CA-4b3f-A6AA-C3B4FAE447F4}.exe" | C:\Windows\{8CB5A265-6D71-4ddd-BE2F-A6FA3C12FD62}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E6122B18-6B08-4ea9-8089-6B830B04D3E4} | C:\Windows\{9A28CDB9-93CA-4b3f-A6AA-C3B4FAE447F4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E6122B18-6B08-4ea9-8089-6B830B04D3E4}\stubpath = "C:\\Windows\\{E6122B18-6B08-4ea9-8089-6B830B04D3E4}.exe" | C:\Windows\{9A28CDB9-93CA-4b3f-A6AA-C3B4FAE447F4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E1DA00B8-5DCB-4fe4-BAEC-59842DAAAD02} | C:\Windows\{E6122B18-6B08-4ea9-8089-6B830B04D3E4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D5EA819D-A84E-4dd3-80E8-1CD9B83DD1A8}\stubpath = "C:\\Windows\\{D5EA819D-A84E-4dd3-80E8-1CD9B83DD1A8}.exe" | C:\Windows\{E1DA00B8-5DCB-4fe4-BAEC-59842DAAAD02}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9D190816-1739-44f8-AE4E-86F59A3B8F8D} | C:\Windows\{05D8EDEB-0AEC-43ea-9027-4613FF1458A2}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{8CB5A265-6D71-4ddd-BE2F-A6FA3C12FD62}.exe | N/A |
| N/A | N/A | C:\Windows\{9A28CDB9-93CA-4b3f-A6AA-C3B4FAE447F4}.exe | N/A |
| N/A | N/A | C:\Windows\{E6122B18-6B08-4ea9-8089-6B830B04D3E4}.exe | N/A |
| N/A | N/A | C:\Windows\{E1DA00B8-5DCB-4fe4-BAEC-59842DAAAD02}.exe | N/A |
| N/A | N/A | C:\Windows\{D5EA819D-A84E-4dd3-80E8-1CD9B83DD1A8}.exe | N/A |
| N/A | N/A | C:\Windows\{290E7FFA-9EDD-4d68-80DE-E574B5267DDA}.exe | N/A |
| N/A | N/A | C:\Windows\{05D8EDEB-0AEC-43ea-9027-4613FF1458A2}.exe | N/A |
| N/A | N/A | C:\Windows\{9D190816-1739-44f8-AE4E-86F59A3B8F8D}.exe | N/A |
| N/A | N/A | C:\Windows\{57276813-B02B-47df-9D70-1E3C0B09D1DE}.exe | N/A |
| N/A | N/A | C:\Windows\{64B36113-3956-4e8a-AB00-6E5E880DE7D5}.exe | N/A |
| N/A | N/A | C:\Windows\{522C254F-592F-4129-836C-CD7F331029B6}.exe | N/A |
| N/A | N/A | C:\Windows\{B4D81ACD-DC42-49bb-9146-35E13A5AB7C5}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{290E7FFA-9EDD-4d68-80DE-E574B5267DDA}.exe | C:\Windows\{D5EA819D-A84E-4dd3-80E8-1CD9B83DD1A8}.exe | N/A |
| File created | C:\Windows\{05D8EDEB-0AEC-43ea-9027-4613FF1458A2}.exe | C:\Windows\{290E7FFA-9EDD-4d68-80DE-E574B5267DDA}.exe | N/A |
| File created | C:\Windows\{9D190816-1739-44f8-AE4E-86F59A3B8F8D}.exe | C:\Windows\{05D8EDEB-0AEC-43ea-9027-4613FF1458A2}.exe | N/A |
| File created | C:\Windows\{57276813-B02B-47df-9D70-1E3C0B09D1DE}.exe | C:\Windows\{9D190816-1739-44f8-AE4E-86F59A3B8F8D}.exe | N/A |
| File created | C:\Windows\{522C254F-592F-4129-836C-CD7F331029B6}.exe | C:\Windows\{64B36113-3956-4e8a-AB00-6E5E880DE7D5}.exe | N/A |
| File created | C:\Windows\{E6122B18-6B08-4ea9-8089-6B830B04D3E4}.exe | C:\Windows\{9A28CDB9-93CA-4b3f-A6AA-C3B4FAE447F4}.exe | N/A |
| File created | C:\Windows\{D5EA819D-A84E-4dd3-80E8-1CD9B83DD1A8}.exe | C:\Windows\{E1DA00B8-5DCB-4fe4-BAEC-59842DAAAD02}.exe | N/A |
| File created | C:\Windows\{E1DA00B8-5DCB-4fe4-BAEC-59842DAAAD02}.exe | C:\Windows\{E6122B18-6B08-4ea9-8089-6B830B04D3E4}.exe | N/A |
| File created | C:\Windows\{64B36113-3956-4e8a-AB00-6E5E880DE7D5}.exe | C:\Windows\{57276813-B02B-47df-9D70-1E3C0B09D1DE}.exe | N/A |
| File created | C:\Windows\{B4D81ACD-DC42-49bb-9146-35E13A5AB7C5}.exe | C:\Windows\{522C254F-592F-4129-836C-CD7F331029B6}.exe | N/A |
| File created | C:\Windows\{8CB5A265-6D71-4ddd-BE2F-A6FA3C12FD62}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_5563717ece795b8d9bcdf32e23573d0e_goldeneye.exe | N/A |
| File created | C:\Windows\{9A28CDB9-93CA-4b3f-A6AA-C3B4FAE447F4}.exe | C:\Windows\{8CB5A265-6D71-4ddd-BE2F-A6FA3C12FD62}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_5563717ece795b8d9bcdf32e23573d0e_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_5563717ece795b8d9bcdf32e23573d0e_goldeneye.exe"
C:\Windows\{8CB5A265-6D71-4ddd-BE2F-A6FA3C12FD62}.exe
C:\Windows\{8CB5A265-6D71-4ddd-BE2F-A6FA3C12FD62}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{9A28CDB9-93CA-4b3f-A6AA-C3B4FAE447F4}.exe
C:\Windows\{9A28CDB9-93CA-4b3f-A6AA-C3B4FAE447F4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8CB5A~1.EXE > nul
C:\Windows\{E6122B18-6B08-4ea9-8089-6B830B04D3E4}.exe
C:\Windows\{E6122B18-6B08-4ea9-8089-6B830B04D3E4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9A28C~1.EXE > nul
C:\Windows\{E1DA00B8-5DCB-4fe4-BAEC-59842DAAAD02}.exe
C:\Windows\{E1DA00B8-5DCB-4fe4-BAEC-59842DAAAD02}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E6122~1.EXE > nul
C:\Windows\{D5EA819D-A84E-4dd3-80E8-1CD9B83DD1A8}.exe
C:\Windows\{D5EA819D-A84E-4dd3-80E8-1CD9B83DD1A8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E1DA0~1.EXE > nul
C:\Windows\{290E7FFA-9EDD-4d68-80DE-E574B5267DDA}.exe
C:\Windows\{290E7FFA-9EDD-4d68-80DE-E574B5267DDA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D5EA8~1.EXE > nul
C:\Windows\{05D8EDEB-0AEC-43ea-9027-4613FF1458A2}.exe
C:\Windows\{05D8EDEB-0AEC-43ea-9027-4613FF1458A2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{290E7~1.EXE > nul
C:\Windows\{9D190816-1739-44f8-AE4E-86F59A3B8F8D}.exe
C:\Windows\{9D190816-1739-44f8-AE4E-86F59A3B8F8D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{05D8E~1.EXE > nul
C:\Windows\{57276813-B02B-47df-9D70-1E3C0B09D1DE}.exe
C:\Windows\{57276813-B02B-47df-9D70-1E3C0B09D1DE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9D190~1.EXE > nul
C:\Windows\{64B36113-3956-4e8a-AB00-6E5E880DE7D5}.exe
C:\Windows\{64B36113-3956-4e8a-AB00-6E5E880DE7D5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{57276~1.EXE > nul
C:\Windows\{522C254F-592F-4129-836C-CD7F331029B6}.exe
C:\Windows\{522C254F-592F-4129-836C-CD7F331029B6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{64B36~1.EXE > nul
C:\Windows\{B4D81ACD-DC42-49bb-9146-35E13A5AB7C5}.exe
C:\Windows\{B4D81ACD-DC42-49bb-9146-35E13A5AB7C5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{522C2~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.178.89.13.in-addr.arpa | udp |
Files
C:\Windows\{8CB5A265-6D71-4ddd-BE2F-A6FA3C12FD62}.exe
| MD5 | 88c3aa68b4031353e129ce9e90e1a94d |
| SHA1 | 8769d549c9bc14c8f76e046f34fcac0ca5242752 |
| SHA256 | 4b2c5de39470eda9515877df37182c8c64132ce5f64ff2d87b7b0945534c768c |
| SHA512 | 94c2d76c18e6bcab1047522713de8d4b741f53ab4f3a169b552a0c0cb1fbbdd8c3072dcbaf437f0acabaedbf81a3428c48d8824bf89ea6395dd6e3c18b5e6e9a |
C:\Windows\{9A28CDB9-93CA-4b3f-A6AA-C3B4FAE447F4}.exe
| MD5 | 82c81495e641c9fad127da3cd37d0a44 |
| SHA1 | 924763ecfe7e72c21cfaba9088ce45433b669552 |
| SHA256 | 5906c179ff4f4de9e91641882557a279970507b0c4cd4a0abd9dad254a69b368 |
| SHA512 | 4fee49e4c9b4f5a045c215460e2ff0c6f0f72cea46762d28022ae001c22cd51a7606657a824798b36b84ed435a2607fffb41317a9450a6372776166e79c40b0f |
C:\Windows\{E6122B18-6B08-4ea9-8089-6B830B04D3E4}.exe
| MD5 | 4b3f5bac184ac4e52b95d460558c9919 |
| SHA1 | d497b693626ac0a52da006d8b1c78b23ff5af5d8 |
| SHA256 | e25a11dcbce071042321e254567d08cca4e66badf3c1a5626d2ac8e50f7476d0 |
| SHA512 | 8e464b398a604ac4e1156dd338a64b8d463eb335602856865de2ee030dc184be6d7f11b2fa1c99d64211d84711c5920b643d7f11c5ccc979817437720bb30614 |
C:\Windows\{E1DA00B8-5DCB-4fe4-BAEC-59842DAAAD02}.exe
| MD5 | e4e8c89d5655bd7d88394763da5ff80b |
| SHA1 | 14b59f875f127baaf02750086cf6cd1447f57fb8 |
| SHA256 | 41c50025da9bed2b151b43e906b562a8273053c55be0dce666611ec487d4c8cd |
| SHA512 | aae27ac6be5476086d17517667e79e8e01665e3e10fee85b5574831a749c693f3c517909beab04ff1a38dd93adb3f68b4e0a991e434d6fdbf2b6c6484c58af6d |
C:\Windows\{D5EA819D-A84E-4dd3-80E8-1CD9B83DD1A8}.exe
| MD5 | bd778c51783d35b41bc0470da5d6f382 |
| SHA1 | a5496d6c5657df05c346f0a0bce9b57b8e0a0cd4 |
| SHA256 | 9e8b6cfc138f98d63d22152d6368c88b83cf2c2a4967084fb32594b401d36277 |
| SHA512 | 7a549692c124eae2c6303196fe9e9b37c49ee9a38196f43f309186197ec142430eaff77c6822949675b23e75d8cf36bac531039c72e27c49ed8d8acc47487999 |
C:\Windows\{290E7FFA-9EDD-4d68-80DE-E574B5267DDA}.exe
| MD5 | 70da9901c64d8ba8fb67c90e22945be6 |
| SHA1 | c311cf5106f104d8632c43f102e81eca2590e438 |
| SHA256 | fdfca74e5ecf0b2d5f2bae3ca266c9a3689ee51b4ce79bf937490d4b4caf1e11 |
| SHA512 | 5e2836a7d1bc5b44facfbec962f8d298e27f646acf4c4d5c820e379d5a5a788fce9dac8a805cd9bdb804ca7e55f0e59dbff213b1b7d8140d17122df6253c0a79 |
C:\Windows\{05D8EDEB-0AEC-43ea-9027-4613FF1458A2}.exe
| MD5 | 2e5e3f3c3f6d71e91da127674915dfe9 |
| SHA1 | d8481b00d37aaa7e93232257a05424315a28dfd6 |
| SHA256 | 05b09472fdc47bd524966c4550f86ebf589eceb9ce9e091c3ac2f21466a754ca |
| SHA512 | 16978dbe3b750bd82587130628ada86c16d874841894e2a07bfe82c00f3fe01ab5d0cb24540e88009d75c7f6c3749ba7f151e0720ea7d29c1a832c8ee19f9de8 |
C:\Windows\{9D190816-1739-44f8-AE4E-86F59A3B8F8D}.exe
| MD5 | ed7a3d9d8fe69854cef4af9c7277f27d |
| SHA1 | e0482173c75e0114303a1a4ebeb6c5cc82271cfb |
| SHA256 | 63592201ef6812b455619dd1446046e1bd83884c63699e1d2ed5eb4ea346d63e |
| SHA512 | 8c377a1bc8c517f01069b5097031b870fa1b2a0be63853a4173cf249cae41f4c8ba64d6de718930d259292e4472645269806d53e49300354a1a49b0b9a91482f |
C:\Windows\{57276813-B02B-47df-9D70-1E3C0B09D1DE}.exe
| MD5 | 258c6feca60378dff101bf334e0e79db |
| SHA1 | e9685928d6793a2b51aea7e8b4a6ef82c384ccb3 |
| SHA256 | 23e9c4b2da06223038654051030ecef1e9c918e81f7870958ed27c5261727200 |
| SHA512 | 4dcc672908af334c3502a4894ac9ba635d899e1e214036002f0237dbd6dba82acc2ab10091613aa127f82ab1c13db8031e183bf260de51cd0fb047347dd78467 |
C:\Windows\{64B36113-3956-4e8a-AB00-6E5E880DE7D5}.exe
| MD5 | 978b09c9cfd75b3d843f0db0a6eed64d |
| SHA1 | 53c64c22a5b5438562849063ae7b2ea30c8b13a2 |
| SHA256 | 96debc6763779e15f7bd0d1e16d17025d0d5f62aee7047e2441712d708c543d5 |
| SHA512 | beed3dd52ad4f4aea445ffe12af09aa5e465868164a3d486368604be40e491d6751c87d8f5c0608ab33f0f4cabf8dfb17b2ed988efaf620d0d0e2d0744a34bd3 |
C:\Windows\{522C254F-592F-4129-836C-CD7F331029B6}.exe
| MD5 | 122bcc6a1b6213c5febcd55e32782ec8 |
| SHA1 | 2c18d4dde1a1077c0036ccd038b55a34fad9250b |
| SHA256 | f06ccb1a4a5fcb55e9ff90233c055789eda94eb7135b7b4675152274519099b6 |
| SHA512 | 0978dc7f4552696b1782ca9415d18f00d39430dea3ef8802e8dd01cc729e0006241ccdc119146af24990e9f0103a5b5046267842767b0c861a274a1fa20958c8 |
C:\Windows\{B4D81ACD-DC42-49bb-9146-35E13A5AB7C5}.exe
| MD5 | b0fd514bc925b3f07bd1ebfa63c05f63 |
| SHA1 | 1688ca90f0054392b0062f1e4e858994925d1869 |
| SHA256 | 638bf0a421389d67e06bca1f04043fea861f172e3fbb2159cb813f0d1898c17e |
| SHA512 | 6cc8ddbee6395980a662042167d142e1da902fa6aa14de01cdacd7228b17db49841b1aaf4e7a583c80a868d9aa8cbf912b1366c3ef9291a56cc1696a7c026525 |