Analysis Overview
SHA256
f50bfdcc2f255991febeeeccd6d84b7c1c09dd9c99f2c3d0b288fdfcb12840c5
Threat Level: Known bad
The file 2024-03-02_1b79f7a7b43252a50deeee1b37920bc6_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-02 16:33
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-02 16:33
Reported
2024-03-02 16:36
Platform
win7-20240221-en
Max time kernel
144s
Max time network
126s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D5598CEB-C6DF-433a-937E-4E31CB358AD8} | C:\Windows\{D40ED85B-99DF-418e-8F6E-FD1066F6A1FA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{372C5E36-A21F-401d-ABC9-C9A3CB892D44} | C:\Windows\{DA954FBD-7CD3-42e0-B684-26CA2184E798}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E46435EA-2DE1-4bb2-AD2F-DA4570EDCE7A}\stubpath = "C:\\Windows\\{E46435EA-2DE1-4bb2-AD2F-DA4570EDCE7A}.exe" | C:\Windows\{372C5E36-A21F-401d-ABC9-C9A3CB892D44}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1876614C-7669-4144-A331-81E143FB8CB7}\stubpath = "C:\\Windows\\{1876614C-7669-4144-A331-81E143FB8CB7}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_1b79f7a7b43252a50deeee1b37920bc6_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D40ED85B-99DF-418e-8F6E-FD1066F6A1FA} | C:\Windows\{1876614C-7669-4144-A331-81E143FB8CB7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AAED611D-5084-417d-8664-AFFFB6E502AF} | C:\Windows\{D5598CEB-C6DF-433a-937E-4E31CB358AD8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F024A393-9B71-4bf1-8E82-79D123AE1293}\stubpath = "C:\\Windows\\{F024A393-9B71-4bf1-8E82-79D123AE1293}.exe" | C:\Windows\{AAED611D-5084-417d-8664-AFFFB6E502AF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AEAC342A-6C1A-4a81-B2C8-B8E2B9F91911}\stubpath = "C:\\Windows\\{AEAC342A-6C1A-4a81-B2C8-B8E2B9F91911}.exe" | C:\Windows\{F024A393-9B71-4bf1-8E82-79D123AE1293}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{DA954FBD-7CD3-42e0-B684-26CA2184E798} | C:\Windows\{EA7DF3CB-63E6-47cf-887B-CD0B843E97BF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{DA954FBD-7CD3-42e0-B684-26CA2184E798}\stubpath = "C:\\Windows\\{DA954FBD-7CD3-42e0-B684-26CA2184E798}.exe" | C:\Windows\{EA7DF3CB-63E6-47cf-887B-CD0B843E97BF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{372C5E36-A21F-401d-ABC9-C9A3CB892D44}\stubpath = "C:\\Windows\\{372C5E36-A21F-401d-ABC9-C9A3CB892D44}.exe" | C:\Windows\{DA954FBD-7CD3-42e0-B684-26CA2184E798}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D5598CEB-C6DF-433a-937E-4E31CB358AD8}\stubpath = "C:\\Windows\\{D5598CEB-C6DF-433a-937E-4E31CB358AD8}.exe" | C:\Windows\{D40ED85B-99DF-418e-8F6E-FD1066F6A1FA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AAED611D-5084-417d-8664-AFFFB6E502AF}\stubpath = "C:\\Windows\\{AAED611D-5084-417d-8664-AFFFB6E502AF}.exe" | C:\Windows\{D5598CEB-C6DF-433a-937E-4E31CB358AD8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F024A393-9B71-4bf1-8E82-79D123AE1293} | C:\Windows\{AAED611D-5084-417d-8664-AFFFB6E502AF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AEAC342A-6C1A-4a81-B2C8-B8E2B9F91911} | C:\Windows\{F024A393-9B71-4bf1-8E82-79D123AE1293}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EA7DF3CB-63E6-47cf-887B-CD0B843E97BF}\stubpath = "C:\\Windows\\{EA7DF3CB-63E6-47cf-887B-CD0B843E97BF}.exe" | C:\Windows\{AEAC342A-6C1A-4a81-B2C8-B8E2B9F91911}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1876614C-7669-4144-A331-81E143FB8CB7} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_1b79f7a7b43252a50deeee1b37920bc6_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D40ED85B-99DF-418e-8F6E-FD1066F6A1FA}\stubpath = "C:\\Windows\\{D40ED85B-99DF-418e-8F6E-FD1066F6A1FA}.exe" | C:\Windows\{1876614C-7669-4144-A331-81E143FB8CB7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EA7DF3CB-63E6-47cf-887B-CD0B843E97BF} | C:\Windows\{AEAC342A-6C1A-4a81-B2C8-B8E2B9F91911}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E46435EA-2DE1-4bb2-AD2F-DA4570EDCE7A} | C:\Windows\{372C5E36-A21F-401d-ABC9-C9A3CB892D44}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{1876614C-7669-4144-A331-81E143FB8CB7}.exe | N/A |
| N/A | N/A | C:\Windows\{D40ED85B-99DF-418e-8F6E-FD1066F6A1FA}.exe | N/A |
| N/A | N/A | C:\Windows\{D5598CEB-C6DF-433a-937E-4E31CB358AD8}.exe | N/A |
| N/A | N/A | C:\Windows\{AAED611D-5084-417d-8664-AFFFB6E502AF}.exe | N/A |
| N/A | N/A | C:\Windows\{F024A393-9B71-4bf1-8E82-79D123AE1293}.exe | N/A |
| N/A | N/A | C:\Windows\{AEAC342A-6C1A-4a81-B2C8-B8E2B9F91911}.exe | N/A |
| N/A | N/A | C:\Windows\{EA7DF3CB-63E6-47cf-887B-CD0B843E97BF}.exe | N/A |
| N/A | N/A | C:\Windows\{DA954FBD-7CD3-42e0-B684-26CA2184E798}.exe | N/A |
| N/A | N/A | C:\Windows\{372C5E36-A21F-401d-ABC9-C9A3CB892D44}.exe | N/A |
| N/A | N/A | C:\Windows\{E46435EA-2DE1-4bb2-AD2F-DA4570EDCE7A}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{DA954FBD-7CD3-42e0-B684-26CA2184E798}.exe | C:\Windows\{EA7DF3CB-63E6-47cf-887B-CD0B843E97BF}.exe | N/A |
| File created | C:\Windows\{372C5E36-A21F-401d-ABC9-C9A3CB892D44}.exe | C:\Windows\{DA954FBD-7CD3-42e0-B684-26CA2184E798}.exe | N/A |
| File created | C:\Windows\{D40ED85B-99DF-418e-8F6E-FD1066F6A1FA}.exe | C:\Windows\{1876614C-7669-4144-A331-81E143FB8CB7}.exe | N/A |
| File created | C:\Windows\{D5598CEB-C6DF-433a-937E-4E31CB358AD8}.exe | C:\Windows\{D40ED85B-99DF-418e-8F6E-FD1066F6A1FA}.exe | N/A |
| File created | C:\Windows\{AAED611D-5084-417d-8664-AFFFB6E502AF}.exe | C:\Windows\{D5598CEB-C6DF-433a-937E-4E31CB358AD8}.exe | N/A |
| File created | C:\Windows\{AEAC342A-6C1A-4a81-B2C8-B8E2B9F91911}.exe | C:\Windows\{F024A393-9B71-4bf1-8E82-79D123AE1293}.exe | N/A |
| File created | C:\Windows\{EA7DF3CB-63E6-47cf-887B-CD0B843E97BF}.exe | C:\Windows\{AEAC342A-6C1A-4a81-B2C8-B8E2B9F91911}.exe | N/A |
| File created | C:\Windows\{1876614C-7669-4144-A331-81E143FB8CB7}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_1b79f7a7b43252a50deeee1b37920bc6_goldeneye.exe | N/A |
| File created | C:\Windows\{F024A393-9B71-4bf1-8E82-79D123AE1293}.exe | C:\Windows\{AAED611D-5084-417d-8664-AFFFB6E502AF}.exe | N/A |
| File created | C:\Windows\{E46435EA-2DE1-4bb2-AD2F-DA4570EDCE7A}.exe | C:\Windows\{372C5E36-A21F-401d-ABC9-C9A3CB892D44}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_1b79f7a7b43252a50deeee1b37920bc6_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_1b79f7a7b43252a50deeee1b37920bc6_goldeneye.exe"
C:\Windows\{1876614C-7669-4144-A331-81E143FB8CB7}.exe
C:\Windows\{1876614C-7669-4144-A331-81E143FB8CB7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{D40ED85B-99DF-418e-8F6E-FD1066F6A1FA}.exe
C:\Windows\{D40ED85B-99DF-418e-8F6E-FD1066F6A1FA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{18766~1.EXE > nul
C:\Windows\{D5598CEB-C6DF-433a-937E-4E31CB358AD8}.exe
C:\Windows\{D5598CEB-C6DF-433a-937E-4E31CB358AD8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D40ED~1.EXE > nul
C:\Windows\{AAED611D-5084-417d-8664-AFFFB6E502AF}.exe
C:\Windows\{AAED611D-5084-417d-8664-AFFFB6E502AF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D5598~1.EXE > nul
C:\Windows\{F024A393-9B71-4bf1-8E82-79D123AE1293}.exe
C:\Windows\{F024A393-9B71-4bf1-8E82-79D123AE1293}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{AAED6~1.EXE > nul
C:\Windows\{AEAC342A-6C1A-4a81-B2C8-B8E2B9F91911}.exe
C:\Windows\{AEAC342A-6C1A-4a81-B2C8-B8E2B9F91911}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F024A~1.EXE > nul
C:\Windows\{EA7DF3CB-63E6-47cf-887B-CD0B843E97BF}.exe
C:\Windows\{EA7DF3CB-63E6-47cf-887B-CD0B843E97BF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{AEAC3~1.EXE > nul
C:\Windows\{DA954FBD-7CD3-42e0-B684-26CA2184E798}.exe
C:\Windows\{DA954FBD-7CD3-42e0-B684-26CA2184E798}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EA7DF~1.EXE > nul
C:\Windows\{372C5E36-A21F-401d-ABC9-C9A3CB892D44}.exe
C:\Windows\{372C5E36-A21F-401d-ABC9-C9A3CB892D44}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{DA954~1.EXE > nul
C:\Windows\{E46435EA-2DE1-4bb2-AD2F-DA4570EDCE7A}.exe
C:\Windows\{E46435EA-2DE1-4bb2-AD2F-DA4570EDCE7A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{372C5~1.EXE > nul
Network
Files
C:\Windows\{1876614C-7669-4144-A331-81E143FB8CB7}.exe
| MD5 | 49dfb7e96385145f6e1e447582806c08 |
| SHA1 | 219aab2ac1b5ca966f6b03ffe6a839dbb9fee0a0 |
| SHA256 | fb2946cd7fa9b8d72ed2c7a1431efbc185f9c71c544835a01392f778523b5ffd |
| SHA512 | 1c329ddb2c9dddde1ea6166cd830cee6ac5e660451f5753f7270604d72f3be14c020448d775d9353adb5951f605f70efeeadeaf4e12be29e2ed3a77a371476ea |
C:\Windows\{D40ED85B-99DF-418e-8F6E-FD1066F6A1FA}.exe
| MD5 | f6f8d2511aee421c8685fbe3ce24359d |
| SHA1 | 7beb9417f11423f25d4f911ebe769c7efd3958c0 |
| SHA256 | 58aaeeb46791d8bdf3688b8ac92fd0a5abed6c38ebe6336a023fedcee9f0ac8c |
| SHA512 | fa67a703000f6c2dc89da4e9a9442a3e8fefd5e2079934ba15b5e781a71a0166112f5baf9f631592d71a8cdca1b5165e73df80baa495581189685fa18ce2e842 |
C:\Windows\{D5598CEB-C6DF-433a-937E-4E31CB358AD8}.exe
| MD5 | fe002134e4747e06d5ab3e884154fc39 |
| SHA1 | d560c23c7c45a3e4f9821ae96ebad1f1ce9a352a |
| SHA256 | 0c322116fd015e5c3573d7ee054557b7533dcd91d610f406b4af310eace8e2f0 |
| SHA512 | e3482f5e0557a729222bca5e8b57668267afa28d6e2a596cedbd33e9aea9c2ac187b3111f65ec60629cd8f26e6f1fa66bf06a8d8a5f1b8bc39b9fb56e859c603 |
C:\Windows\{AAED611D-5084-417d-8664-AFFFB6E502AF}.exe
| MD5 | d3294ac02cb45d61b0302912bcc27ed8 |
| SHA1 | f7c1af37f4dd27ca2790a4c3758af518feca145f |
| SHA256 | d080182dd80ad639a86ba945f545ad6a4ac52c234087a12ce0b92e1f659ab812 |
| SHA512 | db5f85c05785c6147016b71a51d6af8f0efe99dc372d0dbfb51a0ddcbd3075adee71feae7dec2fa582022c54a1a7393d95e48f5aa6f9c823791b3a7132139be1 |
C:\Windows\{F024A393-9B71-4bf1-8E82-79D123AE1293}.exe
| MD5 | 079ac69f9705a4ef7f4c5ca220d1800a |
| SHA1 | 3f0530dbc6bcf86e1d517f41153cb0f3bc866bba |
| SHA256 | 478615967619e87c9f6981aa415a573d03376d62fad923c30cd3f59ce9b3d603 |
| SHA512 | a002c6863d534165080042b672e183fedd85c0798d93af7dacd59d7471e3ffb9f91431ab1393c066379f7f2e7e6515599f8527cae15e3f6745f416e30d1d6e78 |
C:\Windows\{AEAC342A-6C1A-4a81-B2C8-B8E2B9F91911}.exe
| MD5 | 2bd31cb8e2006bd1fd6ad76cbd48bdd6 |
| SHA1 | 778023fb0f2caac2273c2327233b685133675970 |
| SHA256 | ee53567553ccc2ea919a894866a4e782ef7191cfa3664fab8229f1f6111a97c4 |
| SHA512 | cd043116126c238e2e988b2afe89d99f50d21a6330c10fe287c705cd508be0cf6645412614d9cca9cd0ff68867ffaeca89ba91c4c2bcd4772712fa4c4bbd2951 |
C:\Windows\{EA7DF3CB-63E6-47cf-887B-CD0B843E97BF}.exe
| MD5 | 80ed4bf39e39a2b91f8c29377637e079 |
| SHA1 | 01e4fde850e2cb109ba1a3eb4ae4578041d89f89 |
| SHA256 | fc5b51a90731f9ec76a359cae3b518749332970482cb35d6fd09fd74c86d3777 |
| SHA512 | 4bbd5834fde5280e29cc79f032ec0c0157172874cf4427c24f9b6c0b506172641f3ba3a2afc9e85ec0d4c0c2c01d07420d6e6d91cf3349e68e815e78be50c12d |
C:\Windows\{DA954FBD-7CD3-42e0-B684-26CA2184E798}.exe
| MD5 | b753931bc1fa56bd061b91ec0a4aa2b2 |
| SHA1 | 293efa10b26e52f7b3f452e7bf7c8d0f5449d4d8 |
| SHA256 | 83fdbee2ead73a48588455a654dc618b237bb5e4f558bf06fe6b5c889cabdc56 |
| SHA512 | 239c9a38cc6028555b6cb618394c5c53a0ce6b8900becce022e813017dd7b994da62d46e2b475be2c508ba731e5336581f53ca73b689ff82c45b9bbfc35d4c21 |
C:\Windows\{372C5E36-A21F-401d-ABC9-C9A3CB892D44}.exe
| MD5 | 0ebcd8c95897bb0e7ea042bcc69e0bb8 |
| SHA1 | 8fbb3bd6f6f084130fec320c948d0366c2b83f2d |
| SHA256 | fd6eb326f56d7f908e6eeb69d1965e135f293f828a7cdba87ee6c3c3ecf24d5c |
| SHA512 | 84821a26a2e7c9b5335cce05aabc171ca150b3017c84a6022902fb1cd599521a02e0c00dfd3400b709573719bc9933fcabde223fe04ffa36bea8420576d4299c |
C:\Windows\{E46435EA-2DE1-4bb2-AD2F-DA4570EDCE7A}.exe
| MD5 | 80c4a35fa6dd315ee65abe522bfe91ba |
| SHA1 | 01572e552da3a525d4a2a0347929a11bbcbd9ab8 |
| SHA256 | 5e80d7bb4ee22a8a704337cbccc979dad30d757b05f2c047079c165ae8db5496 |
| SHA512 | 4e1c08ecb69edad66729b4ddee583a52f72e522c238d8a561f4e6ed50039b0d7d2d5fcaf383796e7711c74840971a5d306844fd1de5339d0d3d4ebda54271dc2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-02 16:33
Reported
2024-03-02 16:36
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
156s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A16191BF-E242-4f12-A904-4E1736978238}\stubpath = "C:\\Windows\\{A16191BF-E242-4f12-A904-4E1736978238}.exe" | C:\Windows\{20A2DB40-9CBD-4cf0-8B8C-A0BC06B70EA5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{771A7F74-6948-4205-87DA-4508981A156D}\stubpath = "C:\\Windows\\{771A7F74-6948-4205-87DA-4508981A156D}.exe" | C:\Windows\{76EE2A53-169D-4fe2-88F1-FED477FCDF63}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{84C53DE1-987A-4a44-8D11-1DE5C214FAA2}\stubpath = "C:\\Windows\\{84C53DE1-987A-4a44-8D11-1DE5C214FAA2}.exe" | C:\Windows\{771A7F74-6948-4205-87DA-4508981A156D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0F83CD59-DA86-481c-B635-0B85AD568669} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_1b79f7a7b43252a50deeee1b37920bc6_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9DDAB469-8DF8-4f29-AB7E-D515444040DD} | C:\Windows\{07067EAB-9D51-4841-9266-5A212058E859}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{20A2DB40-9CBD-4cf0-8B8C-A0BC06B70EA5} | C:\Windows\{4BBEC3D3-05C1-4cdc-B2F3-9EA7C001AD44}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A16191BF-E242-4f12-A904-4E1736978238} | C:\Windows\{20A2DB40-9CBD-4cf0-8B8C-A0BC06B70EA5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3D7E64D7-194F-454e-8186-333C59E578F7} | C:\Windows\{7AE8B8E6-17AF-45e6-84D3-662DA4341A7E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9DDAB469-8DF8-4f29-AB7E-D515444040DD}\stubpath = "C:\\Windows\\{9DDAB469-8DF8-4f29-AB7E-D515444040DD}.exe" | C:\Windows\{07067EAB-9D51-4841-9266-5A212058E859}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{20A2DB40-9CBD-4cf0-8B8C-A0BC06B70EA5}\stubpath = "C:\\Windows\\{20A2DB40-9CBD-4cf0-8B8C-A0BC06B70EA5}.exe" | C:\Windows\{4BBEC3D3-05C1-4cdc-B2F3-9EA7C001AD44}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{84C53DE1-987A-4a44-8D11-1DE5C214FAA2} | C:\Windows\{771A7F74-6948-4205-87DA-4508981A156D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7AE8B8E6-17AF-45e6-84D3-662DA4341A7E}\stubpath = "C:\\Windows\\{7AE8B8E6-17AF-45e6-84D3-662DA4341A7E}.exe" | C:\Windows\{84C53DE1-987A-4a44-8D11-1DE5C214FAA2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4BBEC3D3-05C1-4cdc-B2F3-9EA7C001AD44}\stubpath = "C:\\Windows\\{4BBEC3D3-05C1-4cdc-B2F3-9EA7C001AD44}.exe" | C:\Windows\{9DDAB469-8DF8-4f29-AB7E-D515444040DD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EB0A532C-DFBF-434f-BAB7-0C9C230BB97F} | C:\Windows\{A16191BF-E242-4f12-A904-4E1736978238}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EB0A532C-DFBF-434f-BAB7-0C9C230BB97F}\stubpath = "C:\\Windows\\{EB0A532C-DFBF-434f-BAB7-0C9C230BB97F}.exe" | C:\Windows\{A16191BF-E242-4f12-A904-4E1736978238}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{76EE2A53-169D-4fe2-88F1-FED477FCDF63}\stubpath = "C:\\Windows\\{76EE2A53-169D-4fe2-88F1-FED477FCDF63}.exe" | C:\Windows\{EB0A532C-DFBF-434f-BAB7-0C9C230BB97F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{76EE2A53-169D-4fe2-88F1-FED477FCDF63} | C:\Windows\{EB0A532C-DFBF-434f-BAB7-0C9C230BB97F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{771A7F74-6948-4205-87DA-4508981A156D} | C:\Windows\{76EE2A53-169D-4fe2-88F1-FED477FCDF63}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7AE8B8E6-17AF-45e6-84D3-662DA4341A7E} | C:\Windows\{84C53DE1-987A-4a44-8D11-1DE5C214FAA2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3D7E64D7-194F-454e-8186-333C59E578F7}\stubpath = "C:\\Windows\\{3D7E64D7-194F-454e-8186-333C59E578F7}.exe" | C:\Windows\{7AE8B8E6-17AF-45e6-84D3-662DA4341A7E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0F83CD59-DA86-481c-B635-0B85AD568669}\stubpath = "C:\\Windows\\{0F83CD59-DA86-481c-B635-0B85AD568669}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_1b79f7a7b43252a50deeee1b37920bc6_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07067EAB-9D51-4841-9266-5A212058E859} | C:\Windows\{0F83CD59-DA86-481c-B635-0B85AD568669}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{07067EAB-9D51-4841-9266-5A212058E859}\stubpath = "C:\\Windows\\{07067EAB-9D51-4841-9266-5A212058E859}.exe" | C:\Windows\{0F83CD59-DA86-481c-B635-0B85AD568669}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4BBEC3D3-05C1-4cdc-B2F3-9EA7C001AD44} | C:\Windows\{9DDAB469-8DF8-4f29-AB7E-D515444040DD}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{0F83CD59-DA86-481c-B635-0B85AD568669}.exe | N/A |
| N/A | N/A | C:\Windows\{07067EAB-9D51-4841-9266-5A212058E859}.exe | N/A |
| N/A | N/A | C:\Windows\{9DDAB469-8DF8-4f29-AB7E-D515444040DD}.exe | N/A |
| N/A | N/A | C:\Windows\{4BBEC3D3-05C1-4cdc-B2F3-9EA7C001AD44}.exe | N/A |
| N/A | N/A | C:\Windows\{20A2DB40-9CBD-4cf0-8B8C-A0BC06B70EA5}.exe | N/A |
| N/A | N/A | C:\Windows\{A16191BF-E242-4f12-A904-4E1736978238}.exe | N/A |
| N/A | N/A | C:\Windows\{EB0A532C-DFBF-434f-BAB7-0C9C230BB97F}.exe | N/A |
| N/A | N/A | C:\Windows\{76EE2A53-169D-4fe2-88F1-FED477FCDF63}.exe | N/A |
| N/A | N/A | C:\Windows\{771A7F74-6948-4205-87DA-4508981A156D}.exe | N/A |
| N/A | N/A | C:\Windows\{84C53DE1-987A-4a44-8D11-1DE5C214FAA2}.exe | N/A |
| N/A | N/A | C:\Windows\{7AE8B8E6-17AF-45e6-84D3-662DA4341A7E}.exe | N/A |
| N/A | N/A | C:\Windows\{3D7E64D7-194F-454e-8186-333C59E578F7}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{76EE2A53-169D-4fe2-88F1-FED477FCDF63}.exe | C:\Windows\{EB0A532C-DFBF-434f-BAB7-0C9C230BB97F}.exe | N/A |
| File created | C:\Windows\{0F83CD59-DA86-481c-B635-0B85AD568669}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_1b79f7a7b43252a50deeee1b37920bc6_goldeneye.exe | N/A |
| File created | C:\Windows\{07067EAB-9D51-4841-9266-5A212058E859}.exe | C:\Windows\{0F83CD59-DA86-481c-B635-0B85AD568669}.exe | N/A |
| File created | C:\Windows\{9DDAB469-8DF8-4f29-AB7E-D515444040DD}.exe | C:\Windows\{07067EAB-9D51-4841-9266-5A212058E859}.exe | N/A |
| File created | C:\Windows\{4BBEC3D3-05C1-4cdc-B2F3-9EA7C001AD44}.exe | C:\Windows\{9DDAB469-8DF8-4f29-AB7E-D515444040DD}.exe | N/A |
| File created | C:\Windows\{20A2DB40-9CBD-4cf0-8B8C-A0BC06B70EA5}.exe | C:\Windows\{4BBEC3D3-05C1-4cdc-B2F3-9EA7C001AD44}.exe | N/A |
| File created | C:\Windows\{A16191BF-E242-4f12-A904-4E1736978238}.exe | C:\Windows\{20A2DB40-9CBD-4cf0-8B8C-A0BC06B70EA5}.exe | N/A |
| File created | C:\Windows\{EB0A532C-DFBF-434f-BAB7-0C9C230BB97F}.exe | C:\Windows\{A16191BF-E242-4f12-A904-4E1736978238}.exe | N/A |
| File created | C:\Windows\{771A7F74-6948-4205-87DA-4508981A156D}.exe | C:\Windows\{76EE2A53-169D-4fe2-88F1-FED477FCDF63}.exe | N/A |
| File created | C:\Windows\{84C53DE1-987A-4a44-8D11-1DE5C214FAA2}.exe | C:\Windows\{771A7F74-6948-4205-87DA-4508981A156D}.exe | N/A |
| File created | C:\Windows\{7AE8B8E6-17AF-45e6-84D3-662DA4341A7E}.exe | C:\Windows\{84C53DE1-987A-4a44-8D11-1DE5C214FAA2}.exe | N/A |
| File created | C:\Windows\{3D7E64D7-194F-454e-8186-333C59E578F7}.exe | C:\Windows\{7AE8B8E6-17AF-45e6-84D3-662DA4341A7E}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_1b79f7a7b43252a50deeee1b37920bc6_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_1b79f7a7b43252a50deeee1b37920bc6_goldeneye.exe"
C:\Windows\{0F83CD59-DA86-481c-B635-0B85AD568669}.exe
C:\Windows\{0F83CD59-DA86-481c-B635-0B85AD568669}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{07067EAB-9D51-4841-9266-5A212058E859}.exe
C:\Windows\{07067EAB-9D51-4841-9266-5A212058E859}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0F83C~1.EXE > nul
C:\Windows\{9DDAB469-8DF8-4f29-AB7E-D515444040DD}.exe
C:\Windows\{9DDAB469-8DF8-4f29-AB7E-D515444040DD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{07067~1.EXE > nul
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4224 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
C:\Windows\{4BBEC3D3-05C1-4cdc-B2F3-9EA7C001AD44}.exe
C:\Windows\{4BBEC3D3-05C1-4cdc-B2F3-9EA7C001AD44}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9DDAB~1.EXE > nul
C:\Windows\{20A2DB40-9CBD-4cf0-8B8C-A0BC06B70EA5}.exe
C:\Windows\{20A2DB40-9CBD-4cf0-8B8C-A0BC06B70EA5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4BBEC~1.EXE > nul
C:\Windows\{A16191BF-E242-4f12-A904-4E1736978238}.exe
C:\Windows\{A16191BF-E242-4f12-A904-4E1736978238}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{20A2D~1.EXE > nul
C:\Windows\{EB0A532C-DFBF-434f-BAB7-0C9C230BB97F}.exe
C:\Windows\{EB0A532C-DFBF-434f-BAB7-0C9C230BB97F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A1619~1.EXE > nul
C:\Windows\{76EE2A53-169D-4fe2-88F1-FED477FCDF63}.exe
C:\Windows\{76EE2A53-169D-4fe2-88F1-FED477FCDF63}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EB0A5~1.EXE > nul
C:\Windows\{771A7F74-6948-4205-87DA-4508981A156D}.exe
C:\Windows\{771A7F74-6948-4205-87DA-4508981A156D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{76EE2~1.EXE > nul
C:\Windows\{84C53DE1-987A-4a44-8D11-1DE5C214FAA2}.exe
C:\Windows\{84C53DE1-987A-4a44-8D11-1DE5C214FAA2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{771A7~1.EXE > nul
C:\Windows\{7AE8B8E6-17AF-45e6-84D3-662DA4341A7E}.exe
C:\Windows\{7AE8B8E6-17AF-45e6-84D3-662DA4341A7E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{84C53~1.EXE > nul
C:\Windows\{3D7E64D7-194F-454e-8186-333C59E578F7}.exe
C:\Windows\{3D7E64D7-194F-454e-8186-333C59E578F7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7AE8B~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 216.58.201.106:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.10.44.20.in-addr.arpa | udp |
Files
C:\Windows\{0F83CD59-DA86-481c-B635-0B85AD568669}.exe
| MD5 | 548ea5db646c24f49b5eb3bea5fd7458 |
| SHA1 | 1bdd14dcf16cc43126aec5fadd5da574cb39ed41 |
| SHA256 | 393d73f09757daceb5f9331b67579fcee6af09107b6b65a505f1d0f5ed8f6576 |
| SHA512 | 40fcbd1fee864722e3b2cc01f8fd9c600ddea25c4937208dbde38f2070eebf116e33dd3366dbfa3b67c274941e29f007b93adcf3e0e5bf1d1831ce3f99e2a110 |
C:\Windows\{07067EAB-9D51-4841-9266-5A212058E859}.exe
| MD5 | cca51e7dfaa5f27a249469af368a4655 |
| SHA1 | 04a872c7d638dcddaec7cead1dc401c95ac9d07c |
| SHA256 | 25470cabaa697c40591c0332085586b324c6e5c877694960b9a4a1f03094f17b |
| SHA512 | 44be8af59519f28038e2f8f5c66cba7a6b6fae5f46e44e83a976b3309f4bd9594ac85cfa96107064c534ebf31f4e913eb48a2b3f8f7e1af620b4a32ec244e1c8 |
C:\Windows\{07067EAB-9D51-4841-9266-5A212058E859}.exe
| MD5 | 2993494add3e412e3c5c56b8d200c2a2 |
| SHA1 | 4923e8042c5bc177f5f373681784eafa685f6da7 |
| SHA256 | 9b0cfdf648cd75d6ecfe4ac19b2ab48e9e1b49b3cd547d0449a028a60fcf6ddd |
| SHA512 | b898bcf0ff87ee4655b696860c41c21de41ab415001f61ccfd956e2eda19af1c1cc94e09dceb57cbca1704a978532b326f3613ad5b7d31ea92211b73400b389f |
C:\Windows\{9DDAB469-8DF8-4f29-AB7E-D515444040DD}.exe
| MD5 | d757dacdcb362e0ce3af605dc8618600 |
| SHA1 | d7dda4a940408ce62324ee13be8a0a5e0bf560ff |
| SHA256 | 8aa8b06052a649ebe0c998ac11111ebf29ad2d7ff89a850153644b1c9d9b7a0e |
| SHA512 | 9da3daab4dc9a41f533fc0b4ce55767eae211e916233d9072d7f4a321951751c4a2cd68d2950e5eb481543b6bba033afdfc4b2f7212c35a9aec4e4b92bde29b4 |
C:\Windows\{4BBEC3D3-05C1-4cdc-B2F3-9EA7C001AD44}.exe
| MD5 | 4b86245c0a3e54d5b4bd7e69f15de39c |
| SHA1 | aede20f0b579147b04111789db5c0ce6c9c4d48f |
| SHA256 | 22083a09eff09101ab166ffa48524c249b1b1d7fd4d0f16d73f4bd1f3f5e73c2 |
| SHA512 | 73aedd80eb1172e393998430dc0f8aae54ba759a29bad7dadb2629c0bf9ad743c0960374d1dbd7460ff3f21c449d3e2b712b4515897c3ee7ef5a6823c489ef1c |
C:\Windows\{20A2DB40-9CBD-4cf0-8B8C-A0BC06B70EA5}.exe
| MD5 | f49a5f3fc71e272472d342c3b38f193c |
| SHA1 | 732ef5f2244ce298f4b19d97152d5581bbd23302 |
| SHA256 | dce6a251f87a3f11353d02310d421393528d1993c90853f87aa5faa03a349504 |
| SHA512 | 71d73ff2f18e2116b8a0120551300eb43caa9af5b4b012f88299439926abc1d4b65c26fa49933c57ba624fed83e084c0e21e49f7c4ff84efc9bd43274d6f6044 |
C:\Windows\{A16191BF-E242-4f12-A904-4E1736978238}.exe
| MD5 | fbc51456463e31bca13898a39887a643 |
| SHA1 | 0d1c41b396847662a3fcd0434b3b9002feab89c6 |
| SHA256 | 85a9946e6a217e9a2f7fc4074965e7a22e20a76ca7ba7b9746ea003979cffb38 |
| SHA512 | a4a1147af7721a1893627c1dd1a4cb5a403fd63245493a3e45a978060ad6ea335dfecd14c8153eff26db6701cfcee5537213083b0c3f2f90ca58bdda0bad757d |
C:\Windows\{A16191BF-E242-4f12-A904-4E1736978238}.exe
| MD5 | b1a9f29bff49b339b30fc32f4c86ced1 |
| SHA1 | 8690ff1d4fd76b76c38d4199ff7247899952ca7b |
| SHA256 | 92189e99592c76fc19b240c7d644a1290afb1967eab181523261369f17821fc4 |
| SHA512 | ee3f438dc62457462dab5f5d068382f84d3561fa043309afb91d2786bd79542efa5248ca2df9ff49e14f90e9b8234554fb04eb1371656db554fedbf4b467ca76 |
C:\Windows\{EB0A532C-DFBF-434f-BAB7-0C9C230BB97F}.exe
| MD5 | 9ef53047d8e6c14e7e67491137a0b4d9 |
| SHA1 | fa3bbca105e3b8e1094860e7b727dcfd2377f4bd |
| SHA256 | 9e7fc29ef0ae93271150677db1db2efaadfa1c86c9e603c9efec2c6c979ac5b6 |
| SHA512 | 673bc129a064a7bbf82204b8b89875f2a1ace2fafc18323ff5a9adf994c0793ef9076bc9e0bc0cfbc47fe3a66e348ac51a1e0a6009896841e289dc5f8d9946f4 |
C:\Windows\{76EE2A53-169D-4fe2-88F1-FED477FCDF63}.exe
| MD5 | 417ee8f1429e9367853267d5fc0328ee |
| SHA1 | 800651ed04339a8b1894b1dfff42adacdd7c5bc1 |
| SHA256 | 648f072119e72e117308f13c35271f090a59943417cdbbd03a243e860ed986e2 |
| SHA512 | f7886a02b56d0ebf9b8c24a66d3a2c7230d7561d24820a0b1b2294fd53a8ffa61182314f6a1540c25197a8039cfc6b2a759fb782977dbbae279fd356a03c29b2 |
C:\Windows\{771A7F74-6948-4205-87DA-4508981A156D}.exe
| MD5 | c9537d3be1791e3f08c11ef9cd04577c |
| SHA1 | 7be77506a41daf0bbac3491ae0118d4c960913f3 |
| SHA256 | b903599cf6010d7873ef204c20d2460876a56355af8e3384354387a85c940a53 |
| SHA512 | e2984d264b2ab70306491aeea6e0ceefd7ae5920a24a11136e4b8b39110b107881b9a2da9bb6a8165b5193b2ef44cc2beb6cf446256b7e86c4bd3d451b176348 |
C:\Windows\{84C53DE1-987A-4a44-8D11-1DE5C214FAA2}.exe
| MD5 | a38d7338dacc42228b21e01d03fcb93c |
| SHA1 | ee7225abf8ee23f802185edb8a0f5acea7e84e35 |
| SHA256 | f7481e04575040664c113f2cdc513e494bfc70529e97bad3c1cc1c94060ea488 |
| SHA512 | d4dee547aa5846439fdd3825fb2480c9a1189ff234595b3cf44d92f3ac7c1ee90a7dd04af9c1d4680a9cc6fdb0f41462b139b811dbca5d7140311b0ed4e811d5 |
C:\Windows\{7AE8B8E6-17AF-45e6-84D3-662DA4341A7E}.exe
| MD5 | 63c1bf58fa9612eb1f6a5798be2ebcf7 |
| SHA1 | 2727ce40684db0fdd50b8f17f44971c3a6dc42c8 |
| SHA256 | 24ef24706c91f85de202ee1013b1da312ae5d3851523c7fc00c6af8c82ffc7e7 |
| SHA512 | 008b98656fd829fe4fa925574ec870cd6c2650bf7d01a7ac9f24e2b3dac7b357a78af0fdeba730d81fbbc89f95bcb079beccd1fdfe0b504ab1225df4ed71acda |
C:\Windows\{3D7E64D7-194F-454e-8186-333C59E578F7}.exe
| MD5 | 55b35606901ddb9001d7aecf35d66491 |
| SHA1 | da77a85ce0445f7e89e7a98289ee267bc38935f9 |
| SHA256 | f5604da47d608512f1dc6eb6e5db666590e5998801220d346c298caccd222c65 |
| SHA512 | ddbca9e5b605fdef2439f2fc0bb7b76b9620dc113e012ddeaf4d76b2e3cf70174ec4fa272e81f9f50c81f20669995fe49851c2848e5f0dee1c56e8967bd2766e |