Analysis Overview
SHA256
2d9369dc9317b9d668139c100f78be2db8979ad4c67a3c62b91185ece6601adf
Threat Level: Known bad
The file 2024-06-13_6d567ac7a66fe4ff2118501fe126bae9_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:52
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:52
Reported
2024-06-13 02:55
Platform
win7-20240611-en
Max time kernel
144s
Max time network
123s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4B71DE78-E456-497a-B7DC-4EDE826BBCF6}\stubpath = "C:\\Windows\\{4B71DE78-E456-497a-B7DC-4EDE826BBCF6}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_6d567ac7a66fe4ff2118501fe126bae9_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{75CD81D8-6261-452f-A5ED-DAD95599FAE0}\stubpath = "C:\\Windows\\{75CD81D8-6261-452f-A5ED-DAD95599FAE0}.exe" | C:\Windows\{505FE572-2CB7-4809-B9A4-238336B1189A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F0244D1D-6623-436a-B4EA-792A36025D0A} | C:\Windows\{746FB130-6065-4883-AB49-C07C9FCD2278}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4B71DE78-E456-497a-B7DC-4EDE826BBCF6} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_6d567ac7a66fe4ff2118501fe126bae9_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0761930F-1464-4463-BFF1-492FF1D93677}\stubpath = "C:\\Windows\\{0761930F-1464-4463-BFF1-492FF1D93677}.exe" | C:\Windows\{75CD81D8-6261-452f-A5ED-DAD95599FAE0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{746FB130-6065-4883-AB49-C07C9FCD2278} | C:\Windows\{0761930F-1464-4463-BFF1-492FF1D93677}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F0244D1D-6623-436a-B4EA-792A36025D0A}\stubpath = "C:\\Windows\\{F0244D1D-6623-436a-B4EA-792A36025D0A}.exe" | C:\Windows\{746FB130-6065-4883-AB49-C07C9FCD2278}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{31969637-6768-4d49-8F05-AFA506ACC880} | C:\Windows\{F0244D1D-6623-436a-B4EA-792A36025D0A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{31969637-6768-4d49-8F05-AFA506ACC880}\stubpath = "C:\\Windows\\{31969637-6768-4d49-8F05-AFA506ACC880}.exe" | C:\Windows\{F0244D1D-6623-436a-B4EA-792A36025D0A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8602491F-B75D-4a3f-984C-F0807537098F} | C:\Windows\{A1BEB2A8-5244-4f3a-BD5A-93258638948C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8602491F-B75D-4a3f-984C-F0807537098F}\stubpath = "C:\\Windows\\{8602491F-B75D-4a3f-984C-F0807537098F}.exe" | C:\Windows\{A1BEB2A8-5244-4f3a-BD5A-93258638948C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{45BD9FAF-2A2D-494a-A602-529AD7F68D69} | C:\Windows\{4B71DE78-E456-497a-B7DC-4EDE826BBCF6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{75CD81D8-6261-452f-A5ED-DAD95599FAE0} | C:\Windows\{505FE572-2CB7-4809-B9A4-238336B1189A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0761930F-1464-4463-BFF1-492FF1D93677} | C:\Windows\{75CD81D8-6261-452f-A5ED-DAD95599FAE0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{746FB130-6065-4883-AB49-C07C9FCD2278}\stubpath = "C:\\Windows\\{746FB130-6065-4883-AB49-C07C9FCD2278}.exe" | C:\Windows\{0761930F-1464-4463-BFF1-492FF1D93677}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A1BEB2A8-5244-4f3a-BD5A-93258638948C} | C:\Windows\{31969637-6768-4d49-8F05-AFA506ACC880}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A1BEB2A8-5244-4f3a-BD5A-93258638948C}\stubpath = "C:\\Windows\\{A1BEB2A8-5244-4f3a-BD5A-93258638948C}.exe" | C:\Windows\{31969637-6768-4d49-8F05-AFA506ACC880}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D59EE138-D7BF-4353-A41F-122628B33833} | C:\Windows\{8602491F-B75D-4a3f-984C-F0807537098F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D59EE138-D7BF-4353-A41F-122628B33833}\stubpath = "C:\\Windows\\{D59EE138-D7BF-4353-A41F-122628B33833}.exe" | C:\Windows\{8602491F-B75D-4a3f-984C-F0807537098F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{45BD9FAF-2A2D-494a-A602-529AD7F68D69}\stubpath = "C:\\Windows\\{45BD9FAF-2A2D-494a-A602-529AD7F68D69}.exe" | C:\Windows\{4B71DE78-E456-497a-B7DC-4EDE826BBCF6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{505FE572-2CB7-4809-B9A4-238336B1189A} | C:\Windows\{45BD9FAF-2A2D-494a-A602-529AD7F68D69}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{505FE572-2CB7-4809-B9A4-238336B1189A}\stubpath = "C:\\Windows\\{505FE572-2CB7-4809-B9A4-238336B1189A}.exe" | C:\Windows\{45BD9FAF-2A2D-494a-A602-529AD7F68D69}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{4B71DE78-E456-497a-B7DC-4EDE826BBCF6}.exe | N/A |
| N/A | N/A | C:\Windows\{45BD9FAF-2A2D-494a-A602-529AD7F68D69}.exe | N/A |
| N/A | N/A | C:\Windows\{505FE572-2CB7-4809-B9A4-238336B1189A}.exe | N/A |
| N/A | N/A | C:\Windows\{75CD81D8-6261-452f-A5ED-DAD95599FAE0}.exe | N/A |
| N/A | N/A | C:\Windows\{0761930F-1464-4463-BFF1-492FF1D93677}.exe | N/A |
| N/A | N/A | C:\Windows\{746FB130-6065-4883-AB49-C07C9FCD2278}.exe | N/A |
| N/A | N/A | C:\Windows\{F0244D1D-6623-436a-B4EA-792A36025D0A}.exe | N/A |
| N/A | N/A | C:\Windows\{31969637-6768-4d49-8F05-AFA506ACC880}.exe | N/A |
| N/A | N/A | C:\Windows\{A1BEB2A8-5244-4f3a-BD5A-93258638948C}.exe | N/A |
| N/A | N/A | C:\Windows\{8602491F-B75D-4a3f-984C-F0807537098F}.exe | N/A |
| N/A | N/A | C:\Windows\{D59EE138-D7BF-4353-A41F-122628B33833}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{4B71DE78-E456-497a-B7DC-4EDE826BBCF6}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_6d567ac7a66fe4ff2118501fe126bae9_goldeneye.exe | N/A |
| File created | C:\Windows\{45BD9FAF-2A2D-494a-A602-529AD7F68D69}.exe | C:\Windows\{4B71DE78-E456-497a-B7DC-4EDE826BBCF6}.exe | N/A |
| File created | C:\Windows\{75CD81D8-6261-452f-A5ED-DAD95599FAE0}.exe | C:\Windows\{505FE572-2CB7-4809-B9A4-238336B1189A}.exe | N/A |
| File created | C:\Windows\{0761930F-1464-4463-BFF1-492FF1D93677}.exe | C:\Windows\{75CD81D8-6261-452f-A5ED-DAD95599FAE0}.exe | N/A |
| File created | C:\Windows\{746FB130-6065-4883-AB49-C07C9FCD2278}.exe | C:\Windows\{0761930F-1464-4463-BFF1-492FF1D93677}.exe | N/A |
| File created | C:\Windows\{31969637-6768-4d49-8F05-AFA506ACC880}.exe | C:\Windows\{F0244D1D-6623-436a-B4EA-792A36025D0A}.exe | N/A |
| File created | C:\Windows\{A1BEB2A8-5244-4f3a-BD5A-93258638948C}.exe | C:\Windows\{31969637-6768-4d49-8F05-AFA506ACC880}.exe | N/A |
| File created | C:\Windows\{505FE572-2CB7-4809-B9A4-238336B1189A}.exe | C:\Windows\{45BD9FAF-2A2D-494a-A602-529AD7F68D69}.exe | N/A |
| File created | C:\Windows\{F0244D1D-6623-436a-B4EA-792A36025D0A}.exe | C:\Windows\{746FB130-6065-4883-AB49-C07C9FCD2278}.exe | N/A |
| File created | C:\Windows\{8602491F-B75D-4a3f-984C-F0807537098F}.exe | C:\Windows\{A1BEB2A8-5244-4f3a-BD5A-93258638948C}.exe | N/A |
| File created | C:\Windows\{D59EE138-D7BF-4353-A41F-122628B33833}.exe | C:\Windows\{8602491F-B75D-4a3f-984C-F0807537098F}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_6d567ac7a66fe4ff2118501fe126bae9_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_6d567ac7a66fe4ff2118501fe126bae9_goldeneye.exe"
C:\Windows\{4B71DE78-E456-497a-B7DC-4EDE826BBCF6}.exe
C:\Windows\{4B71DE78-E456-497a-B7DC-4EDE826BBCF6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{45BD9FAF-2A2D-494a-A602-529AD7F68D69}.exe
C:\Windows\{45BD9FAF-2A2D-494a-A602-529AD7F68D69}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4B71D~1.EXE > nul
C:\Windows\{505FE572-2CB7-4809-B9A4-238336B1189A}.exe
C:\Windows\{505FE572-2CB7-4809-B9A4-238336B1189A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{45BD9~1.EXE > nul
C:\Windows\{75CD81D8-6261-452f-A5ED-DAD95599FAE0}.exe
C:\Windows\{75CD81D8-6261-452f-A5ED-DAD95599FAE0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{505FE~1.EXE > nul
C:\Windows\{0761930F-1464-4463-BFF1-492FF1D93677}.exe
C:\Windows\{0761930F-1464-4463-BFF1-492FF1D93677}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{75CD8~1.EXE > nul
C:\Windows\{746FB130-6065-4883-AB49-C07C9FCD2278}.exe
C:\Windows\{746FB130-6065-4883-AB49-C07C9FCD2278}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{07619~1.EXE > nul
C:\Windows\{F0244D1D-6623-436a-B4EA-792A36025D0A}.exe
C:\Windows\{F0244D1D-6623-436a-B4EA-792A36025D0A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{746FB~1.EXE > nul
C:\Windows\{31969637-6768-4d49-8F05-AFA506ACC880}.exe
C:\Windows\{31969637-6768-4d49-8F05-AFA506ACC880}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F0244~1.EXE > nul
C:\Windows\{A1BEB2A8-5244-4f3a-BD5A-93258638948C}.exe
C:\Windows\{A1BEB2A8-5244-4f3a-BD5A-93258638948C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{31969~1.EXE > nul
C:\Windows\{8602491F-B75D-4a3f-984C-F0807537098F}.exe
C:\Windows\{8602491F-B75D-4a3f-984C-F0807537098F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A1BEB~1.EXE > nul
C:\Windows\{D59EE138-D7BF-4353-A41F-122628B33833}.exe
C:\Windows\{D59EE138-D7BF-4353-A41F-122628B33833}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{86024~1.EXE > nul
Network
Files
C:\Windows\{4B71DE78-E456-497a-B7DC-4EDE826BBCF6}.exe
| MD5 | 0ff4bd1c7cb141a68c1c7b4b40cea049 |
| SHA1 | d9d6e98303b67424f643abd79ba2d064452dbbb9 |
| SHA256 | 0baf1d448347bc10870ac60be3beb9250910c5a9a49dbd62c3673cf4274c36c1 |
| SHA512 | 42cc17983d46f722bd2640fe7f1cff18658e823be6a29023fade2b47b88af70da2bcc2d73345cba97dcf839d986d0800093f4349af147aa36aee8b667abfaa31 |
C:\Windows\{45BD9FAF-2A2D-494a-A602-529AD7F68D69}.exe
| MD5 | d3004ee00d113c4d432c58c5e24314ef |
| SHA1 | 94756de3788561656e293591a49ec4d7ea3dd70f |
| SHA256 | aec09f500d5ed435f6a707269c74b0615cd9f1a7b4ef82c4cfbc878736c79a3c |
| SHA512 | 020d5e7ae78a0c87ba381a8d096a15d781a933f61766392dd63161e6136d0f1566e3e540dd09828020e7f50e194d5a7f72ae1ca95f722e41304defbbcef094d3 |
C:\Windows\{505FE572-2CB7-4809-B9A4-238336B1189A}.exe
| MD5 | 6c0773e996a713d66ba846d6857dc2dd |
| SHA1 | d224584a99f601e1e8a24233a98fd812e8a9af80 |
| SHA256 | 08775c760c63d40521addffe9021a001b206448d28c795e35afb993fa394ee00 |
| SHA512 | 11c8a4056ce699ad2507ff0000c2dc0ee2b0fd945313efbdf8472eb54cd8b5e232d90d8bc94f0df6d14ff41a6f367a5fe38fd5a5162da0e695160f0df1209783 |
C:\Windows\{75CD81D8-6261-452f-A5ED-DAD95599FAE0}.exe
| MD5 | f8f3376f9feccb9cdbd01ad9cf815fb5 |
| SHA1 | c15b6e3c77df388a49d1073a13b8cbecbab68a57 |
| SHA256 | 94d0e999434d2a15a5e78964920c95acd5116074b009e23ef4160b50b96ce772 |
| SHA512 | abd770f00aa87fec23a48a0df2e5e9d68cc586c60e4f80f41d12e296f0db6e2572c52f283497b5384ff620b3dd205fc418bf099de8b436affc2a1533aae4a6e3 |
C:\Windows\{0761930F-1464-4463-BFF1-492FF1D93677}.exe
| MD5 | c9c0aee36bafb5470c56b10534e084d5 |
| SHA1 | 187d299536cb9bf7ebaa44e2685bfb184f5a8d65 |
| SHA256 | 6f84f384f7abcb1047288e030fccf09fef72f3421095d1c9157e6f163d91bcfb |
| SHA512 | a98ed5549dab500fc918b5ec9607682a1b2898493084f73e21250e64aa445047e5a075d88c93309e41af24d5a114849014d0b57b238f8c5008eba568278700f3 |
C:\Windows\{746FB130-6065-4883-AB49-C07C9FCD2278}.exe
| MD5 | e14de76e34ca00544ef7ed266cfa4de7 |
| SHA1 | 4bcd0cede9b77934f72d942943f2f2944806b7f8 |
| SHA256 | 0cab79ae07ba27ec5617ace7470f6e22a6d763a9d5d464df32cdae92b4bb33a9 |
| SHA512 | e1037db50589c9c729c189b97b9063008341ef4e88105b0703350961092a6bdedee65274a82552421e1f7014e15f54e632479886f5daa50009446e5316dc0188 |
C:\Windows\{F0244D1D-6623-436a-B4EA-792A36025D0A}.exe
| MD5 | 781fc567b14f3ff68f883d1cc1d3229b |
| SHA1 | d7dc0efab11731cf9bdf5277df3e718fa59ac505 |
| SHA256 | 1f01c1cf3a0c448ffec524be1ae99cde98090fb1ec7d5384945145da643196c9 |
| SHA512 | d00828504385b214ad269786cfd12d80a9fe02f7476870839ea73afafe08889b67aa09d66b652390ad7d755a541ebb3c4890f932b79d301c2f001082eac8ac47 |
C:\Windows\{31969637-6768-4d49-8F05-AFA506ACC880}.exe
| MD5 | 5424f1594f81897d89c2f6c44baed10d |
| SHA1 | d87635add6aa9fafe1d34df2aac3a83f845b0343 |
| SHA256 | 8f477dede05b732c49195e4893bdb32f5579eb0b64295df9579a33531cb54acb |
| SHA512 | d41e61e8cbd75c8b99ed6db888bcadae8525cd270c3f48fca071bba7fb3ce1bb757aa98ab0f4c86139cf87410b70d7a359142d0abf2c010a9b8119495773dbc8 |
C:\Windows\{A1BEB2A8-5244-4f3a-BD5A-93258638948C}.exe
| MD5 | 2de85eb6793a2f34ffcbdc7e228405db |
| SHA1 | 27283c276817e81fc95eb3101137af3331b2392b |
| SHA256 | 4f2b35d9350d7cb23e7c791e95b1eaf3eaac5fbdd58fa55386315e43b9afd540 |
| SHA512 | 302f6822e94f2026a4fe07e8583c1d78e602d3cb3ecc91f4774a739f72baae23c1311bfea551a2b53ce1d0de8415b2c45e922ddb3d87793fe64ed6de54dff6f7 |
C:\Windows\{8602491F-B75D-4a3f-984C-F0807537098F}.exe
| MD5 | ca6bf83cd647c63402760cc75911c2e1 |
| SHA1 | 03c846e74e3dda02d0680c57207825e8fbbb91d5 |
| SHA256 | df6f9fb4f90dd184cb71d2fda956eb00fcf7ef172ff83ada7ea3b3f1c0c6e66c |
| SHA512 | 1a32c9fbca89beca7bed1cf57ec78d2f1476ca1bb2f9b78f171c66e45526da8952e2db6cd37490b869ba21735716c245ec24de9b4e77df1355f9253cd3909522 |
C:\Windows\{D59EE138-D7BF-4353-A41F-122628B33833}.exe
| MD5 | 9b566c164fbb41f9510053c41a0e594b |
| SHA1 | 3ea6f3aeac3483b468886feb581ed444e6fe9798 |
| SHA256 | cfc160e74be263f34bca3a7262f06fd62329186b280eecab08e7d3ec7de825c6 |
| SHA512 | a8e70849cc0455484e60e71d055da71fe13422654e8d59311d05396882898d27d9ebb1eb332bf8ce4c76f46346e7c2fef11448ba743fea6c8aa7d32d00a52c23 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 02:52
Reported
2024-06-13 02:55
Platform
win10v2004-20240226-en
Max time kernel
138s
Max time network
157s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2EF4FCD2-D7CE-4b83-99F2-B98C52A4F2AE} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_6d567ac7a66fe4ff2118501fe126bae9_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2EF4FCD2-D7CE-4b83-99F2-B98C52A4F2AE}\stubpath = "C:\\Windows\\{2EF4FCD2-D7CE-4b83-99F2-B98C52A4F2AE}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_6d567ac7a66fe4ff2118501fe126bae9_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4FFCB991-94C6-484b-932C-FCE0F483953C} | C:\Windows\{B9C7975C-85B7-4bc5-BD2E-D89F677BBC28}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{115D24B6-F88F-4b65-9606-2C0A80530B5D}\stubpath = "C:\\Windows\\{115D24B6-F88F-4b65-9606-2C0A80530B5D}.exe" | C:\Windows\{6915B993-2171-4c6f-9E24-D53711C2C3B1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F5D55528-C2A1-4998-A7D7-33C7AE5C2A49} | C:\Windows\{115D24B6-F88F-4b65-9606-2C0A80530B5D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6915B993-2171-4c6f-9E24-D53711C2C3B1} | C:\Windows\{C9AEA7EF-0FDA-42aa-9C1D-2469BA255333}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B9C7975C-85B7-4bc5-BD2E-D89F677BBC28} | C:\Windows\{2EF4FCD2-D7CE-4b83-99F2-B98C52A4F2AE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B9C7975C-85B7-4bc5-BD2E-D89F677BBC28}\stubpath = "C:\\Windows\\{B9C7975C-85B7-4bc5-BD2E-D89F677BBC28}.exe" | C:\Windows\{2EF4FCD2-D7CE-4b83-99F2-B98C52A4F2AE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{FEEA6D98-5317-4e2b-A62C-5F03A009B1A6} | C:\Windows\{4FFCB991-94C6-484b-932C-FCE0F483953C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{FEEA6D98-5317-4e2b-A62C-5F03A009B1A6}\stubpath = "C:\\Windows\\{FEEA6D98-5317-4e2b-A62C-5F03A009B1A6}.exe" | C:\Windows\{4FFCB991-94C6-484b-932C-FCE0F483953C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C5F48177-1F32-48cb-863A-3602EF773218} | C:\Windows\{FEEA6D98-5317-4e2b-A62C-5F03A009B1A6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F30D2E4D-B085-4b0f-AE1C-3822E8885AFC} | C:\Windows\{3DAF9596-C2CA-4548-98A9-C7B73C45D504}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C9AEA7EF-0FDA-42aa-9C1D-2469BA255333} | C:\Windows\{F30D2E4D-B085-4b0f-AE1C-3822E8885AFC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{115D24B6-F88F-4b65-9606-2C0A80530B5D} | C:\Windows\{6915B993-2171-4c6f-9E24-D53711C2C3B1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6915B993-2171-4c6f-9E24-D53711C2C3B1}\stubpath = "C:\\Windows\\{6915B993-2171-4c6f-9E24-D53711C2C3B1}.exe" | C:\Windows\{C9AEA7EF-0FDA-42aa-9C1D-2469BA255333}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4FFCB991-94C6-484b-932C-FCE0F483953C}\stubpath = "C:\\Windows\\{4FFCB991-94C6-484b-932C-FCE0F483953C}.exe" | C:\Windows\{B9C7975C-85B7-4bc5-BD2E-D89F677BBC28}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C5F48177-1F32-48cb-863A-3602EF773218}\stubpath = "C:\\Windows\\{C5F48177-1F32-48cb-863A-3602EF773218}.exe" | C:\Windows\{FEEA6D98-5317-4e2b-A62C-5F03A009B1A6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3DAF9596-C2CA-4548-98A9-C7B73C45D504} | C:\Windows\{C5F48177-1F32-48cb-863A-3602EF773218}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3DAF9596-C2CA-4548-98A9-C7B73C45D504}\stubpath = "C:\\Windows\\{3DAF9596-C2CA-4548-98A9-C7B73C45D504}.exe" | C:\Windows\{C5F48177-1F32-48cb-863A-3602EF773218}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F30D2E4D-B085-4b0f-AE1C-3822E8885AFC}\stubpath = "C:\\Windows\\{F30D2E4D-B085-4b0f-AE1C-3822E8885AFC}.exe" | C:\Windows\{3DAF9596-C2CA-4548-98A9-C7B73C45D504}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C9AEA7EF-0FDA-42aa-9C1D-2469BA255333}\stubpath = "C:\\Windows\\{C9AEA7EF-0FDA-42aa-9C1D-2469BA255333}.exe" | C:\Windows\{F30D2E4D-B085-4b0f-AE1C-3822E8885AFC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F5D55528-C2A1-4998-A7D7-33C7AE5C2A49}\stubpath = "C:\\Windows\\{F5D55528-C2A1-4998-A7D7-33C7AE5C2A49}.exe" | C:\Windows\{115D24B6-F88F-4b65-9606-2C0A80530B5D}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{2EF4FCD2-D7CE-4b83-99F2-B98C52A4F2AE}.exe | N/A |
| N/A | N/A | C:\Windows\{B9C7975C-85B7-4bc5-BD2E-D89F677BBC28}.exe | N/A |
| N/A | N/A | C:\Windows\{4FFCB991-94C6-484b-932C-FCE0F483953C}.exe | N/A |
| N/A | N/A | C:\Windows\{FEEA6D98-5317-4e2b-A62C-5F03A009B1A6}.exe | N/A |
| N/A | N/A | C:\Windows\{C5F48177-1F32-48cb-863A-3602EF773218}.exe | N/A |
| N/A | N/A | C:\Windows\{3DAF9596-C2CA-4548-98A9-C7B73C45D504}.exe | N/A |
| N/A | N/A | C:\Windows\{F30D2E4D-B085-4b0f-AE1C-3822E8885AFC}.exe | N/A |
| N/A | N/A | C:\Windows\{C9AEA7EF-0FDA-42aa-9C1D-2469BA255333}.exe | N/A |
| N/A | N/A | C:\Windows\{6915B993-2171-4c6f-9E24-D53711C2C3B1}.exe | N/A |
| N/A | N/A | C:\Windows\{115D24B6-F88F-4b65-9606-2C0A80530B5D}.exe | N/A |
| N/A | N/A | C:\Windows\{F5D55528-C2A1-4998-A7D7-33C7AE5C2A49}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{2EF4FCD2-D7CE-4b83-99F2-B98C52A4F2AE}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_6d567ac7a66fe4ff2118501fe126bae9_goldeneye.exe | N/A |
| File created | C:\Windows\{B9C7975C-85B7-4bc5-BD2E-D89F677BBC28}.exe | C:\Windows\{2EF4FCD2-D7CE-4b83-99F2-B98C52A4F2AE}.exe | N/A |
| File created | C:\Windows\{FEEA6D98-5317-4e2b-A62C-5F03A009B1A6}.exe | C:\Windows\{4FFCB991-94C6-484b-932C-FCE0F483953C}.exe | N/A |
| File created | C:\Windows\{C5F48177-1F32-48cb-863A-3602EF773218}.exe | C:\Windows\{FEEA6D98-5317-4e2b-A62C-5F03A009B1A6}.exe | N/A |
| File created | C:\Windows\{115D24B6-F88F-4b65-9606-2C0A80530B5D}.exe | C:\Windows\{6915B993-2171-4c6f-9E24-D53711C2C3B1}.exe | N/A |
| File created | C:\Windows\{F5D55528-C2A1-4998-A7D7-33C7AE5C2A49}.exe | C:\Windows\{115D24B6-F88F-4b65-9606-2C0A80530B5D}.exe | N/A |
| File created | C:\Windows\{4FFCB991-94C6-484b-932C-FCE0F483953C}.exe | C:\Windows\{B9C7975C-85B7-4bc5-BD2E-D89F677BBC28}.exe | N/A |
| File created | C:\Windows\{3DAF9596-C2CA-4548-98A9-C7B73C45D504}.exe | C:\Windows\{C5F48177-1F32-48cb-863A-3602EF773218}.exe | N/A |
| File created | C:\Windows\{F30D2E4D-B085-4b0f-AE1C-3822E8885AFC}.exe | C:\Windows\{3DAF9596-C2CA-4548-98A9-C7B73C45D504}.exe | N/A |
| File created | C:\Windows\{C9AEA7EF-0FDA-42aa-9C1D-2469BA255333}.exe | C:\Windows\{F30D2E4D-B085-4b0f-AE1C-3822E8885AFC}.exe | N/A |
| File created | C:\Windows\{6915B993-2171-4c6f-9E24-D53711C2C3B1}.exe | C:\Windows\{C9AEA7EF-0FDA-42aa-9C1D-2469BA255333}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_6d567ac7a66fe4ff2118501fe126bae9_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_6d567ac7a66fe4ff2118501fe126bae9_goldeneye.exe"
C:\Windows\{2EF4FCD2-D7CE-4b83-99F2-B98C52A4F2AE}.exe
C:\Windows\{2EF4FCD2-D7CE-4b83-99F2-B98C52A4F2AE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{B9C7975C-85B7-4bc5-BD2E-D89F677BBC28}.exe
C:\Windows\{B9C7975C-85B7-4bc5-BD2E-D89F677BBC28}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2EF4F~1.EXE > nul
C:\Windows\{4FFCB991-94C6-484b-932C-FCE0F483953C}.exe
C:\Windows\{4FFCB991-94C6-484b-932C-FCE0F483953C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B9C79~1.EXE > nul
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
C:\Windows\{FEEA6D98-5317-4e2b-A62C-5F03A009B1A6}.exe
C:\Windows\{FEEA6D98-5317-4e2b-A62C-5F03A009B1A6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4FFCB~1.EXE > nul
C:\Windows\{C5F48177-1F32-48cb-863A-3602EF773218}.exe
C:\Windows\{C5F48177-1F32-48cb-863A-3602EF773218}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FEEA6~1.EXE > nul
C:\Windows\{3DAF9596-C2CA-4548-98A9-C7B73C45D504}.exe
C:\Windows\{3DAF9596-C2CA-4548-98A9-C7B73C45D504}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C5F48~1.EXE > nul
C:\Windows\{F30D2E4D-B085-4b0f-AE1C-3822E8885AFC}.exe
C:\Windows\{F30D2E4D-B085-4b0f-AE1C-3822E8885AFC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3DAF9~1.EXE > nul
C:\Windows\{C9AEA7EF-0FDA-42aa-9C1D-2469BA255333}.exe
C:\Windows\{C9AEA7EF-0FDA-42aa-9C1D-2469BA255333}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F30D2~1.EXE > nul
C:\Windows\{6915B993-2171-4c6f-9E24-D53711C2C3B1}.exe
C:\Windows\{6915B993-2171-4c6f-9E24-D53711C2C3B1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C9AEA~1.EXE > nul
C:\Windows\{115D24B6-F88F-4b65-9606-2C0A80530B5D}.exe
C:\Windows\{115D24B6-F88F-4b65-9606-2C0A80530B5D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6915B~1.EXE > nul
C:\Windows\{F5D55528-C2A1-4998-A7D7-33C7AE5C2A49}.exe
C:\Windows\{F5D55528-C2A1-4998-A7D7-33C7AE5C2A49}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{115D2~1.EXE > nul
C:\Windows\{9B765254-8B15-443a-8483-3F95CAAED4EA}.exe
C:\Windows\{9B765254-8B15-443a-8483-3F95CAAED4EA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F5D55~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| GB | 172.217.169.74:443 | tcp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
Files
C:\Windows\{2EF4FCD2-D7CE-4b83-99F2-B98C52A4F2AE}.exe
| MD5 | 509194960e32e1e3677fb350549cedbd |
| SHA1 | a1f00449b69ef2eca8d6ba5ab602abcfe358703b |
| SHA256 | 1f0df1208bc996e1a7165f887e5d4b5e1fe7db36e9f700b1ee171f8b3e5704f3 |
| SHA512 | 95efb27cabf1f0a08778a37ab78f082c5ad88fabcf9b67d368f8c8c2eac53ce47462b71a6a736102b18eb080826ee5927d27c7ab8d457e1be734239acfc0247c |
C:\Windows\{B9C7975C-85B7-4bc5-BD2E-D89F677BBC28}.exe
| MD5 | 49d55df98811ccc5a2915e12e6a34b4a |
| SHA1 | 65202f2906513dad966a221a7657b02c2b1d6023 |
| SHA256 | ccf4e40e6aba68d5a45e4681c675579eb8ea7bcd4bfbd6f4983d31fa08d17d90 |
| SHA512 | 58c587637505fc6b8ccb1e563ccd5f236f8457cbb279eace366554f7f3d91b2fafbb638028551ed75013dd6eb165d9667703c486318fab4b552887394fec9c94 |
C:\Windows\{4FFCB991-94C6-484b-932C-FCE0F483953C}.exe
| MD5 | dfeb09425ab5cccd2df5c17685153f5d |
| SHA1 | e23ae3638077fc928876ad694bf25b5c656c877d |
| SHA256 | 2946231b0127c898ab37137ae93021a951ec27dba782c94498d32caf8c798166 |
| SHA512 | 50754669896fef7e3dade01b5740172188ce3d8c390a6e16d8b12fa95df58d6f94f6d0a22e84a72be9ce778a5e173154a65d2cfd3f963917a478694777319ab8 |
C:\Windows\{FEEA6D98-5317-4e2b-A62C-5F03A009B1A6}.exe
| MD5 | 59ed078ef9d21ebb25137b719604537a |
| SHA1 | bb87dfd5eb264897919cd35fe1436ed0f461f75d |
| SHA256 | 4e2781986606404edd811182cc6d7b782109840367a8e33b5d3c929e9e54e37f |
| SHA512 | c14752950136e60d11e6e508529a2312f8c03e68c10d1327db8dd91bec9ca46bacd048b990ec72199b1131bd06d76480e6b9ae5810ec5d262e4d66440430c4e9 |
C:\Windows\{C5F48177-1F32-48cb-863A-3602EF773218}.exe
| MD5 | 4c5a14ad9a398128d9672b99f49ebe6c |
| SHA1 | 3958f472803bd5be896d6e6d0e5b3b9c4fe5a980 |
| SHA256 | 440e58d04b9e62604c6a651951500e809156d483e45c34a9c0525d217d6923e3 |
| SHA512 | 4db013bc72d5605b142c86161bc73458c8b4d0eb2d016a0b02aab4536e3762fe8d4e94f1139bcdad8bd96ddbbbdc5d2c42f929b05d6c39d1585aa227d151b4d4 |
C:\Windows\{3DAF9596-C2CA-4548-98A9-C7B73C45D504}.exe
| MD5 | b133a395152a574aef68ebda3df3f7c1 |
| SHA1 | e3b921dbf44897c925ba8c130e34eaa982f0e39c |
| SHA256 | 41277493cb685edb1ebe777067ba642730ebc63cb96f5459892f612ca9639e5c |
| SHA512 | 0f0073b248228ad42ec23ca892df74ddf76e44a59e86e8e0d9bc4b15c9588009c7add83fdff86dce81ecdc5d8e5b1741c805c6bb546217460f5b95eb7bda9859 |
C:\Windows\{F30D2E4D-B085-4b0f-AE1C-3822E8885AFC}.exe
| MD5 | 7207e0984edb624194323b4ce56f3ee2 |
| SHA1 | 1719c25058024013fd0fba7bec0409fb9d0bdd99 |
| SHA256 | fa6d0855592936c49dc8fe84cb8e3f9c8c116c30a559b7bc886296daccfa5c7a |
| SHA512 | 6f81c19c37660c35b4b9a27711cc937a0296d3add3dfa60b400cba9c3e2b627a147c6b5366198609f965897f5774f9ad9fb54b512588b91d26c6700ac829eff3 |
C:\Windows\{C9AEA7EF-0FDA-42aa-9C1D-2469BA255333}.exe
| MD5 | 30e9d7e86c9d27d336a925727be48279 |
| SHA1 | 570623c239e1846c4801cd8b723cee69cb519319 |
| SHA256 | aaea71ae11f46132128650aa8fef0fe28e333ba6d9866aae5c3ab3525237640b |
| SHA512 | cccda9a10f522c31a94d342999bdb927c04dffb5e25113684828c859b1773a16026f2f0bb603431d178e50a274e6fd72c22b350ff9de8b0900ef0995c56537d5 |
C:\Windows\{6915B993-2171-4c6f-9E24-D53711C2C3B1}.exe
| MD5 | 94a700766612c95b9e917a3872e2cd1e |
| SHA1 | b4155c868206d4489535fd6d2dd89671b0462275 |
| SHA256 | 295cc22064c817b331476f10065928099ed408818d1e8e36b3bea7dff32d33c9 |
| SHA512 | 86d578548abe92ff164eb3d5bee38f4c57249f679d7b90a1ba86939f5849494aa43c5994fb2aaea2a67ddfcebe7cc4a095d2a6373c5e0a8a369dcec10845e7d0 |
C:\Windows\{115D24B6-F88F-4b65-9606-2C0A80530B5D}.exe
| MD5 | a105376e4cffd62ae4370502068f9b64 |
| SHA1 | 6c29f5e16170572fa51a0cb3eaed2726eeefd68a |
| SHA256 | d27febe4422f8b52ec8e9db8d8e6df8233938914061501fe6ac09dc0b0158a01 |
| SHA512 | f5bfe0ec52663a46296928f1e7da3a4087048f37ae385029438f4d97aa6d4a8892579755b4dd905f63eca18c8912b02680c8e4484e13d727cef95578103c2d06 |
C:\Windows\{F5D55528-C2A1-4998-A7D7-33C7AE5C2A49}.exe
| MD5 | 49867ae2470c9bd8dc19dad00c6173e2 |
| SHA1 | 16648246a887d00fb8ae785df9590817644074ba |
| SHA256 | 3c8e16e4099b931e79eb26a275b748157ac6c3d1dce550473e6fad8138690e42 |
| SHA512 | 4eb1b033565ff266173ec957c60167c30edc72e4680936941fd80e72baeacf439733aff439ae91c91091a0f8e050d0fb853a0f81c7a61c1e50c49b42fc4e4396 |
C:\Windows\{9B765254-8B15-443a-8483-3F95CAAED4EA}.exe
| MD5 | 086d2c94804af2753fa079f39b641ca2 |
| SHA1 | 73c9e10472fb8f3d1802b5773ba6e3248ce411a0 |
| SHA256 | 501279ace150fc257919fb584ee1b657b3f3e8a705e03a590be2ea14577506c0 |
| SHA512 | 1ebb59934fc4fbf7062b850d96d5f6a02937907596940b51f36d96473778e464c7c272c6e3fffae1e4266775677db0db1c5b1f09a43ae85738de2012837a1416 |
C:\Windows\{9B765254-8B15-443a-8483-3F95CAAED4EA}.exe
| MD5 | d6af5a96dc90688c7abfc1aa58c26a32 |
| SHA1 | 425d8898babe3bfe52003ffeb293949ed2f3e0ab |
| SHA256 | 80329085660f9b348e81559dff2e597ba341b4a434054a3166f47bab6725acec |
| SHA512 | 0d2d9272e53f5a04d45f885dd2fe2c97ed3f238577481c9fc2e156c22dc640e82062d8f2ddbb92e6f77049b56c7553ca882c2aeb29a99e157e6bcd9732a69269 |