Analysis Overview
SHA256
7cbc4d6e0c01be66e067f901ea31c8fdd072721971f9ff6d020e4cacbd8e2e54
Threat Level: Known bad
The file 2024-01-25_82a2b4cd281ab7846611643e00925108_goldeneye was found to be: Known bad.
Malicious Activity Summary
Kinsing
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-25 17:31
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-25 17:31
Reported
2024-01-25 17:34
Platform
win7-20231215-en
Max time kernel
144s
Max time network
122s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0AC03C27-27CC-4916-B343-2F4AC224F458}\stubpath = "C:\\Windows\\{0AC03C27-27CC-4916-B343-2F4AC224F458}.exe" | C:\Windows\{3EE154F5-4B5F-4714-B070-BE394A1ECEFD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{71E27B70-1D31-4c42-BF59-0E162E2AD381} | C:\Windows\{0FBEDC4E-65DD-4972-A3BB-0621AEEA411E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{19E08744-2D2E-4239-8953-DABFEF785620} | C:\Windows\{23DB05D2-F26D-488f-A57B-3823E9D8D86A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{19E08744-2D2E-4239-8953-DABFEF785620}\stubpath = "C:\\Windows\\{19E08744-2D2E-4239-8953-DABFEF785620}.exe" | C:\Windows\{23DB05D2-F26D-488f-A57B-3823E9D8D86A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{16FC00C2-2DF0-42d5-AC93-D8757E2CF4CF}\stubpath = "C:\\Windows\\{16FC00C2-2DF0-42d5-AC93-D8757E2CF4CF}.exe" | C:\Windows\{B4614E0D-69AF-4aa6-BD27-2BE4B3458695}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0AC03C27-27CC-4916-B343-2F4AC224F458} | C:\Windows\{3EE154F5-4B5F-4714-B070-BE394A1ECEFD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3EE154F5-4B5F-4714-B070-BE394A1ECEFD}\stubpath = "C:\\Windows\\{3EE154F5-4B5F-4714-B070-BE394A1ECEFD}.exe" | C:\Windows\{16FC00C2-2DF0-42d5-AC93-D8757E2CF4CF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0FBEDC4E-65DD-4972-A3BB-0621AEEA411E} | C:\Windows\{0AC03C27-27CC-4916-B343-2F4AC224F458}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{23DB05D2-F26D-488f-A57B-3823E9D8D86A} | C:\Windows\{71E27B70-1D31-4c42-BF59-0E162E2AD381}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{23DB05D2-F26D-488f-A57B-3823E9D8D86A}\stubpath = "C:\\Windows\\{23DB05D2-F26D-488f-A57B-3823E9D8D86A}.exe" | C:\Windows\{71E27B70-1D31-4c42-BF59-0E162E2AD381}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5C873FFA-552F-4c86-9FF5-F596D7AFF3B3} | C:\Windows\{19E08744-2D2E-4239-8953-DABFEF785620}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C43D41A5-38AF-4bca-ACEC-0C3E761E66AD} | C:\Windows\{DBE66E56-31B5-4f2d-BB1F-1033D04F3F5F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B4614E0D-69AF-4aa6-BD27-2BE4B3458695} | C:\Users\Admin\AppData\Local\Temp\2024-01-25_82a2b4cd281ab7846611643e00925108_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3EE154F5-4B5F-4714-B070-BE394A1ECEFD} | C:\Windows\{16FC00C2-2DF0-42d5-AC93-D8757E2CF4CF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{71E27B70-1D31-4c42-BF59-0E162E2AD381}\stubpath = "C:\\Windows\\{71E27B70-1D31-4c42-BF59-0E162E2AD381}.exe" | C:\Windows\{0FBEDC4E-65DD-4972-A3BB-0621AEEA411E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5C873FFA-552F-4c86-9FF5-F596D7AFF3B3}\stubpath = "C:\\Windows\\{5C873FFA-552F-4c86-9FF5-F596D7AFF3B3}.exe" | C:\Windows\{19E08744-2D2E-4239-8953-DABFEF785620}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{DBE66E56-31B5-4f2d-BB1F-1033D04F3F5F} | C:\Windows\{5C873FFA-552F-4c86-9FF5-F596D7AFF3B3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{DBE66E56-31B5-4f2d-BB1F-1033D04F3F5F}\stubpath = "C:\\Windows\\{DBE66E56-31B5-4f2d-BB1F-1033D04F3F5F}.exe" | C:\Windows\{5C873FFA-552F-4c86-9FF5-F596D7AFF3B3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C43D41A5-38AF-4bca-ACEC-0C3E761E66AD}\stubpath = "C:\\Windows\\{C43D41A5-38AF-4bca-ACEC-0C3E761E66AD}.exe" | C:\Windows\{DBE66E56-31B5-4f2d-BB1F-1033D04F3F5F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B4614E0D-69AF-4aa6-BD27-2BE4B3458695}\stubpath = "C:\\Windows\\{B4614E0D-69AF-4aa6-BD27-2BE4B3458695}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_82a2b4cd281ab7846611643e00925108_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0FBEDC4E-65DD-4972-A3BB-0621AEEA411E}\stubpath = "C:\\Windows\\{0FBEDC4E-65DD-4972-A3BB-0621AEEA411E}.exe" | C:\Windows\{0AC03C27-27CC-4916-B343-2F4AC224F458}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{16FC00C2-2DF0-42d5-AC93-D8757E2CF4CF} | C:\Windows\{B4614E0D-69AF-4aa6-BD27-2BE4B3458695}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{B4614E0D-69AF-4aa6-BD27-2BE4B3458695}.exe | N/A |
| N/A | N/A | C:\Windows\{16FC00C2-2DF0-42d5-AC93-D8757E2CF4CF}.exe | N/A |
| N/A | N/A | C:\Windows\{3EE154F5-4B5F-4714-B070-BE394A1ECEFD}.exe | N/A |
| N/A | N/A | C:\Windows\{0AC03C27-27CC-4916-B343-2F4AC224F458}.exe | N/A |
| N/A | N/A | C:\Windows\{0FBEDC4E-65DD-4972-A3BB-0621AEEA411E}.exe | N/A |
| N/A | N/A | C:\Windows\{71E27B70-1D31-4c42-BF59-0E162E2AD381}.exe | N/A |
| N/A | N/A | C:\Windows\{23DB05D2-F26D-488f-A57B-3823E9D8D86A}.exe | N/A |
| N/A | N/A | C:\Windows\{19E08744-2D2E-4239-8953-DABFEF785620}.exe | N/A |
| N/A | N/A | C:\Windows\{5C873FFA-552F-4c86-9FF5-F596D7AFF3B3}.exe | N/A |
| N/A | N/A | C:\Windows\{DBE66E56-31B5-4f2d-BB1F-1033D04F3F5F}.exe | N/A |
| N/A | N/A | C:\Windows\{C43D41A5-38AF-4bca-ACEC-0C3E761E66AD}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{23DB05D2-F26D-488f-A57B-3823E9D8D86A}.exe | C:\Windows\{71E27B70-1D31-4c42-BF59-0E162E2AD381}.exe | N/A |
| File created | C:\Windows\{5C873FFA-552F-4c86-9FF5-F596D7AFF3B3}.exe | C:\Windows\{19E08744-2D2E-4239-8953-DABFEF785620}.exe | N/A |
| File created | C:\Windows\{DBE66E56-31B5-4f2d-BB1F-1033D04F3F5F}.exe | C:\Windows\{5C873FFA-552F-4c86-9FF5-F596D7AFF3B3}.exe | N/A |
| File created | C:\Windows\{C43D41A5-38AF-4bca-ACEC-0C3E761E66AD}.exe | C:\Windows\{DBE66E56-31B5-4f2d-BB1F-1033D04F3F5F}.exe | N/A |
| File created | C:\Windows\{0FBEDC4E-65DD-4972-A3BB-0621AEEA411E}.exe | C:\Windows\{0AC03C27-27CC-4916-B343-2F4AC224F458}.exe | N/A |
| File created | C:\Windows\{16FC00C2-2DF0-42d5-AC93-D8757E2CF4CF}.exe | C:\Windows\{B4614E0D-69AF-4aa6-BD27-2BE4B3458695}.exe | N/A |
| File created | C:\Windows\{3EE154F5-4B5F-4714-B070-BE394A1ECEFD}.exe | C:\Windows\{16FC00C2-2DF0-42d5-AC93-D8757E2CF4CF}.exe | N/A |
| File created | C:\Windows\{0AC03C27-27CC-4916-B343-2F4AC224F458}.exe | C:\Windows\{3EE154F5-4B5F-4714-B070-BE394A1ECEFD}.exe | N/A |
| File created | C:\Windows\{71E27B70-1D31-4c42-BF59-0E162E2AD381}.exe | C:\Windows\{0FBEDC4E-65DD-4972-A3BB-0621AEEA411E}.exe | N/A |
| File created | C:\Windows\{19E08744-2D2E-4239-8953-DABFEF785620}.exe | C:\Windows\{23DB05D2-F26D-488f-A57B-3823E9D8D86A}.exe | N/A |
| File created | C:\Windows\{B4614E0D-69AF-4aa6-BD27-2BE4B3458695}.exe | C:\Users\Admin\AppData\Local\Temp\2024-01-25_82a2b4cd281ab7846611643e00925108_goldeneye.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-01-25_82a2b4cd281ab7846611643e00925108_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-25_82a2b4cd281ab7846611643e00925108_goldeneye.exe"
C:\Windows\{B4614E0D-69AF-4aa6-BD27-2BE4B3458695}.exe
C:\Windows\{B4614E0D-69AF-4aa6-BD27-2BE4B3458695}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{16FC00C2-2DF0-42d5-AC93-D8757E2CF4CF}.exe
C:\Windows\{16FC00C2-2DF0-42d5-AC93-D8757E2CF4CF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B4614~1.EXE > nul
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{16FC0~1.EXE > nul
C:\Windows\{3EE154F5-4B5F-4714-B070-BE394A1ECEFD}.exe
C:\Windows\{3EE154F5-4B5F-4714-B070-BE394A1ECEFD}.exe
C:\Windows\{0AC03C27-27CC-4916-B343-2F4AC224F458}.exe
C:\Windows\{0AC03C27-27CC-4916-B343-2F4AC224F458}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3EE15~1.EXE > nul
C:\Windows\{0FBEDC4E-65DD-4972-A3BB-0621AEEA411E}.exe
C:\Windows\{0FBEDC4E-65DD-4972-A3BB-0621AEEA411E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0AC03~1.EXE > nul
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0FBED~1.EXE > nul
C:\Windows\{71E27B70-1D31-4c42-BF59-0E162E2AD381}.exe
C:\Windows\{71E27B70-1D31-4c42-BF59-0E162E2AD381}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{71E27~1.EXE > nul
C:\Windows\{23DB05D2-F26D-488f-A57B-3823E9D8D86A}.exe
C:\Windows\{23DB05D2-F26D-488f-A57B-3823E9D8D86A}.exe
C:\Windows\{19E08744-2D2E-4239-8953-DABFEF785620}.exe
C:\Windows\{19E08744-2D2E-4239-8953-DABFEF785620}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{23DB0~1.EXE > nul
C:\Windows\{5C873FFA-552F-4c86-9FF5-F596D7AFF3B3}.exe
C:\Windows\{5C873FFA-552F-4c86-9FF5-F596D7AFF3B3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{19E08~1.EXE > nul
C:\Windows\{DBE66E56-31B5-4f2d-BB1F-1033D04F3F5F}.exe
C:\Windows\{DBE66E56-31B5-4f2d-BB1F-1033D04F3F5F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5C873~1.EXE > nul
C:\Windows\{C43D41A5-38AF-4bca-ACEC-0C3E761E66AD}.exe
C:\Windows\{C43D41A5-38AF-4bca-ACEC-0C3E761E66AD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{DBE66~1.EXE > nul
Network
Files
C:\Windows\{B4614E0D-69AF-4aa6-BD27-2BE4B3458695}.exe
| MD5 | 19f9c90d637b2d6bdc733ceda4b8f60c |
| SHA1 | 1b8e03776b79209b8c84138192e766510376d8a9 |
| SHA256 | 6ec62ebce90b497f02ec64178822e4f5d6e3549b364e47eafbe07b118040a2e5 |
| SHA512 | d56ae1c95b613991aa1ed5286f77b4731c9d5ab55705cffdb6ef2424a6ff08019dd37fa8c5dfdce8cae676b271690aa50eda5644f7be2d0b9d6074678e1038dd |
C:\Windows\{16FC00C2-2DF0-42d5-AC93-D8757E2CF4CF}.exe
| MD5 | 18fcc94e776b63fd19a2adc7abce5d7b |
| SHA1 | 18354da0850abc62b1c298197ad337878dfa3078 |
| SHA256 | 5b1c6c3d58f65467db09ddff8289813346f56fe259d78c94cbe2e4f32b9de5ef |
| SHA512 | 75c6273d56dc618fa7923f738adff7c7619f45206cf53d93b4d998d197b1abfb1786f6608ae5491398c4df7bb0bb64aadcf523e292558f666c3a79d9283596e6 |
C:\Windows\{3EE154F5-4B5F-4714-B070-BE394A1ECEFD}.exe
| MD5 | 9db47a191c0a465c039a444678a8bc61 |
| SHA1 | cf369708cc42f8c177a7d055cccdb7614fe087e9 |
| SHA256 | 46977a5b92aee18f63590f3b2c6c2857b3ae990bce1d602a31ebe89d77f634ed |
| SHA512 | d6c3b4cd4809535acbe3479f0fe491eb498041d87f9e235900e3aec9b1798af5228cf986a1e1e2b4e49c7edd35cd05ebed775b26f7a2df0773f879d357902ec8 |
C:\Windows\{0AC03C27-27CC-4916-B343-2F4AC224F458}.exe
| MD5 | cacadb5beead67697a4be3e4c49989dd |
| SHA1 | 0b3238dbf2a46fd1e7f7440ea6f5415d66f10c65 |
| SHA256 | 4e33a1ad56df8dee7363ad726ec61713048fc5b9b7a5b62e177dd67a2c1f69c3 |
| SHA512 | 35c3373336167046ec0c59f2bb9577531827fa224dc2cb83a1e60d3515c75032f1ef5a4f655f91996f92072b8477021c99cdefcc422e2163a6ee951dfb7aa3c2 |
C:\Windows\{0FBEDC4E-65DD-4972-A3BB-0621AEEA411E}.exe
| MD5 | fe8fc635b6ec2cf27fda3217c652cb53 |
| SHA1 | 283ef87ed4c81b6b13d205787cac0170789310b3 |
| SHA256 | f0facdf16413cc095f5c0f5e01d6493ed3e3f9d152c5de8ec7213e47b28a9d47 |
| SHA512 | c119e867484fda0cd7b3614c6ac755ee745d52cb234e71530fecda6030140cecc4d43d66935805f9ccae8ae8718aa15288f1835bac333e18859a061b179a8825 |
C:\Windows\{71E27B70-1D31-4c42-BF59-0E162E2AD381}.exe
| MD5 | 892ecfb5909f6162a7a1c655fa96b62a |
| SHA1 | 9cb8be32fe84af119f5f14c19f1bf0e92ac7110d |
| SHA256 | 481a380a3ccacd070b3ab749551ea18a9f9b5794e6a2c1e0cd3aba1261ce28e8 |
| SHA512 | 0a66c2b560542068e71e0cb832d309a869642f0bc6d97a3e6abdede5c9825bab92a5901ee2630cebb3befb6c29037893d4a6c2a1105bb96bb86440ceffcf46a3 |
C:\Windows\{23DB05D2-F26D-488f-A57B-3823E9D8D86A}.exe
| MD5 | 129cee2900c1c6dac514e5616fe4b89c |
| SHA1 | 52c8ee9712a37ec65a74d8735691a41aa0380988 |
| SHA256 | 8f994f91206d7c2cf1d6ad1972c2a031debce15f936f51c3efe27baae6c01dfc |
| SHA512 | 4757d8872068451e6ac4126fed3a1295229c8201886b59404b90b863544abeb51503d090fa8e83549cd05452c6410bf2a7932e36d890f46b36823acd7bd641b5 |
C:\Windows\{19E08744-2D2E-4239-8953-DABFEF785620}.exe
| MD5 | f78165ea49828b15f056ed764984cd81 |
| SHA1 | feeb3a7213344219b65a0e65498a4ca36d9a4579 |
| SHA256 | 55e5567f0aa17a79f703c389c28d11589344e25758dd2f2205832d749d0db5f7 |
| SHA512 | 6f3e61ed61571aea43c758307562df141b140202e29ef6d9ad2f0def4ae501a54e20f645a6eda3b33febed5e0e84de922bcd94a1633e9e3d3aa347680adc33de |
C:\Windows\{5C873FFA-552F-4c86-9FF5-F596D7AFF3B3}.exe
| MD5 | 80442e84d4a2585adb951a2e4e4bf054 |
| SHA1 | efc27472de185f7a52087460139ec4b57733988e |
| SHA256 | 135b9d7254e7d72b15633dce74ddaf67b26f46835ee177adf1bdfd221861febd |
| SHA512 | 155f6f55ba5e62f3effce159191d8404eb67fd8393ab8ced89b1f7c156d8ccd2e11cc9d7ebb31a9e39430c44d10d01911974075f219c39077631c684d71b1ef9 |
C:\Windows\{DBE66E56-31B5-4f2d-BB1F-1033D04F3F5F}.exe
| MD5 | 159af159816c1f151c9b377302c5f000 |
| SHA1 | ef64640a34d7ca48089b033aab96db8a78fba380 |
| SHA256 | 9853f47603eefad6dcce978efeb1182070a280e9e70b84413f3fa19b82f00dd5 |
| SHA512 | e62bd2ce9002bd5ac4bec50e9d8bd4db70f8541d0f490420b334320cd26c30750dbf5c629f88b6eb53b5ca29f745c61387223284a8ba4ce92f89d7c784ecb883 |
C:\Windows\{C43D41A5-38AF-4bca-ACEC-0C3E761E66AD}.exe
| MD5 | 91e95812beaa2ae0234641d91afc62a1 |
| SHA1 | 9400fdbcbe06656841fe572d212022d183fe6f59 |
| SHA256 | e3a08858f47f4cfb0d10425745ac70098bed9100911f3c413332125184e308ce |
| SHA512 | f19e39225210f974bcb59faa3e71ba901237038f9412c096a5e4628b92934103a0bdad922014ed4a0056e68c07a0cbdefc6b4988353d7a9e498b280da62b6ec6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-25 17:31
Reported
2024-01-25 17:34
Platform
win10v2004-20231215-en
Max time kernel
150s
Max time network
157s
Command Line
Signatures
Kinsing
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0FF81597-1C6F-41ad-8141-3D9A87E92214} | C:\Windows\{E635EA02-FFFE-4cba-9E01-7AEFEED2F762}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C83682E7-B91B-4868-B1AC-EDDC26E44CC7} | C:\Windows\{0FF81597-1C6F-41ad-8141-3D9A87E92214}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C83682E7-B91B-4868-B1AC-EDDC26E44CC7}\stubpath = "C:\\Windows\\{C83682E7-B91B-4868-B1AC-EDDC26E44CC7}.exe" | C:\Windows\{0FF81597-1C6F-41ad-8141-3D9A87E92214}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{56BACB84-B96C-4d2f-A87D-691A29645D5A}\stubpath = "C:\\Windows\\{56BACB84-B96C-4d2f-A87D-691A29645D5A}.exe" | C:\Windows\{345B2311-85CC-40fd-ACB3-D650820F0C6B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{304AFF06-B0B4-4df9-97B6-C5DD0458CB5E}\stubpath = "C:\\Windows\\{304AFF06-B0B4-4df9-97B6-C5DD0458CB5E}.exe" | C:\Windows\{7171C8F6-2C58-4c1a-9782-78BDAFC46DC9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0519B459-C133-407a-8BF7-9631A0AE8D57} | C:\Windows\{304AFF06-B0B4-4df9-97B6-C5DD0458CB5E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B3B528F6-8DFC-42cd-8435-1126B41066BA} | C:\Windows\{0519B459-C133-407a-8BF7-9631A0AE8D57}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0FF81597-1C6F-41ad-8141-3D9A87E92214}\stubpath = "C:\\Windows\\{0FF81597-1C6F-41ad-8141-3D9A87E92214}.exe" | C:\Windows\{E635EA02-FFFE-4cba-9E01-7AEFEED2F762}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{345B2311-85CC-40fd-ACB3-D650820F0C6B} | C:\Windows\{DFAA1936-54A4-4209-A3F4-6968C197C43F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{345B2311-85CC-40fd-ACB3-D650820F0C6B}\stubpath = "C:\\Windows\\{345B2311-85CC-40fd-ACB3-D650820F0C6B}.exe" | C:\Windows\{DFAA1936-54A4-4209-A3F4-6968C197C43F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{56BACB84-B96C-4d2f-A87D-691A29645D5A} | C:\Windows\{345B2311-85CC-40fd-ACB3-D650820F0C6B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7171C8F6-2C58-4c1a-9782-78BDAFC46DC9} | C:\Windows\{56BACB84-B96C-4d2f-A87D-691A29645D5A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7171C8F6-2C58-4c1a-9782-78BDAFC46DC9}\stubpath = "C:\\Windows\\{7171C8F6-2C58-4c1a-9782-78BDAFC46DC9}.exe" | C:\Windows\{56BACB84-B96C-4d2f-A87D-691A29645D5A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0519B459-C133-407a-8BF7-9631A0AE8D57}\stubpath = "C:\\Windows\\{0519B459-C133-407a-8BF7-9631A0AE8D57}.exe" | C:\Windows\{304AFF06-B0B4-4df9-97B6-C5DD0458CB5E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9236D06D-405B-4cce-A3AF-F71CA9745CC9} | C:\Windows\{B3B528F6-8DFC-42cd-8435-1126B41066BA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E635EA02-FFFE-4cba-9E01-7AEFEED2F762} | C:\Users\Admin\AppData\Local\Temp\2024-01-25_82a2b4cd281ab7846611643e00925108_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DFAA1936-54A4-4209-A3F4-6968C197C43F} | C:\Windows\{C83682E7-B91B-4868-B1AC-EDDC26E44CC7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B3B528F6-8DFC-42cd-8435-1126B41066BA}\stubpath = "C:\\Windows\\{B3B528F6-8DFC-42cd-8435-1126B41066BA}.exe" | C:\Windows\{0519B459-C133-407a-8BF7-9631A0AE8D57}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9236D06D-405B-4cce-A3AF-F71CA9745CC9}\stubpath = "C:\\Windows\\{9236D06D-405B-4cce-A3AF-F71CA9745CC9}.exe" | C:\Windows\{B3B528F6-8DFC-42cd-8435-1126B41066BA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E635EA02-FFFE-4cba-9E01-7AEFEED2F762}\stubpath = "C:\\Windows\\{E635EA02-FFFE-4cba-9E01-7AEFEED2F762}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_82a2b4cd281ab7846611643e00925108_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DFAA1936-54A4-4209-A3F4-6968C197C43F}\stubpath = "C:\\Windows\\{DFAA1936-54A4-4209-A3F4-6968C197C43F}.exe" | C:\Windows\{C83682E7-B91B-4868-B1AC-EDDC26E44CC7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{304AFF06-B0B4-4df9-97B6-C5DD0458CB5E} | C:\Windows\{7171C8F6-2C58-4c1a-9782-78BDAFC46DC9}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{E635EA02-FFFE-4cba-9E01-7AEFEED2F762}.exe | N/A |
| N/A | N/A | C:\Windows\{0FF81597-1C6F-41ad-8141-3D9A87E92214}.exe | N/A |
| N/A | N/A | C:\Windows\{C83682E7-B91B-4868-B1AC-EDDC26E44CC7}.exe | N/A |
| N/A | N/A | C:\Windows\{DFAA1936-54A4-4209-A3F4-6968C197C43F}.exe | N/A |
| N/A | N/A | C:\Windows\{345B2311-85CC-40fd-ACB3-D650820F0C6B}.exe | N/A |
| N/A | N/A | C:\Windows\{56BACB84-B96C-4d2f-A87D-691A29645D5A}.exe | N/A |
| N/A | N/A | C:\Windows\{7171C8F6-2C58-4c1a-9782-78BDAFC46DC9}.exe | N/A |
| N/A | N/A | C:\Windows\{304AFF06-B0B4-4df9-97B6-C5DD0458CB5E}.exe | N/A |
| N/A | N/A | C:\Windows\{0519B459-C133-407a-8BF7-9631A0AE8D57}.exe | N/A |
| N/A | N/A | C:\Windows\{B3B528F6-8DFC-42cd-8435-1126B41066BA}.exe | N/A |
| N/A | N/A | C:\Windows\{9236D06D-405B-4cce-A3AF-F71CA9745CC9}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{DFAA1936-54A4-4209-A3F4-6968C197C43F}.exe | C:\Windows\{C83682E7-B91B-4868-B1AC-EDDC26E44CC7}.exe | N/A |
| File created | C:\Windows\{56BACB84-B96C-4d2f-A87D-691A29645D5A}.exe | C:\Windows\{345B2311-85CC-40fd-ACB3-D650820F0C6B}.exe | N/A |
| File created | C:\Windows\{304AFF06-B0B4-4df9-97B6-C5DD0458CB5E}.exe | C:\Windows\{7171C8F6-2C58-4c1a-9782-78BDAFC46DC9}.exe | N/A |
| File created | C:\Windows\{0519B459-C133-407a-8BF7-9631A0AE8D57}.exe | C:\Windows\{304AFF06-B0B4-4df9-97B6-C5DD0458CB5E}.exe | N/A |
| File created | C:\Windows\{9236D06D-405B-4cce-A3AF-F71CA9745CC9}.exe | C:\Windows\{B3B528F6-8DFC-42cd-8435-1126B41066BA}.exe | N/A |
| File created | C:\Windows\{B3B528F6-8DFC-42cd-8435-1126B41066BA}.exe | C:\Windows\{0519B459-C133-407a-8BF7-9631A0AE8D57}.exe | N/A |
| File created | C:\Windows\{E635EA02-FFFE-4cba-9E01-7AEFEED2F762}.exe | C:\Users\Admin\AppData\Local\Temp\2024-01-25_82a2b4cd281ab7846611643e00925108_goldeneye.exe | N/A |
| File created | C:\Windows\{0FF81597-1C6F-41ad-8141-3D9A87E92214}.exe | C:\Windows\{E635EA02-FFFE-4cba-9E01-7AEFEED2F762}.exe | N/A |
| File created | C:\Windows\{C83682E7-B91B-4868-B1AC-EDDC26E44CC7}.exe | C:\Windows\{0FF81597-1C6F-41ad-8141-3D9A87E92214}.exe | N/A |
| File created | C:\Windows\{345B2311-85CC-40fd-ACB3-D650820F0C6B}.exe | C:\Windows\{DFAA1936-54A4-4209-A3F4-6968C197C43F}.exe | N/A |
| File created | C:\Windows\{7171C8F6-2C58-4c1a-9782-78BDAFC46DC9}.exe | C:\Windows\{56BACB84-B96C-4d2f-A87D-691A29645D5A}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-01-25_82a2b4cd281ab7846611643e00925108_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-25_82a2b4cd281ab7846611643e00925108_goldeneye.exe"
C:\Windows\{E635EA02-FFFE-4cba-9E01-7AEFEED2F762}.exe
C:\Windows\{E635EA02-FFFE-4cba-9E01-7AEFEED2F762}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{0FF81597-1C6F-41ad-8141-3D9A87E92214}.exe
C:\Windows\{0FF81597-1C6F-41ad-8141-3D9A87E92214}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E635E~1.EXE > nul
C:\Windows\{C83682E7-B91B-4868-B1AC-EDDC26E44CC7}.exe
C:\Windows\{C83682E7-B91B-4868-B1AC-EDDC26E44CC7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0FF81~1.EXE > nul
C:\Windows\{DFAA1936-54A4-4209-A3F4-6968C197C43F}.exe
C:\Windows\{DFAA1936-54A4-4209-A3F4-6968C197C43F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C8368~1.EXE > nul
C:\Windows\{345B2311-85CC-40fd-ACB3-D650820F0C6B}.exe
C:\Windows\{345B2311-85CC-40fd-ACB3-D650820F0C6B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{DFAA1~1.EXE > nul
C:\Windows\{56BACB84-B96C-4d2f-A87D-691A29645D5A}.exe
C:\Windows\{56BACB84-B96C-4d2f-A87D-691A29645D5A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{345B2~1.EXE > nul
C:\Windows\{7171C8F6-2C58-4c1a-9782-78BDAFC46DC9}.exe
C:\Windows\{7171C8F6-2C58-4c1a-9782-78BDAFC46DC9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{56BAC~1.EXE > nul
C:\Windows\{304AFF06-B0B4-4df9-97B6-C5DD0458CB5E}.exe
C:\Windows\{304AFF06-B0B4-4df9-97B6-C5DD0458CB5E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7171C~1.EXE > nul
C:\Windows\{0519B459-C133-407a-8BF7-9631A0AE8D57}.exe
C:\Windows\{0519B459-C133-407a-8BF7-9631A0AE8D57}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{304AF~1.EXE > nul
C:\Windows\{B3B528F6-8DFC-42cd-8435-1126B41066BA}.exe
C:\Windows\{B3B528F6-8DFC-42cd-8435-1126B41066BA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0519B~1.EXE > nul
C:\Windows\{9236D06D-405B-4cce-A3AF-F71CA9745CC9}.exe
C:\Windows\{9236D06D-405B-4cce-A3AF-F71CA9745CC9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B3B52~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.112.168.52.in-addr.arpa | udp |
Files
C:\Windows\{E635EA02-FFFE-4cba-9E01-7AEFEED2F762}.exe
| MD5 | e8308692e2234d9afcdf87d2c22df565 |
| SHA1 | 3a9af6563d0e457ca71a7a443658b4802ed79530 |
| SHA256 | f3ec195747534d277b5c0b6b4583ecf86b0c75c8b18b5d9882007423c0807caf |
| SHA512 | aab4a1fae38cc3767b52e4d13c7ad5f7d796a55aa2a40b7ee6249d59776d775946ce5f8fa0aeb442c9482f9ff78a7f9328e49617f946d0ba76c132b9703efd9f |
C:\Windows\{0FF81597-1C6F-41ad-8141-3D9A87E92214}.exe
| MD5 | dfaae9d99804e2b795919c3f52216b42 |
| SHA1 | c34f7d209a9b690bf5ea36e36c2aacda71681449 |
| SHA256 | 600ba21c45789ea3263c47802844c13b8a7dfd72339ca099b4ba480d456ccf60 |
| SHA512 | e5deca87d6f17a125c994ad20793b65c64c5a4bba0b49dabbae8d55fa6c92d7ddd8494b36cc5ba8aa116e6d20f1e29fb27ce7c4f857d9b6d64c761721f4e0250 |
C:\Windows\{C83682E7-B91B-4868-B1AC-EDDC26E44CC7}.exe
| MD5 | e4af7fbfb899ee94a2e58c870c0b8936 |
| SHA1 | 1bd7982afbb2a47e353d990049fd2038f50ca08d |
| SHA256 | 47381d2637731a18a8d407863dae01c8fccf342e858e9e26f495f5a77f37b064 |
| SHA512 | 3711e13f3f9d496b40ebc872010c532b2f31e23ae70fd77ded1c712bc63b715ad980a562628fa05e3a753d88828b689a11540a30a9043228d63767244dc5bc04 |
C:\Windows\{DFAA1936-54A4-4209-A3F4-6968C197C43F}.exe
| MD5 | 33378e0062c4444ea869a54ff4013e59 |
| SHA1 | 248d59072670ab1b17e408032bf7e0c09db89688 |
| SHA256 | bb7988da621577f2aac4e068037f2ef82c9a313714507f96cfea20d2d3622cd1 |
| SHA512 | e8cb1c6e64f0cfa13248da72d9b9d1c03013284020467f535125ac05ccd757f51954c524cb31af98829815b9f8f1d121bc0b10c76e9a38e2dc93f0f5de0dbefa |
C:\Windows\{345B2311-85CC-40fd-ACB3-D650820F0C6B}.exe
| MD5 | d538a071798692e137e3fb81c8c6014f |
| SHA1 | 25fc81fb986c2ebaa307273f461e668828071237 |
| SHA256 | a410652778d71bc13ffb45e6fcd0de901112300e38ccf97103f4636605fe4c78 |
| SHA512 | 572ef50a62ca7068fd04472ca5bd83b20a674b5e48d60b3811da4abb890904789a98578492886fc35afd177dc8d3dec0405ea8e5a36dbc8d2fb107b560613549 |
C:\Windows\{56BACB84-B96C-4d2f-A87D-691A29645D5A}.exe
| MD5 | d62140265ff48530e57177cfe50119e2 |
| SHA1 | 4c73e4a8ea8630737e7551e610a0811686a69fd8 |
| SHA256 | 4ce2677e62c2000a53797c722c59cd76b9cfab89ed6b068758d9a195f59d94b8 |
| SHA512 | 9bad2284a60278443b0641ac9dd384ea79957136f8d242f3d817149f09517c38c0d771f70870e09ed6ee6528bfc72b401f07e5babb8f8e75793989617a63ec21 |
C:\Windows\{7171C8F6-2C58-4c1a-9782-78BDAFC46DC9}.exe
| MD5 | 348af5267597cd59d0696f214c227d5e |
| SHA1 | d3a23031153b6451ee853510f28e6fd395b8462c |
| SHA256 | fb55ea5eb15e2fef711642ceaf93afcd28c01aa44c51bfd686e219c5fd2774da |
| SHA512 | 37c6941f71cc5d0ef994345184df14bb6b2fa9249d47347c2e87950ad8377e4e18fc67c057964b978711843da110c2be0369d029c5045a1a0ac5b9f514ef4e9e |
C:\Windows\{304AFF06-B0B4-4df9-97B6-C5DD0458CB5E}.exe
| MD5 | 3d5d196f86cc08010d95e5a9f80f1053 |
| SHA1 | 5e069b77f39a6da52dea9f119b0953b393a748e6 |
| SHA256 | ed30ab9adc68da5f6e5e47caf83b3fdcb90ddc17714308c7b5ae59990b675da2 |
| SHA512 | fa9245e0f357d21bbd400b614d288d1fdae4d6a843c45bab32866f7d8291aaaf99e66f9c2a5cae40abdab3642eae8e7ecfe4353911c14f1b2fcd87affcda7b1e |
C:\Windows\{0519B459-C133-407a-8BF7-9631A0AE8D57}.exe
| MD5 | 74847ce7fbdc36fe1efb96744a248a58 |
| SHA1 | c4d82404b7631ee69421e1d64ecb4065c635b016 |
| SHA256 | e552fbf83933b8163078ce1b2a280d074cebbfde5c29d6ad195ed7d405178b7b |
| SHA512 | 22de10df27483bea4831814b67236f692817ec8bc8b9d874597d54fd5a3450d7f78b93ca51e3d364ac544a8cdf3dd95c224eb7056c74f68a60215cc10c7ff7d0 |
C:\Windows\{B3B528F6-8DFC-42cd-8435-1126B41066BA}.exe
| MD5 | ce34f6a7d9868f67bf36568df7b7b7a6 |
| SHA1 | bded85f5c7190dc371552fa6d293179d5e7cedcb |
| SHA256 | e6c03b7ba0daef9c01e8ad38ba5d2c501169a4688e1833f5765077fe8f886b5c |
| SHA512 | 8295566a0f162fd27fa2ccbb578ea095b07c4f8aeeb23da546240c7f335e9d3ccde585d94855dd7805f081a24efb6b24924217df194d52f9c61d70dd6fce8710 |
C:\Windows\{9236D06D-405B-4cce-A3AF-F71CA9745CC9}.exe
| MD5 | a504990bc15f986c2320e27c25f05d15 |
| SHA1 | 7b80ca27d11f4f09aeb67875c5672bab4f080b61 |
| SHA256 | 93404d6b6e8068c7c03f30ce14cef4b32a42903ac469753891d04bdf166ef169 |
| SHA512 | 160cc8468b152fcfc4a867a8f374acdcda776b5860264b760440c73aee17e54299b813bbe58fb22435fe45c8ebe2c80fd5e630c427650bce6713941e2bd4955c |