Analysis Overview
SHA256
08e176d28691fc2e5eca6d6b5709f56f60f1ff0109e7e3d9a78e361a99fa6818
Threat Level: Known bad
The file 2024-06-13_0a755e821f5f8006a843b9ec0878c779_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:43
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:43
Reported
2024-06-13 02:46
Platform
win7-20240508-en
Max time kernel
144s
Max time network
123s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{74B9109E-9B90-4003-B786-1E272E72BE91}\stubpath = "C:\\Windows\\{74B9109E-9B90-4003-B786-1E272E72BE91}.exe" | C:\Windows\{89685C1C-617C-4cfa-8A26-9812EBC61243}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F2997367-45EE-4a6d-800A-06E97D37E978}\stubpath = "C:\\Windows\\{F2997367-45EE-4a6d-800A-06E97D37E978}.exe" | C:\Windows\{BF603A42-CA1F-4fcd-8FAA-829CC6EAF8AE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{ED4476ED-C73F-4162-8CA6-8C783E5AD96B} | C:\Windows\{A369E39A-89B5-455b-B7D6-782D83E63C99}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D93DD83C-028B-4ca1-BB61-2A3507D47695} | C:\Windows\{F32100AD-63B7-4759-A591-0FD33F67C60F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D93DD83C-028B-4ca1-BB61-2A3507D47695}\stubpath = "C:\\Windows\\{D93DD83C-028B-4ca1-BB61-2A3507D47695}.exe" | C:\Windows\{F32100AD-63B7-4759-A591-0FD33F67C60F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F32100AD-63B7-4759-A591-0FD33F67C60F} | C:\Windows\{2F9F5243-CB38-4375-AED1-BC1DEF50DE2A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89685C1C-617C-4cfa-8A26-9812EBC61243}\stubpath = "C:\\Windows\\{89685C1C-617C-4cfa-8A26-9812EBC61243}.exe" | C:\Windows\{85796DE0-F775-40fb-B4A8-48D33281E574}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{74B9109E-9B90-4003-B786-1E272E72BE91} | C:\Windows\{89685C1C-617C-4cfa-8A26-9812EBC61243}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BF603A42-CA1F-4fcd-8FAA-829CC6EAF8AE}\stubpath = "C:\\Windows\\{BF603A42-CA1F-4fcd-8FAA-829CC6EAF8AE}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_0a755e821f5f8006a843b9ec0878c779_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F2997367-45EE-4a6d-800A-06E97D37E978} | C:\Windows\{BF603A42-CA1F-4fcd-8FAA-829CC6EAF8AE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A369E39A-89B5-455b-B7D6-782D83E63C99} | C:\Windows\{9776CCD5-DF3C-4c1e-8854-90A31C3B6659}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A369E39A-89B5-455b-B7D6-782D83E63C99}\stubpath = "C:\\Windows\\{A369E39A-89B5-455b-B7D6-782D83E63C99}.exe" | C:\Windows\{9776CCD5-DF3C-4c1e-8854-90A31C3B6659}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2F9F5243-CB38-4375-AED1-BC1DEF50DE2A} | C:\Windows\{ED4476ED-C73F-4162-8CA6-8C783E5AD96B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{85796DE0-F775-40fb-B4A8-48D33281E574} | C:\Windows\{D93DD83C-028B-4ca1-BB61-2A3507D47695}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{85796DE0-F775-40fb-B4A8-48D33281E574}\stubpath = "C:\\Windows\\{85796DE0-F775-40fb-B4A8-48D33281E574}.exe" | C:\Windows\{D93DD83C-028B-4ca1-BB61-2A3507D47695}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BF603A42-CA1F-4fcd-8FAA-829CC6EAF8AE} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_0a755e821f5f8006a843b9ec0878c779_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9776CCD5-DF3C-4c1e-8854-90A31C3B6659} | C:\Windows\{F2997367-45EE-4a6d-800A-06E97D37E978}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9776CCD5-DF3C-4c1e-8854-90A31C3B6659}\stubpath = "C:\\Windows\\{9776CCD5-DF3C-4c1e-8854-90A31C3B6659}.exe" | C:\Windows\{F2997367-45EE-4a6d-800A-06E97D37E978}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{ED4476ED-C73F-4162-8CA6-8C783E5AD96B}\stubpath = "C:\\Windows\\{ED4476ED-C73F-4162-8CA6-8C783E5AD96B}.exe" | C:\Windows\{A369E39A-89B5-455b-B7D6-782D83E63C99}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2F9F5243-CB38-4375-AED1-BC1DEF50DE2A}\stubpath = "C:\\Windows\\{2F9F5243-CB38-4375-AED1-BC1DEF50DE2A}.exe" | C:\Windows\{ED4476ED-C73F-4162-8CA6-8C783E5AD96B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F32100AD-63B7-4759-A591-0FD33F67C60F}\stubpath = "C:\\Windows\\{F32100AD-63B7-4759-A591-0FD33F67C60F}.exe" | C:\Windows\{2F9F5243-CB38-4375-AED1-BC1DEF50DE2A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89685C1C-617C-4cfa-8A26-9812EBC61243} | C:\Windows\{85796DE0-F775-40fb-B4A8-48D33281E574}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{BF603A42-CA1F-4fcd-8FAA-829CC6EAF8AE}.exe | N/A |
| N/A | N/A | C:\Windows\{F2997367-45EE-4a6d-800A-06E97D37E978}.exe | N/A |
| N/A | N/A | C:\Windows\{9776CCD5-DF3C-4c1e-8854-90A31C3B6659}.exe | N/A |
| N/A | N/A | C:\Windows\{A369E39A-89B5-455b-B7D6-782D83E63C99}.exe | N/A |
| N/A | N/A | C:\Windows\{ED4476ED-C73F-4162-8CA6-8C783E5AD96B}.exe | N/A |
| N/A | N/A | C:\Windows\{2F9F5243-CB38-4375-AED1-BC1DEF50DE2A}.exe | N/A |
| N/A | N/A | C:\Windows\{F32100AD-63B7-4759-A591-0FD33F67C60F}.exe | N/A |
| N/A | N/A | C:\Windows\{D93DD83C-028B-4ca1-BB61-2A3507D47695}.exe | N/A |
| N/A | N/A | C:\Windows\{85796DE0-F775-40fb-B4A8-48D33281E574}.exe | N/A |
| N/A | N/A | C:\Windows\{89685C1C-617C-4cfa-8A26-9812EBC61243}.exe | N/A |
| N/A | N/A | C:\Windows\{74B9109E-9B90-4003-B786-1E272E72BE91}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{89685C1C-617C-4cfa-8A26-9812EBC61243}.exe | C:\Windows\{85796DE0-F775-40fb-B4A8-48D33281E574}.exe | N/A |
| File created | C:\Windows\{74B9109E-9B90-4003-B786-1E272E72BE91}.exe | C:\Windows\{89685C1C-617C-4cfa-8A26-9812EBC61243}.exe | N/A |
| File created | C:\Windows\{BF603A42-CA1F-4fcd-8FAA-829CC6EAF8AE}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_0a755e821f5f8006a843b9ec0878c779_goldeneye.exe | N/A |
| File created | C:\Windows\{F2997367-45EE-4a6d-800A-06E97D37E978}.exe | C:\Windows\{BF603A42-CA1F-4fcd-8FAA-829CC6EAF8AE}.exe | N/A |
| File created | C:\Windows\{2F9F5243-CB38-4375-AED1-BC1DEF50DE2A}.exe | C:\Windows\{ED4476ED-C73F-4162-8CA6-8C783E5AD96B}.exe | N/A |
| File created | C:\Windows\{D93DD83C-028B-4ca1-BB61-2A3507D47695}.exe | C:\Windows\{F32100AD-63B7-4759-A591-0FD33F67C60F}.exe | N/A |
| File created | C:\Windows\{85796DE0-F775-40fb-B4A8-48D33281E574}.exe | C:\Windows\{D93DD83C-028B-4ca1-BB61-2A3507D47695}.exe | N/A |
| File created | C:\Windows\{9776CCD5-DF3C-4c1e-8854-90A31C3B6659}.exe | C:\Windows\{F2997367-45EE-4a6d-800A-06E97D37E978}.exe | N/A |
| File created | C:\Windows\{A369E39A-89B5-455b-B7D6-782D83E63C99}.exe | C:\Windows\{9776CCD5-DF3C-4c1e-8854-90A31C3B6659}.exe | N/A |
| File created | C:\Windows\{ED4476ED-C73F-4162-8CA6-8C783E5AD96B}.exe | C:\Windows\{A369E39A-89B5-455b-B7D6-782D83E63C99}.exe | N/A |
| File created | C:\Windows\{F32100AD-63B7-4759-A591-0FD33F67C60F}.exe | C:\Windows\{2F9F5243-CB38-4375-AED1-BC1DEF50DE2A}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_0a755e821f5f8006a843b9ec0878c779_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_0a755e821f5f8006a843b9ec0878c779_goldeneye.exe"
C:\Windows\{BF603A42-CA1F-4fcd-8FAA-829CC6EAF8AE}.exe
C:\Windows\{BF603A42-CA1F-4fcd-8FAA-829CC6EAF8AE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{F2997367-45EE-4a6d-800A-06E97D37E978}.exe
C:\Windows\{F2997367-45EE-4a6d-800A-06E97D37E978}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BF603~1.EXE > nul
C:\Windows\{9776CCD5-DF3C-4c1e-8854-90A31C3B6659}.exe
C:\Windows\{9776CCD5-DF3C-4c1e-8854-90A31C3B6659}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F2997~1.EXE > nul
C:\Windows\{A369E39A-89B5-455b-B7D6-782D83E63C99}.exe
C:\Windows\{A369E39A-89B5-455b-B7D6-782D83E63C99}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9776C~1.EXE > nul
C:\Windows\{ED4476ED-C73F-4162-8CA6-8C783E5AD96B}.exe
C:\Windows\{ED4476ED-C73F-4162-8CA6-8C783E5AD96B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A369E~1.EXE > nul
C:\Windows\{2F9F5243-CB38-4375-AED1-BC1DEF50DE2A}.exe
C:\Windows\{2F9F5243-CB38-4375-AED1-BC1DEF50DE2A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{ED447~1.EXE > nul
C:\Windows\{F32100AD-63B7-4759-A591-0FD33F67C60F}.exe
C:\Windows\{F32100AD-63B7-4759-A591-0FD33F67C60F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2F9F5~1.EXE > nul
C:\Windows\{D93DD83C-028B-4ca1-BB61-2A3507D47695}.exe
C:\Windows\{D93DD83C-028B-4ca1-BB61-2A3507D47695}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F3210~1.EXE > nul
C:\Windows\{85796DE0-F775-40fb-B4A8-48D33281E574}.exe
C:\Windows\{85796DE0-F775-40fb-B4A8-48D33281E574}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D93DD~1.EXE > nul
C:\Windows\{89685C1C-617C-4cfa-8A26-9812EBC61243}.exe
C:\Windows\{89685C1C-617C-4cfa-8A26-9812EBC61243}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{85796~1.EXE > nul
C:\Windows\{74B9109E-9B90-4003-B786-1E272E72BE91}.exe
C:\Windows\{74B9109E-9B90-4003-B786-1E272E72BE91}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{89685~1.EXE > nul
Network
Files
C:\Windows\{BF603A42-CA1F-4fcd-8FAA-829CC6EAF8AE}.exe
| MD5 | b9ca2756661f6ee51a0ff13b10912f8e |
| SHA1 | b080d8acabbdb86b7546fb63f840b6ccc7fe2374 |
| SHA256 | e8643dabb769720ff888aee633972dd8a7cb6a92ce479c642231211d3ce8971d |
| SHA512 | 381fb4880b47cacca9b7eef8a0d811b9ed987936e086747421d9b15770507881526600519ff88ff47546c71a89b1a20cd0dd374dc0bb56824ca94b9a622a567a |
C:\Windows\{F2997367-45EE-4a6d-800A-06E97D37E978}.exe
| MD5 | 8817d652f8f96852526e324ad6178adf |
| SHA1 | a3b41c32fe867d0b017bb12936672e95ba1256bb |
| SHA256 | bd5270320f98f53058b984a8fa208ae9a4ef4cfb5ca6e05af6f9b48bf0a203a8 |
| SHA512 | a468f970c8930fbbde6a2928f38a7b8239505e40510699cd3335ff44f2b1c2e9301603e7959259cde125e69d570b1b0c23b8bddcf0421bf636aec4a6040ae44f |
C:\Windows\{9776CCD5-DF3C-4c1e-8854-90A31C3B6659}.exe
| MD5 | d7b16169956ee57994ffbf793d32ca91 |
| SHA1 | 2569af9facb0cd606aca13d649ab33d4bd8be7db |
| SHA256 | bd3189154e86c37f126f961d87bf6eed1d9523c3a41be9cd3f7fa1671975a00f |
| SHA512 | a097b2516e2845f0b772fbc36ac36474e5b39f9efc4c22aeab881b3467d1b2bf062deca3c4fc3e6b46a7e5f54d25ba4fed218ddd820cdd4e43f8fb69a568b4ce |
C:\Windows\{A369E39A-89B5-455b-B7D6-782D83E63C99}.exe
| MD5 | 32b7df794f0fe3cdf5dcdd9de14e1c6a |
| SHA1 | e498c2892a3969072ca598bc945bbc48cf105ac5 |
| SHA256 | d245c83887f56522c72f3249c64f411c37019c8a9902956e350e7196cd2ed7cd |
| SHA512 | 2588f3484a4ac885cbb0b9e05e55e46e3079a66e6549e73c5f22c757e6470fd47ff27cfca30645f18c4e4dbb99c487bb7416415e9370b6e896ba4105918359e6 |
C:\Windows\{ED4476ED-C73F-4162-8CA6-8C783E5AD96B}.exe
| MD5 | efc762434d5b3ac247388d623ed5ba9b |
| SHA1 | bfffea59aa30090bbedb73d8394e2a493ab84289 |
| SHA256 | f0bf41cc6fd2f45358d9ffcec7693b0abeca36474e31ba1e3118bdc19c9929ad |
| SHA512 | 16ffd095cafd3a0b84042589c2a7328b2de85d6ade79d392b98d6893e350079ee4f3493716b2efef48e9004b55f0c04227cc5d52a18b3c0ade406186a8c4cd41 |
C:\Windows\{2F9F5243-CB38-4375-AED1-BC1DEF50DE2A}.exe
| MD5 | 8e034af0a745e8cdc638fb0ddb74c4bb |
| SHA1 | 7d567dc3bfb5440d574bcce83792e49c25dcbe4d |
| SHA256 | 492cec2a3e50d990ee5d12cd74cd3d0d639802f8a9654df9a691ec7b916cac56 |
| SHA512 | cecf6c2fc91174abce6e13905803feafa5d5cedd279c3f652c19d4393a8a736fd3ef58a3ab7d44901f332572ed08f1e6034ffa6c05360151a731cf3963d38b1c |
C:\Windows\{F32100AD-63B7-4759-A591-0FD33F67C60F}.exe
| MD5 | eac995c40d5ab3580b820e74a4973e1d |
| SHA1 | e6639b314b31ef907e682afa9e086e20be3bed8d |
| SHA256 | 1a4e5ee6f88b5e6d673c10042e2cec32005a120c4c2d7703aa0a817decc26664 |
| SHA512 | f00d815894a26ca68353810b99bc81112428f0eea6ec090765dc343fd429d73ac672a9eb903244fbdf737e524b398d0e36305094e94571f22222317bfb5a84a3 |
C:\Windows\{D93DD83C-028B-4ca1-BB61-2A3507D47695}.exe
| MD5 | 135bbb2a4f2d2ab744a638c8180f4893 |
| SHA1 | 49f5be33fc2fb2f5775a8e7dca8d7ddebffd590c |
| SHA256 | 641cd230089fc7cf178a16c2f4cdbdcaa8fce3ce108a6e98e24b7ba1f6330019 |
| SHA512 | 3f377f49bab00dafda4c9f3574c5120e1741735c57bbaab0492373a57eb400b422725852456eedac02cd7d2dc4c0a425902d405d9c67588c66186d401ce590f4 |
C:\Windows\{85796DE0-F775-40fb-B4A8-48D33281E574}.exe
| MD5 | 025aa65efc04ebe37fec855cf756e6ea |
| SHA1 | 5042789341e747242db862e83d4f3bbedda536c7 |
| SHA256 | 01c057eb3019b575d3e5eb7e48840c1d34db77844fa8db13a8d0e9c76b96a680 |
| SHA512 | 2571e92126c040e266f0829ea2c65b013f3df6421503ae4d3f33b05f6d2c90cb8083a20ed1c1889dff199f5b3ed0e76ff01f25256db6ad45edb51ddf6e542850 |
C:\Windows\{89685C1C-617C-4cfa-8A26-9812EBC61243}.exe
| MD5 | eda735b0f6eb1678fc12249e6ad5d801 |
| SHA1 | e074d8d1e7e2d05a9d3dab1693cddee780157e09 |
| SHA256 | f8583f18197a65b7500841d452ac60bdd86d86b8bb3bd26b16051fd533fac95f |
| SHA512 | dacc68909226826196ce6836a46a4d3d8831ba13924f393a3abe64abadbc29e49ec63c5641bb8c8458a3d59a5c151c7c48f85f17625327e63c6c9d2cb2bfa90d |
C:\Windows\{74B9109E-9B90-4003-B786-1E272E72BE91}.exe
| MD5 | 18162b7e22a31f7c8a000390a2567fb8 |
| SHA1 | 0f8fb50b57dece84a5ed8d77c1f0d275a5137666 |
| SHA256 | f7ced574ac1014f7eedd1a319a5f4c1f7d1bc29b1977a56905cf76bc9218757a |
| SHA512 | eaec5756b66ed3d8222a87e78339ddb87ff01ac2b7613748088e7cbb9cfad77d75b0d233316e41efda291816196c931dde603d8ecfdd99e18da3f720ee69da8c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 02:43
Reported
2024-06-13 02:46
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
107s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EF6DDA32-A32C-48f1-B396-F10578B85F88} | C:\Windows\{31C8E61A-7B9D-427b-805E-0C4C36EF45E7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C2D42483-BDF3-40cf-82A9-CBD8D46F8F53} | C:\Windows\{EF6DDA32-A32C-48f1-B396-F10578B85F88}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F1968C11-8F5D-4b34-9BDF-9296CE594F97}\stubpath = "C:\\Windows\\{F1968C11-8F5D-4b34-9BDF-9296CE594F97}.exe" | C:\Windows\{C2D42483-BDF3-40cf-82A9-CBD8D46F8F53}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D0EE1678-47DB-4127-B95E-B3C0C59ED000} | C:\Windows\{3EB76C3E-F20E-44d6-A520-0AB4630C9D59}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{43AA1FCB-A6AC-46b7-BC43-AA7E7BC5DA5A} | C:\Windows\{2860B56A-FB95-4d6f-B663-F5D79F1DB9EA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{934F6EE8-5665-43b3-8D74-74B9F40BD2FD}\stubpath = "C:\\Windows\\{934F6EE8-5665-43b3-8D74-74B9F40BD2FD}.exe" | C:\Windows\{563096DA-A26F-43c1-8D39-1A21628BD1CC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D4AC64CB-3E15-46e5-BB85-CE6B2FD9DD5A} | C:\Windows\{934F6EE8-5665-43b3-8D74-74B9F40BD2FD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{31C8E61A-7B9D-427b-805E-0C4C36EF45E7} | C:\Windows\{D4AC64CB-3E15-46e5-BB85-CE6B2FD9DD5A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D0EE1678-47DB-4127-B95E-B3C0C59ED000}\stubpath = "C:\\Windows\\{D0EE1678-47DB-4127-B95E-B3C0C59ED000}.exe" | C:\Windows\{3EB76C3E-F20E-44d6-A520-0AB4630C9D59}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C5727686-89AE-41a2-994D-5C5DE0A6DF51} | C:\Windows\{D0EE1678-47DB-4127-B95E-B3C0C59ED000}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D4AC64CB-3E15-46e5-BB85-CE6B2FD9DD5A}\stubpath = "C:\\Windows\\{D4AC64CB-3E15-46e5-BB85-CE6B2FD9DD5A}.exe" | C:\Windows\{934F6EE8-5665-43b3-8D74-74B9F40BD2FD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{31C8E61A-7B9D-427b-805E-0C4C36EF45E7}\stubpath = "C:\\Windows\\{31C8E61A-7B9D-427b-805E-0C4C36EF45E7}.exe" | C:\Windows\{D4AC64CB-3E15-46e5-BB85-CE6B2FD9DD5A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3EB76C3E-F20E-44d6-A520-0AB4630C9D59} | C:\Windows\{F1968C11-8F5D-4b34-9BDF-9296CE594F97}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2860B56A-FB95-4d6f-B663-F5D79F1DB9EA} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_0a755e821f5f8006a843b9ec0878c779_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2860B56A-FB95-4d6f-B663-F5D79F1DB9EA}\stubpath = "C:\\Windows\\{2860B56A-FB95-4d6f-B663-F5D79F1DB9EA}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_0a755e821f5f8006a843b9ec0878c779_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{563096DA-A26F-43c1-8D39-1A21628BD1CC} | C:\Windows\{43AA1FCB-A6AC-46b7-BC43-AA7E7BC5DA5A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{563096DA-A26F-43c1-8D39-1A21628BD1CC}\stubpath = "C:\\Windows\\{563096DA-A26F-43c1-8D39-1A21628BD1CC}.exe" | C:\Windows\{43AA1FCB-A6AC-46b7-BC43-AA7E7BC5DA5A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C5727686-89AE-41a2-994D-5C5DE0A6DF51}\stubpath = "C:\\Windows\\{C5727686-89AE-41a2-994D-5C5DE0A6DF51}.exe" | C:\Windows\{D0EE1678-47DB-4127-B95E-B3C0C59ED000}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{43AA1FCB-A6AC-46b7-BC43-AA7E7BC5DA5A}\stubpath = "C:\\Windows\\{43AA1FCB-A6AC-46b7-BC43-AA7E7BC5DA5A}.exe" | C:\Windows\{2860B56A-FB95-4d6f-B663-F5D79F1DB9EA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C2D42483-BDF3-40cf-82A9-CBD8D46F8F53}\stubpath = "C:\\Windows\\{C2D42483-BDF3-40cf-82A9-CBD8D46F8F53}.exe" | C:\Windows\{EF6DDA32-A32C-48f1-B396-F10578B85F88}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F1968C11-8F5D-4b34-9BDF-9296CE594F97} | C:\Windows\{C2D42483-BDF3-40cf-82A9-CBD8D46F8F53}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3EB76C3E-F20E-44d6-A520-0AB4630C9D59}\stubpath = "C:\\Windows\\{3EB76C3E-F20E-44d6-A520-0AB4630C9D59}.exe" | C:\Windows\{F1968C11-8F5D-4b34-9BDF-9296CE594F97}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{934F6EE8-5665-43b3-8D74-74B9F40BD2FD} | C:\Windows\{563096DA-A26F-43c1-8D39-1A21628BD1CC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EF6DDA32-A32C-48f1-B396-F10578B85F88}\stubpath = "C:\\Windows\\{EF6DDA32-A32C-48f1-B396-F10578B85F88}.exe" | C:\Windows\{31C8E61A-7B9D-427b-805E-0C4C36EF45E7}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{2860B56A-FB95-4d6f-B663-F5D79F1DB9EA}.exe | N/A |
| N/A | N/A | C:\Windows\{43AA1FCB-A6AC-46b7-BC43-AA7E7BC5DA5A}.exe | N/A |
| N/A | N/A | C:\Windows\{563096DA-A26F-43c1-8D39-1A21628BD1CC}.exe | N/A |
| N/A | N/A | C:\Windows\{934F6EE8-5665-43b3-8D74-74B9F40BD2FD}.exe | N/A |
| N/A | N/A | C:\Windows\{D4AC64CB-3E15-46e5-BB85-CE6B2FD9DD5A}.exe | N/A |
| N/A | N/A | C:\Windows\{31C8E61A-7B9D-427b-805E-0C4C36EF45E7}.exe | N/A |
| N/A | N/A | C:\Windows\{EF6DDA32-A32C-48f1-B396-F10578B85F88}.exe | N/A |
| N/A | N/A | C:\Windows\{C2D42483-BDF3-40cf-82A9-CBD8D46F8F53}.exe | N/A |
| N/A | N/A | C:\Windows\{F1968C11-8F5D-4b34-9BDF-9296CE594F97}.exe | N/A |
| N/A | N/A | C:\Windows\{3EB76C3E-F20E-44d6-A520-0AB4630C9D59}.exe | N/A |
| N/A | N/A | C:\Windows\{C5727686-89AE-41a2-994D-5C5DE0A6DF51}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{31C8E61A-7B9D-427b-805E-0C4C36EF45E7}.exe | C:\Windows\{D4AC64CB-3E15-46e5-BB85-CE6B2FD9DD5A}.exe | N/A |
| File created | C:\Windows\{3EB76C3E-F20E-44d6-A520-0AB4630C9D59}.exe | C:\Windows\{F1968C11-8F5D-4b34-9BDF-9296CE594F97}.exe | N/A |
| File created | C:\Windows\{2860B56A-FB95-4d6f-B663-F5D79F1DB9EA}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_0a755e821f5f8006a843b9ec0878c779_goldeneye.exe | N/A |
| File created | C:\Windows\{43AA1FCB-A6AC-46b7-BC43-AA7E7BC5DA5A}.exe | C:\Windows\{2860B56A-FB95-4d6f-B663-F5D79F1DB9EA}.exe | N/A |
| File created | C:\Windows\{934F6EE8-5665-43b3-8D74-74B9F40BD2FD}.exe | C:\Windows\{563096DA-A26F-43c1-8D39-1A21628BD1CC}.exe | N/A |
| File created | C:\Windows\{D4AC64CB-3E15-46e5-BB85-CE6B2FD9DD5A}.exe | C:\Windows\{934F6EE8-5665-43b3-8D74-74B9F40BD2FD}.exe | N/A |
| File created | C:\Windows\{C5727686-89AE-41a2-994D-5C5DE0A6DF51}.exe | C:\Windows\{D0EE1678-47DB-4127-B95E-B3C0C59ED000}.exe | N/A |
| File created | C:\Windows\{563096DA-A26F-43c1-8D39-1A21628BD1CC}.exe | C:\Windows\{43AA1FCB-A6AC-46b7-BC43-AA7E7BC5DA5A}.exe | N/A |
| File created | C:\Windows\{EF6DDA32-A32C-48f1-B396-F10578B85F88}.exe | C:\Windows\{31C8E61A-7B9D-427b-805E-0C4C36EF45E7}.exe | N/A |
| File created | C:\Windows\{C2D42483-BDF3-40cf-82A9-CBD8D46F8F53}.exe | C:\Windows\{EF6DDA32-A32C-48f1-B396-F10578B85F88}.exe | N/A |
| File created | C:\Windows\{F1968C11-8F5D-4b34-9BDF-9296CE594F97}.exe | C:\Windows\{C2D42483-BDF3-40cf-82A9-CBD8D46F8F53}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_0a755e821f5f8006a843b9ec0878c779_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_0a755e821f5f8006a843b9ec0878c779_goldeneye.exe"
C:\Windows\{2860B56A-FB95-4d6f-B663-F5D79F1DB9EA}.exe
C:\Windows\{2860B56A-FB95-4d6f-B663-F5D79F1DB9EA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{43AA1FCB-A6AC-46b7-BC43-AA7E7BC5DA5A}.exe
C:\Windows\{43AA1FCB-A6AC-46b7-BC43-AA7E7BC5DA5A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2860B~1.EXE > nul
C:\Windows\{563096DA-A26F-43c1-8D39-1A21628BD1CC}.exe
C:\Windows\{563096DA-A26F-43c1-8D39-1A21628BD1CC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{43AA1~1.EXE > nul
C:\Windows\{934F6EE8-5665-43b3-8D74-74B9F40BD2FD}.exe
C:\Windows\{934F6EE8-5665-43b3-8D74-74B9F40BD2FD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{56309~1.EXE > nul
C:\Windows\{D4AC64CB-3E15-46e5-BB85-CE6B2FD9DD5A}.exe
C:\Windows\{D4AC64CB-3E15-46e5-BB85-CE6B2FD9DD5A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{934F6~1.EXE > nul
C:\Windows\{31C8E61A-7B9D-427b-805E-0C4C36EF45E7}.exe
C:\Windows\{31C8E61A-7B9D-427b-805E-0C4C36EF45E7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D4AC6~1.EXE > nul
C:\Windows\{EF6DDA32-A32C-48f1-B396-F10578B85F88}.exe
C:\Windows\{EF6DDA32-A32C-48f1-B396-F10578B85F88}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{31C8E~1.EXE > nul
C:\Windows\{C2D42483-BDF3-40cf-82A9-CBD8D46F8F53}.exe
C:\Windows\{C2D42483-BDF3-40cf-82A9-CBD8D46F8F53}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EF6DD~1.EXE > nul
C:\Windows\{F1968C11-8F5D-4b34-9BDF-9296CE594F97}.exe
C:\Windows\{F1968C11-8F5D-4b34-9BDF-9296CE594F97}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C2D42~1.EXE > nul
C:\Windows\{3EB76C3E-F20E-44d6-A520-0AB4630C9D59}.exe
C:\Windows\{3EB76C3E-F20E-44d6-A520-0AB4630C9D59}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F1968~1.EXE > nul
C:\Windows\{D0EE1678-47DB-4127-B95E-B3C0C59ED000}.exe
C:\Windows\{D0EE1678-47DB-4127-B95E-B3C0C59ED000}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3EB76~1.EXE > nul
C:\Windows\{C5727686-89AE-41a2-994D-5C5DE0A6DF51}.exe
C:\Windows\{C5727686-89AE-41a2-994D-5C5DE0A6DF51}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D0EE1~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.48:443 | tcp |
Files
C:\Windows\{2860B56A-FB95-4d6f-B663-F5D79F1DB9EA}.exe
| MD5 | fb3df0518d8a18c1af948f8f89649ca0 |
| SHA1 | 8c60a1fcc96eb0d8fdee6fb91f8c804a8b76ded0 |
| SHA256 | 96da6fa87153eb42d7d69c2e9efd738ebe530b383590a616cfb152c0fde59fa4 |
| SHA512 | 6e4d6a5789aa2422a7c0faceaef7a4dcb9434615defb82a6a44a2a8e795f7b6748bd040dc51a7d76608caf9e14324bd350a8c6767cca105baf77b6f0072def29 |
C:\Windows\{43AA1FCB-A6AC-46b7-BC43-AA7E7BC5DA5A}.exe
| MD5 | 7ae5641a859503f68e53b8214d59e167 |
| SHA1 | 662035c52b43214a48b18c87ce333086d290ac0b |
| SHA256 | 8efa056dd48560133ee96e0eba15ad3f3d6e203fce7803eecd3de6e7b83268f2 |
| SHA512 | 368212d6d6b3b680457becce7ee8f6922141192121d99bbb2e7c72dad14f142e164468e1940c1fdfb8840222acfddabf8c418f1fe1dca3b665ddc5c0d6ad876f |
C:\Windows\{563096DA-A26F-43c1-8D39-1A21628BD1CC}.exe
| MD5 | 9920f034e1716ac3e57b936e26175dfa |
| SHA1 | 0d23da044db24e3c457d2f6fb6f3bb3464443f66 |
| SHA256 | 17b592db16327d4060aef985a6b813da0231c6de8b9411fbea3453b5743e481f |
| SHA512 | e4cd7d34f8789588dab78be95848b99d5cff971bfb4ad963996b15c89c20f2c3076af5d4b7af56fde95f43bc5cb319396c764f762183f8146f5900617fd0a059 |
C:\Windows\{934F6EE8-5665-43b3-8D74-74B9F40BD2FD}.exe
| MD5 | 99f31fa3f09e3e43d31abb147cd76c67 |
| SHA1 | a2b8e2b135fae3c2f3ed3146dfac5524c9ffa7c8 |
| SHA256 | 9af42b747b9557ac1d4080ca540c81357b4620d6d71bebd84c99289ad6526e87 |
| SHA512 | 95edc5c15c07ee088608d9669b18773dad4280d0364e1161b826ee61b760ef05db51152111b63d4f4c35fa2b61679fe9d5dd359b9ed6cba153a1d508a819dba8 |
C:\Windows\{D4AC64CB-3E15-46e5-BB85-CE6B2FD9DD5A}.exe
| MD5 | d11d9d6c3844442a6e6fe8d483a53503 |
| SHA1 | 56d99ebeca3968f679daf2ff9a5e96ec6ed1b0d3 |
| SHA256 | a43e4c43eb94086c4fb9e1b2d6b0bc87befd1f1f5162fca162b94b9f459ac742 |
| SHA512 | 6f7b62a7a3c202acb4aed9373de979b57b5a99f6bbd8e1e2e3882d2d9669d4709cdb4cbcb7cfd11f1595661f5704a43bf0c9b09a044b467f8a8f17135fee6259 |
C:\Windows\{31C8E61A-7B9D-427b-805E-0C4C36EF45E7}.exe
| MD5 | 67e34111094de90c4494b766d030be72 |
| SHA1 | 923d4593162cde0aeb1adec433f8a2f580f430e0 |
| SHA256 | 6f28c17c97a02d7c56aa42464b462c6a53887d45d5a3ab63a65e34cf4410b812 |
| SHA512 | 820b42c3453d70b2f548c8d30e1c029d4685a31517af8a827bea24c80d9f777524bcc9949475259b63a605e0906667ab635b840e77ac380caa8be04f8b0906e6 |
C:\Windows\{EF6DDA32-A32C-48f1-B396-F10578B85F88}.exe
| MD5 | 13036470e6262b0678a48e5aa22db949 |
| SHA1 | 467d366b6f81d161baa862e1f614564b08c13388 |
| SHA256 | db91de036d9d8282e55d03d658bc34ab92988d8bbc2bfda925be4ebb2f6f83ce |
| SHA512 | b3e2df1c5d8cc3c35cf9e881616b53d380d23f11a68a60c3a947a15b834757fd4c52a5d3ad0c1ca1e9886c7ee0dbeb4f5f85fb18ede818dde2643baf5807a1dd |
C:\Windows\{C2D42483-BDF3-40cf-82A9-CBD8D46F8F53}.exe
| MD5 | 3f8eb29480fde8db52871375b41a16c4 |
| SHA1 | b55ed6de288b54127bcc41063cb43e85b8d9ccab |
| SHA256 | 099bf060ecef0b60aab531695820cac264295477f16cdd8ce77fb009ecd2ac0c |
| SHA512 | 5f1b7a20e63a63ec66cbb344c65015c00702b2a4fd624d65fcb56bdc494bbb0c4ba2b71653a3cba8e691fdb544b0dbeba5808bc74b1bdc33fd500af6ec31f92a |
C:\Windows\{F1968C11-8F5D-4b34-9BDF-9296CE594F97}.exe
| MD5 | da47fd70ddce133256948ad54a162788 |
| SHA1 | e211ad6c02b9a89fb3df37624c0c53c68e530288 |
| SHA256 | 83ca8cbd823cb92492d448a6b4db5344378593fee45a521cc82585203a452872 |
| SHA512 | e82257081d50c26236caacd486fa363a8c90a396059db9be9cea7d4af30d1cbb2dcbe1c19f7288ab32de9cd3aff29d5790cde4becfaffaf57d90a93839568bd6 |
C:\Windows\{3EB76C3E-F20E-44d6-A520-0AB4630C9D59}.exe
| MD5 | 0cb814b990523afa7f8dbde2cd3886c1 |
| SHA1 | f3efdb7851867dfe2095626769e71570f0a28350 |
| SHA256 | 7a8a0b9274639c250da0c79a7cf10c5ea3c1bb2528fd01fa1b708f42e8ae91eb |
| SHA512 | 6c9964b4c4fb74e3bd525b31b49dd584b23155aa5e8d83c7f5e3f9308d1e88da0dcf230b7818496b44fe426b7388b57f6d70fb4b6479071a847d110128a4e292 |
memory/3380-39-0x00000000038B0000-0x000000000398B000-memory.dmp
C:\Windows\{C5727686-89AE-41a2-994D-5C5DE0A6DF51}.exe
| MD5 | 4bd3071b52f423e6a01b3ee8803454e2 |
| SHA1 | 14a2a6ba6fe54c2898dc135f9278757ee1c5acb8 |
| SHA256 | a10edd37e0a5d1d7937953f77745ef3cc8a9e168674c3c84851cd73b2619f30a |
| SHA512 | d2824fc47069f289887cac96dfb53b243a3a2ff565b416cb5a4cb9b26b2f91ffcf52a8f69336c78424ce47c005ec15d8d2bbc2d4753f1d4371d3c7986ff02e62 |