Analysis Overview
SHA256
ce8aef93e0582a35fb4c5a47cec3059b965dc8e08cf64c24a4e7144428ef7def
Threat Level: Known bad
The file 2024-06-13_0274ff2311ae5e9f0eae93830e95841a_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Executes dropped EXE
Deletes itself
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:43
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:43
Reported
2024-06-13 02:45
Platform
win7-20240611-en
Max time kernel
144s
Max time network
118s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F8519853-3D29-4512-BDA8-434C5C695304} | C:\Windows\{545388F7-5839-422f-871F-519685AB2725}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{561880D2-6A4F-4635-84CE-92609B6E78AB}\stubpath = "C:\\Windows\\{561880D2-6A4F-4635-84CE-92609B6E78AB}.exe" | C:\Windows\{F8519853-3D29-4512-BDA8-434C5C695304}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{05B54440-EFDD-41a8-B51C-B2A2F84400A6} | C:\Windows\{561880D2-6A4F-4635-84CE-92609B6E78AB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{18E1B225-C919-45ca-BDEE-C1E6989C54CC} | C:\Windows\{F0F01248-FE59-45f4-BC5C-A51DB670AEC8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{18E1B225-C919-45ca-BDEE-C1E6989C54CC}\stubpath = "C:\\Windows\\{18E1B225-C919-45ca-BDEE-C1E6989C54CC}.exe" | C:\Windows\{F0F01248-FE59-45f4-BC5C-A51DB670AEC8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C926DAE6-41EB-4e57-B8CC-93CA9278979D} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_0274ff2311ae5e9f0eae93830e95841a_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{561880D2-6A4F-4635-84CE-92609B6E78AB} | C:\Windows\{F8519853-3D29-4512-BDA8-434C5C695304}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5D2ABF10-80D6-4a62-BFAB-95150665A248}\stubpath = "C:\\Windows\\{5D2ABF10-80D6-4a62-BFAB-95150665A248}.exe" | C:\Windows\{05B54440-EFDD-41a8-B51C-B2A2F84400A6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F0F01248-FE59-45f4-BC5C-A51DB670AEC8} | C:\Windows\{C3CCD424-E0A7-4cd9-8CE5-BB87B2253A17}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F0F01248-FE59-45f4-BC5C-A51DB670AEC8}\stubpath = "C:\\Windows\\{F0F01248-FE59-45f4-BC5C-A51DB670AEC8}.exe" | C:\Windows\{C3CCD424-E0A7-4cd9-8CE5-BB87B2253A17}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{545388F7-5839-422f-871F-519685AB2725}\stubpath = "C:\\Windows\\{545388F7-5839-422f-871F-519685AB2725}.exe" | C:\Windows\{C926DAE6-41EB-4e57-B8CC-93CA9278979D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F8519853-3D29-4512-BDA8-434C5C695304}\stubpath = "C:\\Windows\\{F8519853-3D29-4512-BDA8-434C5C695304}.exe" | C:\Windows\{545388F7-5839-422f-871F-519685AB2725}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{05B54440-EFDD-41a8-B51C-B2A2F84400A6}\stubpath = "C:\\Windows\\{05B54440-EFDD-41a8-B51C-B2A2F84400A6}.exe" | C:\Windows\{561880D2-6A4F-4635-84CE-92609B6E78AB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5D2ABF10-80D6-4a62-BFAB-95150665A248} | C:\Windows\{05B54440-EFDD-41a8-B51C-B2A2F84400A6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2BAF7F36-7711-4d03-A083-EA12CF9AF238} | C:\Windows\{5D2ABF10-80D6-4a62-BFAB-95150665A248}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2BAF7F36-7711-4d03-A083-EA12CF9AF238}\stubpath = "C:\\Windows\\{2BAF7F36-7711-4d03-A083-EA12CF9AF238}.exe" | C:\Windows\{5D2ABF10-80D6-4a62-BFAB-95150665A248}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C926DAE6-41EB-4e57-B8CC-93CA9278979D}\stubpath = "C:\\Windows\\{C926DAE6-41EB-4e57-B8CC-93CA9278979D}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_0274ff2311ae5e9f0eae93830e95841a_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{545388F7-5839-422f-871F-519685AB2725} | C:\Windows\{C926DAE6-41EB-4e57-B8CC-93CA9278979D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C3CCD424-E0A7-4cd9-8CE5-BB87B2253A17} | C:\Windows\{2BAF7F36-7711-4d03-A083-EA12CF9AF238}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C3CCD424-E0A7-4cd9-8CE5-BB87B2253A17}\stubpath = "C:\\Windows\\{C3CCD424-E0A7-4cd9-8CE5-BB87B2253A17}.exe" | C:\Windows\{2BAF7F36-7711-4d03-A083-EA12CF9AF238}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7A22ED86-7318-4fbb-ACE4-4F50DC95F078} | C:\Windows\{18E1B225-C919-45ca-BDEE-C1E6989C54CC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7A22ED86-7318-4fbb-ACE4-4F50DC95F078}\stubpath = "C:\\Windows\\{7A22ED86-7318-4fbb-ACE4-4F50DC95F078}.exe" | C:\Windows\{18E1B225-C919-45ca-BDEE-C1E6989C54CC}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{C926DAE6-41EB-4e57-B8CC-93CA9278979D}.exe | N/A |
| N/A | N/A | C:\Windows\{545388F7-5839-422f-871F-519685AB2725}.exe | N/A |
| N/A | N/A | C:\Windows\{F8519853-3D29-4512-BDA8-434C5C695304}.exe | N/A |
| N/A | N/A | C:\Windows\{561880D2-6A4F-4635-84CE-92609B6E78AB}.exe | N/A |
| N/A | N/A | C:\Windows\{05B54440-EFDD-41a8-B51C-B2A2F84400A6}.exe | N/A |
| N/A | N/A | C:\Windows\{5D2ABF10-80D6-4a62-BFAB-95150665A248}.exe | N/A |
| N/A | N/A | C:\Windows\{2BAF7F36-7711-4d03-A083-EA12CF9AF238}.exe | N/A |
| N/A | N/A | C:\Windows\{C3CCD424-E0A7-4cd9-8CE5-BB87B2253A17}.exe | N/A |
| N/A | N/A | C:\Windows\{F0F01248-FE59-45f4-BC5C-A51DB670AEC8}.exe | N/A |
| N/A | N/A | C:\Windows\{18E1B225-C919-45ca-BDEE-C1E6989C54CC}.exe | N/A |
| N/A | N/A | C:\Windows\{7A22ED86-7318-4fbb-ACE4-4F50DC95F078}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{F8519853-3D29-4512-BDA8-434C5C695304}.exe | C:\Windows\{545388F7-5839-422f-871F-519685AB2725}.exe | N/A |
| File created | C:\Windows\{561880D2-6A4F-4635-84CE-92609B6E78AB}.exe | C:\Windows\{F8519853-3D29-4512-BDA8-434C5C695304}.exe | N/A |
| File created | C:\Windows\{5D2ABF10-80D6-4a62-BFAB-95150665A248}.exe | C:\Windows\{05B54440-EFDD-41a8-B51C-B2A2F84400A6}.exe | N/A |
| File created | C:\Windows\{18E1B225-C919-45ca-BDEE-C1E6989C54CC}.exe | C:\Windows\{F0F01248-FE59-45f4-BC5C-A51DB670AEC8}.exe | N/A |
| File created | C:\Windows\{7A22ED86-7318-4fbb-ACE4-4F50DC95F078}.exe | C:\Windows\{18E1B225-C919-45ca-BDEE-C1E6989C54CC}.exe | N/A |
| File created | C:\Windows\{C926DAE6-41EB-4e57-B8CC-93CA9278979D}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_0274ff2311ae5e9f0eae93830e95841a_goldeneye.exe | N/A |
| File created | C:\Windows\{545388F7-5839-422f-871F-519685AB2725}.exe | C:\Windows\{C926DAE6-41EB-4e57-B8CC-93CA9278979D}.exe | N/A |
| File created | C:\Windows\{C3CCD424-E0A7-4cd9-8CE5-BB87B2253A17}.exe | C:\Windows\{2BAF7F36-7711-4d03-A083-EA12CF9AF238}.exe | N/A |
| File created | C:\Windows\{F0F01248-FE59-45f4-BC5C-A51DB670AEC8}.exe | C:\Windows\{C3CCD424-E0A7-4cd9-8CE5-BB87B2253A17}.exe | N/A |
| File created | C:\Windows\{05B54440-EFDD-41a8-B51C-B2A2F84400A6}.exe | C:\Windows\{561880D2-6A4F-4635-84CE-92609B6E78AB}.exe | N/A |
| File created | C:\Windows\{2BAF7F36-7711-4d03-A083-EA12CF9AF238}.exe | C:\Windows\{5D2ABF10-80D6-4a62-BFAB-95150665A248}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_0274ff2311ae5e9f0eae93830e95841a_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_0274ff2311ae5e9f0eae93830e95841a_goldeneye.exe"
C:\Windows\{C926DAE6-41EB-4e57-B8CC-93CA9278979D}.exe
C:\Windows\{C926DAE6-41EB-4e57-B8CC-93CA9278979D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{545388F7-5839-422f-871F-519685AB2725}.exe
C:\Windows\{545388F7-5839-422f-871F-519685AB2725}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C926D~1.EXE > nul
C:\Windows\{F8519853-3D29-4512-BDA8-434C5C695304}.exe
C:\Windows\{F8519853-3D29-4512-BDA8-434C5C695304}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{54538~1.EXE > nul
C:\Windows\{561880D2-6A4F-4635-84CE-92609B6E78AB}.exe
C:\Windows\{561880D2-6A4F-4635-84CE-92609B6E78AB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F8519~1.EXE > nul
C:\Windows\{05B54440-EFDD-41a8-B51C-B2A2F84400A6}.exe
C:\Windows\{05B54440-EFDD-41a8-B51C-B2A2F84400A6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{56188~1.EXE > nul
C:\Windows\{5D2ABF10-80D6-4a62-BFAB-95150665A248}.exe
C:\Windows\{5D2ABF10-80D6-4a62-BFAB-95150665A248}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{05B54~1.EXE > nul
C:\Windows\{2BAF7F36-7711-4d03-A083-EA12CF9AF238}.exe
C:\Windows\{2BAF7F36-7711-4d03-A083-EA12CF9AF238}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5D2AB~1.EXE > nul
C:\Windows\{C3CCD424-E0A7-4cd9-8CE5-BB87B2253A17}.exe
C:\Windows\{C3CCD424-E0A7-4cd9-8CE5-BB87B2253A17}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2BAF7~1.EXE > nul
C:\Windows\{F0F01248-FE59-45f4-BC5C-A51DB670AEC8}.exe
C:\Windows\{F0F01248-FE59-45f4-BC5C-A51DB670AEC8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C3CCD~1.EXE > nul
C:\Windows\{18E1B225-C919-45ca-BDEE-C1E6989C54CC}.exe
C:\Windows\{18E1B225-C919-45ca-BDEE-C1E6989C54CC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F0F01~1.EXE > nul
C:\Windows\{7A22ED86-7318-4fbb-ACE4-4F50DC95F078}.exe
C:\Windows\{7A22ED86-7318-4fbb-ACE4-4F50DC95F078}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{18E1B~1.EXE > nul
Network
Files
C:\Windows\{C926DAE6-41EB-4e57-B8CC-93CA9278979D}.exe
| MD5 | dd6207f4e74aa65aaadfc1928cccbc25 |
| SHA1 | a5e988c838790eec389e681f4a9a32a0894c0f34 |
| SHA256 | 3d1d907f81bdb69e4a2b9e30afe9955c8d19c679bd891fe4a704135b787feb5c |
| SHA512 | d0fa19158f9808389813324f8d6c23875d9bc6a5f27897cabcd35b7c9fa1356ed845ef1891f94ed0c5b689f9371f9164ff0d74530aeeffb4a53836cfd6ef463b |
C:\Windows\{545388F7-5839-422f-871F-519685AB2725}.exe
| MD5 | 28f0f4207f2202acc027d77a0cc73075 |
| SHA1 | a0a08dc819507d3a375e07103ca78d9cb00534b2 |
| SHA256 | 6bf6c9f92296190651f32cba015a32bbd872a14157c7380f6d01b941f98aa0e6 |
| SHA512 | 5087d0d26942b800c1b874ad2c9b9fcf32d556033262752de0a98cdcceef78a56209625dfce5c5f1b4a68cbd3316b2a6ad37d57ffcfad4e8c367515488aaee2f |
C:\Windows\{F8519853-3D29-4512-BDA8-434C5C695304}.exe
| MD5 | 9c0f1ddf503e82b2958e3a488eef45a5 |
| SHA1 | 26f24cdf1121e4983a12b0e593d3bbb7d183c30e |
| SHA256 | 282e66cd1f52c08c57676ebc3cd95338ef3ee9fcaaf7133383470746f13c3c37 |
| SHA512 | 084bdd1f4c8a533a9f3196edc282902f8942f0deebf5ce5dca11f9b56e6c5a0c39834af8dff63fcc6c6f276730c89b2e6f872c7d4f1aab9a78b1a7aff54d79df |
C:\Windows\{561880D2-6A4F-4635-84CE-92609B6E78AB}.exe
| MD5 | c65e8b9e5edc5870f00f3319256eecc6 |
| SHA1 | 1da239d2b302015bc200c34d56acaa709b4c0aed |
| SHA256 | 055b43ef786959ea6286bdcea12f09c91736d31caca75cd940877d0513f130e5 |
| SHA512 | c62316cf16f0d3143cf06422d0de845130874d2f30608c925781f0b53e322b5c8b7f3f3fe34f5d2c6407efe1bddb6b0a9caf182345b287c29f99a85838bef9bb |
C:\Windows\{05B54440-EFDD-41a8-B51C-B2A2F84400A6}.exe
| MD5 | 71b6f0fa3f4fb9f7564bfed9ff806519 |
| SHA1 | ecfe1609f48be007c8ec8f719c0c398f6dadbb9d |
| SHA256 | 0acdd013a5949a6d3774703f22ee05c9aef478240a2ed521756be2efd8a48eef |
| SHA512 | b22a5028fe73d4652345ce7d01fe733b610ff8fc1ec6af6696a4afe0da4644f30de955c506938a50563385ad77461a4a5eb1436b2fcb68579d73e94c3132f82e |
C:\Windows\{5D2ABF10-80D6-4a62-BFAB-95150665A248}.exe
| MD5 | 3dee73dba0f88b29b39ef58f8eb0dc97 |
| SHA1 | fbd1d468587c7b0ed309d64431851a5d24064064 |
| SHA256 | c54bc53d389ff3209acabae369752e6c472a8ae4359ba72cecdcfa244151d3d4 |
| SHA512 | f345f90fcbb9230d1f86957de34a0372c3f42ab71f939e2d71315f80a3c3d1eaf80cbbf2a7827741c62a471bbfb84e9245fc521a1e33d722053e4d2239e3ef09 |
C:\Windows\{2BAF7F36-7711-4d03-A083-EA12CF9AF238}.exe
| MD5 | f939e63c4cf1c1dd35bb0ec54fe76e90 |
| SHA1 | 5435385eb818c06459fc249ea7ca8d0a72518637 |
| SHA256 | 9c19b5bbc201ee5015b6f51e3d457e317c4521ca082c7084bd4edaa62d65736f |
| SHA512 | 3e895af2387efc9aa5a7e6eb4b2d90f5c301d93ebc3c95ecc10b5a2c4e62ff88a6d6725fc45921db6d4265b5326414a26b695d67e122ea0a6ec9cfa718ea2181 |
C:\Windows\{C3CCD424-E0A7-4cd9-8CE5-BB87B2253A17}.exe
| MD5 | 242224bb020c83093609444c21499ffd |
| SHA1 | 2903bcda21d3b1bf0c229db02237b120acecfa2b |
| SHA256 | 493f1f0fafda31ab80629013e0ea926e26c029641dfc7c56781e3159d647f1f7 |
| SHA512 | 0599d2670d9e1cd2354b554c392f459b8bb10939685a3d50362f6de694deb631470edbc11c08631b66f0fc4329dc6ce29244da7396838b98a19c88348c0132cc |
C:\Windows\{F0F01248-FE59-45f4-BC5C-A51DB670AEC8}.exe
| MD5 | 50b1445e4eabdc993c368754ef6aedfe |
| SHA1 | 3613e89413e2dc2cf6f55db0abc4110edead3ce4 |
| SHA256 | 1af6f15c78539e8616aa42caf03393a77c683491b643887e755dc5263f2276a1 |
| SHA512 | bf607e7d012a1ca3ee83e10a22a851cfc38142ee7e9f72cdf0acf414f50177674b3e1db501ba3f5cbefac58d957fc4e25e9598b6895779da70732e45acc5facf |
C:\Windows\{18E1B225-C919-45ca-BDEE-C1E6989C54CC}.exe
| MD5 | e5e8106a44cf4650c40008bd90b8f38d |
| SHA1 | 6ab7a3a06ddc7ff94003053c061382aec1d85a70 |
| SHA256 | 5f6019b78d9c4eff83b6bc799749a7594974ea449e2e5d580844be0e0ff6715d |
| SHA512 | 3256b170c4c692ebb60baff5176cdd116da302746ece5f6cd40939e9bec735f7917980154ecfcd3ef41d585eaf96b97c4c63679a865cbf16b7afd376c98bc9b7 |
C:\Windows\{7A22ED86-7318-4fbb-ACE4-4F50DC95F078}.exe
| MD5 | e412c4c763fbb5b392981a0eb49caebe |
| SHA1 | 79630549bcbef1f109f1fbbb8880d6ac895350e1 |
| SHA256 | 3b21fc6d70580fd0e539d6bbc481966032b7a598731a36a3ef7debbbfd2806c9 |
| SHA512 | 7e4739f3cdfe94f6d83d66f69f699d4ea739d9007a7c589070d80bed4950063210dc26ea681dbd08e83536b7b22fb375673099253a1ad49f015862761c527129 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 02:43
Reported
2024-06-13 02:45
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
156s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D642A007-FD9A-449c-B528-A53A097A7BCF}\stubpath = "C:\\Windows\\{D642A007-FD9A-449c-B528-A53A097A7BCF}.exe" | C:\Windows\{5DD69A26-F94F-4630-A452-954FC69F7212}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F1560311-87D3-4cf0-93D7-E8265B722BA7}\stubpath = "C:\\Windows\\{F1560311-87D3-4cf0-93D7-E8265B722BA7}.exe" | C:\Windows\{3728DFA5-76E3-4f95-8CFC-99E647B8EF9A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{61838062-CC67-45fc-84D2-1481564F0F90} | C:\Windows\{F1560311-87D3-4cf0-93D7-E8265B722BA7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{18C0E007-6DFF-42ac-B040-B62DC26901B8}\stubpath = "C:\\Windows\\{18C0E007-6DFF-42ac-B040-B62DC26901B8}.exe" | C:\Windows\{D642A007-FD9A-449c-B528-A53A097A7BCF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{39624838-6A19-430d-A8E8-0532DF60B7FE}\stubpath = "C:\\Windows\\{39624838-6A19-430d-A8E8-0532DF60B7FE}.exe" | C:\Windows\{18C0E007-6DFF-42ac-B040-B62DC26901B8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D6F69D1D-596C-4bd0-9FA6-98D727359ADF} | C:\Windows\{39624838-6A19-430d-A8E8-0532DF60B7FE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{498E330C-5C31-4b57-970A-FB5D78B142E5} | C:\Windows\{D6F69D1D-596C-4bd0-9FA6-98D727359ADF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6DB006AE-933F-4359-8C3F-F4F29C04721E} | C:\Windows\{61838062-CC67-45fc-84D2-1481564F0F90}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{498E330C-5C31-4b57-970A-FB5D78B142E5}\stubpath = "C:\\Windows\\{498E330C-5C31-4b57-970A-FB5D78B142E5}.exe" | C:\Windows\{D6F69D1D-596C-4bd0-9FA6-98D727359ADF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C8BA8725-2998-4907-B91A-9F6518F0CEA2} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_0274ff2311ae5e9f0eae93830e95841a_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{52677632-ED47-4064-A25E-FA54B0B2B3C8} | C:\Windows\{C8BA8725-2998-4907-B91A-9F6518F0CEA2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{52677632-ED47-4064-A25E-FA54B0B2B3C8}\stubpath = "C:\\Windows\\{52677632-ED47-4064-A25E-FA54B0B2B3C8}.exe" | C:\Windows\{C8BA8725-2998-4907-B91A-9F6518F0CEA2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5DD69A26-F94F-4630-A452-954FC69F7212} | C:\Windows\{52677632-ED47-4064-A25E-FA54B0B2B3C8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5DD69A26-F94F-4630-A452-954FC69F7212}\stubpath = "C:\\Windows\\{5DD69A26-F94F-4630-A452-954FC69F7212}.exe" | C:\Windows\{52677632-ED47-4064-A25E-FA54B0B2B3C8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{39624838-6A19-430d-A8E8-0532DF60B7FE} | C:\Windows\{18C0E007-6DFF-42ac-B040-B62DC26901B8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D6F69D1D-596C-4bd0-9FA6-98D727359ADF}\stubpath = "C:\\Windows\\{D6F69D1D-596C-4bd0-9FA6-98D727359ADF}.exe" | C:\Windows\{39624838-6A19-430d-A8E8-0532DF60B7FE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3728DFA5-76E3-4f95-8CFC-99E647B8EF9A} | C:\Windows\{498E330C-5C31-4b57-970A-FB5D78B142E5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C8BA8725-2998-4907-B91A-9F6518F0CEA2}\stubpath = "C:\\Windows\\{C8BA8725-2998-4907-B91A-9F6518F0CEA2}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_0274ff2311ae5e9f0eae93830e95841a_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D642A007-FD9A-449c-B528-A53A097A7BCF} | C:\Windows\{5DD69A26-F94F-4630-A452-954FC69F7212}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{18C0E007-6DFF-42ac-B040-B62DC26901B8} | C:\Windows\{D642A007-FD9A-449c-B528-A53A097A7BCF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3728DFA5-76E3-4f95-8CFC-99E647B8EF9A}\stubpath = "C:\\Windows\\{3728DFA5-76E3-4f95-8CFC-99E647B8EF9A}.exe" | C:\Windows\{498E330C-5C31-4b57-970A-FB5D78B142E5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F1560311-87D3-4cf0-93D7-E8265B722BA7} | C:\Windows\{3728DFA5-76E3-4f95-8CFC-99E647B8EF9A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{61838062-CC67-45fc-84D2-1481564F0F90}\stubpath = "C:\\Windows\\{61838062-CC67-45fc-84D2-1481564F0F90}.exe" | C:\Windows\{F1560311-87D3-4cf0-93D7-E8265B722BA7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6DB006AE-933F-4359-8C3F-F4F29C04721E}\stubpath = "C:\\Windows\\{6DB006AE-933F-4359-8C3F-F4F29C04721E}.exe" | C:\Windows\{61838062-CC67-45fc-84D2-1481564F0F90}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{C8BA8725-2998-4907-B91A-9F6518F0CEA2}.exe | N/A |
| N/A | N/A | C:\Windows\{52677632-ED47-4064-A25E-FA54B0B2B3C8}.exe | N/A |
| N/A | N/A | C:\Windows\{5DD69A26-F94F-4630-A452-954FC69F7212}.exe | N/A |
| N/A | N/A | C:\Windows\{D642A007-FD9A-449c-B528-A53A097A7BCF}.exe | N/A |
| N/A | N/A | C:\Windows\{18C0E007-6DFF-42ac-B040-B62DC26901B8}.exe | N/A |
| N/A | N/A | C:\Windows\{39624838-6A19-430d-A8E8-0532DF60B7FE}.exe | N/A |
| N/A | N/A | C:\Windows\{D6F69D1D-596C-4bd0-9FA6-98D727359ADF}.exe | N/A |
| N/A | N/A | C:\Windows\{498E330C-5C31-4b57-970A-FB5D78B142E5}.exe | N/A |
| N/A | N/A | C:\Windows\{3728DFA5-76E3-4f95-8CFC-99E647B8EF9A}.exe | N/A |
| N/A | N/A | C:\Windows\{F1560311-87D3-4cf0-93D7-E8265B722BA7}.exe | N/A |
| N/A | N/A | C:\Windows\{61838062-CC67-45fc-84D2-1481564F0F90}.exe | N/A |
| N/A | N/A | C:\Windows\{6DB006AE-933F-4359-8C3F-F4F29C04721E}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{C8BA8725-2998-4907-B91A-9F6518F0CEA2}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_0274ff2311ae5e9f0eae93830e95841a_goldeneye.exe | N/A |
| File created | C:\Windows\{52677632-ED47-4064-A25E-FA54B0B2B3C8}.exe | C:\Windows\{C8BA8725-2998-4907-B91A-9F6518F0CEA2}.exe | N/A |
| File created | C:\Windows\{5DD69A26-F94F-4630-A452-954FC69F7212}.exe | C:\Windows\{52677632-ED47-4064-A25E-FA54B0B2B3C8}.exe | N/A |
| File created | C:\Windows\{39624838-6A19-430d-A8E8-0532DF60B7FE}.exe | C:\Windows\{18C0E007-6DFF-42ac-B040-B62DC26901B8}.exe | N/A |
| File created | C:\Windows\{D6F69D1D-596C-4bd0-9FA6-98D727359ADF}.exe | C:\Windows\{39624838-6A19-430d-A8E8-0532DF60B7FE}.exe | N/A |
| File created | C:\Windows\{498E330C-5C31-4b57-970A-FB5D78B142E5}.exe | C:\Windows\{D6F69D1D-596C-4bd0-9FA6-98D727359ADF}.exe | N/A |
| File created | C:\Windows\{3728DFA5-76E3-4f95-8CFC-99E647B8EF9A}.exe | C:\Windows\{498E330C-5C31-4b57-970A-FB5D78B142E5}.exe | N/A |
| File created | C:\Windows\{F1560311-87D3-4cf0-93D7-E8265B722BA7}.exe | C:\Windows\{3728DFA5-76E3-4f95-8CFC-99E647B8EF9A}.exe | N/A |
| File created | C:\Windows\{D642A007-FD9A-449c-B528-A53A097A7BCF}.exe | C:\Windows\{5DD69A26-F94F-4630-A452-954FC69F7212}.exe | N/A |
| File created | C:\Windows\{18C0E007-6DFF-42ac-B040-B62DC26901B8}.exe | C:\Windows\{D642A007-FD9A-449c-B528-A53A097A7BCF}.exe | N/A |
| File created | C:\Windows\{61838062-CC67-45fc-84D2-1481564F0F90}.exe | C:\Windows\{F1560311-87D3-4cf0-93D7-E8265B722BA7}.exe | N/A |
| File created | C:\Windows\{6DB006AE-933F-4359-8C3F-F4F29C04721E}.exe | C:\Windows\{61838062-CC67-45fc-84D2-1481564F0F90}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_0274ff2311ae5e9f0eae93830e95841a_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_0274ff2311ae5e9f0eae93830e95841a_goldeneye.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3804,i,6166776566165096562,4582328833313060853,262144 --variations-seed-version --mojo-platform-channel-handle=3960 /prefetch:8
C:\Windows\{C8BA8725-2998-4907-B91A-9F6518F0CEA2}.exe
C:\Windows\{C8BA8725-2998-4907-B91A-9F6518F0CEA2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{52677632-ED47-4064-A25E-FA54B0B2B3C8}.exe
C:\Windows\{52677632-ED47-4064-A25E-FA54B0B2B3C8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C8BA8~1.EXE > nul
C:\Windows\{5DD69A26-F94F-4630-A452-954FC69F7212}.exe
C:\Windows\{5DD69A26-F94F-4630-A452-954FC69F7212}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{52677~1.EXE > nul
C:\Windows\{D642A007-FD9A-449c-B528-A53A097A7BCF}.exe
C:\Windows\{D642A007-FD9A-449c-B528-A53A097A7BCF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5DD69~1.EXE > nul
C:\Windows\{18C0E007-6DFF-42ac-B040-B62DC26901B8}.exe
C:\Windows\{18C0E007-6DFF-42ac-B040-B62DC26901B8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D642A~1.EXE > nul
C:\Windows\{39624838-6A19-430d-A8E8-0532DF60B7FE}.exe
C:\Windows\{39624838-6A19-430d-A8E8-0532DF60B7FE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{18C0E~1.EXE > nul
C:\Windows\{D6F69D1D-596C-4bd0-9FA6-98D727359ADF}.exe
C:\Windows\{D6F69D1D-596C-4bd0-9FA6-98D727359ADF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{39624~1.EXE > nul
C:\Windows\{498E330C-5C31-4b57-970A-FB5D78B142E5}.exe
C:\Windows\{498E330C-5C31-4b57-970A-FB5D78B142E5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D6F69~1.EXE > nul
C:\Windows\{3728DFA5-76E3-4f95-8CFC-99E647B8EF9A}.exe
C:\Windows\{3728DFA5-76E3-4f95-8CFC-99E647B8EF9A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{498E3~1.EXE > nul
C:\Windows\{F1560311-87D3-4cf0-93D7-E8265B722BA7}.exe
C:\Windows\{F1560311-87D3-4cf0-93D7-E8265B722BA7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3728D~1.EXE > nul
C:\Windows\{61838062-CC67-45fc-84D2-1481564F0F90}.exe
C:\Windows\{61838062-CC67-45fc-84D2-1481564F0F90}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F1560~1.EXE > nul
C:\Windows\{6DB006AE-933F-4359-8C3F-F4F29C04721E}.exe
C:\Windows\{6DB006AE-933F-4359-8C3F-F4F29C04721E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{61838~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
C:\Windows\{C8BA8725-2998-4907-B91A-9F6518F0CEA2}.exe
| MD5 | b8aa223fa794b14065d91fd978dee421 |
| SHA1 | 757e0f9e33323e950d788d52b60dc038744cd839 |
| SHA256 | d8da933dd2a7c7db766eb6dce95ac93a29ce581ed8d6eaf968a6533dcd25a00b |
| SHA512 | dbed7ae9782d2ab059e232c14442bf20c03c2d4af40ae9a66f0518035b75bf3dc459ccfe54e0bf2299716e7fcf9460def958809b496b133fe536081f06590b42 |
C:\Windows\{52677632-ED47-4064-A25E-FA54B0B2B3C8}.exe
| MD5 | e2e51107d906657fbda7e7e72fadfe44 |
| SHA1 | 6b902aff13bedfa071698eee7da18971cfffec4e |
| SHA256 | 496d5c6d4980acb0fe1ad9b4b8f69d78474b9b52d6a79c6b92575dfbc00fd796 |
| SHA512 | 93ea8a18413b6868d92b8ab5f099fa232726aa2ee04d724ce009a1b033a82bdb7afc8bfd5cf0dbf71390ccf9063d18e6419533229180393450a9343baad13b22 |
C:\Windows\{5DD69A26-F94F-4630-A452-954FC69F7212}.exe
| MD5 | ee8d7961de30ce5658b6e18c4679f262 |
| SHA1 | 579f35cf59a53fe1b96d2464dc223c556f75fe93 |
| SHA256 | 06c69179112f43b5ae70c024d4eace70876f9f6b451adaa2d6615f837ab9660b |
| SHA512 | 1e929621356a7a135b371435d3746434870b3b4d2b8919b5ed7ad1b6956374769e3477ca5680aad9a5d2a90b09651d7d68b3b4e4e2bd00f56f802be22d7040a6 |
C:\Windows\{D642A007-FD9A-449c-B528-A53A097A7BCF}.exe
| MD5 | 9f2c944a8e2a50c8d94a549f536d292d |
| SHA1 | 9df011f7940c9cac9fd1921c3d67e2d357302dae |
| SHA256 | a62bfb06332e0e4b21d0d2ad6d3423b3462e5d181926a26f478f4d3b95581fcc |
| SHA512 | 9570bfc08eb41a5e9251672a26fbd145b025fb54b640fdad49843d9dbfec072b76e8cd8d4bb4a3041c490bd5e7823438b9cf8ebbd42967ea6afd2689eaecafa4 |
C:\Windows\{18C0E007-6DFF-42ac-B040-B62DC26901B8}.exe
| MD5 | 3023096b3fe9dde77aa7d9cda9e7669e |
| SHA1 | 90d6ea6390f60d89abe56a43b6db672f88fadc97 |
| SHA256 | 7a2840b653d54a74b1111d88445d8f901e755d58603251381d3b8337fd2b4956 |
| SHA512 | fe086ca31b0d35e017e4f399105f140c53c7ef16483c6802e851b6438ca45aa012cc403a3b69998c2566c9eb944f695961ed3df5d49c51dfdea9bfff490f3905 |
C:\Windows\{39624838-6A19-430d-A8E8-0532DF60B7FE}.exe
| MD5 | 881f4f0d763622fd4b5700e5b4f22c8c |
| SHA1 | b0ffc995913277dfe5419eecb643d61a8828baab |
| SHA256 | c80b23b059368ec59c5e503a22ff538ad7bfb9fd33c70552768c4828b4cb4be4 |
| SHA512 | bb667fa6051c0ceca483616482471021e823bc954ae88246e5db043600ce842a8e1a67ec441c4ff6352c4a9bf4e31bffbd9d8701d770143ba21c60de76b182ea |
C:\Windows\{D6F69D1D-596C-4bd0-9FA6-98D727359ADF}.exe
| MD5 | 2d4668b0602e0ffcf5f95bd13f0c8028 |
| SHA1 | ed2e461afe1a0faa19bc0119b5242ad352ac2776 |
| SHA256 | 9f34256356399cdc571abce50bd8517adde5937a5dd7101ab09a6106f9129b80 |
| SHA512 | 333a109aeade2918553673ce40f95a94bb0f73581d56c5330d1d7b5dd3fb38aee43830a01b62e59a03fa9f72db21711fbd956e7dcef78b7c983d49ce4e4c55b8 |
C:\Windows\{498E330C-5C31-4b57-970A-FB5D78B142E5}.exe
| MD5 | 7dcc0395ef3b72e02447ddec77b8ae9d |
| SHA1 | a20cbc7c65cace112d2c4357920007cfdffd642c |
| SHA256 | aeb42dfb444e91bf187f1ab8469d1d2e8bfa1202d76bd4e2a149c41cad0301db |
| SHA512 | bac4e14b87b69b7459fe219ceac483695006cb8d033d6d1edbdfe88e4cc0375ed7c960d2fe6f1df25c0ca7201b44efa827f5336a023303a51b28f46fa8839dbc |
C:\Windows\{3728DFA5-76E3-4f95-8CFC-99E647B8EF9A}.exe
| MD5 | 9c2aa551ed1e247fa0d43b124bbdf055 |
| SHA1 | d3a010baee2cfb38dd34cb8f298fb4b53bb76e48 |
| SHA256 | 0022acc25e0f4bcacb62005377db4d0d0ea18bc561133599a50b9f72d2ce1f93 |
| SHA512 | 07948a5910302abe89508e13d3b62d94cb0779e9bf503370c97e3638c2ce581c83105ab9be94d6e00aa66c7572adfe55009768c3057250f87bf467e0f23ef1fb |
C:\Windows\{F1560311-87D3-4cf0-93D7-E8265B722BA7}.exe
| MD5 | 4a400717ae300b7c1f5e1526e2e117a3 |
| SHA1 | 26fb48a7ca969526a7f297a4478b771bfbd42a55 |
| SHA256 | e88f6d07475cab9ce1d000a19459afef520e6f392e7d301becf48dcffb8b98d0 |
| SHA512 | 524bf5562f279cdd90bd3ded6d5959df9f2c6869972263def43389f0bca067b2302639c468ee5ca37af9c71e727fff530088bbfe99bf8b29a4ea961d56ad6022 |
C:\Windows\{61838062-CC67-45fc-84D2-1481564F0F90}.exe
| MD5 | 58cd0a45b21b2d06f0b8d285a2ec31c3 |
| SHA1 | 004c4d73e3ab08a2f8b93d256bb41e9a0a63fd54 |
| SHA256 | 0bcd47aa2c3afddaf8f66c99411eef958f00bb450e3865000c5c3011e4d4a920 |
| SHA512 | 851b7d1381fdec8b14c25ed5c138e86147ff5d512d28de55661311ad2e7dccb3b82fb24d61d427b536f220c60c6ea5cfa1c33e23c5a73305bc948c4fbea9ce61 |
C:\Windows\{6DB006AE-933F-4359-8C3F-F4F29C04721E}.exe
| MD5 | 8e3ce6da73c7ad2b679e067e9afe026b |
| SHA1 | 66553748a905d13e5a00e28947541686e628435a |
| SHA256 | 92e179326c4c0e6701fb7275a4e305fe98e600009529c4bc534c8460a2be50a7 |
| SHA512 | f05116ddadf78587d84b0466c1b4485cda324bc235cd42ca37da0518765f909bb4ba24a1496e3e078338ed7cea4a49fd6904189c4fb4c3441f6cd77b6baf626c |