Analysis Overview
SHA256
a6a9bccdd59afea874a4d7da4f11e95a5b58e652c88b5da4b31d4cf38932eb7f
Threat Level: Known bad
The file 2024-06-13_050b37d7510f8a8ef9f98757c220251b_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:43
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:43
Reported
2024-06-13 02:46
Platform
win7-20231129-en
Max time kernel
144s
Max time network
118s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9C748D5E-7236-4342-8B1B-CED67D0E616B} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_050b37d7510f8a8ef9f98757c220251b_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{33DA5C50-ECA5-48c1-B051-58D39C953E04} | C:\Windows\{9C748D5E-7236-4342-8B1B-CED67D0E616B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4CA0F9AE-DE6C-44ad-A7DB-0279C6362B3F} | C:\Windows\{3AF1FD2A-D3A4-49d3-9B75-E36846884BA1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F86A9266-C867-4256-9B13-F763FBA2CD68} | C:\Windows\{4CA0F9AE-DE6C-44ad-A7DB-0279C6362B3F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9DF8FF41-D816-4f96-866A-00B5D753F12D}\stubpath = "C:\\Windows\\{9DF8FF41-D816-4f96-866A-00B5D753F12D}.exe" | C:\Windows\{F86A9266-C867-4256-9B13-F763FBA2CD68}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{18D4E9BB-9C34-4f7c-AEC0-DE60763B35FE} | C:\Windows\{9DF8FF41-D816-4f96-866A-00B5D753F12D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{95BA3A96-770C-4284-A5BE-E0B26D14D494}\stubpath = "C:\\Windows\\{95BA3A96-770C-4284-A5BE-E0B26D14D494}.exe" | C:\Windows\{D5F0E945-2370-4254-B4EC-185B5068A5D4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D11C081F-7763-4ed9-940C-B03C49B9AA2F}\stubpath = "C:\\Windows\\{D11C081F-7763-4ed9-940C-B03C49B9AA2F}.exe" | C:\Windows\{95BA3A96-770C-4284-A5BE-E0B26D14D494}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C17BF9D4-3B5B-4fe1-9267-340023DEB00A}\stubpath = "C:\\Windows\\{C17BF9D4-3B5B-4fe1-9267-340023DEB00A}.exe" | C:\Windows\{D11C081F-7763-4ed9-940C-B03C49B9AA2F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9C748D5E-7236-4342-8B1B-CED67D0E616B}\stubpath = "C:\\Windows\\{9C748D5E-7236-4342-8B1B-CED67D0E616B}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_050b37d7510f8a8ef9f98757c220251b_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3AF1FD2A-D3A4-49d3-9B75-E36846884BA1} | C:\Windows\{33DA5C50-ECA5-48c1-B051-58D39C953E04}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3AF1FD2A-D3A4-49d3-9B75-E36846884BA1}\stubpath = "C:\\Windows\\{3AF1FD2A-D3A4-49d3-9B75-E36846884BA1}.exe" | C:\Windows\{33DA5C50-ECA5-48c1-B051-58D39C953E04}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{18D4E9BB-9C34-4f7c-AEC0-DE60763B35FE}\stubpath = "C:\\Windows\\{18D4E9BB-9C34-4f7c-AEC0-DE60763B35FE}.exe" | C:\Windows\{9DF8FF41-D816-4f96-866A-00B5D753F12D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D5F0E945-2370-4254-B4EC-185B5068A5D4}\stubpath = "C:\\Windows\\{D5F0E945-2370-4254-B4EC-185B5068A5D4}.exe" | C:\Windows\{18D4E9BB-9C34-4f7c-AEC0-DE60763B35FE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{95BA3A96-770C-4284-A5BE-E0B26D14D494} | C:\Windows\{D5F0E945-2370-4254-B4EC-185B5068A5D4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{33DA5C50-ECA5-48c1-B051-58D39C953E04}\stubpath = "C:\\Windows\\{33DA5C50-ECA5-48c1-B051-58D39C953E04}.exe" | C:\Windows\{9C748D5E-7236-4342-8B1B-CED67D0E616B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D5F0E945-2370-4254-B4EC-185B5068A5D4} | C:\Windows\{18D4E9BB-9C34-4f7c-AEC0-DE60763B35FE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4CA0F9AE-DE6C-44ad-A7DB-0279C6362B3F}\stubpath = "C:\\Windows\\{4CA0F9AE-DE6C-44ad-A7DB-0279C6362B3F}.exe" | C:\Windows\{3AF1FD2A-D3A4-49d3-9B75-E36846884BA1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F86A9266-C867-4256-9B13-F763FBA2CD68}\stubpath = "C:\\Windows\\{F86A9266-C867-4256-9B13-F763FBA2CD68}.exe" | C:\Windows\{4CA0F9AE-DE6C-44ad-A7DB-0279C6362B3F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9DF8FF41-D816-4f96-866A-00B5D753F12D} | C:\Windows\{F86A9266-C867-4256-9B13-F763FBA2CD68}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D11C081F-7763-4ed9-940C-B03C49B9AA2F} | C:\Windows\{95BA3A96-770C-4284-A5BE-E0B26D14D494}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C17BF9D4-3B5B-4fe1-9267-340023DEB00A} | C:\Windows\{D11C081F-7763-4ed9-940C-B03C49B9AA2F}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{9C748D5E-7236-4342-8B1B-CED67D0E616B}.exe | N/A |
| N/A | N/A | C:\Windows\{33DA5C50-ECA5-48c1-B051-58D39C953E04}.exe | N/A |
| N/A | N/A | C:\Windows\{3AF1FD2A-D3A4-49d3-9B75-E36846884BA1}.exe | N/A |
| N/A | N/A | C:\Windows\{4CA0F9AE-DE6C-44ad-A7DB-0279C6362B3F}.exe | N/A |
| N/A | N/A | C:\Windows\{F86A9266-C867-4256-9B13-F763FBA2CD68}.exe | N/A |
| N/A | N/A | C:\Windows\{9DF8FF41-D816-4f96-866A-00B5D753F12D}.exe | N/A |
| N/A | N/A | C:\Windows\{18D4E9BB-9C34-4f7c-AEC0-DE60763B35FE}.exe | N/A |
| N/A | N/A | C:\Windows\{D5F0E945-2370-4254-B4EC-185B5068A5D4}.exe | N/A |
| N/A | N/A | C:\Windows\{95BA3A96-770C-4284-A5BE-E0B26D14D494}.exe | N/A |
| N/A | N/A | C:\Windows\{D11C081F-7763-4ed9-940C-B03C49B9AA2F}.exe | N/A |
| N/A | N/A | C:\Windows\{C17BF9D4-3B5B-4fe1-9267-340023DEB00A}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{18D4E9BB-9C34-4f7c-AEC0-DE60763B35FE}.exe | C:\Windows\{9DF8FF41-D816-4f96-866A-00B5D753F12D}.exe | N/A |
| File created | C:\Windows\{95BA3A96-770C-4284-A5BE-E0B26D14D494}.exe | C:\Windows\{D5F0E945-2370-4254-B4EC-185B5068A5D4}.exe | N/A |
| File created | C:\Windows\{D11C081F-7763-4ed9-940C-B03C49B9AA2F}.exe | C:\Windows\{95BA3A96-770C-4284-A5BE-E0B26D14D494}.exe | N/A |
| File created | C:\Windows\{9C748D5E-7236-4342-8B1B-CED67D0E616B}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_050b37d7510f8a8ef9f98757c220251b_goldeneye.exe | N/A |
| File created | C:\Windows\{3AF1FD2A-D3A4-49d3-9B75-E36846884BA1}.exe | C:\Windows\{33DA5C50-ECA5-48c1-B051-58D39C953E04}.exe | N/A |
| File created | C:\Windows\{F86A9266-C867-4256-9B13-F763FBA2CD68}.exe | C:\Windows\{4CA0F9AE-DE6C-44ad-A7DB-0279C6362B3F}.exe | N/A |
| File created | C:\Windows\{9DF8FF41-D816-4f96-866A-00B5D753F12D}.exe | C:\Windows\{F86A9266-C867-4256-9B13-F763FBA2CD68}.exe | N/A |
| File created | C:\Windows\{33DA5C50-ECA5-48c1-B051-58D39C953E04}.exe | C:\Windows\{9C748D5E-7236-4342-8B1B-CED67D0E616B}.exe | N/A |
| File created | C:\Windows\{4CA0F9AE-DE6C-44ad-A7DB-0279C6362B3F}.exe | C:\Windows\{3AF1FD2A-D3A4-49d3-9B75-E36846884BA1}.exe | N/A |
| File created | C:\Windows\{D5F0E945-2370-4254-B4EC-185B5068A5D4}.exe | C:\Windows\{18D4E9BB-9C34-4f7c-AEC0-DE60763B35FE}.exe | N/A |
| File created | C:\Windows\{C17BF9D4-3B5B-4fe1-9267-340023DEB00A}.exe | C:\Windows\{D11C081F-7763-4ed9-940C-B03C49B9AA2F}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_050b37d7510f8a8ef9f98757c220251b_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_050b37d7510f8a8ef9f98757c220251b_goldeneye.exe"
C:\Windows\{9C748D5E-7236-4342-8B1B-CED67D0E616B}.exe
C:\Windows\{9C748D5E-7236-4342-8B1B-CED67D0E616B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{33DA5C50-ECA5-48c1-B051-58D39C953E04}.exe
C:\Windows\{33DA5C50-ECA5-48c1-B051-58D39C953E04}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9C748~1.EXE > nul
C:\Windows\{3AF1FD2A-D3A4-49d3-9B75-E36846884BA1}.exe
C:\Windows\{3AF1FD2A-D3A4-49d3-9B75-E36846884BA1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{33DA5~1.EXE > nul
C:\Windows\{4CA0F9AE-DE6C-44ad-A7DB-0279C6362B3F}.exe
C:\Windows\{4CA0F9AE-DE6C-44ad-A7DB-0279C6362B3F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3AF1F~1.EXE > nul
C:\Windows\{F86A9266-C867-4256-9B13-F763FBA2CD68}.exe
C:\Windows\{F86A9266-C867-4256-9B13-F763FBA2CD68}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4CA0F~1.EXE > nul
C:\Windows\{9DF8FF41-D816-4f96-866A-00B5D753F12D}.exe
C:\Windows\{9DF8FF41-D816-4f96-866A-00B5D753F12D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F86A9~1.EXE > nul
C:\Windows\{18D4E9BB-9C34-4f7c-AEC0-DE60763B35FE}.exe
C:\Windows\{18D4E9BB-9C34-4f7c-AEC0-DE60763B35FE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9DF8F~1.EXE > nul
C:\Windows\{D5F0E945-2370-4254-B4EC-185B5068A5D4}.exe
C:\Windows\{D5F0E945-2370-4254-B4EC-185B5068A5D4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{18D4E~1.EXE > nul
C:\Windows\{95BA3A96-770C-4284-A5BE-E0B26D14D494}.exe
C:\Windows\{95BA3A96-770C-4284-A5BE-E0B26D14D494}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D5F0E~1.EXE > nul
C:\Windows\{D11C081F-7763-4ed9-940C-B03C49B9AA2F}.exe
C:\Windows\{D11C081F-7763-4ed9-940C-B03C49B9AA2F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{95BA3~1.EXE > nul
C:\Windows\{C17BF9D4-3B5B-4fe1-9267-340023DEB00A}.exe
C:\Windows\{C17BF9D4-3B5B-4fe1-9267-340023DEB00A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D11C0~1.EXE > nul
Network
Files
C:\Windows\{9C748D5E-7236-4342-8B1B-CED67D0E616B}.exe
| MD5 | d5a2728f40d835e0a9ebef1fb0673a8f |
| SHA1 | e1dc5e347b7395b440834c50e9e595e9a2f237df |
| SHA256 | 87b6c1be91e91cb185214e5ee28e41a6873ee8f7f60f5dc7e3729be807ba70d3 |
| SHA512 | 5ff51dcc0382b8f8478aac39c90f4847354bdf90c7bd6d9d531d97e9cf636a73680c65ee5f0dd65734eaa285229d1e61fd9c687702095facb6b1473d599cf26a |
C:\Windows\{33DA5C50-ECA5-48c1-B051-58D39C953E04}.exe
| MD5 | efc663a94c66617487f54027d1d7abc6 |
| SHA1 | 48d3b49064d722367ea1528f28d1276bac7c5b94 |
| SHA256 | 0c3b559bb2302ca76bcaa403b82a9e7aaf623d1677e750f3a8d2bade26f745a8 |
| SHA512 | be1182c4b368731c535f0054cfedd125072196eae62a5a9a7d4a217e333f4a3a6f8f64b1c9b201e624ef98f71687efe87d996756d2ac717b078bfbebf9e9d401 |
C:\Windows\{3AF1FD2A-D3A4-49d3-9B75-E36846884BA1}.exe
| MD5 | de4f789e133f4d017e82430e867c9860 |
| SHA1 | d9ecdffd971c01bff902c71112609d23e6bf36df |
| SHA256 | 47d34486921eb0417df556cbad315034779232efe449f6ac2623a7048d5d21a0 |
| SHA512 | e337a9000788d82e2b71fa43009d3a936c05bad643cc9211a43ad0815965ce5c7f839080585c8ff66c63126a0fc382294ca0b456bb07328383b6d91240990d23 |
C:\Windows\{4CA0F9AE-DE6C-44ad-A7DB-0279C6362B3F}.exe
| MD5 | bad273cdd25901f0e62b4594498b3feb |
| SHA1 | eadbc95b7bcfaad68b4a89282d2ddd90d7b175db |
| SHA256 | 9a3be17c5059bb855b691e1c70cd6f0a452732893e392f9c6b136b6ca10bb4c1 |
| SHA512 | bcfd7b4c2aa300141304695214f1e4f329874ebec9d7582472f5984ac12a950183e4232cc481cc6b4b94e50eaeb89cd4527f43500f3be8e24470cfedce2a699f |
C:\Windows\{F86A9266-C867-4256-9B13-F763FBA2CD68}.exe
| MD5 | b2e34dfa0ec6ff047f98cf292cdc73cc |
| SHA1 | 000b86a4c3c9fe619f3200feedc275ce3e54e30a |
| SHA256 | cd7c15ff17433300917060792974e90d668c05d393daa06a489193f2854b4400 |
| SHA512 | 1d5ee903e64784a73c64570bd0f4cb99a46339a9cc58903305057e33d52d9c379ff990359948853a63c9b8cffda753597d92e48aa244895d5fb9979544058e40 |
C:\Windows\{9DF8FF41-D816-4f96-866A-00B5D753F12D}.exe
| MD5 | d765da34a8eecb0fc3677ffff7bb10b8 |
| SHA1 | 28dc7241e739c133abaf891c73472a926ebc8d21 |
| SHA256 | fde11c6011534f5256cb60e9c2975f8cc815986bc2a419b96c07bf71df2e7260 |
| SHA512 | 06e9b25eb1d90c853e67dc79bb190517526ce0a7170f9783f21ce3b249cad2e60875c669d9686c1013dc0a035fda8becce80a819e96a076f101152294e521c8e |
C:\Windows\{18D4E9BB-9C34-4f7c-AEC0-DE60763B35FE}.exe
| MD5 | 3d43d2c21c9d5924c72fcc4da8c1d50a |
| SHA1 | 454339ca9374107b9b851891a69cb364c6cb3791 |
| SHA256 | 3e56ce4b521d2c283ba6d74813d67fa5ba298688a9e897406f4270d816e47db2 |
| SHA512 | 4b9190c19c6bfe3c0cb17bddce87eb5abeef85fedfe37cf4c3f91dc1d8bbd85caaf14f78b156a0be904a295939b84af17e5137d183e2d3f951c4f68942236850 |
C:\Windows\{D5F0E945-2370-4254-B4EC-185B5068A5D4}.exe
| MD5 | 48a9d791ba4af39e65a957c3f01a00b3 |
| SHA1 | 90e92cbe041c505c39f96d271498c1f3aa393e98 |
| SHA256 | 6d8fc6f88a0c7b4d6e6054a4cd50d728317df513111af9220996ce1a97460f1e |
| SHA512 | b59857b2393569f05acd5e2d1771d6be7b8a101b41b8388d9e7d5363c208b24c78d0111444bdee6f064feacc02c0171ff736c7e78709918f1c3b8b22dd8cfe5a |
C:\Windows\{95BA3A96-770C-4284-A5BE-E0B26D14D494}.exe
| MD5 | 3affdc6a1cc46c57f2c3a0f483dc6b88 |
| SHA1 | 767699a7ebe2f788e52f427bfde56e673892724f |
| SHA256 | 7cfbcab684017d1368563a35922c13f99f92e2ae91392478633a470bbe207268 |
| SHA512 | 819db71f575379f1c2194f3ebcbd0695138bc5d18007e6a6a57bcd57cd4c9f03a44a9ace6633e24947959897aa346f2b25bfc207eeaefb4f20d10f7943de0fb4 |
C:\Windows\{D11C081F-7763-4ed9-940C-B03C49B9AA2F}.exe
| MD5 | da6ab89146eb6f9891773ad4ff9132f7 |
| SHA1 | b1d73345b8df66498a81de0fd7f22ecd8f3296bf |
| SHA256 | 48a4f6f882f09c7cad61094dbe2f52f1f82fc87964f5c638e978687653280c83 |
| SHA512 | daa1f8ae6948edac87eef7678844ebdc298e2b331921a438889f07335b3e92cf8443b1940fa4c6582bddb874e5ac59f6d44bdf220b1cc398ea591f1b03d1349a |
C:\Windows\{C17BF9D4-3B5B-4fe1-9267-340023DEB00A}.exe
| MD5 | f5f706d665ff8ad90dada98315e09e34 |
| SHA1 | ae8e79b2eb1cc10803f47bc57c39fda801482ec9 |
| SHA256 | 4cdf52ee15b1bd3551597d772315c3bb58a89b6254a743bcee58775bbef70c47 |
| SHA512 | 17f294151d5d490e41dfc2c7ec1f35197e79d2cea097d14729d07b989ad93950cf037595aad246630d363c415a0cfe2bbef40b6d25850449eff34350a9fcbc33 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 02:43
Reported
2024-06-13 02:46
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C4EE830B-2C50-44b3-862B-DA04E37C7126}\stubpath = "C:\\Windows\\{C4EE830B-2C50-44b3-862B-DA04E37C7126}.exe" | C:\Windows\{A3029469-3CF9-48ae-AF7A-85929468A5BD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{900951C4-A370-4c61-A8C8-75CD5528D398}\stubpath = "C:\\Windows\\{900951C4-A370-4c61-A8C8-75CD5528D398}.exe" | C:\Windows\{042651AD-36D6-4fd5-8F1F-B34B992131E0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B7F41826-941E-47c7-A1D2-705271882C58}\stubpath = "C:\\Windows\\{B7F41826-941E-47c7-A1D2-705271882C58}.exe" | C:\Windows\{8DE3ACA3-82C6-4a82-B779-20640363C2F9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AF216A8E-6648-4801-8188-C43F8AE53620}\stubpath = "C:\\Windows\\{AF216A8E-6648-4801-8188-C43F8AE53620}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_050b37d7510f8a8ef9f98757c220251b_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4244FDBC-15CB-4241-8D0E-9E776E61580C} | C:\Windows\{AF216A8E-6648-4801-8188-C43F8AE53620}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C4EE830B-2C50-44b3-862B-DA04E37C7126} | C:\Windows\{A3029469-3CF9-48ae-AF7A-85929468A5BD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4244FDBC-15CB-4241-8D0E-9E776E61580C}\stubpath = "C:\\Windows\\{4244FDBC-15CB-4241-8D0E-9E776E61580C}.exe" | C:\Windows\{AF216A8E-6648-4801-8188-C43F8AE53620}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BC7C1863-535E-4e86-AA06-A3EAF27B7562}\stubpath = "C:\\Windows\\{BC7C1863-535E-4e86-AA06-A3EAF27B7562}.exe" | C:\Windows\{C4EE830B-2C50-44b3-862B-DA04E37C7126}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{042651AD-36D6-4fd5-8F1F-B34B992131E0}\stubpath = "C:\\Windows\\{042651AD-36D6-4fd5-8F1F-B34B992131E0}.exe" | C:\Windows\{BC7C1863-535E-4e86-AA06-A3EAF27B7562}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B660DD36-227F-4aa2-BEC7-833B5269AEFF} | C:\Windows\{900951C4-A370-4c61-A8C8-75CD5528D398}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8DE3ACA3-82C6-4a82-B779-20640363C2F9} | C:\Windows\{B660DD36-227F-4aa2-BEC7-833B5269AEFF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C7787983-2EEE-4e24-BCBC-14D4D35958AF} | C:\Windows\{B7F41826-941E-47c7-A1D2-705271882C58}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C7787983-2EEE-4e24-BCBC-14D4D35958AF}\stubpath = "C:\\Windows\\{C7787983-2EEE-4e24-BCBC-14D4D35958AF}.exe" | C:\Windows\{B7F41826-941E-47c7-A1D2-705271882C58}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AF216A8E-6648-4801-8188-C43F8AE53620} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_050b37d7510f8a8ef9f98757c220251b_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A3029469-3CF9-48ae-AF7A-85929468A5BD} | C:\Windows\{4B168A32-DAA9-42ce-BA20-A01A5D5257D1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{042651AD-36D6-4fd5-8F1F-B34B992131E0} | C:\Windows\{BC7C1863-535E-4e86-AA06-A3EAF27B7562}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BC7C1863-535E-4e86-AA06-A3EAF27B7562} | C:\Windows\{C4EE830B-2C50-44b3-862B-DA04E37C7126}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{900951C4-A370-4c61-A8C8-75CD5528D398} | C:\Windows\{042651AD-36D6-4fd5-8F1F-B34B992131E0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B660DD36-227F-4aa2-BEC7-833B5269AEFF}\stubpath = "C:\\Windows\\{B660DD36-227F-4aa2-BEC7-833B5269AEFF}.exe" | C:\Windows\{900951C4-A370-4c61-A8C8-75CD5528D398}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8DE3ACA3-82C6-4a82-B779-20640363C2F9}\stubpath = "C:\\Windows\\{8DE3ACA3-82C6-4a82-B779-20640363C2F9}.exe" | C:\Windows\{B660DD36-227F-4aa2-BEC7-833B5269AEFF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B7F41826-941E-47c7-A1D2-705271882C58} | C:\Windows\{8DE3ACA3-82C6-4a82-B779-20640363C2F9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4B168A32-DAA9-42ce-BA20-A01A5D5257D1} | C:\Windows\{4244FDBC-15CB-4241-8D0E-9E776E61580C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4B168A32-DAA9-42ce-BA20-A01A5D5257D1}\stubpath = "C:\\Windows\\{4B168A32-DAA9-42ce-BA20-A01A5D5257D1}.exe" | C:\Windows\{4244FDBC-15CB-4241-8D0E-9E776E61580C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A3029469-3CF9-48ae-AF7A-85929468A5BD}\stubpath = "C:\\Windows\\{A3029469-3CF9-48ae-AF7A-85929468A5BD}.exe" | C:\Windows\{4B168A32-DAA9-42ce-BA20-A01A5D5257D1}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{AF216A8E-6648-4801-8188-C43F8AE53620}.exe | N/A |
| N/A | N/A | C:\Windows\{4244FDBC-15CB-4241-8D0E-9E776E61580C}.exe | N/A |
| N/A | N/A | C:\Windows\{4B168A32-DAA9-42ce-BA20-A01A5D5257D1}.exe | N/A |
| N/A | N/A | C:\Windows\{A3029469-3CF9-48ae-AF7A-85929468A5BD}.exe | N/A |
| N/A | N/A | C:\Windows\{C4EE830B-2C50-44b3-862B-DA04E37C7126}.exe | N/A |
| N/A | N/A | C:\Windows\{BC7C1863-535E-4e86-AA06-A3EAF27B7562}.exe | N/A |
| N/A | N/A | C:\Windows\{042651AD-36D6-4fd5-8F1F-B34B992131E0}.exe | N/A |
| N/A | N/A | C:\Windows\{900951C4-A370-4c61-A8C8-75CD5528D398}.exe | N/A |
| N/A | N/A | C:\Windows\{B660DD36-227F-4aa2-BEC7-833B5269AEFF}.exe | N/A |
| N/A | N/A | C:\Windows\{8DE3ACA3-82C6-4a82-B779-20640363C2F9}.exe | N/A |
| N/A | N/A | C:\Windows\{B7F41826-941E-47c7-A1D2-705271882C58}.exe | N/A |
| N/A | N/A | C:\Windows\{C7787983-2EEE-4e24-BCBC-14D4D35958AF}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{4B168A32-DAA9-42ce-BA20-A01A5D5257D1}.exe | C:\Windows\{4244FDBC-15CB-4241-8D0E-9E776E61580C}.exe | N/A |
| File created | C:\Windows\{A3029469-3CF9-48ae-AF7A-85929468A5BD}.exe | C:\Windows\{4B168A32-DAA9-42ce-BA20-A01A5D5257D1}.exe | N/A |
| File created | C:\Windows\{C4EE830B-2C50-44b3-862B-DA04E37C7126}.exe | C:\Windows\{A3029469-3CF9-48ae-AF7A-85929468A5BD}.exe | N/A |
| File created | C:\Windows\{042651AD-36D6-4fd5-8F1F-B34B992131E0}.exe | C:\Windows\{BC7C1863-535E-4e86-AA06-A3EAF27B7562}.exe | N/A |
| File created | C:\Windows\{900951C4-A370-4c61-A8C8-75CD5528D398}.exe | C:\Windows\{042651AD-36D6-4fd5-8F1F-B34B992131E0}.exe | N/A |
| File created | C:\Windows\{B660DD36-227F-4aa2-BEC7-833B5269AEFF}.exe | C:\Windows\{900951C4-A370-4c61-A8C8-75CD5528D398}.exe | N/A |
| File created | C:\Windows\{B7F41826-941E-47c7-A1D2-705271882C58}.exe | C:\Windows\{8DE3ACA3-82C6-4a82-B779-20640363C2F9}.exe | N/A |
| File created | C:\Windows\{AF216A8E-6648-4801-8188-C43F8AE53620}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_050b37d7510f8a8ef9f98757c220251b_goldeneye.exe | N/A |
| File created | C:\Windows\{BC7C1863-535E-4e86-AA06-A3EAF27B7562}.exe | C:\Windows\{C4EE830B-2C50-44b3-862B-DA04E37C7126}.exe | N/A |
| File created | C:\Windows\{8DE3ACA3-82C6-4a82-B779-20640363C2F9}.exe | C:\Windows\{B660DD36-227F-4aa2-BEC7-833B5269AEFF}.exe | N/A |
| File created | C:\Windows\{C7787983-2EEE-4e24-BCBC-14D4D35958AF}.exe | C:\Windows\{B7F41826-941E-47c7-A1D2-705271882C58}.exe | N/A |
| File created | C:\Windows\{4244FDBC-15CB-4241-8D0E-9E776E61580C}.exe | C:\Windows\{AF216A8E-6648-4801-8188-C43F8AE53620}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_050b37d7510f8a8ef9f98757c220251b_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_050b37d7510f8a8ef9f98757c220251b_goldeneye.exe"
C:\Windows\{AF216A8E-6648-4801-8188-C43F8AE53620}.exe
C:\Windows\{AF216A8E-6648-4801-8188-C43F8AE53620}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{4244FDBC-15CB-4241-8D0E-9E776E61580C}.exe
C:\Windows\{4244FDBC-15CB-4241-8D0E-9E776E61580C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{AF216~1.EXE > nul
C:\Windows\{4B168A32-DAA9-42ce-BA20-A01A5D5257D1}.exe
C:\Windows\{4B168A32-DAA9-42ce-BA20-A01A5D5257D1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4244F~1.EXE > nul
C:\Windows\{A3029469-3CF9-48ae-AF7A-85929468A5BD}.exe
C:\Windows\{A3029469-3CF9-48ae-AF7A-85929468A5BD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4B168~1.EXE > nul
C:\Windows\{C4EE830B-2C50-44b3-862B-DA04E37C7126}.exe
C:\Windows\{C4EE830B-2C50-44b3-862B-DA04E37C7126}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A3029~1.EXE > nul
C:\Windows\{BC7C1863-535E-4e86-AA06-A3EAF27B7562}.exe
C:\Windows\{BC7C1863-535E-4e86-AA06-A3EAF27B7562}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C4EE8~1.EXE > nul
C:\Windows\{042651AD-36D6-4fd5-8F1F-B34B992131E0}.exe
C:\Windows\{042651AD-36D6-4fd5-8F1F-B34B992131E0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BC7C1~1.EXE > nul
C:\Windows\{900951C4-A370-4c61-A8C8-75CD5528D398}.exe
C:\Windows\{900951C4-A370-4c61-A8C8-75CD5528D398}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{04265~1.EXE > nul
C:\Windows\{B660DD36-227F-4aa2-BEC7-833B5269AEFF}.exe
C:\Windows\{B660DD36-227F-4aa2-BEC7-833B5269AEFF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{90095~1.EXE > nul
C:\Windows\{8DE3ACA3-82C6-4a82-B779-20640363C2F9}.exe
C:\Windows\{8DE3ACA3-82C6-4a82-B779-20640363C2F9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B660D~1.EXE > nul
C:\Windows\{B7F41826-941E-47c7-A1D2-705271882C58}.exe
C:\Windows\{B7F41826-941E-47c7-A1D2-705271882C58}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8DE3A~1.EXE > nul
C:\Windows\{C7787983-2EEE-4e24-BCBC-14D4D35958AF}.exe
C:\Windows\{C7787983-2EEE-4e24-BCBC-14D4D35958AF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B7F41~1.EXE > nul
Network
Files
C:\Windows\{AF216A8E-6648-4801-8188-C43F8AE53620}.exe
| MD5 | c4aff1f04f302c6b3647866a1916d16d |
| SHA1 | 446ebff989a5f4760a605eee840be146abd1e3e5 |
| SHA256 | 8a4fd84f848a7fce182786d88af05e059a15c72c666775c259171c4ea27f2b1a |
| SHA512 | 92fd8438362f1d1d9908a3ef05c9a6cc5a21f8b4bcfd661d9b95f2fbdc00ac94745760e663f843443ddae7aca21db998cb58965981add00349d6e11770647adb |
C:\Windows\{4244FDBC-15CB-4241-8D0E-9E776E61580C}.exe
| MD5 | 80b1dccf5a3880b075b42fa587acd58e |
| SHA1 | 484845ed9b565137ed69473f76012d32ef5c32e9 |
| SHA256 | c911c1ef0c416cb1c2b671806000f1304b3c4746904e7f3367151d99de94b227 |
| SHA512 | 64f4172978934c628d6741137029ed97035b24978a54dab80a4d94eee7805b609c1e7ec6a49f60b35b02cc2d5cc67c47332181e641bfab948f527d50e8d1936d |
C:\Windows\{4B168A32-DAA9-42ce-BA20-A01A5D5257D1}.exe
| MD5 | a30d2a948a1a25871f3a8b0751a47483 |
| SHA1 | 8a073df53d7a67553900a8a733c5786d58fe9784 |
| SHA256 | 16391069052c280220145d37784192f9034136fb0ce387c87f0036c25d9ea59a |
| SHA512 | f878a629b657b6431572cc35eacf7d04637193ce71048834f73695d582613f6af5a91d7fb7efa325a7ab027c85fa98f736d0ff00d8a7f520ab3512a4685efbed |
C:\Windows\{A3029469-3CF9-48ae-AF7A-85929468A5BD}.exe
| MD5 | a344ee53899d3203ed2f4b790cf83494 |
| SHA1 | dce69d1f0a03484f93f5a696bcd2f7af7d72fd78 |
| SHA256 | ed8d0a037b87556fd2af1506395a9184643efed2b16dfcd281a014986c96d8a6 |
| SHA512 | c003a9c93e460a4d3afae9165f6465437e4975a4288d4e0a3efee8fa8ee71cd28c077820f1de244b17a48db10d8710ed5422d67200817b76d0f61be892c760d5 |
C:\Windows\{C4EE830B-2C50-44b3-862B-DA04E37C7126}.exe
| MD5 | bd6c11a34b10c48ca647b7f83aab694f |
| SHA1 | cd97876954250ceb313669f24720c47b98257943 |
| SHA256 | e7d2481cdc7690da97df636d38495c57dc5dcc19a317be1bc9d18dde808367a1 |
| SHA512 | c73e3dbb7e664ee91adcd457ab4b7b79a177fae1358d231b52bf2d4a96edb6e9f4f76dd944c0967a32a172ddc69d9fc2b0bbd294a196c74ba41fc553fab53dbb |
C:\Windows\{BC7C1863-535E-4e86-AA06-A3EAF27B7562}.exe
| MD5 | 9cd1212f74caa727fb870a10162edf94 |
| SHA1 | 8c1e44fe7195aedfb4257dbb107e2b175d76ecf8 |
| SHA256 | 98b1a48762c70322281d3144ba53b1c48d1fc68c5e3a90788f52562bc70b9386 |
| SHA512 | 1f456326065c5017c23bf6b035e9ca01c66cc3b060c85776c1210350fda2fb58cd96a986cb5251c38c339fce2e77502904282d9256221315408dbfde8b25d2c0 |
C:\Windows\{042651AD-36D6-4fd5-8F1F-B34B992131E0}.exe
| MD5 | 06237ee806ce922031c1070c3f0e149b |
| SHA1 | ee0d5f7437581f107c5e81140656d7454d84a641 |
| SHA256 | 51d4121b82969e15d423056c94bf55ce648d01d35fc8f864529c8f79eaae5783 |
| SHA512 | 300e1e491565c03e00bded5190c62e61c6353bdda7d53d27d19470dcf5e82a1b256e488b3fdaca854e61e235f506138ef8b51fdd02994611e67325b714d83e25 |
C:\Windows\{900951C4-A370-4c61-A8C8-75CD5528D398}.exe
| MD5 | 9427269a112e23fc510d45d280bde90c |
| SHA1 | 84de051a2c001ed70863cadf1d590f13080e7c3e |
| SHA256 | e24a2af642d83eecd396ad95a885864c58cf29154966ccb80d1d2584b8bbc032 |
| SHA512 | 4dc43c2f2a1262dabb658a7cab272964b8d11956f3e954d1cbef9b0f089d5a634e92437878d8417ce2fc5072bb2e6e52a30f9084d37c2059bb9d6917f9abccaa |
C:\Windows\{B660DD36-227F-4aa2-BEC7-833B5269AEFF}.exe
| MD5 | d410cca892a5f5579f4211be0e35b250 |
| SHA1 | c6e3393043c80b8b86d95bb1af8ce4bc266adb22 |
| SHA256 | 55d1a7508d5d56acaa8cbfa7d3277b2e04eb09fdebadf337d923e394b82d52ba |
| SHA512 | 2e5f335afd6e4475eb2df36651515104264d1b2e89520e493a2282fb4eac9eb7a1a42b6b8544eba52c97fd77819128145d63ca0886911a8ac937a008ae8f7c56 |
C:\Windows\{8DE3ACA3-82C6-4a82-B779-20640363C2F9}.exe
| MD5 | f1cec4e92653c69e8e28f28a6307ea8b |
| SHA1 | f086c9bd85f06fd71c8f9516977fe75f15836159 |
| SHA256 | 5266e7680713e7d5af19c75defad94be5a89c4baa00358bc6a2b971e51226f9c |
| SHA512 | e24be535eb4aacd879126ce19464e5c9adacf187354ce4a1596a090d6c287c02fa2a63ec0cc91135962dce665eac0e17b5aa1796808d61d20366def49f338347 |
C:\Windows\{B7F41826-941E-47c7-A1D2-705271882C58}.exe
| MD5 | 3ee5a03464a173929a4007599b041735 |
| SHA1 | 782b00e3c3ec3072234ab4a5c78674ef22940be2 |
| SHA256 | aa66cffc663d03edf403c3b262338ecdf3360d976cec5875d6a50379fee18e68 |
| SHA512 | 3ee2f35759d47b08f33a3fcb1b6a5708d3ae9886914c954799604aa80493f65305267f4b3a0ccb503e5aafe4320726f8644bb57aef6f88214a2d18a84064b92b |
C:\Windows\{C7787983-2EEE-4e24-BCBC-14D4D35958AF}.exe
| MD5 | d4c746b63547a1e06e396422214997b6 |
| SHA1 | 47e413f4261bc31e858485060fcf6e83f92607ac |
| SHA256 | fa27dd9c4038cd9b92a9cd479d982aebdd790f8acd78ce85a9f82f8b06a0d987 |
| SHA512 | 1f4a9828ccdeafb7093fb03f8b2207cc3282b1d94b51635e0a311230412da838c0c46be9d13b0865d1fd74e8827bfba248e3b3805d197cede407952a3783e2af |