Analysis Overview
SHA256
b56cff8022659e2c0d5276ca259b67efe56c4e36c126c83ab95a739d30f62bde
Threat Level: Known bad
The file 2024-06-13_639e527998e0506714a7a8d6506c11da_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:51
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:51
Reported
2024-06-13 02:54
Platform
win7-20231129-en
Max time kernel
144s
Max time network
119s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{47F582D4-40A1-4d9c-9457-AC6CA2BFEB48} | C:\Windows\{7B542881-E784-4a99-8D39-81CDE9CEC4DB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{325CCD52-CE02-4d7f-9E8A-AE83CAF4264E} | C:\Windows\{212F9DD0-147E-4dfb-A8DD-16FDACEC6C35}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C8AA2AE6-C465-4e58-8D10-2B66A0EE5377} | C:\Windows\{325CCD52-CE02-4d7f-9E8A-AE83CAF4264E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C8AA2AE6-C465-4e58-8D10-2B66A0EE5377}\stubpath = "C:\\Windows\\{C8AA2AE6-C465-4e58-8D10-2B66A0EE5377}.exe" | C:\Windows\{325CCD52-CE02-4d7f-9E8A-AE83CAF4264E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D5247CA5-769E-43de-8DE4-254F44BDDA6A} | C:\Windows\{CFC11523-3EEF-46c0-A70B-8D9519AA4485}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7B542881-E784-4a99-8D39-81CDE9CEC4DB} | C:\Windows\{D5247CA5-769E-43de-8DE4-254F44BDDA6A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CFC11523-3EEF-46c0-A70B-8D9519AA4485}\stubpath = "C:\\Windows\\{CFC11523-3EEF-46c0-A70B-8D9519AA4485}.exe" | C:\Windows\{3419F1B3-CC30-4e64-B70D-E80C33440473}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D5247CA5-769E-43de-8DE4-254F44BDDA6A}\stubpath = "C:\\Windows\\{D5247CA5-769E-43de-8DE4-254F44BDDA6A}.exe" | C:\Windows\{CFC11523-3EEF-46c0-A70B-8D9519AA4485}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{47F582D4-40A1-4d9c-9457-AC6CA2BFEB48}\stubpath = "C:\\Windows\\{47F582D4-40A1-4d9c-9457-AC6CA2BFEB48}.exe" | C:\Windows\{7B542881-E784-4a99-8D39-81CDE9CEC4DB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2131AF11-F503-4ea8-B826-FA8749AB2C04} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_639e527998e0506714a7a8d6506c11da_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{79117DC1-9642-4a00-832B-D1587459CDD1} | C:\Windows\{2131AF11-F503-4ea8-B826-FA8749AB2C04}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{79117DC1-9642-4a00-832B-D1587459CDD1}\stubpath = "C:\\Windows\\{79117DC1-9642-4a00-832B-D1587459CDD1}.exe" | C:\Windows\{2131AF11-F503-4ea8-B826-FA8749AB2C04}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{212F9DD0-147E-4dfb-A8DD-16FDACEC6C35} | C:\Windows\{576A5771-6210-44b6-B079-D768B4AB4CE4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3419F1B3-CC30-4e64-B70D-E80C33440473}\stubpath = "C:\\Windows\\{3419F1B3-CC30-4e64-B70D-E80C33440473}.exe" | C:\Windows\{C8AA2AE6-C465-4e58-8D10-2B66A0EE5377}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{325CCD52-CE02-4d7f-9E8A-AE83CAF4264E}\stubpath = "C:\\Windows\\{325CCD52-CE02-4d7f-9E8A-AE83CAF4264E}.exe" | C:\Windows\{212F9DD0-147E-4dfb-A8DD-16FDACEC6C35}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7B542881-E784-4a99-8D39-81CDE9CEC4DB}\stubpath = "C:\\Windows\\{7B542881-E784-4a99-8D39-81CDE9CEC4DB}.exe" | C:\Windows\{D5247CA5-769E-43de-8DE4-254F44BDDA6A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CFC11523-3EEF-46c0-A70B-8D9519AA4485} | C:\Windows\{3419F1B3-CC30-4e64-B70D-E80C33440473}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2131AF11-F503-4ea8-B826-FA8749AB2C04}\stubpath = "C:\\Windows\\{2131AF11-F503-4ea8-B826-FA8749AB2C04}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_639e527998e0506714a7a8d6506c11da_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{576A5771-6210-44b6-B079-D768B4AB4CE4} | C:\Windows\{79117DC1-9642-4a00-832B-D1587459CDD1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{576A5771-6210-44b6-B079-D768B4AB4CE4}\stubpath = "C:\\Windows\\{576A5771-6210-44b6-B079-D768B4AB4CE4}.exe" | C:\Windows\{79117DC1-9642-4a00-832B-D1587459CDD1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{212F9DD0-147E-4dfb-A8DD-16FDACEC6C35}\stubpath = "C:\\Windows\\{212F9DD0-147E-4dfb-A8DD-16FDACEC6C35}.exe" | C:\Windows\{576A5771-6210-44b6-B079-D768B4AB4CE4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3419F1B3-CC30-4e64-B70D-E80C33440473} | C:\Windows\{C8AA2AE6-C465-4e58-8D10-2B66A0EE5377}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{2131AF11-F503-4ea8-B826-FA8749AB2C04}.exe | N/A |
| N/A | N/A | C:\Windows\{79117DC1-9642-4a00-832B-D1587459CDD1}.exe | N/A |
| N/A | N/A | C:\Windows\{576A5771-6210-44b6-B079-D768B4AB4CE4}.exe | N/A |
| N/A | N/A | C:\Windows\{212F9DD0-147E-4dfb-A8DD-16FDACEC6C35}.exe | N/A |
| N/A | N/A | C:\Windows\{325CCD52-CE02-4d7f-9E8A-AE83CAF4264E}.exe | N/A |
| N/A | N/A | C:\Windows\{C8AA2AE6-C465-4e58-8D10-2B66A0EE5377}.exe | N/A |
| N/A | N/A | C:\Windows\{3419F1B3-CC30-4e64-B70D-E80C33440473}.exe | N/A |
| N/A | N/A | C:\Windows\{CFC11523-3EEF-46c0-A70B-8D9519AA4485}.exe | N/A |
| N/A | N/A | C:\Windows\{D5247CA5-769E-43de-8DE4-254F44BDDA6A}.exe | N/A |
| N/A | N/A | C:\Windows\{7B542881-E784-4a99-8D39-81CDE9CEC4DB}.exe | N/A |
| N/A | N/A | C:\Windows\{47F582D4-40A1-4d9c-9457-AC6CA2BFEB48}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{C8AA2AE6-C465-4e58-8D10-2B66A0EE5377}.exe | C:\Windows\{325CCD52-CE02-4d7f-9E8A-AE83CAF4264E}.exe | N/A |
| File created | C:\Windows\{3419F1B3-CC30-4e64-B70D-E80C33440473}.exe | C:\Windows\{C8AA2AE6-C465-4e58-8D10-2B66A0EE5377}.exe | N/A |
| File created | C:\Windows\{7B542881-E784-4a99-8D39-81CDE9CEC4DB}.exe | C:\Windows\{D5247CA5-769E-43de-8DE4-254F44BDDA6A}.exe | N/A |
| File created | C:\Windows\{212F9DD0-147E-4dfb-A8DD-16FDACEC6C35}.exe | C:\Windows\{576A5771-6210-44b6-B079-D768B4AB4CE4}.exe | N/A |
| File created | C:\Windows\{325CCD52-CE02-4d7f-9E8A-AE83CAF4264E}.exe | C:\Windows\{212F9DD0-147E-4dfb-A8DD-16FDACEC6C35}.exe | N/A |
| File created | C:\Windows\{CFC11523-3EEF-46c0-A70B-8D9519AA4485}.exe | C:\Windows\{3419F1B3-CC30-4e64-B70D-E80C33440473}.exe | N/A |
| File created | C:\Windows\{D5247CA5-769E-43de-8DE4-254F44BDDA6A}.exe | C:\Windows\{CFC11523-3EEF-46c0-A70B-8D9519AA4485}.exe | N/A |
| File created | C:\Windows\{47F582D4-40A1-4d9c-9457-AC6CA2BFEB48}.exe | C:\Windows\{7B542881-E784-4a99-8D39-81CDE9CEC4DB}.exe | N/A |
| File created | C:\Windows\{2131AF11-F503-4ea8-B826-FA8749AB2C04}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_639e527998e0506714a7a8d6506c11da_goldeneye.exe | N/A |
| File created | C:\Windows\{79117DC1-9642-4a00-832B-D1587459CDD1}.exe | C:\Windows\{2131AF11-F503-4ea8-B826-FA8749AB2C04}.exe | N/A |
| File created | C:\Windows\{576A5771-6210-44b6-B079-D768B4AB4CE4}.exe | C:\Windows\{79117DC1-9642-4a00-832B-D1587459CDD1}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_639e527998e0506714a7a8d6506c11da_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_639e527998e0506714a7a8d6506c11da_goldeneye.exe"
C:\Windows\{2131AF11-F503-4ea8-B826-FA8749AB2C04}.exe
C:\Windows\{2131AF11-F503-4ea8-B826-FA8749AB2C04}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{79117DC1-9642-4a00-832B-D1587459CDD1}.exe
C:\Windows\{79117DC1-9642-4a00-832B-D1587459CDD1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2131A~1.EXE > nul
C:\Windows\{576A5771-6210-44b6-B079-D768B4AB4CE4}.exe
C:\Windows\{576A5771-6210-44b6-B079-D768B4AB4CE4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{79117~1.EXE > nul
C:\Windows\{212F9DD0-147E-4dfb-A8DD-16FDACEC6C35}.exe
C:\Windows\{212F9DD0-147E-4dfb-A8DD-16FDACEC6C35}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{576A5~1.EXE > nul
C:\Windows\{325CCD52-CE02-4d7f-9E8A-AE83CAF4264E}.exe
C:\Windows\{325CCD52-CE02-4d7f-9E8A-AE83CAF4264E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{212F9~1.EXE > nul
C:\Windows\{C8AA2AE6-C465-4e58-8D10-2B66A0EE5377}.exe
C:\Windows\{C8AA2AE6-C465-4e58-8D10-2B66A0EE5377}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{325CC~1.EXE > nul
C:\Windows\{3419F1B3-CC30-4e64-B70D-E80C33440473}.exe
C:\Windows\{3419F1B3-CC30-4e64-B70D-E80C33440473}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C8AA2~1.EXE > nul
C:\Windows\{CFC11523-3EEF-46c0-A70B-8D9519AA4485}.exe
C:\Windows\{CFC11523-3EEF-46c0-A70B-8D9519AA4485}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3419F~1.EXE > nul
C:\Windows\{D5247CA5-769E-43de-8DE4-254F44BDDA6A}.exe
C:\Windows\{D5247CA5-769E-43de-8DE4-254F44BDDA6A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CFC11~1.EXE > nul
C:\Windows\{7B542881-E784-4a99-8D39-81CDE9CEC4DB}.exe
C:\Windows\{7B542881-E784-4a99-8D39-81CDE9CEC4DB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D5247~1.EXE > nul
C:\Windows\{47F582D4-40A1-4d9c-9457-AC6CA2BFEB48}.exe
C:\Windows\{47F582D4-40A1-4d9c-9457-AC6CA2BFEB48}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7B542~1.EXE > nul
Network
Files
C:\Windows\{2131AF11-F503-4ea8-B826-FA8749AB2C04}.exe
| MD5 | 3b0f16b7ee98bb39adf4c79593bcdf01 |
| SHA1 | d9d8bf1a09ef3867a963ca316c37057352b47fc8 |
| SHA256 | b3579700061f2490a81940e33c82e8fc90e7a6bdf4867ff47d0c94a423d1ed83 |
| SHA512 | 4cf4df2ff971ff382a28565fe53204d8965ebf4f90693a921328f7146d3e03010757bac9429476144532a149304f12d42527d930927c39a21817a1ab209390ae |
C:\Windows\{79117DC1-9642-4a00-832B-D1587459CDD1}.exe
| MD5 | 56644f319786488189b73b544fa7805d |
| SHA1 | 2bbb567d41ee7463c32f6d333c59e1bd2889171d |
| SHA256 | 2da8de27ed7823035c5945d6598a24548867238ed355421478013c44abd7869a |
| SHA512 | dd0c0c5ade8446736000d8500f39a4be9c2598d9a712612076ce46a8861cd521dd7ad489b70a64f8b2631abc44be7549f90289b1498bb8e98b157e8dee557999 |
C:\Windows\{576A5771-6210-44b6-B079-D768B4AB4CE4}.exe
| MD5 | 4c4a8e9a89d98a8897b1e8abd1cc02e8 |
| SHA1 | 6f918b4c22ee28922b9148e2b61847f42df67224 |
| SHA256 | c95e8f32677b035b4ae9b9ab0f82f9ca73f0b2b79a72b4109eced764b5997a77 |
| SHA512 | 5be71d6bbea799cf73cea5eed11fc6b37059e007efdeb60b8e6ed653ca6e0379040876f74f333b29d3e1e6f4b3ebbf3c4460e508c055ba6db4c65458dd90de85 |
C:\Windows\{212F9DD0-147E-4dfb-A8DD-16FDACEC6C35}.exe
| MD5 | cdcf4a9899de7f419883a4fa3d87555a |
| SHA1 | 6f82748980e6156b8d5f81baf987e8e0e8e7d00d |
| SHA256 | 4131bcac41f0abb4e7ead8f7c7fc6815cf80ac1e67bef9ca5d0e9d91ed18b039 |
| SHA512 | 75f303cb114b8bf8995b25d6ba39c1e5b9abce6857fc169c3c2f62894215c844743284c700132beaba93236916af729a95312c3239eb5d47973ecb957db98aa2 |
C:\Windows\{325CCD52-CE02-4d7f-9E8A-AE83CAF4264E}.exe
| MD5 | 0ba0fea44e9564ecbb32913168d27cd1 |
| SHA1 | b50edf77f66086a1be835387de1243807109cd43 |
| SHA256 | 7306856e579436eb1f99d9c8d5d45fab3fb72af6a5d51c194627f3c2a76ee1ce |
| SHA512 | 9b1405f3e475bae7223834698890aa38b4e240947573f5d2a5aba3b9e6f4e93d074b8889b3345ee3ac9bdc8ec1bde0dfce18c55beb89f9d3bd1090e22a862ad3 |
C:\Windows\{C8AA2AE6-C465-4e58-8D10-2B66A0EE5377}.exe
| MD5 | 5867335e22dad6dabd8e261a3baaff01 |
| SHA1 | 9bbaff3ef22e4a8b4095a7c19b48d09fa997ed03 |
| SHA256 | 79fcfc173b8c67e84107698263a767ef8fe4256c56526277f2afd83b9c1c2cbb |
| SHA512 | 554b1a8d49189a69d9de53e756292a77525560120cf6b21f7a274a3ae5124465300bf9e1eebb25192663d9db246e95bdc6c2874eca85ab5c901755d5d9128524 |
C:\Windows\{3419F1B3-CC30-4e64-B70D-E80C33440473}.exe
| MD5 | eb64eeb8b6a8fa6d9d841f35abc20ab5 |
| SHA1 | 58d8ac7e0daca663f0e246f1243e97f4a0e79ed2 |
| SHA256 | c5ee4ca50c524bc7bc210ec8171b5dca6e9a57661fc974b81f1a4a7410cb090b |
| SHA512 | edddd6dbd1c9cd1eb21cb26dd0dea5b6a2d21365ce48467f3c362a7216b427aef40366f4c0815157f3a8ef27fe4a563fdd67e397b4f4867de0cfb4d0ecc071f6 |
C:\Windows\{CFC11523-3EEF-46c0-A70B-8D9519AA4485}.exe
| MD5 | 6834b97291a2a692cedadb1601fd061d |
| SHA1 | bc2944f43d314dd53fe9f5a5a98c06893ee9c5dd |
| SHA256 | b1edf6109e48c695fc14f2bdddd554ba80245f55c7021b1e99c53d2d5d3f35a3 |
| SHA512 | 9efeba34cd98f3b9668db92f9a3f3bc1ed345072885433d3e242c724957519819dde6f8467beaff37f5a74437b6c9b13842ed1dd5839d57303d1383f95931714 |
C:\Windows\{D5247CA5-769E-43de-8DE4-254F44BDDA6A}.exe
| MD5 | ff4d00d457c97f974dfba93749f164ee |
| SHA1 | abd4f9bba1e88bafd3cd2e5ba92af6a94a96861c |
| SHA256 | 1e142d75f96d4940ca34621f2eddee5f90d27663a9eabf31bf28aee11cce213d |
| SHA512 | 0725fbdab7c3d90b872d05195cefacf542c3fd0d405e3d8cf127c71d9ad4270d3458002c28d9c091bddb24af528bcea8d341f4e3641eaf42c9d0faf4718535f7 |
C:\Windows\{7B542881-E784-4a99-8D39-81CDE9CEC4DB}.exe
| MD5 | 1e00a5858a522c9c61528ff2a20a14dc |
| SHA1 | cb4ce876a4b2e77e85402fc5bae58011d59db1bc |
| SHA256 | e70b28a4622b5d2539be1d5bbc47818541d132fd7c22ef8bc8b044263b018ed1 |
| SHA512 | 258ea6d354ec5ce04bbad8481d348df0bd8181af3292d72ff8b8405ac7258ea9622701ca626648a6806868a8caafd21525b9057b5175e11f405cf884f0a7e43d |
C:\Windows\{47F582D4-40A1-4d9c-9457-AC6CA2BFEB48}.exe
| MD5 | 5293d10255d9ebbe70d024ed5119f056 |
| SHA1 | ab326680b318490078d04770f350cb1c48057fb1 |
| SHA256 | 540171e2fd5ed41f8269f1712cb177134d1503219a85625faf032a1536f98723 |
| SHA512 | 1119b1d737a9270bad6e0081d85828e5a0670c314a8c0ba75896147313a32ddce23a5785e507993856db1dc9977d5e2f936a888c8ec503c49786da4f7c6372f2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 02:51
Reported
2024-06-13 02:54
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9EBB1FCB-B5AD-4668-A7FB-F11764560E54} | C:\Windows\{231B97E5-3155-4a33-91FF-67B9D6BD38B2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9EBB1FCB-B5AD-4668-A7FB-F11764560E54}\stubpath = "C:\\Windows\\{9EBB1FCB-B5AD-4668-A7FB-F11764560E54}.exe" | C:\Windows\{231B97E5-3155-4a33-91FF-67B9D6BD38B2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F4D80C1D-625D-4779-BD67-C9132DB7AFA1}\stubpath = "C:\\Windows\\{F4D80C1D-625D-4779-BD67-C9132DB7AFA1}.exe" | C:\Windows\{9EBB1FCB-B5AD-4668-A7FB-F11764560E54}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6A9DCC0F-B53D-47df-AB74-651E2B6BD412}\stubpath = "C:\\Windows\\{6A9DCC0F-B53D-47df-AB74-651E2B6BD412}.exe" | C:\Windows\{DFE61D8F-C2A4-46d0-A65F-0087705CF4E6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{64BD120C-1179-4046-8CFF-8F510F97F13A}\stubpath = "C:\\Windows\\{64BD120C-1179-4046-8CFF-8F510F97F13A}.exe" | C:\Windows\{6A9DCC0F-B53D-47df-AB74-651E2B6BD412}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{231B97E5-3155-4a33-91FF-67B9D6BD38B2}\stubpath = "C:\\Windows\\{231B97E5-3155-4a33-91FF-67B9D6BD38B2}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_639e527998e0506714a7a8d6506c11da_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F4D80C1D-625D-4779-BD67-C9132DB7AFA1} | C:\Windows\{9EBB1FCB-B5AD-4668-A7FB-F11764560E54}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C6140BDD-BC7D-4e98-B9E0-CFBB41972453}\stubpath = "C:\\Windows\\{C6140BDD-BC7D-4e98-B9E0-CFBB41972453}.exe" | C:\Windows\{F4D80C1D-625D-4779-BD67-C9132DB7AFA1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3AE9FFBA-58D0-40b4-937E-AF8EDB309E4A} | C:\Windows\{E0FD9FF2-EED9-4305-83F9-7551F00DB565}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6A9DCC0F-B53D-47df-AB74-651E2B6BD412} | C:\Windows\{DFE61D8F-C2A4-46d0-A65F-0087705CF4E6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A727C33E-4FDF-4de3-AFC0-3F73366A649D}\stubpath = "C:\\Windows\\{A727C33E-4FDF-4de3-AFC0-3F73366A649D}.exe" | C:\Windows\{00A1DFFC-1605-476c-A93E-8129AA56AF29}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C6140BDD-BC7D-4e98-B9E0-CFBB41972453} | C:\Windows\{F4D80C1D-625D-4779-BD67-C9132DB7AFA1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A0682648-5076-4a18-839D-42E038D33B6F} | C:\Windows\{C6140BDD-BC7D-4e98-B9E0-CFBB41972453}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A0682648-5076-4a18-839D-42E038D33B6F}\stubpath = "C:\\Windows\\{A0682648-5076-4a18-839D-42E038D33B6F}.exe" | C:\Windows\{C6140BDD-BC7D-4e98-B9E0-CFBB41972453}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DFE61D8F-C2A4-46d0-A65F-0087705CF4E6} | C:\Windows\{3AE9FFBA-58D0-40b4-937E-AF8EDB309E4A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DFE61D8F-C2A4-46d0-A65F-0087705CF4E6}\stubpath = "C:\\Windows\\{DFE61D8F-C2A4-46d0-A65F-0087705CF4E6}.exe" | C:\Windows\{3AE9FFBA-58D0-40b4-937E-AF8EDB309E4A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A727C33E-4FDF-4de3-AFC0-3F73366A649D} | C:\Windows\{00A1DFFC-1605-476c-A93E-8129AA56AF29}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{231B97E5-3155-4a33-91FF-67B9D6BD38B2} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_639e527998e0506714a7a8d6506c11da_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E0FD9FF2-EED9-4305-83F9-7551F00DB565} | C:\Windows\{A0682648-5076-4a18-839D-42E038D33B6F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E0FD9FF2-EED9-4305-83F9-7551F00DB565}\stubpath = "C:\\Windows\\{E0FD9FF2-EED9-4305-83F9-7551F00DB565}.exe" | C:\Windows\{A0682648-5076-4a18-839D-42E038D33B6F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3AE9FFBA-58D0-40b4-937E-AF8EDB309E4A}\stubpath = "C:\\Windows\\{3AE9FFBA-58D0-40b4-937E-AF8EDB309E4A}.exe" | C:\Windows\{E0FD9FF2-EED9-4305-83F9-7551F00DB565}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{64BD120C-1179-4046-8CFF-8F510F97F13A} | C:\Windows\{6A9DCC0F-B53D-47df-AB74-651E2B6BD412}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{00A1DFFC-1605-476c-A93E-8129AA56AF29} | C:\Windows\{64BD120C-1179-4046-8CFF-8F510F97F13A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{00A1DFFC-1605-476c-A93E-8129AA56AF29}\stubpath = "C:\\Windows\\{00A1DFFC-1605-476c-A93E-8129AA56AF29}.exe" | C:\Windows\{64BD120C-1179-4046-8CFF-8F510F97F13A}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{231B97E5-3155-4a33-91FF-67B9D6BD38B2}.exe | N/A |
| N/A | N/A | C:\Windows\{9EBB1FCB-B5AD-4668-A7FB-F11764560E54}.exe | N/A |
| N/A | N/A | C:\Windows\{F4D80C1D-625D-4779-BD67-C9132DB7AFA1}.exe | N/A |
| N/A | N/A | C:\Windows\{C6140BDD-BC7D-4e98-B9E0-CFBB41972453}.exe | N/A |
| N/A | N/A | C:\Windows\{A0682648-5076-4a18-839D-42E038D33B6F}.exe | N/A |
| N/A | N/A | C:\Windows\{E0FD9FF2-EED9-4305-83F9-7551F00DB565}.exe | N/A |
| N/A | N/A | C:\Windows\{3AE9FFBA-58D0-40b4-937E-AF8EDB309E4A}.exe | N/A |
| N/A | N/A | C:\Windows\{DFE61D8F-C2A4-46d0-A65F-0087705CF4E6}.exe | N/A |
| N/A | N/A | C:\Windows\{6A9DCC0F-B53D-47df-AB74-651E2B6BD412}.exe | N/A |
| N/A | N/A | C:\Windows\{64BD120C-1179-4046-8CFF-8F510F97F13A}.exe | N/A |
| N/A | N/A | C:\Windows\{00A1DFFC-1605-476c-A93E-8129AA56AF29}.exe | N/A |
| N/A | N/A | C:\Windows\{A727C33E-4FDF-4de3-AFC0-3F73366A649D}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{DFE61D8F-C2A4-46d0-A65F-0087705CF4E6}.exe | C:\Windows\{3AE9FFBA-58D0-40b4-937E-AF8EDB309E4A}.exe | N/A |
| File created | C:\Windows\{6A9DCC0F-B53D-47df-AB74-651E2B6BD412}.exe | C:\Windows\{DFE61D8F-C2A4-46d0-A65F-0087705CF4E6}.exe | N/A |
| File created | C:\Windows\{64BD120C-1179-4046-8CFF-8F510F97F13A}.exe | C:\Windows\{6A9DCC0F-B53D-47df-AB74-651E2B6BD412}.exe | N/A |
| File created | C:\Windows\{00A1DFFC-1605-476c-A93E-8129AA56AF29}.exe | C:\Windows\{64BD120C-1179-4046-8CFF-8F510F97F13A}.exe | N/A |
| File created | C:\Windows\{A727C33E-4FDF-4de3-AFC0-3F73366A649D}.exe | C:\Windows\{00A1DFFC-1605-476c-A93E-8129AA56AF29}.exe | N/A |
| File created | C:\Windows\{E0FD9FF2-EED9-4305-83F9-7551F00DB565}.exe | C:\Windows\{A0682648-5076-4a18-839D-42E038D33B6F}.exe | N/A |
| File created | C:\Windows\{9EBB1FCB-B5AD-4668-A7FB-F11764560E54}.exe | C:\Windows\{231B97E5-3155-4a33-91FF-67B9D6BD38B2}.exe | N/A |
| File created | C:\Windows\{F4D80C1D-625D-4779-BD67-C9132DB7AFA1}.exe | C:\Windows\{9EBB1FCB-B5AD-4668-A7FB-F11764560E54}.exe | N/A |
| File created | C:\Windows\{C6140BDD-BC7D-4e98-B9E0-CFBB41972453}.exe | C:\Windows\{F4D80C1D-625D-4779-BD67-C9132DB7AFA1}.exe | N/A |
| File created | C:\Windows\{A0682648-5076-4a18-839D-42E038D33B6F}.exe | C:\Windows\{C6140BDD-BC7D-4e98-B9E0-CFBB41972453}.exe | N/A |
| File created | C:\Windows\{3AE9FFBA-58D0-40b4-937E-AF8EDB309E4A}.exe | C:\Windows\{E0FD9FF2-EED9-4305-83F9-7551F00DB565}.exe | N/A |
| File created | C:\Windows\{231B97E5-3155-4a33-91FF-67B9D6BD38B2}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_639e527998e0506714a7a8d6506c11da_goldeneye.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_639e527998e0506714a7a8d6506c11da_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_639e527998e0506714a7a8d6506c11da_goldeneye.exe"
C:\Windows\{231B97E5-3155-4a33-91FF-67B9D6BD38B2}.exe
C:\Windows\{231B97E5-3155-4a33-91FF-67B9D6BD38B2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{9EBB1FCB-B5AD-4668-A7FB-F11764560E54}.exe
C:\Windows\{9EBB1FCB-B5AD-4668-A7FB-F11764560E54}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{231B9~1.EXE > nul
C:\Windows\{F4D80C1D-625D-4779-BD67-C9132DB7AFA1}.exe
C:\Windows\{F4D80C1D-625D-4779-BD67-C9132DB7AFA1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9EBB1~1.EXE > nul
C:\Windows\{C6140BDD-BC7D-4e98-B9E0-CFBB41972453}.exe
C:\Windows\{C6140BDD-BC7D-4e98-B9E0-CFBB41972453}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F4D80~1.EXE > nul
C:\Windows\{A0682648-5076-4a18-839D-42E038D33B6F}.exe
C:\Windows\{A0682648-5076-4a18-839D-42E038D33B6F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C6140~1.EXE > nul
C:\Windows\{E0FD9FF2-EED9-4305-83F9-7551F00DB565}.exe
C:\Windows\{E0FD9FF2-EED9-4305-83F9-7551F00DB565}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A0682~1.EXE > nul
C:\Windows\{3AE9FFBA-58D0-40b4-937E-AF8EDB309E4A}.exe
C:\Windows\{3AE9FFBA-58D0-40b4-937E-AF8EDB309E4A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E0FD9~1.EXE > nul
C:\Windows\{DFE61D8F-C2A4-46d0-A65F-0087705CF4E6}.exe
C:\Windows\{DFE61D8F-C2A4-46d0-A65F-0087705CF4E6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3AE9F~1.EXE > nul
C:\Windows\{6A9DCC0F-B53D-47df-AB74-651E2B6BD412}.exe
C:\Windows\{6A9DCC0F-B53D-47df-AB74-651E2B6BD412}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{DFE61~1.EXE > nul
C:\Windows\{64BD120C-1179-4046-8CFF-8F510F97F13A}.exe
C:\Windows\{64BD120C-1179-4046-8CFF-8F510F97F13A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6A9DC~1.EXE > nul
C:\Windows\{00A1DFFC-1605-476c-A93E-8129AA56AF29}.exe
C:\Windows\{00A1DFFC-1605-476c-A93E-8129AA56AF29}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{64BD1~1.EXE > nul
C:\Windows\{A727C33E-4FDF-4de3-AFC0-3F73366A649D}.exe
C:\Windows\{A727C33E-4FDF-4de3-AFC0-3F73366A649D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{00A1D~1.EXE > nul
Network
Files
C:\Windows\{231B97E5-3155-4a33-91FF-67B9D6BD38B2}.exe
| MD5 | 410af7607bfc3432230eb71a982d8404 |
| SHA1 | c7c510cf47a19f3c15831eb224d5843561da6725 |
| SHA256 | 3fe948f4e7efb35eb9b4414c754c50c43e13d341dbe0bfcc769fda16f4f82326 |
| SHA512 | 13a8d2c151594c925639f2875c8373a672ebb89316f832b2af4a8f906f28ef0629bc5873cab62c53e99fc33d260f09e0931022217570518506da0aeb3cf6b8d0 |
C:\Windows\{9EBB1FCB-B5AD-4668-A7FB-F11764560E54}.exe
| MD5 | cbb2d351da7ed421c24fb4106c7cd5a0 |
| SHA1 | 3495402f93b920b42e44437981d28b30651207c9 |
| SHA256 | 2d567a891db89a236c4d49ab6dacf26b1338323816bfa4818a42826efffd3748 |
| SHA512 | 0b22cd2a95b883a2c5613f4e0a611aeeeaf20dbda4b19ab6c96764b32f4071bfe748d7e20dd29515afc8ce9586cc85a422dec33e1a97cf1209fc811593dd8582 |
C:\Windows\{F4D80C1D-625D-4779-BD67-C9132DB7AFA1}.exe
| MD5 | 950068227f4b7f0bb1f0fe4543163683 |
| SHA1 | e6268f5bed7e8a1c64dd99c94130690f5cff746b |
| SHA256 | 3cff5306dfd71e587771f1dc608457d0ca9847de894fda26d3f6cf08f8c95980 |
| SHA512 | dedeba053fd4ae7355ed987ca5f3eb17365a7967f56875fac31dc1d705b8d3f8b638e43097980ec818bc7df2ea38c490af6043d4b43ff19195089cc4307a028b |
C:\Windows\{C6140BDD-BC7D-4e98-B9E0-CFBB41972453}.exe
| MD5 | e99553f009dbe58e3b40fd1a4f1d487f |
| SHA1 | 842e152258612bf8e2bf5fb6267b65115ef5d3b6 |
| SHA256 | f8dacba201525994d53287d68102478ed857b5ea011366ec7c4914e0f13060bd |
| SHA512 | 8de9acec0b9fe33171189371998a15375ecdb343b73fb43f445192a5ef7bcc360e4bbd77a7d172a1f5e29a66e03a8af59a3f0194f889bf0bc68004bfcd9669f3 |
C:\Windows\{A0682648-5076-4a18-839D-42E038D33B6F}.exe
| MD5 | 9a8e7d304a80c819a1241abe1fbbcca2 |
| SHA1 | 724001a55cf61088f6a548df0644e8d829491fd3 |
| SHA256 | b2db87a72f4761be2a181a3ee5abc5f3c5e6f1799aa0b757153a4e8031124c3a |
| SHA512 | 507014f7c9bf55cf05c4560afe09097e4687483906ea0cdd93fadebe5cded46249427b1d54a6362a0ae53dbbd208bdb6cd278edd7ad6e587dc369f37beffbdb4 |
C:\Windows\{E0FD9FF2-EED9-4305-83F9-7551F00DB565}.exe
| MD5 | 4982c143e36bffd74aa5ac747b167b12 |
| SHA1 | d12e649b71b25e8b1bfd602f9705d4b5944897b1 |
| SHA256 | 07a8b77cc17512ffbd04305883d1b89d216ed2b16218aa05d8f0a72d53b7da08 |
| SHA512 | fae561d1d28bd57a82f01409a7ae1c805163d6e1a80074889779d96aa95dae432d97e405e995784aa94fae96aaca3d154288f071cc412a642a2e1ca2c4819f61 |
C:\Windows\{3AE9FFBA-58D0-40b4-937E-AF8EDB309E4A}.exe
| MD5 | 9c3bc8f82589bc9860c847dc8b80ae3f |
| SHA1 | f342af00ab44c49848aa4a8878702789be39ab00 |
| SHA256 | d9c1810759063b4500b4fdbd3dd78dc960b1078110f896c7f429ccc2bde44ba0 |
| SHA512 | 2ba8c8fb1b3e0fd6b62102925fe808968e3366c1a99ac259a0a74042444e842e41bf6b9c043db72b8220f854675376ed70d7d0e500b388cdad24cba2649ce128 |
C:\Windows\{DFE61D8F-C2A4-46d0-A65F-0087705CF4E6}.exe
| MD5 | bda2d5eee7ef400a496c69bc489ce46a |
| SHA1 | 58d8730882a53c906898b72b7b39705a43082e75 |
| SHA256 | 9d6e3f0cd7074ab75a120f39590e15f26f722b22d8d1974cb7cb37b86c92c688 |
| SHA512 | 45dbed3121d5321c35f6d223a4601229067469c77142f33f0dec30cb9fdf75dc9d42a52965b85b35a582647ff4d18d632b5b6ee2ea202b73e410322b178a399a |
C:\Windows\{6A9DCC0F-B53D-47df-AB74-651E2B6BD412}.exe
| MD5 | fdf85048a2ead13d006f1753aa771e6e |
| SHA1 | c8a49d429e02dcce8874c4732d2df45b88be3fe6 |
| SHA256 | 8c0b7ae850d1f061e48be7e30593d58cb0360845935f15a319987bdb11dc70a2 |
| SHA512 | 4a3c64b342e04202ccae6b2a0842e89e6f3a61d77503ea0e85895ce28d99b968ad8cc125f8af762e51f39975b6a3129be8fea0f470c8c4482ad4d1bbd9456bd4 |
C:\Windows\{64BD120C-1179-4046-8CFF-8F510F97F13A}.exe
| MD5 | b94da8d8f6e3ce00e3008980150cad83 |
| SHA1 | dddd806e4966c20fc0739b90b56ef372d519b9cc |
| SHA256 | 31bedfb5de2b7fb88d0af6812f0b0c512b7d4962eb85f5869b288c0e01e94336 |
| SHA512 | 93fd2395eeff00026cf2e69466eaaa0e5e32eefd9742076f672b76a17885d43494b649be129723bcbcc76a1d959dcbe39ee79cb47397e071739390e5bfff71a4 |
C:\Windows\{00A1DFFC-1605-476c-A93E-8129AA56AF29}.exe
| MD5 | 3c0edf1105696366387247409c66cc39 |
| SHA1 | 6b7e3fd367840fd8a76b59ad931552f129501b01 |
| SHA256 | 41aa5c602ab07d1bcf25844dc44c2c977c73f7645d3b5cc309d1333f7be355e2 |
| SHA512 | e9b7d9c353bedc2f1a431d82aab6c28285c4908357de6b368b2edbff3ff2ec15cc59ef27419acafa2d69534d8859fa0fd3a0b00f4b348698280f78d40214d239 |
C:\Windows\{A727C33E-4FDF-4de3-AFC0-3F73366A649D}.exe
| MD5 | d855b92f1618fdd920d58541811b81c8 |
| SHA1 | 09a3ca856f2a8eb3aa92af329a645392b1df926e |
| SHA256 | 68ecb3eb5bb6d7299f85bccb6881d84fd1fba931f0c809cdb2a4702f10368660 |
| SHA512 | 9de1ea190dfbdf229b6a0fecd3996207d5706dbd9335ece9c599d6da64be5d3f8667ffe568ea7a1b0c8a0f8810ad718206ab94c3b8ae0f0651cdd7fdfaa0cf03 |