Analysis Overview
SHA256
7b46eff9608adc6d13237c8516edc6e511b2b2fa079a5df130f4cda58d71e46d
Threat Level: Known bad
The file 2024-06-13_75395c7cde9cd0b4183be94570719bdb_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:53
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:53
Reported
2024-06-13 02:56
Platform
win7-20231129-en
Max time kernel
144s
Max time network
126s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3940AD8B-3871-46da-821E-AED7E3387F31} | C:\Windows\{57C9D47B-F7D8-4c79-B310-54F1BA127229}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AFD634D9-A45F-4f77-8B8C-4ADBDDD68F2C} | C:\Windows\{09D8E1D6-F2BC-4704-8253-2035EE6BDD36}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{612EAB1D-7162-464e-93FE-F47211FEE417} | C:\Windows\{AFD634D9-A45F-4f77-8B8C-4ADBDDD68F2C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6FAFAA84-3C9E-451c-B6BB-2F54EB4F3737}\stubpath = "C:\\Windows\\{6FAFAA84-3C9E-451c-B6BB-2F54EB4F3737}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_75395c7cde9cd0b4183be94570719bdb_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{57C9D47B-F7D8-4c79-B310-54F1BA127229}\stubpath = "C:\\Windows\\{57C9D47B-F7D8-4c79-B310-54F1BA127229}.exe" | C:\Windows\{6FAFAA84-3C9E-451c-B6BB-2F54EB4F3737}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F532EFC3-E249-4d19-A088-F3BDADE22970} | C:\Windows\{F1FA42AD-D887-4dd6-9AF6-3470DCDDDA74}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C370617C-4D18-485d-B498-B871BF4196A9}\stubpath = "C:\\Windows\\{C370617C-4D18-485d-B498-B871BF4196A9}.exe" | C:\Windows\{F532EFC3-E249-4d19-A088-F3BDADE22970}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AFD634D9-A45F-4f77-8B8C-4ADBDDD68F2C}\stubpath = "C:\\Windows\\{AFD634D9-A45F-4f77-8B8C-4ADBDDD68F2C}.exe" | C:\Windows\{09D8E1D6-F2BC-4704-8253-2035EE6BDD36}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{57C9D47B-F7D8-4c79-B310-54F1BA127229} | C:\Windows\{6FAFAA84-3C9E-451c-B6BB-2F54EB4F3737}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3940AD8B-3871-46da-821E-AED7E3387F31}\stubpath = "C:\\Windows\\{3940AD8B-3871-46da-821E-AED7E3387F31}.exe" | C:\Windows\{57C9D47B-F7D8-4c79-B310-54F1BA127229}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F1FA42AD-D887-4dd6-9AF6-3470DCDDDA74} | C:\Windows\{3A4CC82D-991C-4824-95FD-CB042EE6401C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C370617C-4D18-485d-B498-B871BF4196A9} | C:\Windows\{F532EFC3-E249-4d19-A088-F3BDADE22970}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{09D8E1D6-F2BC-4704-8253-2035EE6BDD36} | C:\Windows\{C370617C-4D18-485d-B498-B871BF4196A9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{612EAB1D-7162-464e-93FE-F47211FEE417}\stubpath = "C:\\Windows\\{612EAB1D-7162-464e-93FE-F47211FEE417}.exe" | C:\Windows\{AFD634D9-A45F-4f77-8B8C-4ADBDDD68F2C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{282A3572-3C1A-4ad6-8F2B-D6ACCB2C30EB}\stubpath = "C:\\Windows\\{282A3572-3C1A-4ad6-8F2B-D6ACCB2C30EB}.exe" | C:\Windows\{612EAB1D-7162-464e-93FE-F47211FEE417}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6FAFAA84-3C9E-451c-B6BB-2F54EB4F3737} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_75395c7cde9cd0b4183be94570719bdb_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3A4CC82D-991C-4824-95FD-CB042EE6401C} | C:\Windows\{3940AD8B-3871-46da-821E-AED7E3387F31}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3A4CC82D-991C-4824-95FD-CB042EE6401C}\stubpath = "C:\\Windows\\{3A4CC82D-991C-4824-95FD-CB042EE6401C}.exe" | C:\Windows\{3940AD8B-3871-46da-821E-AED7E3387F31}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F1FA42AD-D887-4dd6-9AF6-3470DCDDDA74}\stubpath = "C:\\Windows\\{F1FA42AD-D887-4dd6-9AF6-3470DCDDDA74}.exe" | C:\Windows\{3A4CC82D-991C-4824-95FD-CB042EE6401C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F532EFC3-E249-4d19-A088-F3BDADE22970}\stubpath = "C:\\Windows\\{F532EFC3-E249-4d19-A088-F3BDADE22970}.exe" | C:\Windows\{F1FA42AD-D887-4dd6-9AF6-3470DCDDDA74}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{09D8E1D6-F2BC-4704-8253-2035EE6BDD36}\stubpath = "C:\\Windows\\{09D8E1D6-F2BC-4704-8253-2035EE6BDD36}.exe" | C:\Windows\{C370617C-4D18-485d-B498-B871BF4196A9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{282A3572-3C1A-4ad6-8F2B-D6ACCB2C30EB} | C:\Windows\{612EAB1D-7162-464e-93FE-F47211FEE417}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{6FAFAA84-3C9E-451c-B6BB-2F54EB4F3737}.exe | N/A |
| N/A | N/A | C:\Windows\{57C9D47B-F7D8-4c79-B310-54F1BA127229}.exe | N/A |
| N/A | N/A | C:\Windows\{3940AD8B-3871-46da-821E-AED7E3387F31}.exe | N/A |
| N/A | N/A | C:\Windows\{3A4CC82D-991C-4824-95FD-CB042EE6401C}.exe | N/A |
| N/A | N/A | C:\Windows\{F1FA42AD-D887-4dd6-9AF6-3470DCDDDA74}.exe | N/A |
| N/A | N/A | C:\Windows\{F532EFC3-E249-4d19-A088-F3BDADE22970}.exe | N/A |
| N/A | N/A | C:\Windows\{C370617C-4D18-485d-B498-B871BF4196A9}.exe | N/A |
| N/A | N/A | C:\Windows\{09D8E1D6-F2BC-4704-8253-2035EE6BDD36}.exe | N/A |
| N/A | N/A | C:\Windows\{AFD634D9-A45F-4f77-8B8C-4ADBDDD68F2C}.exe | N/A |
| N/A | N/A | C:\Windows\{612EAB1D-7162-464e-93FE-F47211FEE417}.exe | N/A |
| N/A | N/A | C:\Windows\{282A3572-3C1A-4ad6-8F2B-D6ACCB2C30EB}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{F532EFC3-E249-4d19-A088-F3BDADE22970}.exe | C:\Windows\{F1FA42AD-D887-4dd6-9AF6-3470DCDDDA74}.exe | N/A |
| File created | C:\Windows\{AFD634D9-A45F-4f77-8B8C-4ADBDDD68F2C}.exe | C:\Windows\{09D8E1D6-F2BC-4704-8253-2035EE6BDD36}.exe | N/A |
| File created | C:\Windows\{6FAFAA84-3C9E-451c-B6BB-2F54EB4F3737}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_75395c7cde9cd0b4183be94570719bdb_goldeneye.exe | N/A |
| File created | C:\Windows\{57C9D47B-F7D8-4c79-B310-54F1BA127229}.exe | C:\Windows\{6FAFAA84-3C9E-451c-B6BB-2F54EB4F3737}.exe | N/A |
| File created | C:\Windows\{3A4CC82D-991C-4824-95FD-CB042EE6401C}.exe | C:\Windows\{3940AD8B-3871-46da-821E-AED7E3387F31}.exe | N/A |
| File created | C:\Windows\{09D8E1D6-F2BC-4704-8253-2035EE6BDD36}.exe | C:\Windows\{C370617C-4D18-485d-B498-B871BF4196A9}.exe | N/A |
| File created | C:\Windows\{612EAB1D-7162-464e-93FE-F47211FEE417}.exe | C:\Windows\{AFD634D9-A45F-4f77-8B8C-4ADBDDD68F2C}.exe | N/A |
| File created | C:\Windows\{282A3572-3C1A-4ad6-8F2B-D6ACCB2C30EB}.exe | C:\Windows\{612EAB1D-7162-464e-93FE-F47211FEE417}.exe | N/A |
| File created | C:\Windows\{3940AD8B-3871-46da-821E-AED7E3387F31}.exe | C:\Windows\{57C9D47B-F7D8-4c79-B310-54F1BA127229}.exe | N/A |
| File created | C:\Windows\{F1FA42AD-D887-4dd6-9AF6-3470DCDDDA74}.exe | C:\Windows\{3A4CC82D-991C-4824-95FD-CB042EE6401C}.exe | N/A |
| File created | C:\Windows\{C370617C-4D18-485d-B498-B871BF4196A9}.exe | C:\Windows\{F532EFC3-E249-4d19-A088-F3BDADE22970}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_75395c7cde9cd0b4183be94570719bdb_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_75395c7cde9cd0b4183be94570719bdb_goldeneye.exe"
C:\Windows\{6FAFAA84-3C9E-451c-B6BB-2F54EB4F3737}.exe
C:\Windows\{6FAFAA84-3C9E-451c-B6BB-2F54EB4F3737}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{57C9D47B-F7D8-4c79-B310-54F1BA127229}.exe
C:\Windows\{57C9D47B-F7D8-4c79-B310-54F1BA127229}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6FAFA~1.EXE > nul
C:\Windows\{3940AD8B-3871-46da-821E-AED7E3387F31}.exe
C:\Windows\{3940AD8B-3871-46da-821E-AED7E3387F31}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{57C9D~1.EXE > nul
C:\Windows\{3A4CC82D-991C-4824-95FD-CB042EE6401C}.exe
C:\Windows\{3A4CC82D-991C-4824-95FD-CB042EE6401C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3940A~1.EXE > nul
C:\Windows\{F1FA42AD-D887-4dd6-9AF6-3470DCDDDA74}.exe
C:\Windows\{F1FA42AD-D887-4dd6-9AF6-3470DCDDDA74}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3A4CC~1.EXE > nul
C:\Windows\{F532EFC3-E249-4d19-A088-F3BDADE22970}.exe
C:\Windows\{F532EFC3-E249-4d19-A088-F3BDADE22970}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F1FA4~1.EXE > nul
C:\Windows\{C370617C-4D18-485d-B498-B871BF4196A9}.exe
C:\Windows\{C370617C-4D18-485d-B498-B871BF4196A9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F532E~1.EXE > nul
C:\Windows\{09D8E1D6-F2BC-4704-8253-2035EE6BDD36}.exe
C:\Windows\{09D8E1D6-F2BC-4704-8253-2035EE6BDD36}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C3706~1.EXE > nul
C:\Windows\{AFD634D9-A45F-4f77-8B8C-4ADBDDD68F2C}.exe
C:\Windows\{AFD634D9-A45F-4f77-8B8C-4ADBDDD68F2C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{09D8E~1.EXE > nul
C:\Windows\{612EAB1D-7162-464e-93FE-F47211FEE417}.exe
C:\Windows\{612EAB1D-7162-464e-93FE-F47211FEE417}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{AFD63~1.EXE > nul
C:\Windows\{282A3572-3C1A-4ad6-8F2B-D6ACCB2C30EB}.exe
C:\Windows\{282A3572-3C1A-4ad6-8F2B-D6ACCB2C30EB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{612EA~1.EXE > nul
Network
Files
C:\Windows\{6FAFAA84-3C9E-451c-B6BB-2F54EB4F3737}.exe
| MD5 | 9cbe145adf259a903c43aa5e4de62130 |
| SHA1 | 73de981ef28762bdc272113f84eb810f9c4d817b |
| SHA256 | f485135556d2eeb8ecd92d584a1828e7c45fe84ba44e2d2f873ce022e328feca |
| SHA512 | 1d9f18590ecd3eb1a7443c0c1cd8c3a5ca012b356da85c70d28d6667187f81d9bc33b94a347389fddd198edc6af271c531f8fb144f8168ce63dd477585727445 |
C:\Windows\{57C9D47B-F7D8-4c79-B310-54F1BA127229}.exe
| MD5 | e81f9993b6d8ceb526bbe7ec320267a8 |
| SHA1 | cc46ac6581620b8966c52022a4b7ca952b8d3d7a |
| SHA256 | 4ad216e1c1cce7342d3bb0814f91497761eb5a3570e335dcb2aa65793d987b38 |
| SHA512 | f7525614e2ae886f0451b40ba6667d930cac7e89c57b4fb71e74fc7544fa3ab4bf50241da52a8164df908948c6541d7dd306c8c629206dc169cacd5390633c12 |
C:\Windows\{3940AD8B-3871-46da-821E-AED7E3387F31}.exe
| MD5 | c8f90ed15fb9ff45548cb79a338b39e8 |
| SHA1 | e64b54f963c848b20749264f81cc136e32f8e3d1 |
| SHA256 | 9adbd799c6d3259895b133fdea8367b88a1c475f24ae483b1f7cfb1ff686f17a |
| SHA512 | 70ede053dc4a4ad90e95059d72a7c632246a76beba83c62c948fa6e72db5666f13a1b2c8764a517dff62ec1532ba2aa227a90d6bddb1c3784d146b4693ff673a |
C:\Windows\{3A4CC82D-991C-4824-95FD-CB042EE6401C}.exe
| MD5 | bcb675de50ccc3c3163e846e71b6daeb |
| SHA1 | bafb371700dba520c0cf45c18200a9311fad30a2 |
| SHA256 | 370d4e8a0693209aee46ed32c71b76b29b92881137a9211e176fe034ef12cfbd |
| SHA512 | fca829365a7cda968fb1244371680265ff1d4b4bde2d4e01476b9b09e4097309484559110c3274825514f9c5dfd9729944d6f9bdf1caecfb3cae6b32deb7d75e |
C:\Windows\{F1FA42AD-D887-4dd6-9AF6-3470DCDDDA74}.exe
| MD5 | 07c9aa9cb076fdd3323de29e383d5e39 |
| SHA1 | 8349429bd2280ecb9bc2afda4652db0b2891362d |
| SHA256 | 6c0960ad3ac185b10dad195ede7909d47a71f2df6ff12275d0c38806ddff9fd6 |
| SHA512 | 5490216f7a296057f81a8e4332655723a2c8a0891dce6e0bcd6c3a3b1c409a58bb6370d59bf4182ce2a7db16e2dcec05adf4922d99b56f52a4310f36b3f8d81f |
C:\Windows\{F532EFC3-E249-4d19-A088-F3BDADE22970}.exe
| MD5 | 5926a4972a6403200cd70c4703f9e25e |
| SHA1 | abfead9d906c8fb1ac6c45413da34f35adf237e8 |
| SHA256 | 9a6eda854a35556a79fd5531fcc4e784bd9fbd0daa2fc28f50de107c1eb237d9 |
| SHA512 | de160840538d9b3e85b936f5bc6ad666a151a61bd6a0146abe8bd91bafd5e3ee2884826da17e8c5c5850182b760d57318369918e77936c3f72567776bb28f449 |
C:\Windows\{C370617C-4D18-485d-B498-B871BF4196A9}.exe
| MD5 | 534fcdd9fb02593b75c1a3c217da2a52 |
| SHA1 | f78c1c682a1b2d6e9e3647e5a48b427c439cb2da |
| SHA256 | a0a2bab1634e4997431f02997729c588b063efd5d6702493f828dd446bb21f51 |
| SHA512 | bfc417819eb556766eb6c6471e931e4f11f2ee93fa42a4e7d981ed1d2914c197e7942e10e95abec3f99c4dc385da5e5393a2a67a4df67a25177be41665452056 |
C:\Windows\{09D8E1D6-F2BC-4704-8253-2035EE6BDD36}.exe
| MD5 | 2049b5eabc46e1bf9541ae5d50fc3895 |
| SHA1 | 90dcbedcf5218fd2de1d7065e7e41f1366e80df7 |
| SHA256 | 161d4350e26559236ccba177d41bba4e2b0c39337e5e282de946abfa2b73830a |
| SHA512 | fe4e16a4f30f6f158e6c6cde2da95b1517b7648f7087273bbf6b78884fe32d1461d9b9ff1e49eae69614dece40771496878d8392bcf39662025dfc12bc2f13c6 |
C:\Windows\{AFD634D9-A45F-4f77-8B8C-4ADBDDD68F2C}.exe
| MD5 | 503ef30c2ce0b58f3102008d4dc5e35c |
| SHA1 | c110e5f748dc55de89cc54ada8627eb5e9a02f04 |
| SHA256 | 28b297473efbb138c042db3f917a70ef51819183f6dae78e129687ce83f4d43f |
| SHA512 | 312f119fec6fc4187034f16baf69f1a7cac457ccdd066649076a4568c8f6c48f7afebe5c770a35e64871eb55d71b5496deb59695201bca7d2bced3ecf4a82aaf |
C:\Windows\{612EAB1D-7162-464e-93FE-F47211FEE417}.exe
| MD5 | 090fb6ead3aebcd35c5b44e25ebb6f8e |
| SHA1 | 539035af227c2e26529e49590f0f8081bdc5d36c |
| SHA256 | 4707c0bfb0201a7c56137b6cd4ed872b8872c25138a05c2b93ef435c8c708e91 |
| SHA512 | f7267a9fe1eb1e350f8aaf5c202a56f9a0b8a1aea571bddd8b448dc59ab50b5a2ce02acec060c2e885600e86927d7afddac6e4ae120bb55aefd738b16f9796ef |
C:\Windows\{282A3572-3C1A-4ad6-8F2B-D6ACCB2C30EB}.exe
| MD5 | 5d2c8c630212023d639f02fe9d57f42b |
| SHA1 | 3aab85a4d7ac81f0774641c82bcf8d4973013a0f |
| SHA256 | e757a3e4b4ee0164456159ffeb025fcaf0b2fa14bafc075b8085b0f6d5af86f0 |
| SHA512 | fd1d298db4a659f0dc65394bd6470c2157a16625aaa41204e50b49d01b93a13b9ec350b1a965265d578feea6c662195e7d90dfdb8bbaca9e5a8390e4a63422d1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 02:53
Reported
2024-06-13 02:56
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
51s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{100F4665-7F28-414d-ADDC-60DCB318D02B} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_75395c7cde9cd0b4183be94570719bdb_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{100F4665-7F28-414d-ADDC-60DCB318D02B}\stubpath = "C:\\Windows\\{100F4665-7F28-414d-ADDC-60DCB318D02B}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_75395c7cde9cd0b4183be94570719bdb_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F2E3F101-3DB2-46bc-BB29-42469A568E9A} | C:\Windows\{100F4665-7F28-414d-ADDC-60DCB318D02B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{48BBFAC2-C4E0-42e1-8968-44E0AE758B59}\stubpath = "C:\\Windows\\{48BBFAC2-C4E0-42e1-8968-44E0AE758B59}.exe" | C:\Windows\{F2E3F101-3DB2-46bc-BB29-42469A568E9A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{420FD274-6BF6-4926-93EF-BE40A10BF37A} | C:\Windows\{48BBFAC2-C4E0-42e1-8968-44E0AE758B59}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4497DD96-613F-4683-B791-26AABBD308A3}\stubpath = "C:\\Windows\\{4497DD96-613F-4683-B791-26AABBD308A3}.exe" | C:\Windows\{78EC474C-029A-49b7-8DFC-7AC012A953BA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{48BBFAC2-C4E0-42e1-8968-44E0AE758B59} | C:\Windows\{F2E3F101-3DB2-46bc-BB29-42469A568E9A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{78EC474C-029A-49b7-8DFC-7AC012A953BA} | C:\Windows\{3189BD62-AB9B-4e07-B65F-C6961B2227F9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{78EC474C-029A-49b7-8DFC-7AC012A953BA}\stubpath = "C:\\Windows\\{78EC474C-029A-49b7-8DFC-7AC012A953BA}.exe" | C:\Windows\{3189BD62-AB9B-4e07-B65F-C6961B2227F9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4497DD96-613F-4683-B791-26AABBD308A3} | C:\Windows\{78EC474C-029A-49b7-8DFC-7AC012A953BA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{869A875D-2E95-4c32-83B9-65592F397DE2}\stubpath = "C:\\Windows\\{869A875D-2E95-4c32-83B9-65592F397DE2}.exe" | C:\Windows\{4497DD96-613F-4683-B791-26AABBD308A3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{215468D6-31AE-45cb-911F-8F8F97A4CF97} | C:\Windows\{4F5291FC-BE4A-424a-8E89-47E30EE4CAF9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{420FD274-6BF6-4926-93EF-BE40A10BF37A}\stubpath = "C:\\Windows\\{420FD274-6BF6-4926-93EF-BE40A10BF37A}.exe" | C:\Windows\{48BBFAC2-C4E0-42e1-8968-44E0AE758B59}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CBD68427-FAE6-48d1-8EBA-988322A5BB9A}\stubpath = "C:\\Windows\\{CBD68427-FAE6-48d1-8EBA-988322A5BB9A}.exe" | C:\Windows\{420FD274-6BF6-4926-93EF-BE40A10BF37A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3189BD62-AB9B-4e07-B65F-C6961B2227F9}\stubpath = "C:\\Windows\\{3189BD62-AB9B-4e07-B65F-C6961B2227F9}.exe" | C:\Windows\{CBD68427-FAE6-48d1-8EBA-988322A5BB9A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{869A875D-2E95-4c32-83B9-65592F397DE2} | C:\Windows\{4497DD96-613F-4683-B791-26AABBD308A3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{493E33C7-AF64-4d04-8B56-BC710E57A240}\stubpath = "C:\\Windows\\{493E33C7-AF64-4d04-8B56-BC710E57A240}.exe" | C:\Windows\{869A875D-2E95-4c32-83B9-65592F397DE2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4F5291FC-BE4A-424a-8E89-47E30EE4CAF9} | C:\Windows\{493E33C7-AF64-4d04-8B56-BC710E57A240}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4F5291FC-BE4A-424a-8E89-47E30EE4CAF9}\stubpath = "C:\\Windows\\{4F5291FC-BE4A-424a-8E89-47E30EE4CAF9}.exe" | C:\Windows\{493E33C7-AF64-4d04-8B56-BC710E57A240}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F2E3F101-3DB2-46bc-BB29-42469A568E9A}\stubpath = "C:\\Windows\\{F2E3F101-3DB2-46bc-BB29-42469A568E9A}.exe" | C:\Windows\{100F4665-7F28-414d-ADDC-60DCB318D02B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CBD68427-FAE6-48d1-8EBA-988322A5BB9A} | C:\Windows\{420FD274-6BF6-4926-93EF-BE40A10BF37A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3189BD62-AB9B-4e07-B65F-C6961B2227F9} | C:\Windows\{CBD68427-FAE6-48d1-8EBA-988322A5BB9A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{493E33C7-AF64-4d04-8B56-BC710E57A240} | C:\Windows\{869A875D-2E95-4c32-83B9-65592F397DE2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{215468D6-31AE-45cb-911F-8F8F97A4CF97}\stubpath = "C:\\Windows\\{215468D6-31AE-45cb-911F-8F8F97A4CF97}.exe" | C:\Windows\{4F5291FC-BE4A-424a-8E89-47E30EE4CAF9}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{100F4665-7F28-414d-ADDC-60DCB318D02B}.exe | N/A |
| N/A | N/A | C:\Windows\{F2E3F101-3DB2-46bc-BB29-42469A568E9A}.exe | N/A |
| N/A | N/A | C:\Windows\{48BBFAC2-C4E0-42e1-8968-44E0AE758B59}.exe | N/A |
| N/A | N/A | C:\Windows\{420FD274-6BF6-4926-93EF-BE40A10BF37A}.exe | N/A |
| N/A | N/A | C:\Windows\{CBD68427-FAE6-48d1-8EBA-988322A5BB9A}.exe | N/A |
| N/A | N/A | C:\Windows\{3189BD62-AB9B-4e07-B65F-C6961B2227F9}.exe | N/A |
| N/A | N/A | C:\Windows\{78EC474C-029A-49b7-8DFC-7AC012A953BA}.exe | N/A |
| N/A | N/A | C:\Windows\{4497DD96-613F-4683-B791-26AABBD308A3}.exe | N/A |
| N/A | N/A | C:\Windows\{869A875D-2E95-4c32-83B9-65592F397DE2}.exe | N/A |
| N/A | N/A | C:\Windows\{4F5291FC-BE4A-424a-8E89-47E30EE4CAF9}.exe | N/A |
| N/A | N/A | C:\Windows\{215468D6-31AE-45cb-911F-8F8F97A4CF97}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{3189BD62-AB9B-4e07-B65F-C6961B2227F9}.exe | C:\Windows\{CBD68427-FAE6-48d1-8EBA-988322A5BB9A}.exe | N/A |
| File created | C:\Windows\{215468D6-31AE-45cb-911F-8F8F97A4CF97}.exe | C:\Windows\{4F5291FC-BE4A-424a-8E89-47E30EE4CAF9}.exe | N/A |
| File created | C:\Windows\{100F4665-7F28-414d-ADDC-60DCB318D02B}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_75395c7cde9cd0b4183be94570719bdb_goldeneye.exe | N/A |
| File created | C:\Windows\{F2E3F101-3DB2-46bc-BB29-42469A568E9A}.exe | C:\Windows\{100F4665-7F28-414d-ADDC-60DCB318D02B}.exe | N/A |
| File created | C:\Windows\{420FD274-6BF6-4926-93EF-BE40A10BF37A}.exe | C:\Windows\{48BBFAC2-C4E0-42e1-8968-44E0AE758B59}.exe | N/A |
| File created | C:\Windows\{4497DD96-613F-4683-B791-26AABBD308A3}.exe | C:\Windows\{78EC474C-029A-49b7-8DFC-7AC012A953BA}.exe | N/A |
| File created | C:\Windows\{869A875D-2E95-4c32-83B9-65592F397DE2}.exe | C:\Windows\{4497DD96-613F-4683-B791-26AABBD308A3}.exe | N/A |
| File created | C:\Windows\{4F5291FC-BE4A-424a-8E89-47E30EE4CAF9}.exe | C:\Windows\{493E33C7-AF64-4d04-8B56-BC710E57A240}.exe | N/A |
| File created | C:\Windows\{48BBFAC2-C4E0-42e1-8968-44E0AE758B59}.exe | C:\Windows\{F2E3F101-3DB2-46bc-BB29-42469A568E9A}.exe | N/A |
| File created | C:\Windows\{CBD68427-FAE6-48d1-8EBA-988322A5BB9A}.exe | C:\Windows\{420FD274-6BF6-4926-93EF-BE40A10BF37A}.exe | N/A |
| File created | C:\Windows\{78EC474C-029A-49b7-8DFC-7AC012A953BA}.exe | C:\Windows\{3189BD62-AB9B-4e07-B65F-C6961B2227F9}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_75395c7cde9cd0b4183be94570719bdb_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_75395c7cde9cd0b4183be94570719bdb_goldeneye.exe"
C:\Windows\{100F4665-7F28-414d-ADDC-60DCB318D02B}.exe
C:\Windows\{100F4665-7F28-414d-ADDC-60DCB318D02B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{F2E3F101-3DB2-46bc-BB29-42469A568E9A}.exe
C:\Windows\{F2E3F101-3DB2-46bc-BB29-42469A568E9A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{100F4~1.EXE > nul
C:\Windows\{48BBFAC2-C4E0-42e1-8968-44E0AE758B59}.exe
C:\Windows\{48BBFAC2-C4E0-42e1-8968-44E0AE758B59}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F2E3F~1.EXE > nul
C:\Windows\{420FD274-6BF6-4926-93EF-BE40A10BF37A}.exe
C:\Windows\{420FD274-6BF6-4926-93EF-BE40A10BF37A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{48BBF~1.EXE > nul
C:\Windows\{CBD68427-FAE6-48d1-8EBA-988322A5BB9A}.exe
C:\Windows\{CBD68427-FAE6-48d1-8EBA-988322A5BB9A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{420FD~1.EXE > nul
C:\Windows\{3189BD62-AB9B-4e07-B65F-C6961B2227F9}.exe
C:\Windows\{3189BD62-AB9B-4e07-B65F-C6961B2227F9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CBD68~1.EXE > nul
C:\Windows\{78EC474C-029A-49b7-8DFC-7AC012A953BA}.exe
C:\Windows\{78EC474C-029A-49b7-8DFC-7AC012A953BA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3189B~1.EXE > nul
C:\Windows\{4497DD96-613F-4683-B791-26AABBD308A3}.exe
C:\Windows\{4497DD96-613F-4683-B791-26AABBD308A3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{78EC4~1.EXE > nul
C:\Windows\{869A875D-2E95-4c32-83B9-65592F397DE2}.exe
C:\Windows\{869A875D-2E95-4c32-83B9-65592F397DE2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4497D~1.EXE > nul
C:\Windows\{493E33C7-AF64-4d04-8B56-BC710E57A240}.exe
C:\Windows\{493E33C7-AF64-4d04-8B56-BC710E57A240}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{869A8~1.EXE > nul
C:\Windows\{4F5291FC-BE4A-424a-8E89-47E30EE4CAF9}.exe
C:\Windows\{4F5291FC-BE4A-424a-8E89-47E30EE4CAF9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{493E3~1.EXE > nul
C:\Windows\{215468D6-31AE-45cb-911F-8F8F97A4CF97}.exe
C:\Windows\{215468D6-31AE-45cb-911F-8F8F97A4CF97}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4F529~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
C:\Windows\{100F4665-7F28-414d-ADDC-60DCB318D02B}.exe
| MD5 | 33778b645d30e4dee875f05d00cafcef |
| SHA1 | 7353c094549e041842c8a7a461166b949d739705 |
| SHA256 | dea0a3496c37d7f6677e567ed864e5d440abf5a070407ea1a2261169265a3ed1 |
| SHA512 | bfe48d6087ae0da11cd64e5383585edd4af713994b665dc849ab29e005e69107af7ad6d74cdcc7363079313d1125d0c63ae855d785ad889eb36797a80822ef9d |
C:\Windows\{F2E3F101-3DB2-46bc-BB29-42469A568E9A}.exe
| MD5 | 7b8441a6077d80921c9abeaad9165dab |
| SHA1 | 52dd526f0faa57dc13573812fbf9858902019ca0 |
| SHA256 | fca3235efc51dd43bfe3e05e5df05309a3ad811291549a47cffeb54f1ad0e6c1 |
| SHA512 | 320fb067b29e5ab95da1baa42bd719ea8c0dc472da39383595e1adfbf1c991dfdb4ce2280080cffe849756c1f26de754a018fd3d058b11afcd9fee2c3a3e6006 |
C:\Windows\{48BBFAC2-C4E0-42e1-8968-44E0AE758B59}.exe
| MD5 | 953032cc38b0cf9b81dbd6b0108a6c18 |
| SHA1 | f59dc7b23875cbe3a51541db6bee15f85ae654ef |
| SHA256 | 1259b158f20ecbadcc679c9f704e6bdbc3473bb9f2dcc2e855d639bb3ea5ffed |
| SHA512 | a5185bff1b255003e251d9e98a2ed996f07f553620b6d461650a43faae46535771d14a57372ced738fd4237e8d5ceda325b8ddd9bbbcfa47ce482b119e03a72e |
C:\Windows\{420FD274-6BF6-4926-93EF-BE40A10BF37A}.exe
| MD5 | 31f6b71a54474b0b001324b6feaa05dc |
| SHA1 | 89e0b1e4e4af58f612c33e5bd84fca3e958893a4 |
| SHA256 | f10812bad56747d7b250a208d199fb1a0e3a97f8e7ff19dc462133e21757e7ac |
| SHA512 | bf8dd1d2b9ad016ba5f0a76928e09304da82469b819c8b3754013ad4b493af4cd78a126b8441f038879de9bf16c2893d9391a2ae27f9b76f44ec9840448ac10f |
C:\Windows\{CBD68427-FAE6-48d1-8EBA-988322A5BB9A}.exe
| MD5 | 04147b8cd39d9c0c324945be70731686 |
| SHA1 | aa8f2231edec70ccd243046d6902f09ebacd6eec |
| SHA256 | 26352eeb72bd38338a702ad5d59635d4e65da143a87b101b7ee9cf5e97065cd6 |
| SHA512 | b588b4acfd100a42cfd2acb126435c4fb5bdf101a7fdfd26caa56c6d63554dad31e35a6daaf5a3ac55e05cadbbd2d38a39d03beb9e87d8a3d280924a54b15a78 |
C:\Windows\{3189BD62-AB9B-4e07-B65F-C6961B2227F9}.exe
| MD5 | 717f90b1c55d77cc6ed52e7191dab2e2 |
| SHA1 | fd60a5eab5df9cb179232844aaeed70001ec49c7 |
| SHA256 | 6bb64aac0c70451f9ad361a4db3fa300ff361cd53c5f26d2dd36efbaea0cc1f2 |
| SHA512 | 81685fbf1993f5e68d595f7694c22f0ed0d1ddd1bd7e1d3004f5d5443a4f5dc5f09b9bc44606baf0c59cb74dbe78cd5b2c5bf6b18466d483ce3b1460e8c7c8f1 |
C:\Windows\{78EC474C-029A-49b7-8DFC-7AC012A953BA}.exe
| MD5 | eec71ed4802f7ea028b9e2d9fca07efa |
| SHA1 | 4ea8e74e3183491d53385736030af78aad1c3f8d |
| SHA256 | aa1a246ef18f08ffaf26080e15d9dc3cd365292bcc8cffdb03b6fe66ac5ddd01 |
| SHA512 | fabc907d9ffe5802189c5ee28441f0dcf778e6ae7d2e7af0a0ea05a46460961f2aa79b8b56e0e7969ef96a9b27c55fc660f9b31dee3266dceb6b4c22dd3dbe4b |
C:\Windows\{4497DD96-613F-4683-B791-26AABBD308A3}.exe
| MD5 | 8426f9694edc965508d0903084ef30be |
| SHA1 | bff4fe4b49462c5cef709f5ca19a0394273abed4 |
| SHA256 | 4e33820d5fb1e8990b070502003a80cfef3bab1c2d514a943ae219385c9cd95f |
| SHA512 | 9f99604b8c18c521e5329ffd9fd343fe2c0fc4181d107c64d134b9ec65f25dcd954ea0e476c5da23064eb195925cf77e963c4707c8831af92d6e333fbb40f704 |
C:\Windows\{869A875D-2E95-4c32-83B9-65592F397DE2}.exe
| MD5 | 587238fb405c2ac2a2f18b0deb7e05f5 |
| SHA1 | 0a68bfa1c3d63974aed39ef5734ebd7b285efac0 |
| SHA256 | 00a7bb2ca45abf40bebbeaf1159c93dc5e773db5c3882792eca17ff49f206672 |
| SHA512 | 2c37ff03b21f9f7ec7f1e90e8fe20bb87e03776d2f3656d5d7c36c61a615248205b1d1b5490febec1fc03299270a096d47a8a718229d583008b0c7b052d55a18 |
C:\Windows\{4F5291FC-BE4A-424a-8E89-47E30EE4CAF9}.exe
| MD5 | 125e7043c78e9e94ab727a8ccef3623c |
| SHA1 | 20448975b13a62338c4b80755afbfd0f2fb80d78 |
| SHA256 | 7659099761a479d038005bc983e2f4a22f61f6442718276bf06948763206e139 |
| SHA512 | a68a53078b91ef1fec273f6908261e819cd7bde9415fed3c955696c08baef0320c6f2d1d2b5e574ae269b420e5495096753bfc612f6ec4cf42b763b9bc4850fe |
C:\Windows\{215468D6-31AE-45cb-911F-8F8F97A4CF97}.exe
| MD5 | afc36a5a4da48b39e2d66f60cdfb6797 |
| SHA1 | c3370e29fc613aafe44097bd480472e6ea10b24e |
| SHA256 | c9c047863b6cb8f501c4e9f89adeda1e4cd4f6b6d7872613019540d9aa196c29 |
| SHA512 | 67d9d6c85eee826bbf05e2e07a9604224998c59decebe6426db02e59691427b3480bc39326159560f195fce285e83762561ab2c616b9731b55d9f7da8d974b1a |