Analysis Overview
SHA256
96e555c7c329e94f1e4b7403cf7164550154cdb5bb9bbb98db6fdea0db15ba3f
Threat Level: Known bad
The file 2024-06-13_e231f5ba901d798fe53376207e0ce4b2_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 03:00
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 03:00
Reported
2024-06-13 03:02
Platform
win7-20240220-en
Max time kernel
144s
Max time network
119s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{577BBC91-2EBB-4afe-89AD-5557BE96C25F} | C:\Windows\{BF9BC464-B946-42cd-9617-202587E5643E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8F045F1C-3B62-4079-A82E-1082F9E01EA0} | C:\Windows\{577BBC91-2EBB-4afe-89AD-5557BE96C25F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6FBC5F9C-324C-46d2-8FC8-F08AAD1352B0}\stubpath = "C:\\Windows\\{6FBC5F9C-324C-46d2-8FC8-F08AAD1352B0}.exe" | C:\Windows\{970A83ED-A9EE-4bdd-AAEB-8EEAA451CDC0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{14F7FB8D-710D-4a9b-8AB0-5AFD24787602} | C:\Windows\{5D522B0B-513E-4685-B99A-3473E69CF23B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BF9BC464-B946-42cd-9617-202587E5643E} | C:\Windows\{15117E0E-52A3-4145-B55B-579DAB66AE90}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{13E830D9-C4CB-4362-B924-1E62C085DBD3} | C:\Windows\{A424EED7-2810-4a13-BC01-28C257E430DF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{13E830D9-C4CB-4362-B924-1E62C085DBD3}\stubpath = "C:\\Windows\\{13E830D9-C4CB-4362-B924-1E62C085DBD3}.exe" | C:\Windows\{A424EED7-2810-4a13-BC01-28C257E430DF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{14F7FB8D-710D-4a9b-8AB0-5AFD24787602}\stubpath = "C:\\Windows\\{14F7FB8D-710D-4a9b-8AB0-5AFD24787602}.exe" | C:\Windows\{5D522B0B-513E-4685-B99A-3473E69CF23B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{15117E0E-52A3-4145-B55B-579DAB66AE90}\stubpath = "C:\\Windows\\{15117E0E-52A3-4145-B55B-579DAB66AE90}.exe" | C:\Windows\{14F7FB8D-710D-4a9b-8AB0-5AFD24787602}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{970A83ED-A9EE-4bdd-AAEB-8EEAA451CDC0} | C:\Windows\{D96F13B2-0FC2-434f-B138-ECFF0E5AB614}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6FBC5F9C-324C-46d2-8FC8-F08AAD1352B0} | C:\Windows\{970A83ED-A9EE-4bdd-AAEB-8EEAA451CDC0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A424EED7-2810-4a13-BC01-28C257E430DF} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_e231f5ba901d798fe53376207e0ce4b2_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A424EED7-2810-4a13-BC01-28C257E430DF}\stubpath = "C:\\Windows\\{A424EED7-2810-4a13-BC01-28C257E430DF}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_e231f5ba901d798fe53376207e0ce4b2_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8F045F1C-3B62-4079-A82E-1082F9E01EA0}\stubpath = "C:\\Windows\\{8F045F1C-3B62-4079-A82E-1082F9E01EA0}.exe" | C:\Windows\{577BBC91-2EBB-4afe-89AD-5557BE96C25F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D96F13B2-0FC2-434f-B138-ECFF0E5AB614}\stubpath = "C:\\Windows\\{D96F13B2-0FC2-434f-B138-ECFF0E5AB614}.exe" | C:\Windows\{8F045F1C-3B62-4079-A82E-1082F9E01EA0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{970A83ED-A9EE-4bdd-AAEB-8EEAA451CDC0}\stubpath = "C:\\Windows\\{970A83ED-A9EE-4bdd-AAEB-8EEAA451CDC0}.exe" | C:\Windows\{D96F13B2-0FC2-434f-B138-ECFF0E5AB614}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5D522B0B-513E-4685-B99A-3473E69CF23B}\stubpath = "C:\\Windows\\{5D522B0B-513E-4685-B99A-3473E69CF23B}.exe" | C:\Windows\{13E830D9-C4CB-4362-B924-1E62C085DBD3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BF9BC464-B946-42cd-9617-202587E5643E}\stubpath = "C:\\Windows\\{BF9BC464-B946-42cd-9617-202587E5643E}.exe" | C:\Windows\{15117E0E-52A3-4145-B55B-579DAB66AE90}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{577BBC91-2EBB-4afe-89AD-5557BE96C25F}\stubpath = "C:\\Windows\\{577BBC91-2EBB-4afe-89AD-5557BE96C25F}.exe" | C:\Windows\{BF9BC464-B946-42cd-9617-202587E5643E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D96F13B2-0FC2-434f-B138-ECFF0E5AB614} | C:\Windows\{8F045F1C-3B62-4079-A82E-1082F9E01EA0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5D522B0B-513E-4685-B99A-3473E69CF23B} | C:\Windows\{13E830D9-C4CB-4362-B924-1E62C085DBD3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{15117E0E-52A3-4145-B55B-579DAB66AE90} | C:\Windows\{14F7FB8D-710D-4a9b-8AB0-5AFD24787602}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{A424EED7-2810-4a13-BC01-28C257E430DF}.exe | N/A |
| N/A | N/A | C:\Windows\{13E830D9-C4CB-4362-B924-1E62C085DBD3}.exe | N/A |
| N/A | N/A | C:\Windows\{5D522B0B-513E-4685-B99A-3473E69CF23B}.exe | N/A |
| N/A | N/A | C:\Windows\{14F7FB8D-710D-4a9b-8AB0-5AFD24787602}.exe | N/A |
| N/A | N/A | C:\Windows\{15117E0E-52A3-4145-B55B-579DAB66AE90}.exe | N/A |
| N/A | N/A | C:\Windows\{BF9BC464-B946-42cd-9617-202587E5643E}.exe | N/A |
| N/A | N/A | C:\Windows\{577BBC91-2EBB-4afe-89AD-5557BE96C25F}.exe | N/A |
| N/A | N/A | C:\Windows\{8F045F1C-3B62-4079-A82E-1082F9E01EA0}.exe | N/A |
| N/A | N/A | C:\Windows\{D96F13B2-0FC2-434f-B138-ECFF0E5AB614}.exe | N/A |
| N/A | N/A | C:\Windows\{970A83ED-A9EE-4bdd-AAEB-8EEAA451CDC0}.exe | N/A |
| N/A | N/A | C:\Windows\{6FBC5F9C-324C-46d2-8FC8-F08AAD1352B0}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{D96F13B2-0FC2-434f-B138-ECFF0E5AB614}.exe | C:\Windows\{8F045F1C-3B62-4079-A82E-1082F9E01EA0}.exe | N/A |
| File created | C:\Windows\{14F7FB8D-710D-4a9b-8AB0-5AFD24787602}.exe | C:\Windows\{5D522B0B-513E-4685-B99A-3473E69CF23B}.exe | N/A |
| File created | C:\Windows\{577BBC91-2EBB-4afe-89AD-5557BE96C25F}.exe | C:\Windows\{BF9BC464-B946-42cd-9617-202587E5643E}.exe | N/A |
| File created | C:\Windows\{8F045F1C-3B62-4079-A82E-1082F9E01EA0}.exe | C:\Windows\{577BBC91-2EBB-4afe-89AD-5557BE96C25F}.exe | N/A |
| File created | C:\Windows\{15117E0E-52A3-4145-B55B-579DAB66AE90}.exe | C:\Windows\{14F7FB8D-710D-4a9b-8AB0-5AFD24787602}.exe | N/A |
| File created | C:\Windows\{BF9BC464-B946-42cd-9617-202587E5643E}.exe | C:\Windows\{15117E0E-52A3-4145-B55B-579DAB66AE90}.exe | N/A |
| File created | C:\Windows\{970A83ED-A9EE-4bdd-AAEB-8EEAA451CDC0}.exe | C:\Windows\{D96F13B2-0FC2-434f-B138-ECFF0E5AB614}.exe | N/A |
| File created | C:\Windows\{6FBC5F9C-324C-46d2-8FC8-F08AAD1352B0}.exe | C:\Windows\{970A83ED-A9EE-4bdd-AAEB-8EEAA451CDC0}.exe | N/A |
| File created | C:\Windows\{A424EED7-2810-4a13-BC01-28C257E430DF}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_e231f5ba901d798fe53376207e0ce4b2_goldeneye.exe | N/A |
| File created | C:\Windows\{13E830D9-C4CB-4362-B924-1E62C085DBD3}.exe | C:\Windows\{A424EED7-2810-4a13-BC01-28C257E430DF}.exe | N/A |
| File created | C:\Windows\{5D522B0B-513E-4685-B99A-3473E69CF23B}.exe | C:\Windows\{13E830D9-C4CB-4362-B924-1E62C085DBD3}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_e231f5ba901d798fe53376207e0ce4b2_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_e231f5ba901d798fe53376207e0ce4b2_goldeneye.exe"
C:\Windows\{A424EED7-2810-4a13-BC01-28C257E430DF}.exe
C:\Windows\{A424EED7-2810-4a13-BC01-28C257E430DF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{13E830D9-C4CB-4362-B924-1E62C085DBD3}.exe
C:\Windows\{13E830D9-C4CB-4362-B924-1E62C085DBD3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A424E~1.EXE > nul
C:\Windows\{5D522B0B-513E-4685-B99A-3473E69CF23B}.exe
C:\Windows\{5D522B0B-513E-4685-B99A-3473E69CF23B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{13E83~1.EXE > nul
C:\Windows\{14F7FB8D-710D-4a9b-8AB0-5AFD24787602}.exe
C:\Windows\{14F7FB8D-710D-4a9b-8AB0-5AFD24787602}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5D522~1.EXE > nul
C:\Windows\{15117E0E-52A3-4145-B55B-579DAB66AE90}.exe
C:\Windows\{15117E0E-52A3-4145-B55B-579DAB66AE90}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{14F7F~1.EXE > nul
C:\Windows\{BF9BC464-B946-42cd-9617-202587E5643E}.exe
C:\Windows\{BF9BC464-B946-42cd-9617-202587E5643E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{15117~1.EXE > nul
C:\Windows\{577BBC91-2EBB-4afe-89AD-5557BE96C25F}.exe
C:\Windows\{577BBC91-2EBB-4afe-89AD-5557BE96C25F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BF9BC~1.EXE > nul
C:\Windows\{8F045F1C-3B62-4079-A82E-1082F9E01EA0}.exe
C:\Windows\{8F045F1C-3B62-4079-A82E-1082F9E01EA0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{577BB~1.EXE > nul
C:\Windows\{D96F13B2-0FC2-434f-B138-ECFF0E5AB614}.exe
C:\Windows\{D96F13B2-0FC2-434f-B138-ECFF0E5AB614}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8F045~1.EXE > nul
C:\Windows\{970A83ED-A9EE-4bdd-AAEB-8EEAA451CDC0}.exe
C:\Windows\{970A83ED-A9EE-4bdd-AAEB-8EEAA451CDC0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D96F1~1.EXE > nul
C:\Windows\{6FBC5F9C-324C-46d2-8FC8-F08AAD1352B0}.exe
C:\Windows\{6FBC5F9C-324C-46d2-8FC8-F08AAD1352B0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{970A8~1.EXE > nul
Network
Files
C:\Windows\{A424EED7-2810-4a13-BC01-28C257E430DF}.exe
| MD5 | 32521d6c59834d6a92da9c0705d9fc9c |
| SHA1 | 022b864cf415dab0da366c1af76bce748b614398 |
| SHA256 | f64cd33e78b84da867c67d52e10b60db5507bea5efddeea9194c57a44ed3c978 |
| SHA512 | 4f350ffbb1f68fafebacc6cda4231c9a2a8c84fa754f1b5193ab89c76d752b93b88404bc3f735a71cb44176057377fe1e5b7a66fe9239c6ce3057e7ebea7038e |
C:\Windows\{13E830D9-C4CB-4362-B924-1E62C085DBD3}.exe
| MD5 | f8a33ed3c08d365c6c5257c6b9d7e652 |
| SHA1 | d554eb300f79457c5d7668296c97c3763d8908da |
| SHA256 | b18dd8f7e1c3d8d17c55efb2de1c9714011e45339e6a1601d6136f6bb57eca98 |
| SHA512 | 4fc086b821b5199e7d86edd3f50be72d9c3f051ac1fc3013a11f10abd292e682db04ec290c2d46c1dee1cfcbeef43d0eb128d8beb4650146dc98ee69cee48e33 |
C:\Windows\{5D522B0B-513E-4685-B99A-3473E69CF23B}.exe
| MD5 | ac10289f4b1510a438c78ea48873631c |
| SHA1 | e4db8c60634831e742c33d4d5d59375b56c26ec8 |
| SHA256 | d4f0a6e4a278cf8b24601bfc2ac2543a14e0f092cb46f34527e20728d514e2e3 |
| SHA512 | dbb62c70e5d93f0ed2878a93b3ee9ef4d877ee71c3adaeb865844a8a81f0f283d62c18d7c2c4a53c100c1e5a9062e4967bab504d7e7cdb7df705af2669e3cfac |
C:\Windows\{14F7FB8D-710D-4a9b-8AB0-5AFD24787602}.exe
| MD5 | 67c8b1ed0e8f4f717a93b5ceddb3edd4 |
| SHA1 | e5e44cf13db6ba80312c9ec3f36998c61ecf45f6 |
| SHA256 | 3d2890b4d41f7fd7b513fd3a8ef0ebdee47a55a84de7bab204f9ffa4f55849cb |
| SHA512 | e728401ae03b6ebad9c22220f2c10519d9cb484cd07e0f50b546d953771a9f88eac176cdc10abdfe95b519ae25322d85787c01a613e6efed1c26290b136a869d |
C:\Windows\{15117E0E-52A3-4145-B55B-579DAB66AE90}.exe
| MD5 | 02a0f5555db636d8e519d08b9b70eeb1 |
| SHA1 | 4742c35a908cdf817651ed38277bc259f7aef448 |
| SHA256 | 82fb817f745d3c68892905915c8da7506c7ecf06e8a30cdaafcb88d59c258011 |
| SHA512 | 0bb45dac057fce03f270c97a48fab19921b03e92c3e10de77956c30f74428b3394e86181af03862146f43a44f16003b749aa08712e1804a4793d7a5915601dde |
C:\Windows\{BF9BC464-B946-42cd-9617-202587E5643E}.exe
| MD5 | b4e8fb59ff274a2fb2fc278bd550edda |
| SHA1 | 7f1c27840492c4179627924d0b47a6bf85210c25 |
| SHA256 | c8c21407359aefbcb4209702b025e6aeb9d91402a4cf6b336128d95b41d1ccc6 |
| SHA512 | 69456f98d175223335ebcb28a308d436d2c7f100b38e8b494e21d125fe4aadbfc286e4f116540ecbeabc189261e6da1f85230e0cef4f4d97f55cedc1e000fcf1 |
C:\Windows\{577BBC91-2EBB-4afe-89AD-5557BE96C25F}.exe
| MD5 | a08fca679d620660d06f16bef8978e45 |
| SHA1 | 0f1bbfbe7ac2b7556d1630ef63e4a564bb28dc43 |
| SHA256 | a2ecad706eba31c52179e8f4161e3e2bda614dd881a96639ac214dd253eb0e95 |
| SHA512 | edec3f7695dee40ae4964266658117a297abf7370b62989c7cd4f78d49bd433536ad26c242efaf4e74aa98f8d8169a54240c3bbce602db1ab5c9b3aa7f6ec501 |
C:\Windows\{8F045F1C-3B62-4079-A82E-1082F9E01EA0}.exe
| MD5 | a2dffbc2dc792428fa7f1b8a1236c6fd |
| SHA1 | 2bc23652ab03be48bb53ffe45cf193643241216e |
| SHA256 | 5f5265e207e4b0f3b2779d5a1f17402ee6761dd609f632100afa0ba20a0e8368 |
| SHA512 | 737960ecd9fda5d3f454072c8d7496b5e0350547d39aa7613429e122a48264b1dcc236bb10233e76748672db1395c0977072200c862d523611a8fcfda827e21f |
C:\Windows\{D96F13B2-0FC2-434f-B138-ECFF0E5AB614}.exe
| MD5 | 333ef17a56ba4158ae31a603fe489af4 |
| SHA1 | 692f2da8f039d2007788fd3ae7c773bf9d77652e |
| SHA256 | 000012193985e7dcb45853bfd8eb16f009172f502208ab8791a9c0d48b3c6c08 |
| SHA512 | ddf906bed4942efa9425a145d2ade58f63dd4c9e29c1f6f409247905f216c194f99060c0fed53a754b84d3d0722ded6b39a3bb1efaf03e5cb767a771e0a50fbf |
C:\Windows\{970A83ED-A9EE-4bdd-AAEB-8EEAA451CDC0}.exe
| MD5 | d3bc245a2627121f143489416c77ae29 |
| SHA1 | 278ca067324898532ea295f8da715ed9fb5c2e10 |
| SHA256 | e7813a9b61737e5e2da371b5c6feafb3241a116542a38cc954bfd25bfa0c6b34 |
| SHA512 | 9be1aa4235266c35269106f4318b8d4a783ffbbcb1c767c12671c4cc1e69e64ece5d3714d42bcf25abb31be63388a653451576f442806423b2e13d09aab78156 |
C:\Windows\{6FBC5F9C-324C-46d2-8FC8-F08AAD1352B0}.exe
| MD5 | 987501583326a9de51029128fe9d495c |
| SHA1 | 724c1d339531ef61262fcc2f14ec894ca31019e3 |
| SHA256 | 05ed1cedabeb0462764cdccd735f92e482dccc7ba305aeffdc39033c7274501c |
| SHA512 | 27ec0ef8ea2058920e26cd1cbeb5251a12e51c6a484bc4467d5de4aafdaf64886bebe6e0fd80ab6753c72ce2e6789b03ea1f6b5b19337a9166813d67bb223418 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 03:00
Reported
2024-06-13 03:02
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
51s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F642A5B2-D0EE-4922-880F-4DC1F724371B} | C:\Windows\{17EF85B4-B614-4183-A33C-B257F6D23A79}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{ACA76675-6E62-49ea-AEF4-1EC36A1BCC9D}\stubpath = "C:\\Windows\\{ACA76675-6E62-49ea-AEF4-1EC36A1BCC9D}.exe" | C:\Windows\{B618C6BA-84E7-4367-B054-1E4731F0B35C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C1DA0FAB-0CA4-45d3-95EE-851C964019BD} | C:\Windows\{72335DB9-32C3-4e16-9B1D-FA61A4AAC760}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{08301C20-3827-4a73-84E5-2EB90DF0BCA1}\stubpath = "C:\\Windows\\{08301C20-3827-4a73-84E5-2EB90DF0BCA1}.exe" | C:\Windows\{39C03AF8-C92B-4afd-9ECA-0AC9FF0DD6CD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{13E9B160-213A-40e8-9D2B-302F00DA0A84} | C:\Windows\{D376C11B-6008-4c8d-8BF6-1B585AE19020}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{13E9B160-213A-40e8-9D2B-302F00DA0A84}\stubpath = "C:\\Windows\\{13E9B160-213A-40e8-9D2B-302F00DA0A84}.exe" | C:\Windows\{D376C11B-6008-4c8d-8BF6-1B585AE19020}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{17EF85B4-B614-4183-A33C-B257F6D23A79} | C:\Windows\{8F1A8211-CB2D-46d0-8205-606DD20B98AB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{17EF85B4-B614-4183-A33C-B257F6D23A79}\stubpath = "C:\\Windows\\{17EF85B4-B614-4183-A33C-B257F6D23A79}.exe" | C:\Windows\{8F1A8211-CB2D-46d0-8205-606DD20B98AB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B618C6BA-84E7-4367-B054-1E4731F0B35C} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_e231f5ba901d798fe53376207e0ce4b2_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B618C6BA-84E7-4367-B054-1E4731F0B35C}\stubpath = "C:\\Windows\\{B618C6BA-84E7-4367-B054-1E4731F0B35C}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_e231f5ba901d798fe53376207e0ce4b2_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{ACA76675-6E62-49ea-AEF4-1EC36A1BCC9D} | C:\Windows\{B618C6BA-84E7-4367-B054-1E4731F0B35C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{08301C20-3827-4a73-84E5-2EB90DF0BCA1} | C:\Windows\{39C03AF8-C92B-4afd-9ECA-0AC9FF0DD6CD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D376C11B-6008-4c8d-8BF6-1B585AE19020}\stubpath = "C:\\Windows\\{D376C11B-6008-4c8d-8BF6-1B585AE19020}.exe" | C:\Windows\{08301C20-3827-4a73-84E5-2EB90DF0BCA1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0EA57187-6739-42d2-8004-EF6FB02B7047}\stubpath = "C:\\Windows\\{0EA57187-6739-42d2-8004-EF6FB02B7047}.exe" | C:\Windows\{13E9B160-213A-40e8-9D2B-302F00DA0A84}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8F1A8211-CB2D-46d0-8205-606DD20B98AB}\stubpath = "C:\\Windows\\{8F1A8211-CB2D-46d0-8205-606DD20B98AB}.exe" | C:\Windows\{0EA57187-6739-42d2-8004-EF6FB02B7047}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{72335DB9-32C3-4e16-9B1D-FA61A4AAC760} | C:\Windows\{ACA76675-6E62-49ea-AEF4-1EC36A1BCC9D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C1DA0FAB-0CA4-45d3-95EE-851C964019BD}\stubpath = "C:\\Windows\\{C1DA0FAB-0CA4-45d3-95EE-851C964019BD}.exe" | C:\Windows\{72335DB9-32C3-4e16-9B1D-FA61A4AAC760}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{39C03AF8-C92B-4afd-9ECA-0AC9FF0DD6CD} | C:\Windows\{C1DA0FAB-0CA4-45d3-95EE-851C964019BD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{39C03AF8-C92B-4afd-9ECA-0AC9FF0DD6CD}\stubpath = "C:\\Windows\\{39C03AF8-C92B-4afd-9ECA-0AC9FF0DD6CD}.exe" | C:\Windows\{C1DA0FAB-0CA4-45d3-95EE-851C964019BD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D376C11B-6008-4c8d-8BF6-1B585AE19020} | C:\Windows\{08301C20-3827-4a73-84E5-2EB90DF0BCA1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0EA57187-6739-42d2-8004-EF6FB02B7047} | C:\Windows\{13E9B160-213A-40e8-9D2B-302F00DA0A84}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8F1A8211-CB2D-46d0-8205-606DD20B98AB} | C:\Windows\{0EA57187-6739-42d2-8004-EF6FB02B7047}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{72335DB9-32C3-4e16-9B1D-FA61A4AAC760}\stubpath = "C:\\Windows\\{72335DB9-32C3-4e16-9B1D-FA61A4AAC760}.exe" | C:\Windows\{ACA76675-6E62-49ea-AEF4-1EC36A1BCC9D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F642A5B2-D0EE-4922-880F-4DC1F724371B}\stubpath = "C:\\Windows\\{F642A5B2-D0EE-4922-880F-4DC1F724371B}.exe" | C:\Windows\{17EF85B4-B614-4183-A33C-B257F6D23A79}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{B618C6BA-84E7-4367-B054-1E4731F0B35C}.exe | N/A |
| N/A | N/A | C:\Windows\{ACA76675-6E62-49ea-AEF4-1EC36A1BCC9D}.exe | N/A |
| N/A | N/A | C:\Windows\{72335DB9-32C3-4e16-9B1D-FA61A4AAC760}.exe | N/A |
| N/A | N/A | C:\Windows\{C1DA0FAB-0CA4-45d3-95EE-851C964019BD}.exe | N/A |
| N/A | N/A | C:\Windows\{39C03AF8-C92B-4afd-9ECA-0AC9FF0DD6CD}.exe | N/A |
| N/A | N/A | C:\Windows\{08301C20-3827-4a73-84E5-2EB90DF0BCA1}.exe | N/A |
| N/A | N/A | C:\Windows\{D376C11B-6008-4c8d-8BF6-1B585AE19020}.exe | N/A |
| N/A | N/A | C:\Windows\{13E9B160-213A-40e8-9D2B-302F00DA0A84}.exe | N/A |
| N/A | N/A | C:\Windows\{0EA57187-6739-42d2-8004-EF6FB02B7047}.exe | N/A |
| N/A | N/A | C:\Windows\{8F1A8211-CB2D-46d0-8205-606DD20B98AB}.exe | N/A |
| N/A | N/A | C:\Windows\{17EF85B4-B614-4183-A33C-B257F6D23A79}.exe | N/A |
| N/A | N/A | C:\Windows\{F642A5B2-D0EE-4922-880F-4DC1F724371B}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{8F1A8211-CB2D-46d0-8205-606DD20B98AB}.exe | C:\Windows\{0EA57187-6739-42d2-8004-EF6FB02B7047}.exe | N/A |
| File created | C:\Windows\{17EF85B4-B614-4183-A33C-B257F6D23A79}.exe | C:\Windows\{8F1A8211-CB2D-46d0-8205-606DD20B98AB}.exe | N/A |
| File created | C:\Windows\{72335DB9-32C3-4e16-9B1D-FA61A4AAC760}.exe | C:\Windows\{ACA76675-6E62-49ea-AEF4-1EC36A1BCC9D}.exe | N/A |
| File created | C:\Windows\{C1DA0FAB-0CA4-45d3-95EE-851C964019BD}.exe | C:\Windows\{72335DB9-32C3-4e16-9B1D-FA61A4AAC760}.exe | N/A |
| File created | C:\Windows\{D376C11B-6008-4c8d-8BF6-1B585AE19020}.exe | C:\Windows\{08301C20-3827-4a73-84E5-2EB90DF0BCA1}.exe | N/A |
| File created | C:\Windows\{13E9B160-213A-40e8-9D2B-302F00DA0A84}.exe | C:\Windows\{D376C11B-6008-4c8d-8BF6-1B585AE19020}.exe | N/A |
| File created | C:\Windows\{0EA57187-6739-42d2-8004-EF6FB02B7047}.exe | C:\Windows\{13E9B160-213A-40e8-9D2B-302F00DA0A84}.exe | N/A |
| File created | C:\Windows\{B618C6BA-84E7-4367-B054-1E4731F0B35C}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_e231f5ba901d798fe53376207e0ce4b2_goldeneye.exe | N/A |
| File created | C:\Windows\{ACA76675-6E62-49ea-AEF4-1EC36A1BCC9D}.exe | C:\Windows\{B618C6BA-84E7-4367-B054-1E4731F0B35C}.exe | N/A |
| File created | C:\Windows\{39C03AF8-C92B-4afd-9ECA-0AC9FF0DD6CD}.exe | C:\Windows\{C1DA0FAB-0CA4-45d3-95EE-851C964019BD}.exe | N/A |
| File created | C:\Windows\{08301C20-3827-4a73-84E5-2EB90DF0BCA1}.exe | C:\Windows\{39C03AF8-C92B-4afd-9ECA-0AC9FF0DD6CD}.exe | N/A |
| File created | C:\Windows\{F642A5B2-D0EE-4922-880F-4DC1F724371B}.exe | C:\Windows\{17EF85B4-B614-4183-A33C-B257F6D23A79}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_e231f5ba901d798fe53376207e0ce4b2_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_e231f5ba901d798fe53376207e0ce4b2_goldeneye.exe"
C:\Windows\{B618C6BA-84E7-4367-B054-1E4731F0B35C}.exe
C:\Windows\{B618C6BA-84E7-4367-B054-1E4731F0B35C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{ACA76675-6E62-49ea-AEF4-1EC36A1BCC9D}.exe
C:\Windows\{ACA76675-6E62-49ea-AEF4-1EC36A1BCC9D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B618C~1.EXE > nul
C:\Windows\{72335DB9-32C3-4e16-9B1D-FA61A4AAC760}.exe
C:\Windows\{72335DB9-32C3-4e16-9B1D-FA61A4AAC760}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{ACA76~1.EXE > nul
C:\Windows\{C1DA0FAB-0CA4-45d3-95EE-851C964019BD}.exe
C:\Windows\{C1DA0FAB-0CA4-45d3-95EE-851C964019BD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{72335~1.EXE > nul
C:\Windows\{39C03AF8-C92B-4afd-9ECA-0AC9FF0DD6CD}.exe
C:\Windows\{39C03AF8-C92B-4afd-9ECA-0AC9FF0DD6CD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C1DA0~1.EXE > nul
C:\Windows\{08301C20-3827-4a73-84E5-2EB90DF0BCA1}.exe
C:\Windows\{08301C20-3827-4a73-84E5-2EB90DF0BCA1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{39C03~1.EXE > nul
C:\Windows\{D376C11B-6008-4c8d-8BF6-1B585AE19020}.exe
C:\Windows\{D376C11B-6008-4c8d-8BF6-1B585AE19020}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{08301~1.EXE > nul
C:\Windows\{13E9B160-213A-40e8-9D2B-302F00DA0A84}.exe
C:\Windows\{13E9B160-213A-40e8-9D2B-302F00DA0A84}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D376C~1.EXE > nul
C:\Windows\{0EA57187-6739-42d2-8004-EF6FB02B7047}.exe
C:\Windows\{0EA57187-6739-42d2-8004-EF6FB02B7047}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{13E9B~1.EXE > nul
C:\Windows\{8F1A8211-CB2D-46d0-8205-606DD20B98AB}.exe
C:\Windows\{8F1A8211-CB2D-46d0-8205-606DD20B98AB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0EA57~1.EXE > nul
C:\Windows\{17EF85B4-B614-4183-A33C-B257F6D23A79}.exe
C:\Windows\{17EF85B4-B614-4183-A33C-B257F6D23A79}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8F1A8~1.EXE > nul
C:\Windows\{F642A5B2-D0EE-4922-880F-4DC1F724371B}.exe
C:\Windows\{F642A5B2-D0EE-4922-880F-4DC1F724371B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{17EF8~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
C:\Windows\{B618C6BA-84E7-4367-B054-1E4731F0B35C}.exe
| MD5 | 491b9bc1b51601b06a887616ccb30e9d |
| SHA1 | 95e98974825d0bcad7751e77f8319d4ebcda6568 |
| SHA256 | 08804fa0a6f01d939e1238e318ce2ead766cb3fa231f95e3fae807cd064b61c6 |
| SHA512 | f5c186beadcec5da2ea3fbdf6dfc0c4de5304d5e74bebdffce3688c619c8103ace5845cc3b7ece0558d028aa92d5ac79e4862d4308d1c91c2791d0dc3d63d4cc |
C:\Windows\{ACA76675-6E62-49ea-AEF4-1EC36A1BCC9D}.exe
| MD5 | 7d52bf9a7705e6d2f5bb83805ad3fbc7 |
| SHA1 | 871a55f3f12de86c66923fa883fbfba54ca10a42 |
| SHA256 | 6dc9739bb6739b61c6f2ac99d5fe7e7d0c83612dd5d107343c76e262191e5016 |
| SHA512 | b1764a6a0fd2e66e9062ff4c5ee39bdacaecf0303c5f8a9310c4f48bfbe482f3ef60866c844d21d01ca5e937f835a653bce666b1ab24390b309e9e250a8d71dd |
C:\Windows\{72335DB9-32C3-4e16-9B1D-FA61A4AAC760}.exe
| MD5 | 060eee842fd74592367ec1223772ccc3 |
| SHA1 | 316bad7dfeb72f05343aa352c3df35d6ccf25c93 |
| SHA256 | 15b87bf6ad5f06120035c17ee43b1e370a4c5b09050d069d948046851eab0332 |
| SHA512 | 8087d963deae1b32f5bcfdfffed1b3e463acb8bc55e05412e6fc0a99ff7f15af118ec4542928501abf33882fed5f5cdcebd182522506c5623725e72c8b6a5678 |
C:\Windows\{C1DA0FAB-0CA4-45d3-95EE-851C964019BD}.exe
| MD5 | add4bac4dd2f68716e507f8eaca68134 |
| SHA1 | d4e10d00c9a2eb2d4b688423a07a8e861d740ce9 |
| SHA256 | 32a928f3b9dafb4ba73ff585e829e53e95d50856ef8205d25a04ec8aaeb4a736 |
| SHA512 | 4a7b959a77735b085f45c9ebbe868768b74001df76803f8ef4fbe7188eba7b27e0d0a7b4c49ba46eecdd227695e07b78b5e34363ea6b13f4b019e3d98a9f798a |
C:\Windows\{39C03AF8-C92B-4afd-9ECA-0AC9FF0DD6CD}.exe
| MD5 | 2d56516a7f94376789a1e592e89f352d |
| SHA1 | fdfe5b8c831ca838cd4debd3e536e4b9658c72d6 |
| SHA256 | 0b7f7c26290d335d45b4862eb4d545275ff4584c54e1cc5517fdf99ecffbb479 |
| SHA512 | 6cf00d415ee9057c034143dd3ba0e4eff392517f009b8958393477de6e170e3fbe0915a96666ff6cd992e775b66f0a14505239abcfc2acca5fabb68aa6aaa149 |
C:\Windows\{08301C20-3827-4a73-84E5-2EB90DF0BCA1}.exe
| MD5 | a1ad0c390f404335e63b1086a713286e |
| SHA1 | 631c7ed2cff5157e192d038297d9c2438bac52d4 |
| SHA256 | 8f911717e861a690615c3a653c9276078146d38b028ecd5ba61e47c6dc37bff6 |
| SHA512 | 55c6a750aa7039ff93b4fba8857b438c600b67107cf4c394fd9f825f2207071fa03ced1aa15ff9f04f9e4c955596777879bc91c9ea6e216e78bc0165e3177524 |
C:\Windows\{D376C11B-6008-4c8d-8BF6-1B585AE19020}.exe
| MD5 | d8c2fcd96a493f3bc79d00ae14b27d10 |
| SHA1 | f29e9662f97927a0783665b099d5a1126da0854e |
| SHA256 | 81201f2a7971053670d48e178f1aaf4253bf9ea81c50b2d4ced132e0ac2279cf |
| SHA512 | 06f655334d998dc419767c772c98007ad29e4dbcc1d060f211097c89447f6293a54ddabe9e6a5adca0ac05dab33f70de7297d00f0d85aa41c7b4dfba5ac7422c |
C:\Windows\{13E9B160-213A-40e8-9D2B-302F00DA0A84}.exe
| MD5 | d66b0383c9ae27e585db5fb54b688960 |
| SHA1 | e0ec69b9ccaf74ced03113d9eb362d3244fce1bc |
| SHA256 | a4513c294a1acbe243fe5184e302e0dd8558478062a5481df595d15d7dda3d4b |
| SHA512 | 87630c59b38922d24a1ccbf8055114026f56958c27aa4d0137e15a2b69a47e6812b19154359baa52df2d9cb8a5d1c9ff7e528b711c8c9acf00dab804f9a88987 |
C:\Windows\{0EA57187-6739-42d2-8004-EF6FB02B7047}.exe
| MD5 | d38016a0009479549c422da64ca2c51b |
| SHA1 | 5511152daa718ef7edc6eb9a8b0d859884b08882 |
| SHA256 | 3fa42a319a6f7eede42319fab8b665d14fd11217c8c8643586152360023367ca |
| SHA512 | c30334b6f2ed1039003646b1ab7c0efc53bcd67d573c80559b8b2b7ad6035c2e81917b33dda780a2c13c06f2f02da3dc6702e412af917ec9464bb3d68b1c57d5 |
C:\Windows\{8F1A8211-CB2D-46d0-8205-606DD20B98AB}.exe
| MD5 | 50e573816ea2529de85cd85418066cdf |
| SHA1 | 0eb9f238d2a356ef8befd2c06689ac9a689593ef |
| SHA256 | 07726d1f38cc4dc76a84f7cb363fe3c2cfe792d089a9e5269f1562001200a641 |
| SHA512 | f38c2f45b8a914aea08045cfa3e0a3bfe1cde5b81458f450e455956f556a1a135dd880becc0ddd45aaba27c1b3cdc49a5a3e2b6f632f861763c4bb541a4c5992 |
C:\Windows\{17EF85B4-B614-4183-A33C-B257F6D23A79}.exe
| MD5 | ab338f97a78d0e5eda9720974df5b592 |
| SHA1 | 3396f2e34849e0cf74f6a6475755682a2121546d |
| SHA256 | c8bb8085359325d175c66e6fbe87a14eb1e0a0876e11e5d5953b1a5872fd30ed |
| SHA512 | bda8ef07d9a2412127e35a324c37fed4f574e9f17aa5b55f2d22a50c4a1b844d735bf2027e90b5e8f1a0c5faceda96405dc0f0564b885ac2b24109e5693495e0 |
C:\Windows\{F642A5B2-D0EE-4922-880F-4DC1F724371B}.exe
| MD5 | c5198cf96ecc67c393eb48c1e87cc93a |
| SHA1 | 7ebaf7c956b905bb1db118c2806d8989a963feae |
| SHA256 | 97bcf5772e803fabc2ca718abc68e9f3400ded25f7177334e4457e2cdc60987b |
| SHA512 | 755723950f9b1f48634e2d87f289d028aa68df1155012803fc028b28b45acd36d7771a9f61d75267b6215f4bc8c2d8dabf7c046637f7015609e9245f0d66e648 |