Analysis Overview
SHA256
221c12292934484313a0e4c0616c12ccbc14024efa56c16040e09ac6afd691bd
Threat Level: Known bad
The file 2024-06-13_edeabfd31140c33d942a63a71736a0ba_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Executes dropped EXE
Deletes itself
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 03:00
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 03:00
Reported
2024-06-13 03:03
Platform
win7-20240611-en
Max time kernel
144s
Max time network
118s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E84BE07C-9251-44e6-98A0-08D6FEAFAF59} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_edeabfd31140c33d942a63a71736a0ba_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{18CE29DE-D3A7-433d-B09B-085C158C1DBE} | C:\Windows\{0577196D-E7D3-4c4b-868D-9EABF380F2C4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{732A6029-861B-475e-BBD0-82DC6FCEDFA6} | C:\Windows\{18CE29DE-D3A7-433d-B09B-085C158C1DBE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4C6055DF-DDF3-43c2-9F18-6A504A7E7D6D}\stubpath = "C:\\Windows\\{4C6055DF-DDF3-43c2-9F18-6A504A7E7D6D}.exe" | C:\Windows\{021B75BE-B5DE-4288-827B-8E857E7E62CB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{54A46D2C-671D-45bf-AF42-071A412DD4CE} | C:\Windows\{10A80877-979A-44be-A9C4-20E7D07E84F7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1424957B-5154-42e0-BD48-7A29B1757BED} | C:\Windows\{54A46D2C-671D-45bf-AF42-071A412DD4CE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FC0348BE-AC5F-40cb-9F5F-074D74B9EB12} | C:\Windows\{E84BE07C-9251-44e6-98A0-08D6FEAFAF59}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{732A6029-861B-475e-BBD0-82DC6FCEDFA6}\stubpath = "C:\\Windows\\{732A6029-861B-475e-BBD0-82DC6FCEDFA6}.exe" | C:\Windows\{18CE29DE-D3A7-433d-B09B-085C158C1DBE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B569AFBB-1637-4c97-AE30-0C25D98720C6}\stubpath = "C:\\Windows\\{B569AFBB-1637-4c97-AE30-0C25D98720C6}.exe" | C:\Windows\{732A6029-861B-475e-BBD0-82DC6FCEDFA6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{54A46D2C-671D-45bf-AF42-071A412DD4CE}\stubpath = "C:\\Windows\\{54A46D2C-671D-45bf-AF42-071A412DD4CE}.exe" | C:\Windows\{10A80877-979A-44be-A9C4-20E7D07E84F7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{10A80877-979A-44be-A9C4-20E7D07E84F7}\stubpath = "C:\\Windows\\{10A80877-979A-44be-A9C4-20E7D07E84F7}.exe" | C:\Windows\{4C6055DF-DDF3-43c2-9F18-6A504A7E7D6D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FC0348BE-AC5F-40cb-9F5F-074D74B9EB12}\stubpath = "C:\\Windows\\{FC0348BE-AC5F-40cb-9F5F-074D74B9EB12}.exe" | C:\Windows\{E84BE07C-9251-44e6-98A0-08D6FEAFAF59}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B569AFBB-1637-4c97-AE30-0C25D98720C6} | C:\Windows\{732A6029-861B-475e-BBD0-82DC6FCEDFA6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{021B75BE-B5DE-4288-827B-8E857E7E62CB} | C:\Windows\{B569AFBB-1637-4c97-AE30-0C25D98720C6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{021B75BE-B5DE-4288-827B-8E857E7E62CB}\stubpath = "C:\\Windows\\{021B75BE-B5DE-4288-827B-8E857E7E62CB}.exe" | C:\Windows\{B569AFBB-1637-4c97-AE30-0C25D98720C6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4C6055DF-DDF3-43c2-9F18-6A504A7E7D6D} | C:\Windows\{021B75BE-B5DE-4288-827B-8E857E7E62CB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{10A80877-979A-44be-A9C4-20E7D07E84F7} | C:\Windows\{4C6055DF-DDF3-43c2-9F18-6A504A7E7D6D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E84BE07C-9251-44e6-98A0-08D6FEAFAF59}\stubpath = "C:\\Windows\\{E84BE07C-9251-44e6-98A0-08D6FEAFAF59}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_edeabfd31140c33d942a63a71736a0ba_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0577196D-E7D3-4c4b-868D-9EABF380F2C4} | C:\Windows\{FC0348BE-AC5F-40cb-9F5F-074D74B9EB12}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0577196D-E7D3-4c4b-868D-9EABF380F2C4}\stubpath = "C:\\Windows\\{0577196D-E7D3-4c4b-868D-9EABF380F2C4}.exe" | C:\Windows\{FC0348BE-AC5F-40cb-9F5F-074D74B9EB12}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{18CE29DE-D3A7-433d-B09B-085C158C1DBE}\stubpath = "C:\\Windows\\{18CE29DE-D3A7-433d-B09B-085C158C1DBE}.exe" | C:\Windows\{0577196D-E7D3-4c4b-868D-9EABF380F2C4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1424957B-5154-42e0-BD48-7A29B1757BED}\stubpath = "C:\\Windows\\{1424957B-5154-42e0-BD48-7A29B1757BED}.exe" | C:\Windows\{54A46D2C-671D-45bf-AF42-071A412DD4CE}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{E84BE07C-9251-44e6-98A0-08D6FEAFAF59}.exe | N/A |
| N/A | N/A | C:\Windows\{FC0348BE-AC5F-40cb-9F5F-074D74B9EB12}.exe | N/A |
| N/A | N/A | C:\Windows\{0577196D-E7D3-4c4b-868D-9EABF380F2C4}.exe | N/A |
| N/A | N/A | C:\Windows\{18CE29DE-D3A7-433d-B09B-085C158C1DBE}.exe | N/A |
| N/A | N/A | C:\Windows\{732A6029-861B-475e-BBD0-82DC6FCEDFA6}.exe | N/A |
| N/A | N/A | C:\Windows\{B569AFBB-1637-4c97-AE30-0C25D98720C6}.exe | N/A |
| N/A | N/A | C:\Windows\{021B75BE-B5DE-4288-827B-8E857E7E62CB}.exe | N/A |
| N/A | N/A | C:\Windows\{4C6055DF-DDF3-43c2-9F18-6A504A7E7D6D}.exe | N/A |
| N/A | N/A | C:\Windows\{10A80877-979A-44be-A9C4-20E7D07E84F7}.exe | N/A |
| N/A | N/A | C:\Windows\{54A46D2C-671D-45bf-AF42-071A412DD4CE}.exe | N/A |
| N/A | N/A | C:\Windows\{1424957B-5154-42e0-BD48-7A29B1757BED}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{54A46D2C-671D-45bf-AF42-071A412DD4CE}.exe | C:\Windows\{10A80877-979A-44be-A9C4-20E7D07E84F7}.exe | N/A |
| File created | C:\Windows\{18CE29DE-D3A7-433d-B09B-085C158C1DBE}.exe | C:\Windows\{0577196D-E7D3-4c4b-868D-9EABF380F2C4}.exe | N/A |
| File created | C:\Windows\{732A6029-861B-475e-BBD0-82DC6FCEDFA6}.exe | C:\Windows\{18CE29DE-D3A7-433d-B09B-085C158C1DBE}.exe | N/A |
| File created | C:\Windows\{021B75BE-B5DE-4288-827B-8E857E7E62CB}.exe | C:\Windows\{B569AFBB-1637-4c97-AE30-0C25D98720C6}.exe | N/A |
| File created | C:\Windows\{4C6055DF-DDF3-43c2-9F18-6A504A7E7D6D}.exe | C:\Windows\{021B75BE-B5DE-4288-827B-8E857E7E62CB}.exe | N/A |
| File created | C:\Windows\{10A80877-979A-44be-A9C4-20E7D07E84F7}.exe | C:\Windows\{4C6055DF-DDF3-43c2-9F18-6A504A7E7D6D}.exe | N/A |
| File created | C:\Windows\{E84BE07C-9251-44e6-98A0-08D6FEAFAF59}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_edeabfd31140c33d942a63a71736a0ba_goldeneye.exe | N/A |
| File created | C:\Windows\{FC0348BE-AC5F-40cb-9F5F-074D74B9EB12}.exe | C:\Windows\{E84BE07C-9251-44e6-98A0-08D6FEAFAF59}.exe | N/A |
| File created | C:\Windows\{0577196D-E7D3-4c4b-868D-9EABF380F2C4}.exe | C:\Windows\{FC0348BE-AC5F-40cb-9F5F-074D74B9EB12}.exe | N/A |
| File created | C:\Windows\{B569AFBB-1637-4c97-AE30-0C25D98720C6}.exe | C:\Windows\{732A6029-861B-475e-BBD0-82DC6FCEDFA6}.exe | N/A |
| File created | C:\Windows\{1424957B-5154-42e0-BD48-7A29B1757BED}.exe | C:\Windows\{54A46D2C-671D-45bf-AF42-071A412DD4CE}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_edeabfd31140c33d942a63a71736a0ba_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_edeabfd31140c33d942a63a71736a0ba_goldeneye.exe"
C:\Windows\{E84BE07C-9251-44e6-98A0-08D6FEAFAF59}.exe
C:\Windows\{E84BE07C-9251-44e6-98A0-08D6FEAFAF59}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{FC0348BE-AC5F-40cb-9F5F-074D74B9EB12}.exe
C:\Windows\{FC0348BE-AC5F-40cb-9F5F-074D74B9EB12}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E84BE~1.EXE > nul
C:\Windows\{0577196D-E7D3-4c4b-868D-9EABF380F2C4}.exe
C:\Windows\{0577196D-E7D3-4c4b-868D-9EABF380F2C4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FC034~1.EXE > nul
C:\Windows\{18CE29DE-D3A7-433d-B09B-085C158C1DBE}.exe
C:\Windows\{18CE29DE-D3A7-433d-B09B-085C158C1DBE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{05771~1.EXE > nul
C:\Windows\{732A6029-861B-475e-BBD0-82DC6FCEDFA6}.exe
C:\Windows\{732A6029-861B-475e-BBD0-82DC6FCEDFA6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{18CE2~1.EXE > nul
C:\Windows\{B569AFBB-1637-4c97-AE30-0C25D98720C6}.exe
C:\Windows\{B569AFBB-1637-4c97-AE30-0C25D98720C6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{732A6~1.EXE > nul
C:\Windows\{021B75BE-B5DE-4288-827B-8E857E7E62CB}.exe
C:\Windows\{021B75BE-B5DE-4288-827B-8E857E7E62CB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B569A~1.EXE > nul
C:\Windows\{4C6055DF-DDF3-43c2-9F18-6A504A7E7D6D}.exe
C:\Windows\{4C6055DF-DDF3-43c2-9F18-6A504A7E7D6D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{021B7~1.EXE > nul
C:\Windows\{10A80877-979A-44be-A9C4-20E7D07E84F7}.exe
C:\Windows\{10A80877-979A-44be-A9C4-20E7D07E84F7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4C605~1.EXE > nul
C:\Windows\{54A46D2C-671D-45bf-AF42-071A412DD4CE}.exe
C:\Windows\{54A46D2C-671D-45bf-AF42-071A412DD4CE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{10A80~1.EXE > nul
C:\Windows\{1424957B-5154-42e0-BD48-7A29B1757BED}.exe
C:\Windows\{1424957B-5154-42e0-BD48-7A29B1757BED}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{54A46~1.EXE > nul
Network
Files
C:\Windows\{E84BE07C-9251-44e6-98A0-08D6FEAFAF59}.exe
| MD5 | 2af67cf8dcc286e674b6633c225145f6 |
| SHA1 | 6c922ee184c886a6af3a9135cc23d25ac6921d20 |
| SHA256 | 19b05217bbd952a3c1216c7f04ba1de0fefb76c8e51626bc4f55f282a2101b9a |
| SHA512 | c5a534243a2860564d710d8b5408cf6f62a85b8fb698485f0cdfba30a4d1f3ef8e313e2c6a1b2264fc345bed29c213e9821c3121666919001f3b594963431618 |
C:\Windows\{FC0348BE-AC5F-40cb-9F5F-074D74B9EB12}.exe
| MD5 | 5168f3dfac6591e5ac5104954f0ead33 |
| SHA1 | 8ebd8c329b418d0e662dee801e8c9dda8e9fec61 |
| SHA256 | f2ee66a842a5bda712bef4fa19be4d2b87a4981102e20adb62db17a831a0c7a3 |
| SHA512 | 47f80426ea144548b969a4cafc9d94156105a6c00f16011efb320351d3cf9431243ef6f70aac07095adc5b6ca50349d0777d37c04a4ac7178a6269368d6182a2 |
C:\Windows\{0577196D-E7D3-4c4b-868D-9EABF380F2C4}.exe
| MD5 | d1b16a49d383ecdb38794b55f1f04ec6 |
| SHA1 | ba9542ec857e8f4e90727e6002314981b04c2008 |
| SHA256 | 4cd3b2389d43ebe0b9478cd99d2a121f4ca0c793c8a6d6ec0aff7a5683f1e4c9 |
| SHA512 | 616dbe3c9187a97574af7a6ab90ceeaa7a75a82487a2cdd9e759288ae5432472bec9f14ad164bb6b8f9a070589dfcd0d67810e8a6d603175ac93a9cea9535757 |
C:\Windows\{18CE29DE-D3A7-433d-B09B-085C158C1DBE}.exe
| MD5 | 95d1f160e0ebc996740ec113cda9780f |
| SHA1 | 8e194a6f7c3da8ba0ec0c636e37574c193ad59af |
| SHA256 | 44b55d938fa1d9e20d4a1e1f685f050d8ffa50f7e1292bafe8d5796e13389689 |
| SHA512 | f120006ec836f9ba73e1705cb64117a3fba02c7e0039f5a0440159cffc16e57b60f98c8050f1b890cd3ae22ff61a9db42c7ff01eb787da2e63d124422b590cfe |
C:\Windows\{732A6029-861B-475e-BBD0-82DC6FCEDFA6}.exe
| MD5 | 1f75849d4d0ea6cc41641ed20f26f1b5 |
| SHA1 | 418b6fe1a799944f3d3bd462948cf3cc827ca50d |
| SHA256 | 1f37e1a12a6f6f38d45cb5c427ef79c7d1a404f61e644b77c00541c2c88c79c5 |
| SHA512 | dae11913e7fe681b9b541b2de34bb29b12617e763e1ac0130eb94f1c1ff68c5212079d43ecab00d7f5e6f0ebdf279fcfdc3c20ba0119f198589592cff0498b37 |
C:\Windows\{B569AFBB-1637-4c97-AE30-0C25D98720C6}.exe
| MD5 | 8b53d737785e1cfaad08805d7791bb57 |
| SHA1 | 24ddb7cbf0bbbbefd62d2db71e2bebd62191150f |
| SHA256 | b26aed4d8c8f23793947712c72fda4d95db3ae886b6faca21bb817f296acfcac |
| SHA512 | add484c2a5587e4b1baa8a7fe024dff4e925fbc5d99373f8b8370c052df0900615d3d06aa63571a9ff198fca61f72b57fb687c6ad81e123c1059e7c9cab39b2e |
C:\Windows\{021B75BE-B5DE-4288-827B-8E857E7E62CB}.exe
| MD5 | 7abd8b89c175d51f8622c89b0d4e06a7 |
| SHA1 | 18650d7d82b7b0d421baae7b0f55dc1dcfaae1f7 |
| SHA256 | 6173f1e94c1fafa26ca09edeee5a5a17d9f6415164809c09afb04664894d6461 |
| SHA512 | bcae5da6052da05d762b498e91bed1e2d1af4ebdf08b8c5559d7adc7282f4902e42be6ef1aba8890d54f68097be46e7714ffcff5eb8ad86deb1728ddf32edc96 |
C:\Windows\{4C6055DF-DDF3-43c2-9F18-6A504A7E7D6D}.exe
| MD5 | c47cece0fa1bd4fd1ab888b260f98e23 |
| SHA1 | 703955ca0e5e2fa4ea64bd2fe0dfdb8ef6f1eb5c |
| SHA256 | 053811e3446190cc0b26a0a1a3d7e49f508e1196c468d211aa7c177d59c5eed2 |
| SHA512 | ddd2777f5ef7d9ef5e590656f4d4711e17666f7ed5d371c257cb37c5fe9bf602c9daa3f4c3a0fdd0ca7bd24fcc994eaa0d801c04b89b33c17006f956b33d5515 |
C:\Windows\{10A80877-979A-44be-A9C4-20E7D07E84F7}.exe
| MD5 | b67c0d16b567e394cdcd80287ca2be88 |
| SHA1 | 9573e6c8424c51a2c66d4fb9fc56ff3f141c9de4 |
| SHA256 | 8b96c27cc7755da53094196d4e222abe15f6ff99ffe5fff673a95f3bf69bb99b |
| SHA512 | fdf6bc2fdb79c2fe85644a45d47e408718cc591a93126d9caeab2290b7265432ef80f1bf8a478cc8c92d88339aff05ccc06cd4bf7d313f9f910ae04da3e8dde0 |
C:\Windows\{54A46D2C-671D-45bf-AF42-071A412DD4CE}.exe
| MD5 | 551d50abce04d20efa3682e8ff63873a |
| SHA1 | 0a1d666c6172a05ccdecb3e4b25875976db6b8da |
| SHA256 | 33624346847f76aaba1691c12dbfeb963a59f302e09581e121fda094f1aa3628 |
| SHA512 | fa796f316b65cb7e176bcc34ffe5497245297d138597482f8fd40580df01333184c6aea3f88f19cddb922b3d5f0f3ec233aedbcf756565a0b48bb49b65c1aeaa |
C:\Windows\{1424957B-5154-42e0-BD48-7A29B1757BED}.exe
| MD5 | d0459b4a24f56fc3a61150414ae20a4e |
| SHA1 | dd04bc0655e5eaed3bf0f90cdfbf5b1d572a82f6 |
| SHA256 | d9539e5ab5f53905532ef289246b755e31dd356f338fe42fe4b656c441ee9fe3 |
| SHA512 | dfac11b9c44da6cfe6137df0b2c3ab9daa60568d68820746118910974be22553121f001e92ddc92a1ac40489838700a3f0a6879bd2a6d77ad4b75aea622d3921 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 03:00
Reported
2024-06-13 03:03
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C2DFF365-0B72-4495-AF96-F93A649BE0A5}\stubpath = "C:\\Windows\\{C2DFF365-0B72-4495-AF96-F93A649BE0A5}.exe" | C:\Windows\{04C66282-699B-4e00-A7F0-CAF7BAA4336B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A8CE8E06-1004-46d4-A975-75B0639353C7} | C:\Windows\{C2DFF365-0B72-4495-AF96-F93A649BE0A5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A8CE8E06-1004-46d4-A975-75B0639353C7}\stubpath = "C:\\Windows\\{A8CE8E06-1004-46d4-A975-75B0639353C7}.exe" | C:\Windows\{C2DFF365-0B72-4495-AF96-F93A649BE0A5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D0857784-0EC5-4851-BFDB-CC58168FE398} | C:\Windows\{3B97C427-4A47-4864-BE59-ABF6DC25100D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D0857784-0EC5-4851-BFDB-CC58168FE398}\stubpath = "C:\\Windows\\{D0857784-0EC5-4851-BFDB-CC58168FE398}.exe" | C:\Windows\{3B97C427-4A47-4864-BE59-ABF6DC25100D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{137379B4-EB61-49df-AA9E-2D6E40463416}\stubpath = "C:\\Windows\\{137379B4-EB61-49df-AA9E-2D6E40463416}.exe" | C:\Windows\{D0857784-0EC5-4851-BFDB-CC58168FE398}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F5E66775-5950-4bc2-94E5-C075A6EE27C5}\stubpath = "C:\\Windows\\{F5E66775-5950-4bc2-94E5-C075A6EE27C5}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-13_edeabfd31140c33d942a63a71736a0ba_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6A0EEEF5-C67D-4b0d-8E5A-C41852BCA2EF} | C:\Windows\{F5E66775-5950-4bc2-94E5-C075A6EE27C5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D5CDAD7E-2314-4b69-92E4-7AA17872A98A}\stubpath = "C:\\Windows\\{D5CDAD7E-2314-4b69-92E4-7AA17872A98A}.exe" | C:\Windows\{2514FC63-5F77-4156-A084-A1559ACC2FB7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3B97C427-4A47-4864-BE59-ABF6DC25100D}\stubpath = "C:\\Windows\\{3B97C427-4A47-4864-BE59-ABF6DC25100D}.exe" | C:\Windows\{A8CE8E06-1004-46d4-A975-75B0639353C7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{27AE91E9-1A26-45ed-A5B6-735E3354EA83} | C:\Windows\{6A0EEEF5-C67D-4b0d-8E5A-C41852BCA2EF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D5CDAD7E-2314-4b69-92E4-7AA17872A98A} | C:\Windows\{2514FC63-5F77-4156-A084-A1559ACC2FB7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{04C66282-699B-4e00-A7F0-CAF7BAA4336B} | C:\Windows\{70200A9A-97C4-442a-86DC-7D663AC0A7CA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3B97C427-4A47-4864-BE59-ABF6DC25100D} | C:\Windows\{A8CE8E06-1004-46d4-A975-75B0639353C7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{137379B4-EB61-49df-AA9E-2D6E40463416} | C:\Windows\{D0857784-0EC5-4851-BFDB-CC58168FE398}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6A0EEEF5-C67D-4b0d-8E5A-C41852BCA2EF}\stubpath = "C:\\Windows\\{6A0EEEF5-C67D-4b0d-8E5A-C41852BCA2EF}.exe" | C:\Windows\{F5E66775-5950-4bc2-94E5-C075A6EE27C5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{70200A9A-97C4-442a-86DC-7D663AC0A7CA}\stubpath = "C:\\Windows\\{70200A9A-97C4-442a-86DC-7D663AC0A7CA}.exe" | C:\Windows\{D5CDAD7E-2314-4b69-92E4-7AA17872A98A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2514FC63-5F77-4156-A084-A1559ACC2FB7} | C:\Windows\{27AE91E9-1A26-45ed-A5B6-735E3354EA83}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2514FC63-5F77-4156-A084-A1559ACC2FB7}\stubpath = "C:\\Windows\\{2514FC63-5F77-4156-A084-A1559ACC2FB7}.exe" | C:\Windows\{27AE91E9-1A26-45ed-A5B6-735E3354EA83}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{70200A9A-97C4-442a-86DC-7D663AC0A7CA} | C:\Windows\{D5CDAD7E-2314-4b69-92E4-7AA17872A98A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{04C66282-699B-4e00-A7F0-CAF7BAA4336B}\stubpath = "C:\\Windows\\{04C66282-699B-4e00-A7F0-CAF7BAA4336B}.exe" | C:\Windows\{70200A9A-97C4-442a-86DC-7D663AC0A7CA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C2DFF365-0B72-4495-AF96-F93A649BE0A5} | C:\Windows\{04C66282-699B-4e00-A7F0-CAF7BAA4336B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F5E66775-5950-4bc2-94E5-C075A6EE27C5} | C:\Users\Admin\AppData\Local\Temp\2024-06-13_edeabfd31140c33d942a63a71736a0ba_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{27AE91E9-1A26-45ed-A5B6-735E3354EA83}\stubpath = "C:\\Windows\\{27AE91E9-1A26-45ed-A5B6-735E3354EA83}.exe" | C:\Windows\{6A0EEEF5-C67D-4b0d-8E5A-C41852BCA2EF}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{F5E66775-5950-4bc2-94E5-C075A6EE27C5}.exe | N/A |
| N/A | N/A | C:\Windows\{6A0EEEF5-C67D-4b0d-8E5A-C41852BCA2EF}.exe | N/A |
| N/A | N/A | C:\Windows\{27AE91E9-1A26-45ed-A5B6-735E3354EA83}.exe | N/A |
| N/A | N/A | C:\Windows\{2514FC63-5F77-4156-A084-A1559ACC2FB7}.exe | N/A |
| N/A | N/A | C:\Windows\{D5CDAD7E-2314-4b69-92E4-7AA17872A98A}.exe | N/A |
| N/A | N/A | C:\Windows\{70200A9A-97C4-442a-86DC-7D663AC0A7CA}.exe | N/A |
| N/A | N/A | C:\Windows\{04C66282-699B-4e00-A7F0-CAF7BAA4336B}.exe | N/A |
| N/A | N/A | C:\Windows\{C2DFF365-0B72-4495-AF96-F93A649BE0A5}.exe | N/A |
| N/A | N/A | C:\Windows\{A8CE8E06-1004-46d4-A975-75B0639353C7}.exe | N/A |
| N/A | N/A | C:\Windows\{3B97C427-4A47-4864-BE59-ABF6DC25100D}.exe | N/A |
| N/A | N/A | C:\Windows\{D0857784-0EC5-4851-BFDB-CC58168FE398}.exe | N/A |
| N/A | N/A | C:\Windows\{137379B4-EB61-49df-AA9E-2D6E40463416}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{2514FC63-5F77-4156-A084-A1559ACC2FB7}.exe | C:\Windows\{27AE91E9-1A26-45ed-A5B6-735E3354EA83}.exe | N/A |
| File created | C:\Windows\{70200A9A-97C4-442a-86DC-7D663AC0A7CA}.exe | C:\Windows\{D5CDAD7E-2314-4b69-92E4-7AA17872A98A}.exe | N/A |
| File created | C:\Windows\{A8CE8E06-1004-46d4-A975-75B0639353C7}.exe | C:\Windows\{C2DFF365-0B72-4495-AF96-F93A649BE0A5}.exe | N/A |
| File created | C:\Windows\{D0857784-0EC5-4851-BFDB-CC58168FE398}.exe | C:\Windows\{3B97C427-4A47-4864-BE59-ABF6DC25100D}.exe | N/A |
| File created | C:\Windows\{137379B4-EB61-49df-AA9E-2D6E40463416}.exe | C:\Windows\{D0857784-0EC5-4851-BFDB-CC58168FE398}.exe | N/A |
| File created | C:\Windows\{3B97C427-4A47-4864-BE59-ABF6DC25100D}.exe | C:\Windows\{A8CE8E06-1004-46d4-A975-75B0639353C7}.exe | N/A |
| File created | C:\Windows\{F5E66775-5950-4bc2-94E5-C075A6EE27C5}.exe | C:\Users\Admin\AppData\Local\Temp\2024-06-13_edeabfd31140c33d942a63a71736a0ba_goldeneye.exe | N/A |
| File created | C:\Windows\{6A0EEEF5-C67D-4b0d-8E5A-C41852BCA2EF}.exe | C:\Windows\{F5E66775-5950-4bc2-94E5-C075A6EE27C5}.exe | N/A |
| File created | C:\Windows\{27AE91E9-1A26-45ed-A5B6-735E3354EA83}.exe | C:\Windows\{6A0EEEF5-C67D-4b0d-8E5A-C41852BCA2EF}.exe | N/A |
| File created | C:\Windows\{D5CDAD7E-2314-4b69-92E4-7AA17872A98A}.exe | C:\Windows\{2514FC63-5F77-4156-A084-A1559ACC2FB7}.exe | N/A |
| File created | C:\Windows\{04C66282-699B-4e00-A7F0-CAF7BAA4336B}.exe | C:\Windows\{70200A9A-97C4-442a-86DC-7D663AC0A7CA}.exe | N/A |
| File created | C:\Windows\{C2DFF365-0B72-4495-AF96-F93A649BE0A5}.exe | C:\Windows\{04C66282-699B-4e00-A7F0-CAF7BAA4336B}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-13_edeabfd31140c33d942a63a71736a0ba_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-13_edeabfd31140c33d942a63a71736a0ba_goldeneye.exe"
C:\Windows\{F5E66775-5950-4bc2-94E5-C075A6EE27C5}.exe
C:\Windows\{F5E66775-5950-4bc2-94E5-C075A6EE27C5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{6A0EEEF5-C67D-4b0d-8E5A-C41852BCA2EF}.exe
C:\Windows\{6A0EEEF5-C67D-4b0d-8E5A-C41852BCA2EF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F5E66~1.EXE > nul
C:\Windows\{27AE91E9-1A26-45ed-A5B6-735E3354EA83}.exe
C:\Windows\{27AE91E9-1A26-45ed-A5B6-735E3354EA83}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6A0EE~1.EXE > nul
C:\Windows\{2514FC63-5F77-4156-A084-A1559ACC2FB7}.exe
C:\Windows\{2514FC63-5F77-4156-A084-A1559ACC2FB7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{27AE9~1.EXE > nul
C:\Windows\{D5CDAD7E-2314-4b69-92E4-7AA17872A98A}.exe
C:\Windows\{D5CDAD7E-2314-4b69-92E4-7AA17872A98A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2514F~1.EXE > nul
C:\Windows\{70200A9A-97C4-442a-86DC-7D663AC0A7CA}.exe
C:\Windows\{70200A9A-97C4-442a-86DC-7D663AC0A7CA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D5CDA~1.EXE > nul
C:\Windows\{04C66282-699B-4e00-A7F0-CAF7BAA4336B}.exe
C:\Windows\{04C66282-699B-4e00-A7F0-CAF7BAA4336B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{70200~1.EXE > nul
C:\Windows\{C2DFF365-0B72-4495-AF96-F93A649BE0A5}.exe
C:\Windows\{C2DFF365-0B72-4495-AF96-F93A649BE0A5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{04C66~1.EXE > nul
C:\Windows\{A8CE8E06-1004-46d4-A975-75B0639353C7}.exe
C:\Windows\{A8CE8E06-1004-46d4-A975-75B0639353C7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C2DFF~1.EXE > nul
C:\Windows\{3B97C427-4A47-4864-BE59-ABF6DC25100D}.exe
C:\Windows\{3B97C427-4A47-4864-BE59-ABF6DC25100D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A8CE8~1.EXE > nul
C:\Windows\{D0857784-0EC5-4851-BFDB-CC58168FE398}.exe
C:\Windows\{D0857784-0EC5-4851-BFDB-CC58168FE398}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3B97C~1.EXE > nul
C:\Windows\{137379B4-EB61-49df-AA9E-2D6E40463416}.exe
C:\Windows\{137379B4-EB61-49df-AA9E-2D6E40463416}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D0857~1.EXE > nul
Network
Files
C:\Windows\{F5E66775-5950-4bc2-94E5-C075A6EE27C5}.exe
| MD5 | 0ddfb91ddca13c9ef0e5224af8316d7a |
| SHA1 | 53d6a3dbd638b616496db17f8b456256d149315c |
| SHA256 | 1c4f9be1eb06a3a6b641110418924e9b5668a52fea5de4da91b8016f46694941 |
| SHA512 | cb53c5ee2cc026250ff784bf148d3e280fee96c8a3149ba4b52594bef65de78511ebdb998bc1a6de122574e979e25c83f2cb7952117df3bbe32e98936ad3f3f7 |
C:\Windows\{6A0EEEF5-C67D-4b0d-8E5A-C41852BCA2EF}.exe
| MD5 | fe4ff994635b4bc07ffbfa318ed1435c |
| SHA1 | fb2b1abb483224334b41c0451a8f96bda8281216 |
| SHA256 | 7c8f66253d6b112fe2f9ba1f20c5234d8046761d1e67946a9334fdd8dcd8cd89 |
| SHA512 | 497b7bf47397431ee3416ceb485155945d28b18d908cb1243c6bbcf86fd0f870e97819f6035aad4959a40af4fc111f58f4ef3e52994952d216df7336c55fe0a8 |
C:\Windows\{27AE91E9-1A26-45ed-A5B6-735E3354EA83}.exe
| MD5 | 0ea383cdc6123b1bd8b8a5ae92272eb0 |
| SHA1 | 1b838b7ae07676793d008ce9d2a50cc674ffd7b5 |
| SHA256 | f5ef76f1f4f6a64fc5afeb5c5825ce33abe15c18d9b6ee5a6bd3c6037bd40e90 |
| SHA512 | ccc4d5fb53afe7ae31478c95f742a8d0f901951b536f8ecd0d79d4613d9a1f6f2fe65f9dd0bd64a4531815bff6a86c3453aa7924e847bff91acc2a18ec3b947a |
C:\Windows\{2514FC63-5F77-4156-A084-A1559ACC2FB7}.exe
| MD5 | c05ac78d0cf4cf10ae61d876cb3854c5 |
| SHA1 | b2d1dd672390ac58c63d844a70d34ab7d8c007a8 |
| SHA256 | dbbad7752d3c5e4cfe6df47384d563a9a91d67580acef4fbd07b3ddc651da74c |
| SHA512 | c1fc09e8d5822491957129ef45365a070056c50e6131a7068bc91b9d0720293502541a57d39512379d6466d9d56d3b053b42639c9d396f0576e41043a6a8926c |
C:\Windows\{D5CDAD7E-2314-4b69-92E4-7AA17872A98A}.exe
| MD5 | e9e57dc36145b14f490cca8af42a63ae |
| SHA1 | e7abb19f4d58bb55183eb2ad2dd471b771d55147 |
| SHA256 | 44ebd6e60216fafa267c90259ee54c86381b73828a32db3b701203acb372a9ee |
| SHA512 | bffc3fb8135f2cb452a3433dcb68cc9efcc142b3554ffe114ab2396a325093890dc500555c25ab5271cade5fdb09d89fac78935d766ba4aa20cb5f5ae516b55c |
C:\Windows\{70200A9A-97C4-442a-86DC-7D663AC0A7CA}.exe
| MD5 | fe11fec6eae5b140ca4efdf2bfb25dd5 |
| SHA1 | 1e32cda11847a8e19dc0366f93cc0ecc79c1d846 |
| SHA256 | 1eeca0ef8bb1904278a92a76f81f7588b006f513a69c6304e744648eee191e9f |
| SHA512 | 660f7b045df195feaec68cd417fc579463c207852b490604b16d093ca1293c76f17c323d0dbc256b7f401a97a0096e231a79f93f6c16219265b2675c5502471c |
C:\Windows\{04C66282-699B-4e00-A7F0-CAF7BAA4336B}.exe
| MD5 | f922f2f4e71a7d4da1abd5e774a9af6c |
| SHA1 | 937b13ddebbb81c8eb00e17866b86fbc378a973a |
| SHA256 | ec9898ae86e6873df8909f86640622cbed7b199c2ce6a492aa790ae23e1c28a8 |
| SHA512 | 53bccf022bc9981915b9ce1742cfa11df484a101417699d3a222c363bcc9da34c805200eeb8984f2921daf2e521df60d377fb7013aa16c21811d13ed5c76b465 |
C:\Windows\{C2DFF365-0B72-4495-AF96-F93A649BE0A5}.exe
| MD5 | a5697cdb8f9ab3ad1b7f47a09e0ee7ba |
| SHA1 | 0dbc06a0b984c24b6c8df50df0e55234c5c8ca16 |
| SHA256 | 2ce5a6830277a600a4dcd0e90c5ae597affcd0f0995ba570ad5769bfb06d8c39 |
| SHA512 | 5ef4c74f7fcbe7e96faf6e2fd6959605d9dba1a319a58240806c3ff9656f409eecdec00ac50c92946c3bafc1b2ce16acb03455dcabbff19512d0237e2ca86ef6 |
C:\Windows\{A8CE8E06-1004-46d4-A975-75B0639353C7}.exe
| MD5 | ba87cd364f0109687752102891065433 |
| SHA1 | 6fe9f87f5349179ab4d42a21857ba0daa7eef10f |
| SHA256 | c7aa05ace87df675cb2506ceace48a431432c419af3b17ac1a81a9f0ecf1d362 |
| SHA512 | f994349538aa82db77b3a72f7794ea9484603e6bf891e2b26bec04970ab90796c55d47d0f6bb1780f2ba031ed62c5264f33f48a92ec0366ccecfc88616a980bf |
C:\Windows\{3B97C427-4A47-4864-BE59-ABF6DC25100D}.exe
| MD5 | 7e5666d88946b5abbc07351ce520eefc |
| SHA1 | b015f8b889b2e7126546caaaed35982568cc7ddb |
| SHA256 | 764a4f66d2f4488b22de94064e8562f7550532bcbff900c6035d4193b1219fd8 |
| SHA512 | 5b74bedec795891428a416a4f9bd2ef664b138d369f2130f00c36dfa49c5d50abaefede3ca94e25140cff0a2563999335b3b172bea7c783367b3bcf71449514c |
C:\Windows\{D0857784-0EC5-4851-BFDB-CC58168FE398}.exe
| MD5 | ab350cd3ad75ca419aec1d30ac52cfed |
| SHA1 | 4a5a5de2fb3c717729202be313cd4fb8e5bc1fee |
| SHA256 | d4519a742d689693e5b616886d2e2f20093951ad68e4d46e0cfc956c4248d52c |
| SHA512 | 92bf9abd9aa556d835c4516390a977b010b40c87244c51aab68a7fe3aadf2728b81dc8e148d6397114422fd26aed064d0c23b3d0770040998728dd26eadc3b86 |
C:\Windows\{137379B4-EB61-49df-AA9E-2D6E40463416}.exe
| MD5 | 818af7cfde0e0d404c9d4eec485c9354 |
| SHA1 | 8eff8bf1b7519a70774ea01eb0f5d8c19d5a28be |
| SHA256 | 098a881aa616107aa450b29d6cb2dfe8b734fd52ef4e25923d3b4dd5352a0ce2 |
| SHA512 | 4729656b70a5397971ae327d3822dd2e00c19c5e04ef92d4e2e6b7d7d279658b540b17542996be43ed03d32157d2c47a11fd178ef36327f7ba928eb65318ee44 |