Analysis Overview
SHA256
2489e2760ad547f24841cca1879a74d5d47ca8083c53eb86fa73977edcfefd5e
Threat Level: Known bad
The file 2024-04-04_e4d2a0c0c33dc92bb5245ec3f744cdbf_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-04 17:48
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-04 17:48
Reported
2024-04-04 17:51
Platform
win7-20240221-en
Max time kernel
144s
Max time network
122s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FC3A41B7-1E8A-4edb-A255-7E9BFEFAE188} | C:\Windows\{46FE61F9-BE5B-42ec-87C6-BC826C813E0D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D44FE8BB-A758-4604-8038-D6BBB468095E} | C:\Windows\{FC3A41B7-1E8A-4edb-A255-7E9BFEFAE188}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D44FE8BB-A758-4604-8038-D6BBB468095E}\stubpath = "C:\\Windows\\{D44FE8BB-A758-4604-8038-D6BBB468095E}.exe" | C:\Windows\{FC3A41B7-1E8A-4edb-A255-7E9BFEFAE188}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F17DABB7-D65C-43bd-8AB2-02A0F3F3E1A5} | C:\Windows\{8F86B980-6168-4005-A647-C532A5A89090}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{57BD6B94-B07B-4e8a-A6A2-D410A87C538A} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_e4d2a0c0c33dc92bb5245ec3f744cdbf_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{57BD6B94-B07B-4e8a-A6A2-D410A87C538A}\stubpath = "C:\\Windows\\{57BD6B94-B07B-4e8a-A6A2-D410A87C538A}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_e4d2a0c0c33dc92bb5245ec3f744cdbf_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{065356A9-054A-438d-801D-7B8D233D20D9} | C:\Windows\{57BD6B94-B07B-4e8a-A6A2-D410A87C538A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{49C002CB-84F6-43c4-8669-828973402A04}\stubpath = "C:\\Windows\\{49C002CB-84F6-43c4-8669-828973402A04}.exe" | C:\Windows\{065356A9-054A-438d-801D-7B8D233D20D9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F17DABB7-D65C-43bd-8AB2-02A0F3F3E1A5}\stubpath = "C:\\Windows\\{F17DABB7-D65C-43bd-8AB2-02A0F3F3E1A5}.exe" | C:\Windows\{8F86B980-6168-4005-A647-C532A5A89090}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2D944D92-7366-45a6-B6D3-6D370FEBA9F4} | C:\Windows\{F17DABB7-D65C-43bd-8AB2-02A0F3F3E1A5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E6B8E691-3B63-47e8-8344-4A35FE4BE585} | C:\Windows\{2D944D92-7366-45a6-B6D3-6D370FEBA9F4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8F86B980-6168-4005-A647-C532A5A89090} | C:\Windows\{12D49ADD-D329-401d-94D9-C0437798EB4E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{49C002CB-84F6-43c4-8669-828973402A04} | C:\Windows\{065356A9-054A-438d-801D-7B8D233D20D9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{46FE61F9-BE5B-42ec-87C6-BC826C813E0D}\stubpath = "C:\\Windows\\{46FE61F9-BE5B-42ec-87C6-BC826C813E0D}.exe" | C:\Windows\{49C002CB-84F6-43c4-8669-828973402A04}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FC3A41B7-1E8A-4edb-A255-7E9BFEFAE188}\stubpath = "C:\\Windows\\{FC3A41B7-1E8A-4edb-A255-7E9BFEFAE188}.exe" | C:\Windows\{46FE61F9-BE5B-42ec-87C6-BC826C813E0D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{12D49ADD-D329-401d-94D9-C0437798EB4E}\stubpath = "C:\\Windows\\{12D49ADD-D329-401d-94D9-C0437798EB4E}.exe" | C:\Windows\{D44FE8BB-A758-4604-8038-D6BBB468095E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{12D49ADD-D329-401d-94D9-C0437798EB4E} | C:\Windows\{D44FE8BB-A758-4604-8038-D6BBB468095E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E6B8E691-3B63-47e8-8344-4A35FE4BE585}\stubpath = "C:\\Windows\\{E6B8E691-3B63-47e8-8344-4A35FE4BE585}.exe" | C:\Windows\{2D944D92-7366-45a6-B6D3-6D370FEBA9F4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{065356A9-054A-438d-801D-7B8D233D20D9}\stubpath = "C:\\Windows\\{065356A9-054A-438d-801D-7B8D233D20D9}.exe" | C:\Windows\{57BD6B94-B07B-4e8a-A6A2-D410A87C538A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{46FE61F9-BE5B-42ec-87C6-BC826C813E0D} | C:\Windows\{49C002CB-84F6-43c4-8669-828973402A04}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8F86B980-6168-4005-A647-C532A5A89090}\stubpath = "C:\\Windows\\{8F86B980-6168-4005-A647-C532A5A89090}.exe" | C:\Windows\{12D49ADD-D329-401d-94D9-C0437798EB4E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2D944D92-7366-45a6-B6D3-6D370FEBA9F4}\stubpath = "C:\\Windows\\{2D944D92-7366-45a6-B6D3-6D370FEBA9F4}.exe" | C:\Windows\{F17DABB7-D65C-43bd-8AB2-02A0F3F3E1A5}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{57BD6B94-B07B-4e8a-A6A2-D410A87C538A}.exe | N/A |
| N/A | N/A | C:\Windows\{065356A9-054A-438d-801D-7B8D233D20D9}.exe | N/A |
| N/A | N/A | C:\Windows\{49C002CB-84F6-43c4-8669-828973402A04}.exe | N/A |
| N/A | N/A | C:\Windows\{46FE61F9-BE5B-42ec-87C6-BC826C813E0D}.exe | N/A |
| N/A | N/A | C:\Windows\{FC3A41B7-1E8A-4edb-A255-7E9BFEFAE188}.exe | N/A |
| N/A | N/A | C:\Windows\{D44FE8BB-A758-4604-8038-D6BBB468095E}.exe | N/A |
| N/A | N/A | C:\Windows\{12D49ADD-D329-401d-94D9-C0437798EB4E}.exe | N/A |
| N/A | N/A | C:\Windows\{8F86B980-6168-4005-A647-C532A5A89090}.exe | N/A |
| N/A | N/A | C:\Windows\{F17DABB7-D65C-43bd-8AB2-02A0F3F3E1A5}.exe | N/A |
| N/A | N/A | C:\Windows\{2D944D92-7366-45a6-B6D3-6D370FEBA9F4}.exe | N/A |
| N/A | N/A | C:\Windows\{E6B8E691-3B63-47e8-8344-4A35FE4BE585}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{49C002CB-84F6-43c4-8669-828973402A04}.exe | C:\Windows\{065356A9-054A-438d-801D-7B8D233D20D9}.exe | N/A |
| File created | C:\Windows\{46FE61F9-BE5B-42ec-87C6-BC826C813E0D}.exe | C:\Windows\{49C002CB-84F6-43c4-8669-828973402A04}.exe | N/A |
| File created | C:\Windows\{FC3A41B7-1E8A-4edb-A255-7E9BFEFAE188}.exe | C:\Windows\{46FE61F9-BE5B-42ec-87C6-BC826C813E0D}.exe | N/A |
| File created | C:\Windows\{E6B8E691-3B63-47e8-8344-4A35FE4BE585}.exe | C:\Windows\{2D944D92-7366-45a6-B6D3-6D370FEBA9F4}.exe | N/A |
| File created | C:\Windows\{8F86B980-6168-4005-A647-C532A5A89090}.exe | C:\Windows\{12D49ADD-D329-401d-94D9-C0437798EB4E}.exe | N/A |
| File created | C:\Windows\{F17DABB7-D65C-43bd-8AB2-02A0F3F3E1A5}.exe | C:\Windows\{8F86B980-6168-4005-A647-C532A5A89090}.exe | N/A |
| File created | C:\Windows\{2D944D92-7366-45a6-B6D3-6D370FEBA9F4}.exe | C:\Windows\{F17DABB7-D65C-43bd-8AB2-02A0F3F3E1A5}.exe | N/A |
| File created | C:\Windows\{57BD6B94-B07B-4e8a-A6A2-D410A87C538A}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_e4d2a0c0c33dc92bb5245ec3f744cdbf_goldeneye.exe | N/A |
| File created | C:\Windows\{065356A9-054A-438d-801D-7B8D233D20D9}.exe | C:\Windows\{57BD6B94-B07B-4e8a-A6A2-D410A87C538A}.exe | N/A |
| File created | C:\Windows\{D44FE8BB-A758-4604-8038-D6BBB468095E}.exe | C:\Windows\{FC3A41B7-1E8A-4edb-A255-7E9BFEFAE188}.exe | N/A |
| File created | C:\Windows\{12D49ADD-D329-401d-94D9-C0437798EB4E}.exe | C:\Windows\{D44FE8BB-A758-4604-8038-D6BBB468095E}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_e4d2a0c0c33dc92bb5245ec3f744cdbf_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_e4d2a0c0c33dc92bb5245ec3f744cdbf_goldeneye.exe"
C:\Windows\{57BD6B94-B07B-4e8a-A6A2-D410A87C538A}.exe
C:\Windows\{57BD6B94-B07B-4e8a-A6A2-D410A87C538A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{065356A9-054A-438d-801D-7B8D233D20D9}.exe
C:\Windows\{065356A9-054A-438d-801D-7B8D233D20D9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{57BD6~1.EXE > nul
C:\Windows\{49C002CB-84F6-43c4-8669-828973402A04}.exe
C:\Windows\{49C002CB-84F6-43c4-8669-828973402A04}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{06535~1.EXE > nul
C:\Windows\{46FE61F9-BE5B-42ec-87C6-BC826C813E0D}.exe
C:\Windows\{46FE61F9-BE5B-42ec-87C6-BC826C813E0D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{49C00~1.EXE > nul
C:\Windows\{FC3A41B7-1E8A-4edb-A255-7E9BFEFAE188}.exe
C:\Windows\{FC3A41B7-1E8A-4edb-A255-7E9BFEFAE188}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{46FE6~1.EXE > nul
C:\Windows\{D44FE8BB-A758-4604-8038-D6BBB468095E}.exe
C:\Windows\{D44FE8BB-A758-4604-8038-D6BBB468095E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FC3A4~1.EXE > nul
C:\Windows\{12D49ADD-D329-401d-94D9-C0437798EB4E}.exe
C:\Windows\{12D49ADD-D329-401d-94D9-C0437798EB4E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D44FE~1.EXE > nul
C:\Windows\{8F86B980-6168-4005-A647-C532A5A89090}.exe
C:\Windows\{8F86B980-6168-4005-A647-C532A5A89090}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{12D49~1.EXE > nul
C:\Windows\{F17DABB7-D65C-43bd-8AB2-02A0F3F3E1A5}.exe
C:\Windows\{F17DABB7-D65C-43bd-8AB2-02A0F3F3E1A5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8F86B~1.EXE > nul
C:\Windows\{2D944D92-7366-45a6-B6D3-6D370FEBA9F4}.exe
C:\Windows\{2D944D92-7366-45a6-B6D3-6D370FEBA9F4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F17DA~1.EXE > nul
C:\Windows\{E6B8E691-3B63-47e8-8344-4A35FE4BE585}.exe
C:\Windows\{E6B8E691-3B63-47e8-8344-4A35FE4BE585}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2D944~1.EXE > nul
Network
Files
C:\Windows\{57BD6B94-B07B-4e8a-A6A2-D410A87C538A}.exe
| MD5 | 6e852c4fa2ace9bebd4533daf3aadb57 |
| SHA1 | ffa391f5a432d09cc6836331e3db84b80a67c8b5 |
| SHA256 | cae9787dd5ba28e248110a3af03371647166559a2859efd0803719254b4e6e4b |
| SHA512 | 1d5578b886a4546dc769f41395681e1b09cdf94e4b838bbd76496636603b38993e8fa872c7ba1a294299ad60d83ce9cbf060768fc816e07fafc64166ab0816d7 |
C:\Windows\{065356A9-054A-438d-801D-7B8D233D20D9}.exe
| MD5 | a5339f48a90273eafb444b82bed4b4bc |
| SHA1 | c051789dc287364d02e5978d4f110930018e2f25 |
| SHA256 | 484a85a06de61c7d0c1dd674bcd0963da813c3dc8619aabb1668c8d2657a0d3c |
| SHA512 | 777a3054326ce4f0d1c568c286f91741ebeb78dcc40e3b87b92f16c4aefa215a3b0e816896096bcbcc408a7775b564bf43e98d630cf99562e9671c0491fac8cc |
C:\Windows\{49C002CB-84F6-43c4-8669-828973402A04}.exe
| MD5 | dfb9fb38b971ea131e1274d545f81262 |
| SHA1 | 7092e9d359ad9fbc75cb9cacf9ce35bbe7d4a607 |
| SHA256 | 6537390b09f221c94c23d41a22dcc7ffc73fd988465162e2f8d6c44b51c13714 |
| SHA512 | 42ac191ee6fa14ed25212dd3c483d5274ee88a651dcdb1e43ae2f0d15bbcf8bfb3232539c9e2403d17ab37bbb0468ba10467f79276daffc6c3446d6fe67e3048 |
C:\Windows\{46FE61F9-BE5B-42ec-87C6-BC826C813E0D}.exe
| MD5 | 34d3af00ed115617adb3777f1a63c514 |
| SHA1 | 6d14004255c37b1400695bfc403c855f0988084a |
| SHA256 | 72292e8c7af5947f40a1f7514a48eb16eb9f7d9efa85a1ee27c724c5d2ee5776 |
| SHA512 | cbcaf16e7ce90539de8c3b730ea9c8434570066f4c8f50bf8a4593076579096017ead1bd5307f7ebeece5a4a2cd133480fc0b7292d6a82ad453e8f80064771bf |
C:\Windows\{FC3A41B7-1E8A-4edb-A255-7E9BFEFAE188}.exe
| MD5 | deb360054d213dd02c5a34c052be5b06 |
| SHA1 | 056461744fb11379f1452f8806ae8181ecb4e6fb |
| SHA256 | af1a7f4dcdba93586bfef6d92ff81143fdea2eb88b822a444837ef454e23deb0 |
| SHA512 | c6afe704a380320576002b2f5808c75710f126baadd7620aacfb349e570f36babcc1d77d6b1f07a753f91a86cc6872fed34bb9e61833b8b34c954f09ec27f94b |
C:\Windows\{D44FE8BB-A758-4604-8038-D6BBB468095E}.exe
| MD5 | 79cbc8085ec66c145b86355054490749 |
| SHA1 | 710b02a2d6eee9bfb729233b12248b9335b48bd9 |
| SHA256 | 44f96db7262e448a514acc5c0d3119f8461111ee5874d428eeb15b4a4432eaa1 |
| SHA512 | df72261494c3573983f55094f8b64f7388d2d4605c6e4e23ac70e8f91f1e43197e999eb45c839efd99ce9911c91693f580e02d01808d607d3685cb9bfc00c345 |
C:\Windows\{12D49ADD-D329-401d-94D9-C0437798EB4E}.exe
| MD5 | 68f6c6db281151d8c97444c65046c35c |
| SHA1 | 2c02aa6c202e4d7444ee466836ea46d2aabf4f3b |
| SHA256 | 16c8a83d2ac18926f491f50ca7651321b7c8b818d1a317f7ac51027c8afce420 |
| SHA512 | d28b4251574cefebd077fe928de134b448479575b1726bd6da106682874c4cf70e4d11c3d5ae402697cda030a54245e0270f5c09dd19173b6ded192b0f244499 |
C:\Windows\{8F86B980-6168-4005-A647-C532A5A89090}.exe
| MD5 | c32086061c8a05518defb7adac317d09 |
| SHA1 | bb1024c9f4b57473454e62de0b46ff522c0a5236 |
| SHA256 | cb901e91ad47f0d8ccc3431a2d35221f71fa277f654a339163060cc3bb55da29 |
| SHA512 | 0aafb626a1ccb96d47c51105228f13e66ec71926f2a62bb4b396f968a6598fa3689450000a2a100e8cc2ba6c01df45a2a68d3d00a6f6feebc0320c522339e78f |
C:\Windows\{F17DABB7-D65C-43bd-8AB2-02A0F3F3E1A5}.exe
| MD5 | eebb8aea957d2cf29eb0e5b71e9bc100 |
| SHA1 | 7a461b535364e4b7f93199901baebb744368378b |
| SHA256 | 1c1396952983bd2815370eafc23d389f2a16844b52749980761532b4ae027dc9 |
| SHA512 | 08eaf6900eddc86836b5ebe8d0321157b28c9a3585163037d3c312df6d94e951c9f5dcee97573db5b888ee70c24fdf02cc1cecca7a6e7e6c0a95229683812a91 |
C:\Windows\{2D944D92-7366-45a6-B6D3-6D370FEBA9F4}.exe
| MD5 | 7abb1ff2c11aa70f8c132333541cc153 |
| SHA1 | 149cc827b1cf9fe911dfc48f4081d89cc70c3ca7 |
| SHA256 | ec77a0cb0e0387072f48aaa202603aa4948ddcf64a290107537b61f9e453f347 |
| SHA512 | 752f358c3566babb0743f7d68229aea5116e3ddd9ec8cbaafe1be4eef07aa1b6dd3526b503f2032bb8c445016c074ea65454f997b1c20374415520f5d35d7078 |
C:\Windows\{E6B8E691-3B63-47e8-8344-4A35FE4BE585}.exe
| MD5 | 4ee820e0a1e61a5b0d333ee8296d1317 |
| SHA1 | 599500b2b53aeaea8caf6608f014f7d710b8ab9d |
| SHA256 | 4710ddbc9c63759debd161feea8f51c4619bbb4dbabd514e1a8b8e23fb44f805 |
| SHA512 | cb3ec96a4951c03ec4746854cacdbfc0387985ad9dbe2a03666ad1fca58bd0fb4ee7ea2a04e0a08c7f70fa82d0d83188c4153f2422a46266f49adfc589b68119 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-04 17:48
Reported
2024-04-04 17:51
Platform
win10v2004-20240226-en
Max time kernel
146s
Max time network
154s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{92B780A9-7AF0-48aa-8192-CD9B28E03B3D} | C:\Windows\{EBD30523-A3BE-49cb-9CF5-6B1CA5874BFD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3BD2F4EF-AA28-43a6-990D-17A1FAA2C762} | C:\Windows\{1D7B2012-539B-4fd6-B920-4609950626F9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{912B9C31-DCBC-40b5-85BE-42289F29373F}\stubpath = "C:\\Windows\\{912B9C31-DCBC-40b5-85BE-42289F29373F}.exe" | C:\Windows\{3BD2F4EF-AA28-43a6-990D-17A1FAA2C762}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{912B9C31-DCBC-40b5-85BE-42289F29373F} | C:\Windows\{3BD2F4EF-AA28-43a6-990D-17A1FAA2C762}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EBD30523-A3BE-49cb-9CF5-6B1CA5874BFD}\stubpath = "C:\\Windows\\{EBD30523-A3BE-49cb-9CF5-6B1CA5874BFD}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-04_e4d2a0c0c33dc92bb5245ec3f744cdbf_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{58C4F985-777B-46a7-B1A5-A98752F5E3D5}\stubpath = "C:\\Windows\\{58C4F985-777B-46a7-B1A5-A98752F5E3D5}.exe" | C:\Windows\{92B780A9-7AF0-48aa-8192-CD9B28E03B3D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E7EA11F5-0AB3-4bc2-99D6-72F6E330DB25} | C:\Windows\{9D3F1BD9-B1D2-4eb2-8F38-98E723724462}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E7EA11F5-0AB3-4bc2-99D6-72F6E330DB25}\stubpath = "C:\\Windows\\{E7EA11F5-0AB3-4bc2-99D6-72F6E330DB25}.exe" | C:\Windows\{9D3F1BD9-B1D2-4eb2-8F38-98E723724462}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{54370453-3C4D-4bb3-9D78-10B68D041334}\stubpath = "C:\\Windows\\{54370453-3C4D-4bb3-9D78-10B68D041334}.exe" | C:\Windows\{E7EA11F5-0AB3-4bc2-99D6-72F6E330DB25}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1D7B2012-539B-4fd6-B920-4609950626F9} | C:\Windows\{54370453-3C4D-4bb3-9D78-10B68D041334}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1D7B2012-539B-4fd6-B920-4609950626F9}\stubpath = "C:\\Windows\\{1D7B2012-539B-4fd6-B920-4609950626F9}.exe" | C:\Windows\{54370453-3C4D-4bb3-9D78-10B68D041334}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EBD30523-A3BE-49cb-9CF5-6B1CA5874BFD} | C:\Users\Admin\AppData\Local\Temp\2024-04-04_e4d2a0c0c33dc92bb5245ec3f744cdbf_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{92B780A9-7AF0-48aa-8192-CD9B28E03B3D}\stubpath = "C:\\Windows\\{92B780A9-7AF0-48aa-8192-CD9B28E03B3D}.exe" | C:\Windows\{EBD30523-A3BE-49cb-9CF5-6B1CA5874BFD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3BD2F4EF-AA28-43a6-990D-17A1FAA2C762}\stubpath = "C:\\Windows\\{3BD2F4EF-AA28-43a6-990D-17A1FAA2C762}.exe" | C:\Windows\{1D7B2012-539B-4fd6-B920-4609950626F9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A3ABDA9E-D244-4092-B6B2-24ECF5C06BF5} | C:\Windows\{912B9C31-DCBC-40b5-85BE-42289F29373F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{080B4434-0C83-440a-AB17-6F320EFB129E} | C:\Windows\{A3ABDA9E-D244-4092-B6B2-24ECF5C06BF5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{080B4434-0C83-440a-AB17-6F320EFB129E}\stubpath = "C:\\Windows\\{080B4434-0C83-440a-AB17-6F320EFB129E}.exe" | C:\Windows\{A3ABDA9E-D244-4092-B6B2-24ECF5C06BF5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{58C4F985-777B-46a7-B1A5-A98752F5E3D5} | C:\Windows\{92B780A9-7AF0-48aa-8192-CD9B28E03B3D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9D3F1BD9-B1D2-4eb2-8F38-98E723724462} | C:\Windows\{58C4F985-777B-46a7-B1A5-A98752F5E3D5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9D3F1BD9-B1D2-4eb2-8F38-98E723724462}\stubpath = "C:\\Windows\\{9D3F1BD9-B1D2-4eb2-8F38-98E723724462}.exe" | C:\Windows\{58C4F985-777B-46a7-B1A5-A98752F5E3D5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{54370453-3C4D-4bb3-9D78-10B68D041334} | C:\Windows\{E7EA11F5-0AB3-4bc2-99D6-72F6E330DB25}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A3ABDA9E-D244-4092-B6B2-24ECF5C06BF5}\stubpath = "C:\\Windows\\{A3ABDA9E-D244-4092-B6B2-24ECF5C06BF5}.exe" | C:\Windows\{912B9C31-DCBC-40b5-85BE-42289F29373F}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{EBD30523-A3BE-49cb-9CF5-6B1CA5874BFD}.exe | N/A |
| N/A | N/A | C:\Windows\{92B780A9-7AF0-48aa-8192-CD9B28E03B3D}.exe | N/A |
| N/A | N/A | C:\Windows\{58C4F985-777B-46a7-B1A5-A98752F5E3D5}.exe | N/A |
| N/A | N/A | C:\Windows\{9D3F1BD9-B1D2-4eb2-8F38-98E723724462}.exe | N/A |
| N/A | N/A | C:\Windows\{E7EA11F5-0AB3-4bc2-99D6-72F6E330DB25}.exe | N/A |
| N/A | N/A | C:\Windows\{54370453-3C4D-4bb3-9D78-10B68D041334}.exe | N/A |
| N/A | N/A | C:\Windows\{1D7B2012-539B-4fd6-B920-4609950626F9}.exe | N/A |
| N/A | N/A | C:\Windows\{3BD2F4EF-AA28-43a6-990D-17A1FAA2C762}.exe | N/A |
| N/A | N/A | C:\Windows\{912B9C31-DCBC-40b5-85BE-42289F29373F}.exe | N/A |
| N/A | N/A | C:\Windows\{A3ABDA9E-D244-4092-B6B2-24ECF5C06BF5}.exe | N/A |
| N/A | N/A | C:\Windows\{080B4434-0C83-440a-AB17-6F320EFB129E}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{92B780A9-7AF0-48aa-8192-CD9B28E03B3D}.exe | C:\Windows\{EBD30523-A3BE-49cb-9CF5-6B1CA5874BFD}.exe | N/A |
| File created | C:\Windows\{58C4F985-777B-46a7-B1A5-A98752F5E3D5}.exe | C:\Windows\{92B780A9-7AF0-48aa-8192-CD9B28E03B3D}.exe | N/A |
| File created | C:\Windows\{9D3F1BD9-B1D2-4eb2-8F38-98E723724462}.exe | C:\Windows\{58C4F985-777B-46a7-B1A5-A98752F5E3D5}.exe | N/A |
| File created | C:\Windows\{E7EA11F5-0AB3-4bc2-99D6-72F6E330DB25}.exe | C:\Windows\{9D3F1BD9-B1D2-4eb2-8F38-98E723724462}.exe | N/A |
| File created | C:\Windows\{3BD2F4EF-AA28-43a6-990D-17A1FAA2C762}.exe | C:\Windows\{1D7B2012-539B-4fd6-B920-4609950626F9}.exe | N/A |
| File created | C:\Windows\{EBD30523-A3BE-49cb-9CF5-6B1CA5874BFD}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-04_e4d2a0c0c33dc92bb5245ec3f744cdbf_goldeneye.exe | N/A |
| File created | C:\Windows\{54370453-3C4D-4bb3-9D78-10B68D041334}.exe | C:\Windows\{E7EA11F5-0AB3-4bc2-99D6-72F6E330DB25}.exe | N/A |
| File created | C:\Windows\{1D7B2012-539B-4fd6-B920-4609950626F9}.exe | C:\Windows\{54370453-3C4D-4bb3-9D78-10B68D041334}.exe | N/A |
| File created | C:\Windows\{912B9C31-DCBC-40b5-85BE-42289F29373F}.exe | C:\Windows\{3BD2F4EF-AA28-43a6-990D-17A1FAA2C762}.exe | N/A |
| File created | C:\Windows\{A3ABDA9E-D244-4092-B6B2-24ECF5C06BF5}.exe | C:\Windows\{912B9C31-DCBC-40b5-85BE-42289F29373F}.exe | N/A |
| File created | C:\Windows\{080B4434-0C83-440a-AB17-6F320EFB129E}.exe | C:\Windows\{A3ABDA9E-D244-4092-B6B2-24ECF5C06BF5}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-04_e4d2a0c0c33dc92bb5245ec3f744cdbf_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-04_e4d2a0c0c33dc92bb5245ec3f744cdbf_goldeneye.exe"
C:\Windows\{EBD30523-A3BE-49cb-9CF5-6B1CA5874BFD}.exe
C:\Windows\{EBD30523-A3BE-49cb-9CF5-6B1CA5874BFD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{92B780A9-7AF0-48aa-8192-CD9B28E03B3D}.exe
C:\Windows\{92B780A9-7AF0-48aa-8192-CD9B28E03B3D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EBD30~1.EXE > nul
C:\Windows\{58C4F985-777B-46a7-B1A5-A98752F5E3D5}.exe
C:\Windows\{58C4F985-777B-46a7-B1A5-A98752F5E3D5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{92B78~1.EXE > nul
C:\Windows\{9D3F1BD9-B1D2-4eb2-8F38-98E723724462}.exe
C:\Windows\{9D3F1BD9-B1D2-4eb2-8F38-98E723724462}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{58C4F~1.EXE > nul
C:\Windows\{E7EA11F5-0AB3-4bc2-99D6-72F6E330DB25}.exe
C:\Windows\{E7EA11F5-0AB3-4bc2-99D6-72F6E330DB25}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9D3F1~1.EXE > nul
C:\Windows\{54370453-3C4D-4bb3-9D78-10B68D041334}.exe
C:\Windows\{54370453-3C4D-4bb3-9D78-10B68D041334}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E7EA1~1.EXE > nul
C:\Windows\{1D7B2012-539B-4fd6-B920-4609950626F9}.exe
C:\Windows\{1D7B2012-539B-4fd6-B920-4609950626F9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{54370~1.EXE > nul
C:\Windows\{3BD2F4EF-AA28-43a6-990D-17A1FAA2C762}.exe
C:\Windows\{3BD2F4EF-AA28-43a6-990D-17A1FAA2C762}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1D7B2~1.EXE > nul
C:\Windows\{912B9C31-DCBC-40b5-85BE-42289F29373F}.exe
C:\Windows\{912B9C31-DCBC-40b5-85BE-42289F29373F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3BD2F~1.EXE > nul
C:\Windows\{A3ABDA9E-D244-4092-B6B2-24ECF5C06BF5}.exe
C:\Windows\{A3ABDA9E-D244-4092-B6B2-24ECF5C06BF5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{912B9~1.EXE > nul
C:\Windows\{080B4434-0C83-440a-AB17-6F320EFB129E}.exe
C:\Windows\{080B4434-0C83-440a-AB17-6F320EFB129E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A3ABD~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
Files
C:\Windows\{EBD30523-A3BE-49cb-9CF5-6B1CA5874BFD}.exe
| MD5 | 9b86bc58f5ae0197a04832b9067a984f |
| SHA1 | 0a5edfa9c4ab43fd2350baba7c74c3c15badc93c |
| SHA256 | 742167644596edcbeefd0ffe035a364554cc3c1372f9bbb1cde838d96e79ea9f |
| SHA512 | 67051a14fb20ae98fd09e3072c88d0a6a702e599310aced9952c5a1f1cd7dc01caeff9537ad4f852abd19f7b01806a8553b4709f5330e6f1cad640c40e9e4ecf |
C:\Windows\{92B780A9-7AF0-48aa-8192-CD9B28E03B3D}.exe
| MD5 | 901847d0005cbc3f64d86eb79d01649f |
| SHA1 | 284b12f3e49e288f3167058caae96c3ac85d24a1 |
| SHA256 | f7770328c79c1faa491ea895da274863fc4bdee6df1bd8198822f12c872b47ca |
| SHA512 | 53efe621dc3818a18c4301c54d3a03c6d21e96ecaed6e122e1f9bb767d20a4c8661dd121b79b2960f24331f89f29934d5a9a645d06a90df423ab1311298b2b2f |
C:\Windows\{58C4F985-777B-46a7-B1A5-A98752F5E3D5}.exe
| MD5 | 40e1f0c62392e3cffe6b4b08a05c6d3d |
| SHA1 | f12f5e914b40c720ace215311626891c30399f0d |
| SHA256 | a0102928968a94ca73b71ab999b58771397be1af60479ee5bc31f2f2902ca8cf |
| SHA512 | 7c9e700f527c2a44ddc107ac0cc060883aa3a1775a8059df8468832c5bbf57c875ee8aa552e142fca11b88f1a90fe87e7a162d76a18efb712babb558200ffec6 |
C:\Windows\{9D3F1BD9-B1D2-4eb2-8F38-98E723724462}.exe
| MD5 | 3ca39dd2213ab7e93fef7183bb8fd091 |
| SHA1 | b9d663fd31330fe964347fd5b9be43894c61b8ce |
| SHA256 | 951b86b9c332cbe2c11dc629a4ee7370a4715881e6fac691353c32fe2d152850 |
| SHA512 | 0263cfd644a3362cd72c1c2c8138df25ea6fe63c59f5d010b72e79bf2285192fcde981ce7f6dffedec912bcb39d1463488a4035777d2b89c9449cc5989df33d9 |
C:\Windows\{E7EA11F5-0AB3-4bc2-99D6-72F6E330DB25}.exe
| MD5 | becc6d8af59879aa5eaed6c1384fcf07 |
| SHA1 | e87d94a33374ad7ff7cd33fceb46e1629ff19270 |
| SHA256 | ca5bc898bb06bf35e23411ea66acf242c17d79c555a3a2e6bf70fa695b34a774 |
| SHA512 | 5b7744ee2b1a79b5cdd22137614b2c215a88eac9056355906fc707b0fde021b49a3d21cd3bae7ce28886756be9b01c7c38bfb8eb881b3cdd9c0fb6f5cea570b9 |
C:\Windows\{54370453-3C4D-4bb3-9D78-10B68D041334}.exe
| MD5 | 031babf7863ee2fc22edcd65accbdf79 |
| SHA1 | e50d10b75b4a312cfa51521c257a3deb435b2b37 |
| SHA256 | 1acec7fa5fbbbd7e30484ede202a70a9c97a4e859729b02b0747af15b1f958e9 |
| SHA512 | 72173a4e48c1aa81c9891c57429a52056a9fd79f8ffaa9a4d5ca52d97638ab2efb7e709f18b3cc024c03cdea4d19d346e2d47c7b2b5583b862cf470c0a7ea90a |
C:\Windows\{1D7B2012-539B-4fd6-B920-4609950626F9}.exe
| MD5 | 877e2b907394a94b852541b3d039815f |
| SHA1 | 5810bdf516621dc478431278bec8f0cfe94b2417 |
| SHA256 | 392110d4cf24075af778d012a9f1ccc0bb00603d492f4399fb4f1fb65842d1ac |
| SHA512 | 343a3536643eb57814137885be7492c65f498bc64f9d73242beafb84e419f4578edc9ae5553b81af399c12ab3645a176501925d65d81851575f125f43e6ccd92 |
C:\Windows\{3BD2F4EF-AA28-43a6-990D-17A1FAA2C762}.exe
| MD5 | b9f992ce548a2c7350fab4662303dede |
| SHA1 | 2000a837191879d92c545f4ef3e28292b49593af |
| SHA256 | f5c4a7629469ffa1c0273376afe09b0450a0871f5e5abf2e311a9ccd36ec1f95 |
| SHA512 | 68efd942a2d5e73aeaedd777c4b3f85d0a721d935f4771f3c16f86a056de8c701d21a58d04961b8c2d207dc2f49f9da43be2f7ec37c21538fb9453305d3a5684 |
C:\Windows\{912B9C31-DCBC-40b5-85BE-42289F29373F}.exe
| MD5 | b2c2cf23a68a0520455916dfca50e23f |
| SHA1 | a1ffd6782607ba0aa7412f0ba99a6165d46f8278 |
| SHA256 | a66b758d375f0e40e918dc82d3ddb8f4784e30bb790d65a9a2cf85ce61893716 |
| SHA512 | cee7c740034b2846b3a5761ed0d04ce667e682ea49b78ffa120fa836ff6fb06b7b3db54b4b4bbf7248241e5220eed1b247706c087c48726cf1e52ff76d9329b8 |
C:\Windows\{A3ABDA9E-D244-4092-B6B2-24ECF5C06BF5}.exe
| MD5 | 58079788461af6af7fab24b296b65ef6 |
| SHA1 | 121beeb5cc2460ef60ba99e5d993f377bc2b1ec0 |
| SHA256 | 952d52d6527e073c5bf5663b9e05bbe39aa2bf3bf8f9dc188b410863f6f35aab |
| SHA512 | 2db75c5e58b1036620b171176ebfbb7214734e1181ceccc0da1f1e00871ad87815650ee21072e1b8dbbb8dbe33681438a2778ac05a00734627c2784ccc2d17cc |
C:\Windows\{080B4434-0C83-440a-AB17-6F320EFB129E}.exe
| MD5 | 3113041443b5fa15feddca2389f5302c |
| SHA1 | 993c0ec28cb2f49d2a5172b5b1df86a6cf78558c |
| SHA256 | 40adda4ee5cc4c6a6a588cf818871c3279ab7b19a542618d0cdc5b66f46e864c |
| SHA512 | d8a565a0e42b8b177533314a67169b4ba13acfd2daab51498f006cd7d037fd195a074762631f098c515f66bc19bcb313d9af8d36cd15b6e668b33985257d8d96 |