Analysis Overview
SHA256
6de17e4669f441ab917414dc1a9eb4abc2ee683cd66dcd16c5f7f07c370353ca
Threat Level: Known bad
The file 2024-04-07_233794f132386671cb917b52ffdfeba2_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Executes dropped EXE
Deletes itself
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 18:22
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 18:22
Reported
2024-04-07 18:25
Platform
win10v2004-20240226-en
Max time kernel
156s
Max time network
166s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5F7331A0-22A3-4d27-B823-055FFA12AC0D} | C:\Windows\{59C44764-5C87-4468-A42C-D836DF05A5D4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6D7C3036-39D0-482b-A0EF-5790F7F12DA9}\stubpath = "C:\\Windows\\{6D7C3036-39D0-482b-A0EF-5790F7F12DA9}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-07_233794f132386671cb917b52ffdfeba2_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CC5299B3-C7F4-4185-A8AF-F8497BA198E2}\stubpath = "C:\\Windows\\{CC5299B3-C7F4-4185-A8AF-F8497BA198E2}.exe" | C:\Windows\{D47D746C-470F-4e7e-9D13-F2BE78D394B6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{95A02336-7808-465a-945B-FC0D58D8A9D0}\stubpath = "C:\\Windows\\{95A02336-7808-465a-945B-FC0D58D8A9D0}.exe" | C:\Windows\{CC5299B3-C7F4-4185-A8AF-F8497BA198E2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E1E9FA08-FC4C-48a8-AD58-F639787DC0C1} | C:\Windows\{95A02336-7808-465a-945B-FC0D58D8A9D0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E7E424EC-42B1-4de9-A241-7DCD48B1DF72} | C:\Windows\{E1E9FA08-FC4C-48a8-AD58-F639787DC0C1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D0F4DCF4-16FB-4520-B476-3FCE91156985}\stubpath = "C:\\Windows\\{D0F4DCF4-16FB-4520-B476-3FCE91156985}.exe" | C:\Windows\{CA393A86-E956-46ea-925B-787B479810E4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{59C44764-5C87-4468-A42C-D836DF05A5D4}\stubpath = "C:\\Windows\\{59C44764-5C87-4468-A42C-D836DF05A5D4}.exe" | C:\Windows\{D0F4DCF4-16FB-4520-B476-3FCE91156985}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D47D746C-470F-4e7e-9D13-F2BE78D394B6} | C:\Windows\{6D7C3036-39D0-482b-A0EF-5790F7F12DA9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CC5299B3-C7F4-4185-A8AF-F8497BA198E2} | C:\Windows\{D47D746C-470F-4e7e-9D13-F2BE78D394B6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{95A02336-7808-465a-945B-FC0D58D8A9D0} | C:\Windows\{CC5299B3-C7F4-4185-A8AF-F8497BA198E2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E7E424EC-42B1-4de9-A241-7DCD48B1DF72}\stubpath = "C:\\Windows\\{E7E424EC-42B1-4de9-A241-7DCD48B1DF72}.exe" | C:\Windows\{E1E9FA08-FC4C-48a8-AD58-F639787DC0C1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CA393A86-E956-46ea-925B-787B479810E4} | C:\Windows\{E7E424EC-42B1-4de9-A241-7DCD48B1DF72}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E2F2D5F7-8BFE-45bd-8EED-E914BEDF2A19} | C:\Windows\{5F7331A0-22A3-4d27-B823-055FFA12AC0D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D47D746C-470F-4e7e-9D13-F2BE78D394B6}\stubpath = "C:\\Windows\\{D47D746C-470F-4e7e-9D13-F2BE78D394B6}.exe" | C:\Windows\{6D7C3036-39D0-482b-A0EF-5790F7F12DA9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CA393A86-E956-46ea-925B-787B479810E4}\stubpath = "C:\\Windows\\{CA393A86-E956-46ea-925B-787B479810E4}.exe" | C:\Windows\{E7E424EC-42B1-4de9-A241-7DCD48B1DF72}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6D7C3036-39D0-482b-A0EF-5790F7F12DA9} | C:\Users\Admin\AppData\Local\Temp\2024-04-07_233794f132386671cb917b52ffdfeba2_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E1E9FA08-FC4C-48a8-AD58-F639787DC0C1}\stubpath = "C:\\Windows\\{E1E9FA08-FC4C-48a8-AD58-F639787DC0C1}.exe" | C:\Windows\{95A02336-7808-465a-945B-FC0D58D8A9D0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D0F4DCF4-16FB-4520-B476-3FCE91156985} | C:\Windows\{CA393A86-E956-46ea-925B-787B479810E4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{59C44764-5C87-4468-A42C-D836DF05A5D4} | C:\Windows\{D0F4DCF4-16FB-4520-B476-3FCE91156985}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5F7331A0-22A3-4d27-B823-055FFA12AC0D}\stubpath = "C:\\Windows\\{5F7331A0-22A3-4d27-B823-055FFA12AC0D}.exe" | C:\Windows\{59C44764-5C87-4468-A42C-D836DF05A5D4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E2F2D5F7-8BFE-45bd-8EED-E914BEDF2A19}\stubpath = "C:\\Windows\\{E2F2D5F7-8BFE-45bd-8EED-E914BEDF2A19}.exe" | C:\Windows\{5F7331A0-22A3-4d27-B823-055FFA12AC0D}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{6D7C3036-39D0-482b-A0EF-5790F7F12DA9}.exe | N/A |
| N/A | N/A | C:\Windows\{D47D746C-470F-4e7e-9D13-F2BE78D394B6}.exe | N/A |
| N/A | N/A | C:\Windows\{CC5299B3-C7F4-4185-A8AF-F8497BA198E2}.exe | N/A |
| N/A | N/A | C:\Windows\{95A02336-7808-465a-945B-FC0D58D8A9D0}.exe | N/A |
| N/A | N/A | C:\Windows\{E1E9FA08-FC4C-48a8-AD58-F639787DC0C1}.exe | N/A |
| N/A | N/A | C:\Windows\{E7E424EC-42B1-4de9-A241-7DCD48B1DF72}.exe | N/A |
| N/A | N/A | C:\Windows\{CA393A86-E956-46ea-925B-787B479810E4}.exe | N/A |
| N/A | N/A | C:\Windows\{D0F4DCF4-16FB-4520-B476-3FCE91156985}.exe | N/A |
| N/A | N/A | C:\Windows\{59C44764-5C87-4468-A42C-D836DF05A5D4}.exe | N/A |
| N/A | N/A | C:\Windows\{5F7331A0-22A3-4d27-B823-055FFA12AC0D}.exe | N/A |
| N/A | N/A | C:\Windows\{E2F2D5F7-8BFE-45bd-8EED-E914BEDF2A19}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{95A02336-7808-465a-945B-FC0D58D8A9D0}.exe | C:\Windows\{CC5299B3-C7F4-4185-A8AF-F8497BA198E2}.exe | N/A |
| File created | C:\Windows\{E1E9FA08-FC4C-48a8-AD58-F639787DC0C1}.exe | C:\Windows\{95A02336-7808-465a-945B-FC0D58D8A9D0}.exe | N/A |
| File created | C:\Windows\{CA393A86-E956-46ea-925B-787B479810E4}.exe | C:\Windows\{E7E424EC-42B1-4de9-A241-7DCD48B1DF72}.exe | N/A |
| File created | C:\Windows\{59C44764-5C87-4468-A42C-D836DF05A5D4}.exe | C:\Windows\{D0F4DCF4-16FB-4520-B476-3FCE91156985}.exe | N/A |
| File created | C:\Windows\{5F7331A0-22A3-4d27-B823-055FFA12AC0D}.exe | C:\Windows\{59C44764-5C87-4468-A42C-D836DF05A5D4}.exe | N/A |
| File created | C:\Windows\{E2F2D5F7-8BFE-45bd-8EED-E914BEDF2A19}.exe | C:\Windows\{5F7331A0-22A3-4d27-B823-055FFA12AC0D}.exe | N/A |
| File created | C:\Windows\{6D7C3036-39D0-482b-A0EF-5790F7F12DA9}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_233794f132386671cb917b52ffdfeba2_goldeneye.exe | N/A |
| File created | C:\Windows\{D47D746C-470F-4e7e-9D13-F2BE78D394B6}.exe | C:\Windows\{6D7C3036-39D0-482b-A0EF-5790F7F12DA9}.exe | N/A |
| File created | C:\Windows\{CC5299B3-C7F4-4185-A8AF-F8497BA198E2}.exe | C:\Windows\{D47D746C-470F-4e7e-9D13-F2BE78D394B6}.exe | N/A |
| File created | C:\Windows\{E7E424EC-42B1-4de9-A241-7DCD48B1DF72}.exe | C:\Windows\{E1E9FA08-FC4C-48a8-AD58-F639787DC0C1}.exe | N/A |
| File created | C:\Windows\{D0F4DCF4-16FB-4520-B476-3FCE91156985}.exe | C:\Windows\{CA393A86-E956-46ea-925B-787B479810E4}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-07_233794f132386671cb917b52ffdfeba2_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-07_233794f132386671cb917b52ffdfeba2_goldeneye.exe"
C:\Windows\{6D7C3036-39D0-482b-A0EF-5790F7F12DA9}.exe
C:\Windows\{6D7C3036-39D0-482b-A0EF-5790F7F12DA9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{D47D746C-470F-4e7e-9D13-F2BE78D394B6}.exe
C:\Windows\{D47D746C-470F-4e7e-9D13-F2BE78D394B6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6D7C3~1.EXE > nul
C:\Windows\{CC5299B3-C7F4-4185-A8AF-F8497BA198E2}.exe
C:\Windows\{CC5299B3-C7F4-4185-A8AF-F8497BA198E2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D47D7~1.EXE > nul
C:\Windows\{95A02336-7808-465a-945B-FC0D58D8A9D0}.exe
C:\Windows\{95A02336-7808-465a-945B-FC0D58D8A9D0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CC529~1.EXE > nul
C:\Windows\{E1E9FA08-FC4C-48a8-AD58-F639787DC0C1}.exe
C:\Windows\{E1E9FA08-FC4C-48a8-AD58-F639787DC0C1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{95A02~1.EXE > nul
C:\Windows\{E7E424EC-42B1-4de9-A241-7DCD48B1DF72}.exe
C:\Windows\{E7E424EC-42B1-4de9-A241-7DCD48B1DF72}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E1E9F~1.EXE > nul
C:\Windows\{CA393A86-E956-46ea-925B-787B479810E4}.exe
C:\Windows\{CA393A86-E956-46ea-925B-787B479810E4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E7E42~1.EXE > nul
C:\Windows\{D0F4DCF4-16FB-4520-B476-3FCE91156985}.exe
C:\Windows\{D0F4DCF4-16FB-4520-B476-3FCE91156985}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CA393~1.EXE > nul
C:\Windows\{59C44764-5C87-4468-A42C-D836DF05A5D4}.exe
C:\Windows\{59C44764-5C87-4468-A42C-D836DF05A5D4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D0F4D~1.EXE > nul
C:\Windows\{5F7331A0-22A3-4d27-B823-055FFA12AC0D}.exe
C:\Windows\{5F7331A0-22A3-4d27-B823-055FFA12AC0D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{59C44~1.EXE > nul
C:\Windows\{E2F2D5F7-8BFE-45bd-8EED-E914BEDF2A19}.exe
C:\Windows\{E2F2D5F7-8BFE-45bd-8EED-E914BEDF2A19}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5F733~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.143.109.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.143.182.52.in-addr.arpa | udp |
Files
C:\Windows\{6D7C3036-39D0-482b-A0EF-5790F7F12DA9}.exe
| MD5 | 11d2b39fccbe57dca31891393a28d152 |
| SHA1 | 4c33468352fba8a30eedac7e8c8d763c4c569208 |
| SHA256 | 36aad4d4de6a7b1675775b0b6360b768c5e8142258c2b870ee5f201e7deb2235 |
| SHA512 | d50f8261e3ad14c9c01b411c16083193f39c0b40ce454f8d70b389561f82133184984d353ebb1e241dce04936c833be471a7255351067c8031c21eea102fe84f |
C:\Windows\{D47D746C-470F-4e7e-9D13-F2BE78D394B6}.exe
| MD5 | b79783a7182f5c7031557d98e3e79bef |
| SHA1 | e376f07929ccf6b06f7e18dc3dc78e9e27c980c5 |
| SHA256 | 8893998f9145355fe7051ebfdce77b01d2488b546e279ad91af114aff8d3e937 |
| SHA512 | 0c709f93656b8660b55f73b90beac1bf8951072e701fd86ad88bde7c4ae159ff609425ede530c9f5b485e46177ae4fd1ea5354db21d307462efae7ca58ccd046 |
C:\Windows\{CC5299B3-C7F4-4185-A8AF-F8497BA198E2}.exe
| MD5 | eea200ab71ba0ff81fb96bb6cad11538 |
| SHA1 | 82669fb5cd75a323ac92ea78213adf3ade36e12e |
| SHA256 | d668d722711ca94a99aaf69b1d578a9dd9eabc7fddca00f704c1cc2add19de54 |
| SHA512 | 6ad812b850dc15a641d565e7fa0731c42364e2790efe4f2bd0d2cece5c7b3013dc7c4ce2eb015e53bfeb41c44bcb6a0cd02e7d99d68d562d4402a3d1aabe7761 |
C:\Windows\{95A02336-7808-465a-945B-FC0D58D8A9D0}.exe
| MD5 | c11423d5a54c00037d1a5b4d19fdb531 |
| SHA1 | f8b6b3a22eca8f315158bdfcf09429a159b052b9 |
| SHA256 | b10192135acd888895fe3f6bab0a44ed2f06522521ac6153b4eb3ea5fcd64968 |
| SHA512 | 12526c6e05f21df6e38482e68b0c83d8ca7c3af39a5ee5ed2781dbbf4e39fbc42e08d57f72a099a5920ede934e453750b35255710368dfb66d569e23b4ead6fa |
C:\Windows\{E1E9FA08-FC4C-48a8-AD58-F639787DC0C1}.exe
| MD5 | f6e4b2d6e2dea2d17563ad4b6fb697ff |
| SHA1 | a0e35b5913c5bf802738ca58f812193f788570dd |
| SHA256 | 43a6f449e8d573f68f9462c16f0769e5fb4a41e09491f6468dc26b26601483da |
| SHA512 | 2cccbb3395d5922d394e2ff43833ee1ec237495cdbba1377540d407db3457a0ce9ca4642a9a5c77ac999e7c208a39645a800cb7a9786428d8bf4aacc913804bd |
C:\Windows\{E7E424EC-42B1-4de9-A241-7DCD48B1DF72}.exe
| MD5 | 4a11989bf4353c1a27d15beee5438d59 |
| SHA1 | efc5d170b56be7564d0782ba1fa752641fa0a113 |
| SHA256 | d6af72a489964c8afd0d2f340590b2d334089a9dd0109543da376f327ff45a2d |
| SHA512 | 834deaba0c12277706f9441174cd6a0a2bca10867f170baeecf78b975da1a37f8984fca3d5724ee34e6f7098a6be75cec47ec6f23b14982d31eca8dc6b914f71 |
C:\Windows\{CA393A86-E956-46ea-925B-787B479810E4}.exe
| MD5 | b27c86063d111ba48a6e5f6ec5cf1528 |
| SHA1 | d09f8f32e69b2edb501233df06c776df5a1979f6 |
| SHA256 | cf2f91ca33764e7066120e12ba1640accd50629fcd31502c81a163c18b1de98e |
| SHA512 | 5679ab49c1f301438565ffba6014f18c868f1f59c8885dff218e67ea42711e81ecdcb143b58a5e8bdd5e596cbffd262fc40fc8f1a7a9db5badeba055189ef7d6 |
C:\Windows\{D0F4DCF4-16FB-4520-B476-3FCE91156985}.exe
| MD5 | 8869666a938433ecde66844bead44af0 |
| SHA1 | 345556f4bea6f7d869537af803f7095e0563d021 |
| SHA256 | 7fb565d6f9fa817d6ecb5b17ca6bf6d16e16966604f3737b3a946b070127774e |
| SHA512 | 7593f375385f6d0c443811768804e3ba38f654d0e018b668afc5948e2268b080811281135a77b7b888112840c9cc0021b79e6bfb7c356afa5c6e147fe5f0b9ac |
C:\Windows\{59C44764-5C87-4468-A42C-D836DF05A5D4}.exe
| MD5 | b5e10c0a47bc761fd755e8aad08a9520 |
| SHA1 | 52d96215d832c45e6b25b0629a9474c841b4ee48 |
| SHA256 | d0df1486908d612e9953b046ed4b5348377a3ca16655a765a392447ad38559d4 |
| SHA512 | 06d5076fac92caf32acc9ef73874a1dc7cf3d1ad1e05643fe9ed983ef83683f2d220add8ac85465a86a1a239c7143a4165e4a1a46ec12df55e0eb003bc52ccf2 |
C:\Windows\{5F7331A0-22A3-4d27-B823-055FFA12AC0D}.exe
| MD5 | 40e419d87af1172b6eff3d04d6ceab03 |
| SHA1 | cfb743bd2c67bbb3baab81527f1c00507a4d8984 |
| SHA256 | 12da1d069f2eeaa344d5919549ed0d8bf0c9ddaccb131e6880016dd2cbadcc63 |
| SHA512 | 58c48acff61304c9f4fafe8c77c6b3c9bee9c42f5ec7d38d62505b64cf725f45c9641a1902a9dc42967b1a118497835f1d0eae529b5d25b657c6a6f3e57a52d3 |
C:\Windows\{E2F2D5F7-8BFE-45bd-8EED-E914BEDF2A19}.exe
| MD5 | 685614506e1e41cfc951ac56ccb37de1 |
| SHA1 | c7621451c55831f90872d771338eaaaca3a4dac5 |
| SHA256 | 549922d1bd43b1c0654e1089b5e391e9847633a0d29a0d8af437b5df9d48dc2f |
| SHA512 | ff920a4b57f8d1f5d0e4d767cb99aaae99824dda8c3e59f37dfc20459feff7a41ba8793f16b760f5e2a6bed50786ced2645fa5926d5eed55b0b2212bfdc172d4 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 18:22
Reported
2024-04-07 18:25
Platform
win7-20240319-en
Max time kernel
144s
Max time network
121s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EA3D2D6A-73E4-4353-B3D3-79710853549A} | C:\Windows\{6E39DDC6-65E2-4d09-857A-B99563E4B957}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07E15AA0-838C-47af-9BE8-F985E6E52703} | C:\Windows\{AE4CEC87-B9BB-47c0-9D16-5DE9D8EC9F54}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{07E15AA0-838C-47af-9BE8-F985E6E52703}\stubpath = "C:\\Windows\\{07E15AA0-838C-47af-9BE8-F985E6E52703}.exe" | C:\Windows\{AE4CEC87-B9BB-47c0-9D16-5DE9D8EC9F54}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6F24C8CC-B788-4fb2-94E5-C68AE6FC91A7} | C:\Windows\{07E15AA0-838C-47af-9BE8-F985E6E52703}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C24709C6-1087-4996-B4F9-63619F204394} | C:\Windows\{6F24C8CC-B788-4fb2-94E5-C68AE6FC91A7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{12D27777-47F4-4cb7-BC8E-BF5AD1DA4A7B} | C:\Windows\{C24709C6-1087-4996-B4F9-63619F204394}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{12D27777-47F4-4cb7-BC8E-BF5AD1DA4A7B}\stubpath = "C:\\Windows\\{12D27777-47F4-4cb7-BC8E-BF5AD1DA4A7B}.exe" | C:\Windows\{C24709C6-1087-4996-B4F9-63619F204394}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2746D8FB-E5C5-4ff5-B434-98463ADD32BF} | C:\Windows\{327039B7-8EF7-49ca-A627-81846274F320}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AE4CEC87-B9BB-47c0-9D16-5DE9D8EC9F54}\stubpath = "C:\\Windows\\{AE4CEC87-B9BB-47c0-9D16-5DE9D8EC9F54}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-07_233794f132386671cb917b52ffdfeba2_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2746D8FB-E5C5-4ff5-B434-98463ADD32BF}\stubpath = "C:\\Windows\\{2746D8FB-E5C5-4ff5-B434-98463ADD32BF}.exe" | C:\Windows\{327039B7-8EF7-49ca-A627-81846274F320}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6F24C8CC-B788-4fb2-94E5-C68AE6FC91A7}\stubpath = "C:\\Windows\\{6F24C8CC-B788-4fb2-94E5-C68AE6FC91A7}.exe" | C:\Windows\{07E15AA0-838C-47af-9BE8-F985E6E52703}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9B8340F5-3E7D-47dd-80D0-7B6F7D73F21E}\stubpath = "C:\\Windows\\{9B8340F5-3E7D-47dd-80D0-7B6F7D73F21E}.exe" | C:\Windows\{2746D8FB-E5C5-4ff5-B434-98463ADD32BF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{019F3C91-6F1A-4f21-87A4-8A5903704DB3} | C:\Windows\{9B8340F5-3E7D-47dd-80D0-7B6F7D73F21E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EA3D2D6A-73E4-4353-B3D3-79710853549A}\stubpath = "C:\\Windows\\{EA3D2D6A-73E4-4353-B3D3-79710853549A}.exe" | C:\Windows\{6E39DDC6-65E2-4d09-857A-B99563E4B957}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6E39DDC6-65E2-4d09-857A-B99563E4B957}\stubpath = "C:\\Windows\\{6E39DDC6-65E2-4d09-857A-B99563E4B957}.exe" | C:\Windows\{019F3C91-6F1A-4f21-87A4-8A5903704DB3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AE4CEC87-B9BB-47c0-9D16-5DE9D8EC9F54} | C:\Users\Admin\AppData\Local\Temp\2024-04-07_233794f132386671cb917b52ffdfeba2_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C24709C6-1087-4996-B4F9-63619F204394}\stubpath = "C:\\Windows\\{C24709C6-1087-4996-B4F9-63619F204394}.exe" | C:\Windows\{6F24C8CC-B788-4fb2-94E5-C68AE6FC91A7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{327039B7-8EF7-49ca-A627-81846274F320} | C:\Windows\{12D27777-47F4-4cb7-BC8E-BF5AD1DA4A7B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{327039B7-8EF7-49ca-A627-81846274F320}\stubpath = "C:\\Windows\\{327039B7-8EF7-49ca-A627-81846274F320}.exe" | C:\Windows\{12D27777-47F4-4cb7-BC8E-BF5AD1DA4A7B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9B8340F5-3E7D-47dd-80D0-7B6F7D73F21E} | C:\Windows\{2746D8FB-E5C5-4ff5-B434-98463ADD32BF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{019F3C91-6F1A-4f21-87A4-8A5903704DB3}\stubpath = "C:\\Windows\\{019F3C91-6F1A-4f21-87A4-8A5903704DB3}.exe" | C:\Windows\{9B8340F5-3E7D-47dd-80D0-7B6F7D73F21E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6E39DDC6-65E2-4d09-857A-B99563E4B957} | C:\Windows\{019F3C91-6F1A-4f21-87A4-8A5903704DB3}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{AE4CEC87-B9BB-47c0-9D16-5DE9D8EC9F54}.exe | N/A |
| N/A | N/A | C:\Windows\{07E15AA0-838C-47af-9BE8-F985E6E52703}.exe | N/A |
| N/A | N/A | C:\Windows\{6F24C8CC-B788-4fb2-94E5-C68AE6FC91A7}.exe | N/A |
| N/A | N/A | C:\Windows\{C24709C6-1087-4996-B4F9-63619F204394}.exe | N/A |
| N/A | N/A | C:\Windows\{12D27777-47F4-4cb7-BC8E-BF5AD1DA4A7B}.exe | N/A |
| N/A | N/A | C:\Windows\{327039B7-8EF7-49ca-A627-81846274F320}.exe | N/A |
| N/A | N/A | C:\Windows\{2746D8FB-E5C5-4ff5-B434-98463ADD32BF}.exe | N/A |
| N/A | N/A | C:\Windows\{9B8340F5-3E7D-47dd-80D0-7B6F7D73F21E}.exe | N/A |
| N/A | N/A | C:\Windows\{019F3C91-6F1A-4f21-87A4-8A5903704DB3}.exe | N/A |
| N/A | N/A | C:\Windows\{6E39DDC6-65E2-4d09-857A-B99563E4B957}.exe | N/A |
| N/A | N/A | C:\Windows\{EA3D2D6A-73E4-4353-B3D3-79710853549A}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{AE4CEC87-B9BB-47c0-9D16-5DE9D8EC9F54}.exe | C:\Users\Admin\AppData\Local\Temp\2024-04-07_233794f132386671cb917b52ffdfeba2_goldeneye.exe | N/A |
| File created | C:\Windows\{07E15AA0-838C-47af-9BE8-F985E6E52703}.exe | C:\Windows\{AE4CEC87-B9BB-47c0-9D16-5DE9D8EC9F54}.exe | N/A |
| File created | C:\Windows\{6F24C8CC-B788-4fb2-94E5-C68AE6FC91A7}.exe | C:\Windows\{07E15AA0-838C-47af-9BE8-F985E6E52703}.exe | N/A |
| File created | C:\Windows\{C24709C6-1087-4996-B4F9-63619F204394}.exe | C:\Windows\{6F24C8CC-B788-4fb2-94E5-C68AE6FC91A7}.exe | N/A |
| File created | C:\Windows\{9B8340F5-3E7D-47dd-80D0-7B6F7D73F21E}.exe | C:\Windows\{2746D8FB-E5C5-4ff5-B434-98463ADD32BF}.exe | N/A |
| File created | C:\Windows\{019F3C91-6F1A-4f21-87A4-8A5903704DB3}.exe | C:\Windows\{9B8340F5-3E7D-47dd-80D0-7B6F7D73F21E}.exe | N/A |
| File created | C:\Windows\{12D27777-47F4-4cb7-BC8E-BF5AD1DA4A7B}.exe | C:\Windows\{C24709C6-1087-4996-B4F9-63619F204394}.exe | N/A |
| File created | C:\Windows\{327039B7-8EF7-49ca-A627-81846274F320}.exe | C:\Windows\{12D27777-47F4-4cb7-BC8E-BF5AD1DA4A7B}.exe | N/A |
| File created | C:\Windows\{2746D8FB-E5C5-4ff5-B434-98463ADD32BF}.exe | C:\Windows\{327039B7-8EF7-49ca-A627-81846274F320}.exe | N/A |
| File created | C:\Windows\{6E39DDC6-65E2-4d09-857A-B99563E4B957}.exe | C:\Windows\{019F3C91-6F1A-4f21-87A4-8A5903704DB3}.exe | N/A |
| File created | C:\Windows\{EA3D2D6A-73E4-4353-B3D3-79710853549A}.exe | C:\Windows\{6E39DDC6-65E2-4d09-857A-B99563E4B957}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-07_233794f132386671cb917b52ffdfeba2_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-07_233794f132386671cb917b52ffdfeba2_goldeneye.exe"
C:\Windows\{AE4CEC87-B9BB-47c0-9D16-5DE9D8EC9F54}.exe
C:\Windows\{AE4CEC87-B9BB-47c0-9D16-5DE9D8EC9F54}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{07E15AA0-838C-47af-9BE8-F985E6E52703}.exe
C:\Windows\{07E15AA0-838C-47af-9BE8-F985E6E52703}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{AE4CE~1.EXE > nul
C:\Windows\{6F24C8CC-B788-4fb2-94E5-C68AE6FC91A7}.exe
C:\Windows\{6F24C8CC-B788-4fb2-94E5-C68AE6FC91A7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{07E15~1.EXE > nul
C:\Windows\{C24709C6-1087-4996-B4F9-63619F204394}.exe
C:\Windows\{C24709C6-1087-4996-B4F9-63619F204394}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6F24C~1.EXE > nul
C:\Windows\{12D27777-47F4-4cb7-BC8E-BF5AD1DA4A7B}.exe
C:\Windows\{12D27777-47F4-4cb7-BC8E-BF5AD1DA4A7B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C2470~1.EXE > nul
C:\Windows\{327039B7-8EF7-49ca-A627-81846274F320}.exe
C:\Windows\{327039B7-8EF7-49ca-A627-81846274F320}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{12D27~1.EXE > nul
C:\Windows\{2746D8FB-E5C5-4ff5-B434-98463ADD32BF}.exe
C:\Windows\{2746D8FB-E5C5-4ff5-B434-98463ADD32BF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{32703~1.EXE > nul
C:\Windows\{9B8340F5-3E7D-47dd-80D0-7B6F7D73F21E}.exe
C:\Windows\{9B8340F5-3E7D-47dd-80D0-7B6F7D73F21E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2746D~1.EXE > nul
C:\Windows\{019F3C91-6F1A-4f21-87A4-8A5903704DB3}.exe
C:\Windows\{019F3C91-6F1A-4f21-87A4-8A5903704DB3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9B834~1.EXE > nul
C:\Windows\{6E39DDC6-65E2-4d09-857A-B99563E4B957}.exe
C:\Windows\{6E39DDC6-65E2-4d09-857A-B99563E4B957}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{019F3~1.EXE > nul
C:\Windows\{EA3D2D6A-73E4-4353-B3D3-79710853549A}.exe
C:\Windows\{EA3D2D6A-73E4-4353-B3D3-79710853549A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6E39D~1.EXE > nul
Network
Files
C:\Windows\{AE4CEC87-B9BB-47c0-9D16-5DE9D8EC9F54}.exe
| MD5 | da816347c1013cfa70d2ebe71552991d |
| SHA1 | 24046358bee3c6e74202bfd40e95bd50bd246bb6 |
| SHA256 | 821fa7840ac63da0fa1b55efa79f7c11b0044f7f3e01940cafaed3b3bf8ae405 |
| SHA512 | 9cc80dae8a7595f1f592f6ecc9314783d5d35a39bb6b91b024265d815bff9a70d789347454df351d505bc70804eb77521376ec06d228b93d72c637280b1e1ea2 |
C:\Windows\{07E15AA0-838C-47af-9BE8-F985E6E52703}.exe
| MD5 | fcc76f62220ac0e273afc83c450419eb |
| SHA1 | 472e8b3b030577072e7a236e820535ea9c5a756e |
| SHA256 | 14611197552b7b0455564a8e6ac2647758376a91266859b99639dc3523cf6a6c |
| SHA512 | a5cc822187ac9a331d7e19646825ac607577e17269f24bcee55c5ab73af268e1a6c7b1f5a65fba605860aa8bcc5e6e7153cc4f9aa675d0460672233814912e8a |
C:\Windows\{6F24C8CC-B788-4fb2-94E5-C68AE6FC91A7}.exe
| MD5 | 4ec2d8c10373c496f77aff3c54e3ffea |
| SHA1 | ac4a3edfabd218da480672a829ed48a6470fc2ce |
| SHA256 | 4d6818b7694ac9a2960a9685825c15d45a2d38357d62e33bcc933ed804aeb3a5 |
| SHA512 | 3d07243823a9d779c9c3cbefefe6932c575e86a44a99dd3de8784fba7406fe9a19f5232ca0d625c8d0bc5666f8985defc6c9a8084cea63e1f5cefc22edc4460a |
C:\Windows\{C24709C6-1087-4996-B4F9-63619F204394}.exe
| MD5 | 0a1989b04d1f92d1741d4d9c3eef5ad8 |
| SHA1 | 0600da15f20bc802af832c455d06107e6e3d7d7e |
| SHA256 | eb7ecd5b6eb02d44d797cd9e72e4b1e1c8395b287248ad232d160741259e80fd |
| SHA512 | 1a474dfb12e9de9044a3f9e7dda99d7daefb468e89905e272d74207c9a596268f6859e2c9c7d1fa1513e8e0b25475af64cee3e0548fbea877d7a9ebb5afe07cb |
C:\Windows\{12D27777-47F4-4cb7-BC8E-BF5AD1DA4A7B}.exe
| MD5 | b17387195f4f5fa928621ba6f145506e |
| SHA1 | 1d632f21e5342fc817f29c6d5098b42f683fa6a6 |
| SHA256 | 1c6d498f3b55eaab7d5534e16721f3d1c3553c9d4100c2e72ac9f4ffea4d7388 |
| SHA512 | 2782bd4f5d0251b0f1658753bbf8111bc978ab5fd5f18640e67e48ac18240217dd3b91e245095cfea3f4e94348b20b160034d4c6ee7dfca2e22ae9dc6be74ba2 |
C:\Windows\{327039B7-8EF7-49ca-A627-81846274F320}.exe
| MD5 | ba6399440727e6fde997e76d9edce870 |
| SHA1 | 484a44d10205bf1e225014551661baf802c5d091 |
| SHA256 | 87ac8c5685d21226d25e9748c92915aca9788ad7fd2649599cd0c152d5a2d6b0 |
| SHA512 | 9d54049c61894499d17191e635c418f8671d52a7af48a7ce7b1babb351ad1d3d8db173a90966c7acb26274bed1be8e95210a949ef887526f2542b3b71b340d1f |
C:\Windows\{2746D8FB-E5C5-4ff5-B434-98463ADD32BF}.exe
| MD5 | 956755c3bd08eacf22f37378fa468ce4 |
| SHA1 | 9f0e14720df41b06a5f8741307623a7aba27ba42 |
| SHA256 | bb642811efa6bc6813056b207e13a1f70140ebd1d1d40a38b84c15a04fa28a11 |
| SHA512 | 741b42446f74aa5eca458735fb049342a4b7411bfea946b8103c186c0a3d8d5a86e6789a9bef38e7827108011f4ec420b1a6375cdc134cf6b44ddff15746ca50 |
C:\Windows\{9B8340F5-3E7D-47dd-80D0-7B6F7D73F21E}.exe
| MD5 | 2d7ee6f42bcb302c56fb9405b9964661 |
| SHA1 | b11280e53cfa351fc48e755f6f9063464244e9df |
| SHA256 | 1b0bb2ecf75f63722f5b054828c5a28bbce5b045e93db71c1039b15658d670fc |
| SHA512 | 38e23e44dc62160e73610bfe024ccf89e0573b3fd62e6d37958fc0b45bdc290cb96ee48131efb19c1927a77b48b0a74f6e4441328c557ca175cdf3d1a4201296 |
C:\Windows\{019F3C91-6F1A-4f21-87A4-8A5903704DB3}.exe
| MD5 | e52e3649da71475abb261e2dda37fa0a |
| SHA1 | c442fb2123bc7be8e8c69855b3246f10f7709501 |
| SHA256 | ccde3e736ea1d2a787cc40d27a3ff31ad8810a2909ecafa44f3f22a5eac03eec |
| SHA512 | 6bcebbf23af1c58d9314f42f4905af1fa3b34d13abbaf31ad7d1e0c22d17f39d47d8ca9e946bd657385ad6a30d91cb133e3af82d4ef1778e535a547780ee6e74 |
C:\Windows\{6E39DDC6-65E2-4d09-857A-B99563E4B957}.exe
| MD5 | bf9e801f4e10fa6d8bd791a5df81b479 |
| SHA1 | 69c9190fe5c56a224b3d970e5b3a05a55cdebee7 |
| SHA256 | f626653ceca8c02588f1169d635508a5bef8b895de91a232a4bb0d2a8943168b |
| SHA512 | 0fe72330fdde0571d2e8b0a6eeae72891e28d71c92720d246e565ecd9fa0e9dc33177f157df8229382581cc75a0bfe1a0ddf4acdb6954da55206cbf9b79e7794 |
C:\Windows\{EA3D2D6A-73E4-4353-B3D3-79710853549A}.exe
| MD5 | 92e021b594efea11035e5a1f6f8f9214 |
| SHA1 | b16e290caf89e2ec4a25071e2792744ed0e37905 |
| SHA256 | bbc65b7decb29e5f6192c30288a5408ae137288da509617890e7496c8bf72f3b |
| SHA512 | 9bc0c096cae020689862937df90c24e0da8354d0c0c1da0d8215d5e9a131b6c878f9a5cc68421f6624ba3f6478e408cf8667abf1df1e6bf283859770b9c41462 |