Malware Analysis Report

2025-01-19 00:17

Sample ID 240529-n23mssdd4x
Target 80a5678a59cdeba3735ce23f8ba198ef_JaffaCakes118
SHA256 11b12aa63fb21a3d6473e1715e84e8b3372120089f5cd821461eb66e1524edaa
Tags
phishing
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

11b12aa63fb21a3d6473e1715e84e8b3372120089f5cd821461eb66e1524edaa

Threat Level: Likely benign

The file 80a5678a59cdeba3735ce23f8ba198ef_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary

phishing

Detected phishing page

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-29 11:54

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-29 11:54

Reported

2024-05-29 11:57

Platform

win7-20240221-en

Max time kernel

141s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\80a5678a59cdeba3735ce23f8ba198ef_JaffaCakes118.html

Signatures

Detected phishing page

phishing

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d086630cbfb1da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423145540" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{351714C1-1DB2-11EF-9F3E-D2EFD46A7D0E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006f6858b730cd0a49b1a8c7be33e4d969000000000200000000001066000000010000200000007d51450c1f836b521d7b2f25447297af96b3c4dafc27c69b465692934bd69829000000000e8000000002000020000000de0aac5510c7a1c9809c19d7dd07a27524dd29d82bf52e9da4476140bbbdd2e320000000705a118f3d5c638d26dbeee10027b219a7fd22cc9f97f0eca158653120c644dd40000000e0995abdf0f894d548d068a5c55b25b71a1f68c769653c048f886ae54d236f6b757ae64a2695776c57df9682f9b6f8bfef9b366ee4263204be731036d664e1ec C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006f6858b730cd0a49b1a8c7be33e4d969000000000200000000001066000000010000200000007ba5233bda0077b0b4bf329e9dbd7fe80b24d96daac01552d5646defc4ef6660000000000e80000000020000200000004b50bea4642736280a87d8544fb71410d3dd2b166ee4ed50a081dca75d8bc8b89000000090cff4388ec1979645980b9d2c0e7f0070b939032d8d989d80f31ef248a784a7681c95cc4b5dd9bd7252e1163eb2cc8338b016517adfd05e36847475c893ff8463b6e8aa6ba5c7ed93a1a1b4c0cfc51a3577f9624a5a6a1c4c6d4f1a984a4881f4ffb3651b202155b6f78b5104f264ad98e75ab3b9c4093bc1282b85d07bd5558b9d52833ff8e416505b2632c2a010a940000000ccbe04e03a0a8bca32ab49d9fa40ab9ec79d46c441e7b8d32764b1108272e8f3883ce43663f6ee0b7c9aa62ec2c5032aa003a52f71f70663ad0e024b0aa27c9d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\80a5678a59cdeba3735ce23f8ba198ef_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.acaprensa.com udp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 8.8.8.8:53 player.radioforge.com udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com tcp
US 172.67.206.141:443 player.radioforge.com tcp
US 172.67.206.141:443 player.radioforge.com tcp
FR 172.217.20.196:443 www.google.com tcp
US 8.8.8.8:53 maps.googleapis.com udp
GB 142.250.179.234:443 maps.googleapis.com tcp
GB 142.250.179.234:443 maps.googleapis.com tcp
US 8.8.8.8:53 static.radioforge.com udp
US 172.67.206.141:443 static.radioforge.com tcp
US 172.67.206.141:443 static.radioforge.com tcp
US 172.67.206.141:443 static.radioforge.com tcp
US 172.67.206.141:443 static.radioforge.com tcp
US 172.67.206.141:443 static.radioforge.com tcp
US 172.67.206.141:443 static.radioforge.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 64.233.166.157:443 stats.g.doubleclick.net tcp
BE 64.233.166.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 www.acaprensa.net udp
US 8.8.8.8:53 www.acaprensa.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 43cb67de8f68433c5710d2df763db823
SHA1 eaf2a1e30b5d5537753e6afb4ee6dc9b862def0d
SHA256 aed3b133a444ff6d96e93ac81c4acf85b462d855499dc49864d1d1b8206096bd
SHA512 f7a19225cc08d319afb9c9d9db46b07a19abb916a0abdbf498eb47ef812def574d8478f1c99b5f85033146a9da67922097a829222ba15265fc2c40cc7362bf6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 401320149161671d61ee1ab176ec20f8
SHA1 7fc789aec6a0f3e6ace8a09d276b2c829cdd25b6
SHA256 db90e6a875568949a10e13abc9c4c0f71a47da7d9d46b0ca64a6d9973fe47027
SHA512 cf2cf29647f2a6adc877c698c9dbef95fbbabd68b9d06cc79da428a7639b036d973f2acf53a6847d0edef24667a1033da07a2cfa9fc0cf5c9681cf258bd866cf

C:\Users\Admin\AppData\Local\Temp\CabB3B8.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\TarB3B9.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a33294fadff990dd0143a807cb845e7f
SHA1 c1314c10227e7400e0d09412b53b3a5aa361b7e4
SHA256 f9b1ad025da3871117b1f7e75b620bc28bac1ad197a12269e7d8fc75a54bdc2e
SHA512 acf11fbdb24bc15418390884c8a861385ecb7c7a3b12a736264787c4fa0b08e923089d64ef26a5e09bd260485db853a8c4cd10955b6f326f472cafc777ed8a05

C:\Users\Admin\AppData\Local\Temp\TarB4F7.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 823019eee1ff987d4f76447551ab5c28
SHA1 338ea1b3460a5b12326b85c1da64573b9b401849
SHA256 de371cc04dd0a5f3c2af8b5c5a97524304eee85d5c98d5691acd726e8a37ad25
SHA512 f245705f48a71884b122cbc25fcb6d13e8a89501369fe1888a79d39b6f754e6854eeb30e9a79fc0ede95f37d1808a650d9f5f090ba90e6ab4a598386b94f0928

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b55d04bda37bb71eb861f12b06bcfd4f
SHA1 37d906c5007345e8028090b5349552c331a690d2
SHA256 3a2e60aaa9b3003a22cdfe8033a808797d6533d7d3d8d5e58cbfa99a074a1e12
SHA512 a5a854e4d5615fb31dcc1e56ca97423216d2b0c005cc4308ea88f1d72a27ec414deaae95b109a7077a3398d52e14d6c41a9ffee35374bcdd3b79bdc50dd4e2de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24499c874fc8f1285c76caca8245a68c
SHA1 6d5b6f9927313e968165663eaa2ebaf699c46430
SHA256 805c1787e620cf95a2dacb4561578482786cd8c8455d60d7418c41e4f1e92878
SHA512 6eba92690fe71ce22d5bcfa7039670cf36edaee2c3ff0483644a97ed7fd69185feafda22c5bee22fcc4c34c93bd2f75d1d55cd45ee9406a293b69705a6c1e6c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5082c58551569c9d51a1213701d49d4e
SHA1 a0e126e2ac9e6f4f021d4e27289a590b62886f05
SHA256 5263875277d8e6d0939b68913ff87ab5d274855edef9a60f80c2917d19904c8c
SHA512 c80e9bc1e98d39d4a8d1daa58090887d8d36bcb57e66f350287a3a4b1ac292eda3948e5789643146c641a52beed8dbc1aa8a8272caa7ae40a61420bebc48e34e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14d0bac732b1f6e6d8b1477329741800
SHA1 dfe3784bf03a5c24c2955e4deddf11504010f105
SHA256 8f7fab0c9dfe4753ded41e777689d0fedddcf806dd7fcd2a96991ab42a85858d
SHA512 86bd43068e35b6a27b5493c4bf90b91a97b4f4c859c10f7f8f8c03c1b9c2df12aff834dcb478c5848d1dbc2e50f1a171395c881f040c9683d6f3da032248cc1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ba94123226eed646c33e275ecd5d013
SHA1 108134629998f2fd0e92b676b7d82914935f5bd7
SHA256 b3727a1f371f46ba1e03b24baeaee1115248605a583077831db52fc2ddbd2424
SHA512 32065c8911bb7a9d1f2a72fcf0fb7bb239552fcf12f95680640a23953d49d952f4e01197c361186b15168fada63bb27844b80a844f928ead190883f357063e0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f747b7d8bcabb2c17b0040ac505cabe3
SHA1 2575e5d59e08deca5483044bbe0dead709d85642
SHA256 748b8bfb2659646cf0550788f59d60dbcd90a045c09bd04ef513e57ce291aad0
SHA512 64b9a3716745f117ced974400534ced80add98563a1336a457a75874ede50de7691e68cdbded134e627aaca95ea3e12e4197604d69d6ed9ef8caf85068cd5a78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19ab8df7a6a71c94fab34610165ef6fc
SHA1 4a0ed26347ddc7830303ec93591b3e1c4e215e52
SHA256 4ed6875691af3413f05f47c7addd1f66d96a62b3afb7eda29f13db9dc20c9cc6
SHA512 cd1096f350cbe0f8a8c54ef1d4576131ae0b53f538d95bceb091f503179f32524422c5d75e406df614b403865bc1c7b7bbecf7f37a6e3b198c4c9669b8fb3322

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 226503d7d5bf9eb42bc75de262de5f1f
SHA1 af66e8a47d166925f4a9b86bbe1d9d207029293b
SHA256 731344b12f797437c9d75f95965f7dd0a11a36edaa91b58410402445937a4d58
SHA512 bd8c00ff9ec06f9aa5501a7ccc169915940cc1071586735c8fa19c3b280f3710ac8fb81ad8ee7dd4ea94883fe4539dd1a33fa92e35a059a29b501787a69c9e9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93986135ce34f4893b7ac9b49905ea99
SHA1 8c935091450b631ba1199600b8eb9da7c268158d
SHA256 3589fba7f7345ffa277dc505c78a1e1234490574b5c30d40755b2dc1a6ae68b1
SHA512 1d90f326484e65be4b6d45a6c8f04866fdf7f1ff959683308b173a4c4429cde18a923ce5d45f8da5cd463e85c57a58816f30a2f896e69f1ae3fb688a034e7bea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 ba3ce26e5f1b5d2150ea4667202115be
SHA1 769de4b032062c9d5ba86a138cb52f4c78658c9d
SHA256 313441a40c917d50b77af609d1191215d6c7dba5622b4a327e500e78eb1187e1
SHA512 e57befb705390169d7d67e15871ad213cd8f833a1a250866683abfe5d0dcf0d9547f33993818ec27e5534b18f51d66e9fee5c36bb119bbb4fec38f83149aa017

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c870028b37996130634fc64452f617d
SHA1 743e166c59006f91a1053820ef01a4008711fc01
SHA256 a40cbe267c09324db59e5e477b51e8528401ea9aa9dd10870d3ee4e1ec7289c5
SHA512 d28edae9f00157d52963ad7066d5dac55ae9a8701edd8b22bf7a861f31d8a128c95520b2c459b4e0ad6a4a3fde53674da575eed0c3a379de906ce6f57134d497

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7983584d6ea50f89a565343fb233953a
SHA1 e027df0d9d0714a4bb71fd53856438f5d330adc0
SHA256 45ee6c69aeb09cf566def6216e60c73bf3ab2ef5f6bbb8e144427af9bccca70b
SHA512 7dfe94f37556ba0c8b76beacf8a944c20088bd4c411ffba5832848df4562fda974b2f5cf0fe5b3a5e03b95e6df75ccde133d245920e19b8851ba57eda519a383

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b8e0771fee9962edb91bc2f4c879376
SHA1 a0d6a3caeae4ddfab033ee114d0cf97b5fbfb658
SHA256 83494f1f4b1d3771de762496b660d831a64b17f401fe8a786bead42e44e50e34
SHA512 8fba9c1b40bf6b50037f0f280623b5f0570275c3f2c6fd6afb91a5e51f086073f6c5afb287a13b548c16fd64d6e01b5e67dffbfb856d7b3902da851a7632b03a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0a88a67101c1b75da5879de80b19b32
SHA1 5345a4c949fa8a9ba8d08d0671ac81090f339d1f
SHA256 bd3ef343bec08454ac1c64afc4b76b5a30183779792e1f72e584a011e79bb83f
SHA512 65bea1eb30324a68b8afe0a61c287dc657f63217cc0aa44c68be854ee1d18f7b19c6872424556175bfa4ed78e30f6e40b4bb0149f8e9faf80297c6d19090e788

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21bece44868ceae0b1ddd612904d8066
SHA1 106993f4890e16e62a649003a18d8165759e5a5e
SHA256 4a5b1dcb081d02efd4f12df660dfb3bf00d180950a01d0cff89643befe54ccb5
SHA512 da9f54ef6a42b22ade04d0eedc1efa7fd8c799370a4aa1615fce16e3bc86c3993b1914ca4c3e41515db276d39c926502abdfb24784bcffbfee434360207dab0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49365d70b7bc8271b003be84069f6827
SHA1 c47ba41954bc13a3ae01ad4e104d8b0c49de1173
SHA256 955372b1b8be612cca3a2841ff53254eae81099ff48a4a9dfecc0383682bd324
SHA512 1e318f00a956f15db83213630941763f546fb6b22a343aedbc1f05f3520c5a1ccc84effd99f5f3c3dc377aafb5a3c43befae12adf1234fb38792a127de719eed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 72ef284011f4eee0edd2e2fa4a4d0d73
SHA1 9c86e5b55fa9298ef04db292e53ff690a127838d
SHA256 ddf595b5fcddc49812b3d5333a844a7dc55d9c87824d7f4b927bf11f07dec27f
SHA512 afe37996a14148dd3889d51122e2e2c4fa67e3041b4425d2027cba9029e32346d5dc7f5402588ceac36ba6ea039bd50887d5f60abe4c442e3958df22049d0ab0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a835dae3867ead0bc74e4ba7e4a63a8d
SHA1 a667661d59650135b584ce80a53a3c73ccb47a0a
SHA256 14eb57e504e5e96451ade49644a413f47de89b3ab2630c8cff14333111d63e20
SHA512 a93bf26dfddba7f0d3b5f223ee7fb90fa7ae96e2756afdffb7cc6c36654611898aa51ab771ccd4a64939fa209be228d71b1dd67408626dba7f7ff1167655a7f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 962825eabe9a1036ba763524d5d7d269
SHA1 28c05de809938362dbe911cb94a2c09e1de77a73
SHA256 ba23daed83a03025ca15a4d1ecb969e4fb570a26a1cfeffdc03d5b07ee66de2b
SHA512 9bdd4805712f94fdb0bc2654ea02efc0b49af1ab704536835b46f7941c9bd73b8d8886f73c282fa8cc71d4b431778f4b019edce6a1392d0ca166b4bb461907c3

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-29 11:54

Reported

2024-05-29 11:56

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\80a5678a59cdeba3735ce23f8ba198ef_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1188 wrote to memory of 4608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 4608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1188 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\80a5678a59cdeba3735ce23f8ba198ef_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff2ca46f8,0x7ffff2ca4708,0x7ffff2ca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3044 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 www.acaprensa.com udp
FR 216.58.215.42:445 fonts.googleapis.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 110.12.61.179.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
FR 216.58.215.42:139 fonts.googleapis.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
N/A 224.0.0.251:5353 udp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 179.61.12.110:80 www.acaprensa.com tcp
US 8.8.8.8:53 player.radioforge.com udp
US 8.8.8.8:53 www.google.com udp
US 179.61.12.110:80 www.acaprensa.com tcp
FR 172.217.20.196:443 www.google.com tcp
US 104.21.53.2:443 player.radioforge.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 8.8.8.8:53 static.radioforge.com udp
US 179.61.12.110:80 www.acaprensa.com tcp
US 8.8.8.8:53 maps.googleapis.com udp
US 8.8.8.8:53 maps.gstatic.com udp
US 179.61.12.110:80 www.acaprensa.com tcp
GB 142.250.179.234:443 maps.googleapis.com tcp
GB 172.217.16.227:443 maps.gstatic.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
GB 142.250.179.234:443 maps.googleapis.com udp
GB 142.250.179.234:443 maps.googleapis.com tcp
GB 142.250.179.234:443 maps.googleapis.com udp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 8.8.8.8:53 196.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 2.53.21.104.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:443 www.acaprensa.com tcp
US 8.8.8.8:53 www.acaprensa.net udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 79.239.69.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dc6fc5e708279a3310fe55d9c44743d
SHA1 a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256 a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA512 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

\??\pipe\LOCAL\crashpad_1188_EKPEUKEZHPDPKVJZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c9c4c494f8fba32d95ba2125f00586a3
SHA1 8a600205528aef7953144f1cf6f7a5115e3611de
SHA256 a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA512 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9eeb6e0f26596ad21269a9cac7aaf1d5
SHA1 2c027cdcbdad364ccd2da702cece57ffc24c2448
SHA256 7242352cfe2bb64defb4a69750097b555836391e954432d8be8bf373d1f90e50
SHA512 7e6fa8cac72a67147e375957b9c31f6f00ae6aba5313f2f0bcd6f79d25e0b9a1207bae01dfeb35b439b2c58625d449bf81ef71e07d3e3c4337e79b1e1ef4ae43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 01765c656551f24e9df3ab621e38aa6c
SHA1 f9f8f144733740ac31fef0076f472dccf0f5e78d
SHA256 1cd6febb64e7ecad0dbede2d24ed452d9c4f7150df8f15a173f6ae0fe2655404
SHA512 96b343d898d39d1bfe2cd43d17d1daf6fd030688577e69d236c26518d3eb69eefd97f69430cab7d33e5f6a8fb4697c7b15a500efce9df3cc0f77d42cae70463d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d0d736d0ea04cbaf68eb55f3d5036b16
SHA1 3d1fadab5cd8e77bb2daac385ea6825b9be3a659
SHA256 a9ddf5a407383df793860a99e421b74e4c3861cc4043f40b0d52ea8575190c15
SHA512 6021c7b749ea9649a6776774f8ef94145d364e709c6554a7027b300b98fd1216e14a6508a75007b68bd0aad5be54493a4b42ba213d0dc45bf1117f07dad1cd3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dc8e18d3ed9a0157f59c3cee0401a892
SHA1 ab32a8b18f2b39e79759b6e72e2d213478f3a800
SHA256 15efdf5e5929eb70539115832538c3ec23e6794af20839370f1825118ce915a8
SHA512 a393edff3694767b09306e851101395b2d9a1e0be9fcb459c33ab921218ee82e9eab22093580f0049db0939b8b6df3cb875a603c757b53f5d255e7c01c123a18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 76f9100743262e4e2e1c9abc07c1ca30
SHA1 bb5c043ac6ebc9bba59f18d6d8d167cc6fdd4f8c
SHA256 bf65280907fbf8c97e79c15145b60e950f59697b73047998ef2b9764abec3950
SHA512 7f1f77308bc83672aaba6e3f06eade056b19fd64a450b0c63817ecfdd6ef68baeec04c7262d9587a77b03f6e33d635cf0ba5ce7b2b110bc83cf3e399145bf565

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e26f988b538a772713c3cb7d0a8ff879
SHA1 8cc8319594b22a49ec7217aefe7eee976d8b95a3
SHA256 599c2d66d860dd6f9606361d6da4729c0aa4df13ff7e7fad0133e95db029e75b
SHA512 4df3cd658c837be842002b468b69329cfea786f82f33aadec3dd3bfbd394cf0968dd1ce39896c62f68f95fcee2e47f4592a6151e7155dd77dc71268887248bd5