Analysis Overview
SHA256
657cc9f4a7cd4e1ab629fcebb0cef4ee5b12bac4b1deff68bb9353893bf072ee
Threat Level: No (potentially) malicious behavior was detected
The file 8c66b3074b8539940599165dc5e18d8b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 01:03
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 01:03
Reported
2024-06-02 01:05
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
126s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c66b3074b8539940599165dc5e18d8b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa797e46f8,0x7ffa797e4708,0x7ffa797e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14040886694894067011,3193197884666042429,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,14040886694894067011,3193197884666042429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,14040886694894067011,3193197884666042429,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14040886694894067011,3193197884666042429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14040886694894067011,3193197884666042429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14040886694894067011,3193197884666042429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14040886694894067011,3193197884666042429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14040886694894067011,3193197884666042429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14040886694894067011,3193197884666042429,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14040886694894067011,3193197884666042429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14040886694894067011,3193197884666042429,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14040886694894067011,3193197884666042429,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3104 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.86game.top | udp |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| GB | 134.122.109.150:80 | www.86game.top | tcp |
| US | 163.181.154.237:80 | js.users.51.la | tcp |
| GB | 134.122.109.150:80 | www.86game.top | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 163.181.154.237:80 | js.users.51.la | tcp |
| US | 8.8.8.8:53 | ia.51.la | udp |
| GB | 104.166.160.226:445 | ia.51.la | tcp |
| US | 8.8.8.8:53 | 237.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.109.122.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| GB | 104.166.160.228:445 | ia.51.la | tcp |
| GB | 104.166.160.229:445 | ia.51.la | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ia.51.la | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
\??\pipe\LOCAL\crashpad_4900_UNJUBLSTNCAOSUAY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b3efbd24cf155001c6cf5bb77c0f54c8 |
| SHA1 | 1a8ce956013a5071b1a3698861aa55b6ca6d88f7 |
| SHA256 | f4c351bcd4589b91f58f955bdebaefcb9e6108060bdb5d5de9d5f703256da9be |
| SHA512 | d0b41e7b83a3a2fe6b8f4707da20dea49cc1d8fa8cca1c594c36995f5140f04d646cb96698114b0642e2288134cc8e29b12473ff9f6deb5d6d048813d306de0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e96f1fe72b8d281b3924650fca0867af |
| SHA1 | 3a99e3dde5af153da0cb770461abe21a84cc6f55 |
| SHA256 | 14978e5531624ec45939566952ac8fb53cbdb2445abf2d29813ddeb0f2f52765 |
| SHA512 | f2f0f6e89366595f450cf0b097d60315ecafce05de8903372d7bf5f769c304d4a4228dd696cd673eabb0ee9c363fa4793d878872e81040dbd166b1ffd74a63ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e6b03175aa95b013dbf715c65be36141 |
| SHA1 | 644b9e8738eaf974cc109e1eee98625a42f54660 |
| SHA256 | 84e7051d1a5109c04874de9668b86801e14cb16036e275f07280f3dea57ec65e |
| SHA512 | aa208e61ec889226986b4cce8a4685273270ca28ff34bcae12294a25c6e0971398eec1c1b06155f1085722fadb292cbd68d289ae82c7105c1b2128d0d10b70dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 01:03
Reported
2024-06-02 01:05
Platform
win7-20240221-en
Max time kernel
139s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000265820ffc34a63439b460a622685b91400000000020000000000106600000001000020000000c99ded92b2c85798c588268a5c1aafad1f99d73ed1c56e50f743b389a8c22e5f000000000e8000000002000020000000c7928113be05691c35f800fa13664aea169f7f57eddcf4900db114fdfa8bd8359000000033cdc67a06603e37ad80ea026030ee6564632af75c1097d55f0a4147c5711d63b0ba7e2851a9d1f3ad47615a0a4e28e2236757818a0a99a5834aa5bd89b428cf18e51696bccbe432dc87d7246ce0141abeec31fef5040929acee3cc4294d40d614408f16e390f0fc65cb44ea1232d6b142f1e93c794c4d54de478018397d6e66087cacf6dcc1c84755737d7af1e57b9640000000d653773b36b4ee00b497a3ea36cf41e7603e4ad64a4bce483190edca13576252aaf87fa036a1aa32cd0fb8db0248c13c40ce0553f4b5fbb9097a6af4ba7606aa | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E85FBF71-207B-11EF-917A-EA263619F6CB} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 408e4abe88b4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000265820ffc34a63439b460a622685b9140000000002000000000010660000000100002000000021508e53dd30c66acf019e57f0bd564df6a2229ccdb07656e02a9d0f9c8a00e3000000000e8000000002000020000000689a9bb793fbf08bbfe688dc2596e86b22f7422a80169637f176a75428a5e281200000001d8e24a80225f2a6b77682fe9ca873f4d5761eccf733ba4c772be2ea1fab2c99400000003072120eb2212ecf47a9edd42111d262d4fca325892a4028bc06417edcedff1712e8cdbf28b28f218969cee9ea9ad4ce75b9a7983981b8155c7e5bc13067757e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423452075" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3024 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3024 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3024 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3024 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c66b3074b8539940599165dc5e18d8b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.86game.top | udp |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| GB | 134.122.109.150:80 | www.86game.top | tcp |
| GB | 134.122.109.150:80 | www.86game.top | tcp |
| US | 163.181.154.233:80 | js.users.51.la | tcp |
| US | 163.181.154.233:80 | js.users.51.la | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\coinhive.min[1].js
| MD5 | 2ec43720699ba70c89f5adf211fc3138 |
| SHA1 | 798ef9a5855d7f56b51825856cd84ce0356cff0d |
| SHA256 | 39f7a131d7976b1cbbf08c89727ba5c1b5c384152ed65bc83198bca315be5a88 |
| SHA512 | ef8f3d359eecc4e4234e18ae38a5c2e908bf352ccbe518d35cf956d8bf38b699724ef3d673c984625c2b725640e5d3bda45e363cfddcebaec2102aad7a34c0bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be888e5b49b6ed4a3311cd35a0840e78 |
| SHA1 | beee6dcec40bad11f87806c043253d63b0867b8c |
| SHA256 | 3d8b7d9bf77eb696b9056ca501f037c0a020ed2ac987346fee44725749ad83fd |
| SHA512 | c3cf8067d216f39ea84002aebf58900bdd2ee7d3e2d420df131e4b40fbe493042d8ad43618072a0402a6c365381f5576e4201cccf026f5de4b1a295c3d989181 |
C:\Users\Admin\AppData\Local\Temp\Cab3584.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar3586.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3A6C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d513bbfd9d1b4617af009a19e585cc64 |
| SHA1 | 8ed7b082405525dbf4a5e3d3c6d89ce3375ec70a |
| SHA256 | 719b71641bc26cd7c0f2514395687df98e1604e9b9f25037361da3a31ad552f3 |
| SHA512 | c97fff610d17939f3f1c4d5cb6e438fa18fc2d19af9e6d1f296ce373056bb921b9fd1d24c8e0d8c14a7455ac7373cb3411ccfb41714ddb135c06a26d3e39ecf9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e132607054fa03c0419a4d76d73b594f |
| SHA1 | 3bd43b3078f0c5a19992eb41cc5adcad81d167e4 |
| SHA256 | 51a0957ae456bba04f36bd2254b6372a3cb947cbc06617c715a8e4290eed333e |
| SHA512 | 1eaa121e29acbc0c6cb27da651ec27f5921382e7e9390e7ac014ed59f6385c5db6ac80acfee4f4bce77574b9e4f2793a746b5b103ca0c51ad3e1dc29084b749d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db1ee47b8ad8f46349f0ba2e0b5fc2e4 |
| SHA1 | b93c8f95d38bf8927ef5cbf97457147e9f246d44 |
| SHA256 | f3a6100c888399f66f43dfd1e79c48f21d4aedfc28961414c00c3830d2415497 |
| SHA512 | 0c5d83f427e4a64a5873e6d11006b3e5065f4cf63f6aea7a58c5c0f6fac7ee7c5e6ed899dab9018ae8f13af96e13d2590ba09747d0951ab90539bca620e8f196 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 553650da5ed28a1f2c8413d33559c5c7 |
| SHA1 | 62c339087873e1690829901c69af570c933f6ec4 |
| SHA256 | f70872124b2625eeead86d8dc041cf1d25c6fe0825858b9ae30e32e0546b9777 |
| SHA512 | 19be8e11ce4aca7fb8a160b7a7f1b97a5b1fef70cc1bc25e6ef20d6dbb254582c469e8e619b7d7f9b944037fd5061b3e5410135b3d36ce4236989db6640cbc3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68b65b98a3fafa5e1d476fa20e0f72d9 |
| SHA1 | 76588456b198aa8fde8ae03483e70a369ca0e54d |
| SHA256 | 1db9b21ec864ebf64bf5084e75770a36d4aea3e9bd10b73d434dd4d5f5657246 |
| SHA512 | e3f0263464cb7cdc9ac02620a7726b2e5de8093787f3f2c6305233ee04a55fb4e3f5bfc3a78195e34dda483dda57d9f7a4b3a30260d9bb4b74131aca53590ede |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d676f3f523080ffef875aa5f91de175 |
| SHA1 | 8eac89e72ca39795489df4d6b7c406474c507360 |
| SHA256 | c3db06fd4732fcdf04bcf9f82e12ae23121039fcaa7bd0cf8b0d894f00c9f7f2 |
| SHA512 | d4d4af915a7a1a378300c0be5534f917b69b6059ee862fad3b2b807a45c4081c56ee1fa145b34a43fa961bb62d7ada1243ddb232a74fd7ae55884b28d0f8533f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04478fcf8a9246ddb3a12f4983b361dc |
| SHA1 | 012ddf16cbe0b5f9c088463ad05ec630762bac4b |
| SHA256 | a6707fbfafdcd01fa87c1748243969e88c66064be9cb37e55ade275d973d0435 |
| SHA512 | f31e11b0ab2a603bedf5c64a34e2694863268d054145a230cbb7b17c377fff0853ce29bded9e4a310118296835d0a5968ef43cf0276d75828c4ba03ffc0a3260 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae75bb026a0b0891ea8bb45a98c71c0b |
| SHA1 | c81962ff35b319364dbe42e1bbd1ca64958faf91 |
| SHA256 | 977930ebcb00210e6c161603d69efdf33748916e942745ae12d74de0a6eab2c8 |
| SHA512 | 23b2079d95b881430eb05b911ae32dbe294e10016c0df1a00ef1b056079971a816bba03cdeeddf50628e0c302ef6c14e0fd753d9fe774a88eead3d97d8d71c74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7182d91407c94bac0e76647bb257a048 |
| SHA1 | 41c69d20ceea67910d30bd63ba43ad5bbe099a30 |
| SHA256 | 291cc422c2e7cabcae8abaf726784dcfd1450620491b302f2147312d338fcf44 |
| SHA512 | 8d807b80effe853fb76b45d3a80b9fd447214d1abe2698f21f0a87026bf65015da2dec95f98b249a4644ae840b4d359bec880261291fd5621a7d9a6d1be8bee6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19c843af4ac4c9685416f0d0329b92bf |
| SHA1 | 034f1ca8855d13e672428048b2364a6038b7899b |
| SHA256 | a63cb286185e4213c10f2d8bde05a48156045427b2483bb8536bdbc9021ae116 |
| SHA512 | c34908468e5c6614a78962457a93964648e1e036f2649743a53a4c6c89d6336aa11cb798bfdf982447214966dc4f95f38bbea7eae2da19dd366c88af72f5844c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 1d2802ebd2e452c3dd897ba2ca63a00f |
| SHA1 | 28ab4749923d13460848efe955e3853dd4ea804b |
| SHA256 | 3e8e4ca4b2794eb8265e49c08c1a57c9e95f1b2ceb9741bc5c00a9ef0ae89b22 |
| SHA512 | 07d67775069550ab0751f9f9538263dedb5a2e990b337644c5cb530fef804c435d21a136e6e9d8ead1deb8e28a574a2eadfa03b6011d64206924209b15370dca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd3bab6bbaf44bb330ecf0cae48e48de |
| SHA1 | 727763b300b972e287c8adb3fdfb09df7f9941cf |
| SHA256 | 5254239bbce560ead8a48631bc087c4e5c0c517429bd8dd3c3b884eaa946236a |
| SHA512 | 5ce5f4c7ce8da9f095ccb45221d813a0e0c1258dc1198e4615a93b6318af6dbf0f9b5a9432e65318bae92f281b2100cbd18faf78a3f1283a24be1edfd0dabc5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8af2282acd0c11f3f5d34a3037884765 |
| SHA1 | 567079c9630ec75b3ae0930ba0cc03d62ccfccd0 |
| SHA256 | dfb812bfe194f3dcf31fc5e339a6ef1cd69d443a66bf2e4169251064ffdd91e8 |
| SHA512 | f065112fcd50ac8aecd2f80e580ea64e214adb76b786bb021cf0fddcb3a54fe8a72b82146246892072bb5143799ac47fe5e53bad6d1771da4e86d21d97ed3e5d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 2b32f2bf373d073b4aac44ac6e1ec80c |
| SHA1 | dcd78de3080ab3355ee7768cbcd67a577b61b070 |
| SHA256 | 6492df04415e009fd1f01fb44d14479494fcf1ae4741e0ddfabf94efe9a0ecdd |
| SHA512 | 2c24b694e8504d76b3cdd692914b6484d5da7b4a074b6155db0509e379babfe8f3ede2d22fb522a2110e114741aa9bee11011c1f47f62a5448a052ee19879e68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4ba03a85a583eb85ed8f5fc9775a087 |
| SHA1 | 8468ca52180ce7e4949182d4bcb4210907569655 |
| SHA256 | a26a96c8aba6499abd0ec63c32214fe805831108f342744757de0be125958d7e |
| SHA512 | 5b706b108a0c5f5970dc0353cdb864efd9fd665d64af056eeb911962ccb54521e691e56dbf79c519adf387916220a31cd8a534a6e22c42ef93e8e055e1f70cec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc90d32ab4240b66d3ebbb3362bdea68 |
| SHA1 | 005fa5c35e712f75f132b3e99633207331688763 |
| SHA256 | f2fbda047ba34f450a5aa2007bc7d68b87391653580cc35151db040ce97873fb |
| SHA512 | 50eac352fd1d8e5243b6579fb3f0ae18c044307fa3a1e9e7b072fd05ca98cb9dc0423f3b8df7d0bb4af761d2d3d23f10ac272809272edf6de08e7478cf300a2c |