Analysis Overview
SHA256
392792d39488d81d426b14f19e958608ac7334e4568605d02217483243af9c76
Threat Level: No (potentially) malicious behavior was detected
The file 9179ea16eb97574f19797d37c9cbfd77_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 10:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 10:39
Reported
2024-06-03 10:42
Platform
win7-20240221-en
Max time kernel
133s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A2064BA1-2195-11EF-8AAC-6EAD7206CC74} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007f473745c53e1948b9ac73394bd5824400000000020000000000106600000001000020000000b70175187e9b24fba5c90aa79c240c11df541bb5938fe477014c01b21af292fb000000000e8000000002000020000000247a1f249bf686a32425966702e9f0aba3f948a1afbe0cfabefd7df9c36bf17520000000c398f8ffc3eccd29309e98b39769f53ea87063172fc94f770322e8380afd57a7400000003960133973e801b0fcdfc9d082571780277a8c2ceb7343b7d1617636c878e98ccc85eb10e5d404186aad789052c532970ff35e8eb64ca5c1b1dcaf986ef577e4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007f473745c53e1948b9ac73394bd58244000000000200000000001066000000010000200000000d10dc6db27a480160eefe85e2db7c89559db7835bd29e016c8b80ae66c160cc000000000e800000000200002000000053f010f89056c433f6934c2cbfd10dcbd81e8ebfca5465444a96ba808c29d27190000000c631a5d22a244a9fee503d9dea3c53cfa416acbf3abc9b35e4f9de396c60d8bc5dfb376c0499dd442b7e17a127db1f8d916b966003fd71f8e25c922bb67cd4749d3464009a567bc9b9defc52b2b20694154fc875bd08da373d7efa0d0a98a2b311f150889607f14c19688d0b95aa130d86c5e734f4747e0a370214a3ecff37a374389b81c7b2be1ca72c87b55225bd3240000000d76b65ce420538830aada93eb46befed31830a69cc333c4593203f0e762ecffa8f7b2241cf6524d5f1debef6ae3f5867e5f280eb5c4c4275aaeee84fda3619d2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423573070" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30d09576a2b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2848 wrote to memory of 2532 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2848 wrote to memory of 2532 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2848 wrote to memory of 2532 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2848 wrote to memory of 2532 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9179ea16eb97574f19797d37c9cbfd77_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2F1F.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3010.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d43679e521d6e21528b212a4d29f0fa5 |
| SHA1 | 0ef40cd9e5741e99830728060628ace2b16f53db |
| SHA256 | c7adf685e5dfe1217250f6f542c0f0ff0a7f74fd4a7a45032c80ae1ceb57618a |
| SHA512 | 2efecb7d2d775a4ea1c4c701f07a2ede7aad9e5088e756fa3e05a5b9ed774cf9ac5c2944ef77db5a7d8460010c6eea9e3a463dccd32fd89cc0b56303c44f5126 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c4f6a4a6a7fce2b45bc511642f6a6e4 |
| SHA1 | ac19d45e11409449bad377e300daeb05a6f476d3 |
| SHA256 | 5ffeeac738acf0db67ea22f29a1cb5230bd1972f6c106c12a00c0079bfc2f8cb |
| SHA512 | 547c1d3f8a8c1635300c9b8c389ef0bfd2ab549228f0ee74882ef50cc30aab71e8419e083c2b00103aa7871c9a7c2567941e841101c8fdd785c169b557c42463 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64718169cb9e53b1d2298ef7110a0753 |
| SHA1 | 85380c25ea7716f884f41723454a06ec222a97f0 |
| SHA256 | 1f7af12d67d0a748f5db175a9515a2e782aa2990263cfb1451a993cf4cdc883d |
| SHA512 | 33de579fde2c815e13a1e6b84b0b44f5ad6146968c9bbfbdb1d3a007aba69b36be79b39b86b0f369e63d5531f80d1ec92e5536fecff7fc766298a22ca0b1b1da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe0ebb4e2e80e0d9c663b53a90533524 |
| SHA1 | cd281d73059ee53f87ab3657975af50b29aa1826 |
| SHA256 | 61f2fcedb211181226ce7b08711d92651812d9b2c5ffa5175b351499e6944fd4 |
| SHA512 | 72584774707d846c38e6e0e8d4984bd4fc1867b3ea3b7a8372a29e20d93110c6ae858e522334ab485fdc3dbb40cd77215887b3467fc971a7b2a490b160b735a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d70da656a054279dc02ac2b84cce8ba |
| SHA1 | 7d1506e7991a3d5a38221c95e60270123210ce50 |
| SHA256 | 7989f6a7831e21f80be00220bc5ab1786dccd8e302a01a144527746bd3d9d9e9 |
| SHA512 | 23318332a324cd03ac7a87b15d346f7153d3afece6e9b47239a3fee5de91372e53e10c11e3a59e6af85550d468dd46083ee4f0cea45f8c837de5b7edf67d7716 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b26a01c2d133181cc3a09d89a524dd9 |
| SHA1 | 62b6a3a10b04992522d8344af34713680e79db8c |
| SHA256 | edecfd0f222608fe2db94f5c3800c9af79e24dd4d5277e5abeb7e2a0a7bb9e2e |
| SHA512 | 043d23028227f87c2da18123c06554c5a825c6ba2d04dca017563d2b4fb1c03538228ccaddfb4ff6560635e2884a47868a93ea876125301d99b1d04656bf6da6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bac5fb636fe9261fbd19c221aa67ec46 |
| SHA1 | caf3d41d8643684ea821249b08c4603c11126eea |
| SHA256 | f6a49c338ca7e56674f873a38e74fe23258b6574b24814566076d598a9b6f92e |
| SHA512 | 42f5ad5f80ea5f7c241fb4ea81fd2b4db0cb4ef9d2ef7402abf6b3cb444fe8165235e51e06d127cbc6f73115c274766526f5cae4768e36736c0be492b5649109 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e090ee87cd290c9b7be8b9108466e4e |
| SHA1 | 86525a4b09a0c6ef6ded4e24d2900ae7ed2a18d6 |
| SHA256 | 24b1449d3ec185bd2b652b054eacf30f9199e18e197caca8b7b3e91d3d08ace8 |
| SHA512 | 217ce278fde43aa45bcb7f7a301b89dbdbaf480353f1250d5daa3544a7f2403b16e1f85697415691b15bf9192949dc9e91668e16ff9f11fd725ca04de5d7b300 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e6e86deb1b20128e8524437ff6dd340 |
| SHA1 | 1a4f39280f122144a4f1224030ea9cb392ec4c1b |
| SHA256 | 0998a138cce5635675c6a988630122f202322a2433295d9f0964f79bdb32342c |
| SHA512 | 11c6d6b5fd006bd4923b8687f7e7c7f13e9503d96278e8103879d29dd4bdddab74715fea9f3f2ec7a2cac52a2d4f2b06260d17a91bcb45dc2f1a4802784b103d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e35dbfb7e37b2149938de52e7c4e814 |
| SHA1 | c8fffbff28304061c159d3e2efdc9a41f17702f3 |
| SHA256 | 098cf41ad741e2aa086576e79c510ef273620d805ae82a98d0ddff1ff3708ddf |
| SHA512 | 9e36f54dba7794708360662a27e6bd57f13c80d35ebd5c2cb0a12b9565387badf6c786fdd525b007f0795e94b629f7f5b64d14a68445d98a4dbabd238fe172b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b92eaafed71e7e02b7a59b0882a75aa3 |
| SHA1 | 3a912d1974b1e984fc7c28be36ee6b04898f4842 |
| SHA256 | e498b11cb9f31acb1fede9ac304ebc5beca6083f7779a1f764574ae95e8527a5 |
| SHA512 | 5201dd2a0d572fb22421bdce12df0c772f3e32b10bfeed80d9998b0aa5231525a3ca05ff1b6a854d25a16ad413e0755a5f74a8adc4901c61eac68f992741c9e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef261397e151dc65d639d9d9f0c1e68e |
| SHA1 | 4dc8ba40a51b9625b346d57f59e3f0642471c2b1 |
| SHA256 | 6c01a1b639f8f1bb88035f7692a2bd20436dd439c4412e673e02b907c3043623 |
| SHA512 | 7600aa0d3e4ceb4ecde63b6ea4596c3d9e6696154d2391db45510c2c3deb08205dc5d8a0bf324cae1fa878eae0c1b1d601f4ff5d39d1eaae7dd1b76020da9642 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74808f6acdc664369a9289615c8eac33 |
| SHA1 | 7032744ed73f3efcc62a02a8eff8bde9d2b1667c |
| SHA256 | 57e2aebedeec7deb1ae00a7b0b0b2a408fffdf42ee16b12f4637ca6bddd6dd0e |
| SHA512 | 490390ac873823f5e259cc863bd2550e8c4a2d729e02b4714aa1c9495461314803ec3c4d5b36234edaf94124c79a28723e4f558a090cb575f1e0fe7d8aa679ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79dd5cb08515616a370fc0424f34c9db |
| SHA1 | be50f5cdc0245b084c3e75164f8740800f01742c |
| SHA256 | 9665a70d571f43df0c76a52cd6533f6ee7800fe0c37dffae59138b47a9b21cb7 |
| SHA512 | 7ed7bd26a5344b19823234723cace9f9dcb5f3636ae319f20ded0a38a78d25ce2815f5b44623bfe2ad8e9db01c877ab1072111315f0d2273b6936f632b3d1e37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a99f2811fbfb12d5c7de1655623d68ad |
| SHA1 | 62f6e95b632fd08cdde7e2c198678a31b3961002 |
| SHA256 | 950044917d9ca651bd63424e40e88e7c7bf3aa968fb124e612b3fb38146969ae |
| SHA512 | c00b749d61588f9ab8dff37afc7110cb5cb36c4b616a1e15aa31efdfc041537c3ab4487fde5b3aad89ff4d4ee706b25c6b2c531a11500797698488691e4466b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43f1d301de4fffb085c56262b573e7fa |
| SHA1 | 7568e3b193072434e572f653ea427621fdd1f2e9 |
| SHA256 | 7d36b20d255d3721cb00224c3e3a7ad14e598f09c3e1a075b3c1825c22b4ac34 |
| SHA512 | bee0c43ea884b0838be8dc94bb3e187af31c3bada7e8e99321c2b1dd9e25e7378de542345a344f1e99035d500629518368d3963f7b465297b28e41e0db5cf9b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b658edb51b494de3833a3a49ad8e3408 |
| SHA1 | 83376ed5a453ed84697f9f9ff968a3bfb0c6bef7 |
| SHA256 | 0bcb437d470f62eca37d64940a53afcb607c3e31a4a067cb0bcf72747ca2dfa0 |
| SHA512 | 8678bd8d4f71a8d2dfb33a030e343f0c45d2d3f316ef0528661940c6dfc5507e2be90b82af80e35d385d10e6a2539f486f44e7a362aafc73df51cd36131f7e72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b9dddd27a3fea05e5708bd63444331f |
| SHA1 | 9281dc53650a5660dd97f2144b217d6c6e216bc0 |
| SHA256 | 3719318470ab4600d1b32666dc69db696c5d9db8143186daccd96c4ec97c3c19 |
| SHA512 | c82398c760bfcd646bf5ee664b48984f72e938e7e9b5d8669355ad067c07def37b71bc25b4ef2962e83869acf5727537738cfd3d1af55a8dd957788b77e694f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8c1fcddfe2bb009b55be68b2a4170b6 |
| SHA1 | 64a8a1b8597b2455630c2e8cdaedadbdaeba0e65 |
| SHA256 | ab0ca9e5d9e2f0ffd57f9e41f38a156ab3aff74a400349622063486d4ed192ca |
| SHA512 | a10186a0083cf03a44efb142f70457e43ece8e90c8cd036fe8b40e923b569739b46745c2155785d716aa8fa7dec09e5a4f1adad79b39a9499d0b063ce6d36b1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32af1b42203cfe0bcadab52c42b67836 |
| SHA1 | b65b454adb12e2045766f2a0897fd381f36ec96b |
| SHA256 | 215af4f75c7e86fb81fa01ff71c9d9c7e4c04c56d9343d10e93999bbde669374 |
| SHA512 | 6eb3a5c3cc10381fd1b23c8f22bca393362d32b54e06af5b307aef852ca442229ab1ada112e9bcd836a21c4c5339129e3c5bfa0b47ff375703a7421782080101 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e29b80abbfbc213ac811eb15720d046 |
| SHA1 | f30d9a088e378b360e9153657386aaa470daabb5 |
| SHA256 | b8579b4cc88f19de6b39291eb2bc5e77b15700ae30350216ad01eb5bc6262f61 |
| SHA512 | 486be3e3a7b931cbc1dc1648b6896c08e4613190c04c635c72701a54e35565c0a85946664b5027f0d70e6108631fe1fcf2764afd22200fe29bf405cc57ceba66 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 10:39
Reported
2024-06-03 10:42
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
127s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9179ea16eb97574f19797d37c9cbfd77_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe811746f8,0x7ffe81174708,0x7ffe81174718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,2429890381673060774,13152972381298902083,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,2429890381673060774,13152972381298902083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,2429890381673060774,13152972381298902083,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2429890381673060774,13152972381298902083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2429890381673060774,13152972381298902083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,2429890381673060774,13152972381298902083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,2429890381673060774,13152972381298902083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2429890381673060774,13152972381298902083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2429890381673060774,13152972381298902083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2429890381673060774,13152972381298902083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2429890381673060774,13152972381298902083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,2429890381673060774,13152972381298902083,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.202.52:445 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| RU | 88.212.201.198:445 | counter.yadro.ru | tcp |
| RU | 88.212.201.204:445 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_4708_QGHJRKUWFSBMPEFA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | be9e0601046ececb92c9e9c0f9515425 |
| SHA1 | ef7b2f17965f3ebc7ede4b765d7975e712d9aca2 |
| SHA256 | 32d43d6320b38663956b9889a2c08424e1924325269b99c1d2f4f4de659dd41d |
| SHA512 | c42121458ec04bde4178ac9be05d750a61019aa4555b371992a0df14438c89c2d6dd2ed5eaf6e458558ed08a67f856d5119c0d2653a28d30a4bd963ef91ab184 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 292f2629b8ca043ad3c27fb043cee178 |
| SHA1 | c70678bf83f69abb2dbd78035f3807763fe6d20a |
| SHA256 | a4b806e40a42cb6031dca9d1ebce9ec9ea980342ffbe31e2b947f9667570bbf0 |
| SHA512 | 1333198bb9b49cb59de170000d3d06c467cee75d1d150193f30a733ed68efa0a295370249c2a2cca98d8ea482fc89b3b348f9183290cc2618e06a56c9663c5a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7390a050f8c5963fca3cb88555123ead |
| SHA1 | e59b172e541d4a9ba408c0c4e62e6e1eb36c8997 |
| SHA256 | 3b45e8439d93216b55fd6063ddfb9ffed8002131665f263f0d560cc9922c0f2e |
| SHA512 | 86787834411b39b6ecc07bc235e981515449f5812f50815171a4422b739315a2ce57f9c58dbafac76c8dfdfc2978f988056bb12fada46be6d80fc34a115c23d3 |