Analysis Overview
SHA256
f72d1b22bad02779ffce3772abbd3683b352af0667f2092cb2458bd64035dcde
Threat Level: No (potentially) malicious behavior was detected
The file 91eaa19599a8c0946026fed0493f9f55_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:16
Reported
2024-06-03 13:18
Platform
win7-20240508-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000002304e102499446cecb17ae2dcbabb316ee919cfa329a9cc85c74abd2f680cc2d000000000e80000000020000200000005688f5a5bdd30748d8631f2252cec6ced0a84d77caba716b8884d4c9da56eef420000000eb7b161f1227844c330cfc787143fd52489dd2ac55f40bdbdf85de8864cd494c40000000778bd032d036f7bdc1e0fbcbe0680ee6568833362f58d594dca31570bda808d18aac5b69d776798b9b74767fe1f09b4d592135742fad49e2d746153b4cce5d2a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0629847b8b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{72F2E561-21AB-11EF-8C93-DEECE6B0C1A4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582439" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000050932e685873b4ec7192f4d262fbbf346e09172743eb7464104600f404a777d4000000000e80000000020000200000005c39b02d5964c0c79dfaa02abd7c449438b9c35fc718f0fa8a07dcf04ec9e067900000007d20c937e3b307c892cf3d53bab0f57a8a606b5326cc5579579e8790d79ebc14bafda051d47009341813a08ad4ff4af0cd41ec018377d5926d5a87f8baa605f7e7fbbc40eeb2d43ffafd76da396894de5a963498f71c69bf92fe30f3248a4b83c050c4dad5755097129bf6446d405b00d554e5d8547ffb82cfcc67efba90ad328c8eb8ff8dd78b0b2ddcc425a8527bdd40000000557ea768118e4798c226ce5ceb9a648b8bff9c85364563c7ab058df9f6eba3dd26770330c544fe37c680be93469f920f54ab90dad0ffe8f64f08b6ff93a6891a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2988 wrote to memory of 2752 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2988 wrote to memory of 2752 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2988 wrote to memory of 2752 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2988 wrote to memory of 2752 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91eaa19599a8c0946026fed0493f9f55_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ww2.rinderwayr.com | udp |
| US | 8.8.8.8:53 | a.rmgserving.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| NL | 23.63.101.153:80 | a.rmgserving.com | tcp |
| NL | 23.63.101.153:80 | a.rmgserving.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | b.rmgserving.com | udp |
| US | 8.8.8.8:53 | c.rmgserving.com | udp |
| NL | 23.63.101.153:80 | b.rmgserving.com | tcp |
| NL | 23.63.101.153:80 | b.rmgserving.com | tcp |
| NL | 23.63.101.153:80 | b.rmgserving.com | tcp |
| NL | 23.63.101.152:80 | c.rmgserving.com | tcp |
| NL | 23.63.101.152:80 | c.rmgserving.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3CC4.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3D58.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f501d54ea955df482a132a6086e88a3 |
| SHA1 | 726ea9efaf7a6efa32bcd51cc615f786182753e9 |
| SHA256 | 333d94fc084944f7d4066541c87b60b948fbd5eb41d9f3e9a1b57fdbb25879aa |
| SHA512 | a4a63a1cbf4c4512b4a541f070f99ec0a870c5994f352e7580abdaa1b7469c46ffe76ffdf923841fd0fd9b161ae07fa9b5b4bb3c68cad4f8ae696916789ede74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38b7287c9754f8c2374c57205bf7086d |
| SHA1 | 467d66fe7621161c7847feb93236a3eb1df9f9f5 |
| SHA256 | f04cf655d3496de5fa61ef49fe26d60229ecfca30ecb962995d9129f9419e6d2 |
| SHA512 | 04427668bb81637140830d495607e217f770fdc951a33c48109023e8934867fc08d3f7c0b2cee186072f2542c3d0a8f3bf414229abeb604339d28faeb31c4dd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d9c596d695a6dfc77aa120fdad77eb5 |
| SHA1 | 5c97a4964d89d65c33f2372acec05818b79ed1ea |
| SHA256 | f151dfa6afa05390fb4ef5ea5cd8f21d3a650154aaa2adfeeb54b9ab0f0a72fe |
| SHA512 | 80bac70205f9549b99300f69de295453ab5ad082e3bc743163610597e6f4f4e749dd05d3dd97b1c6ed0313c4300f4edc9a702a5821e42d20154bb834d0e65bb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3474dc952af920672a9dcfe7c624119 |
| SHA1 | 6c8209bed2be94ae8162721cf58be590e763a08a |
| SHA256 | f64df5a7096850a710d011e07621db501356f2c79baa8a104c7ce77bbed52f5d |
| SHA512 | 953d5e02aad026bb9484b02bc9326cbc9ca10d12eb63f73e2e594a5902ea31dbd8ba24fae153b2849b4f87243e50f8e58944e2fbca9290823e1e34b291ec88d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51079da3fc765d38c39b556cf11e7ef1 |
| SHA1 | 8c057b8bd76b0d13e3e274b5c0ce7df1ed007282 |
| SHA256 | 063f2d916625a568383b64d0dac144d0eb8bd19d0a16374f5cffe7264d3f7c07 |
| SHA512 | 6b5dbb3091b5b4197aacee55e7f87e3b719bf8c7e981e5dc731c41731d7d12b5aa5dc68c71b6d1553e7ef831cbdccff3ad35c929f04bf4dde6fae48cb4101ce4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e028babd853bcd9d96d3d19b3c6c51e7 |
| SHA1 | 57a07e5af97a8cdb106dcb4f5ff9d92daeb3a7ed |
| SHA256 | 50c84a88065116ece6d37578888e5da758baafb2def274efa7670c5ca7417ddc |
| SHA512 | 7e94d31ca91c645655fc2602614ada0ff03a0b3e6dfbfb15828fec9f8737816a00eda5926880a8acd032798d1d303b7a3d32465e3f9cf06e4380fcfe57b88bfc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4df216b12520e19298911e89abf407cb |
| SHA1 | 6c62da54ea51c7f0f9a8f6accbe1e834b1dc5eb1 |
| SHA256 | a16bf70e39f7c9fdaf627cc803668e06bedd062fcee9b84353cbf7f3488e82f8 |
| SHA512 | c763738a5e2def4fbe3fc61bd336d18b2bb92d36ea9cff77439f9cb9fba364ea743376982fb4d9badebd23d4955cd1d52f6e1b33d07fe5f8d145d04c7bab2e11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c315d5a2ce1c54a34e71d09b9dc7279c |
| SHA1 | f18bd2c4c1bb6cd0b280e8846a5c7804da08fac4 |
| SHA256 | b1f780527366b29ae6a790413c98421db22679c560dd39625a5d2058206202ea |
| SHA512 | 69854a1ad36c2c0b72821c10e9697867ef067bbbba58a58914c42ad3964ad44bad3f2cff8d14389f89036a6d3d09551ed0a43f49b96afd5d5e48ce1111ed54d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9b34f36c9a22cf3b5df842b48fc5986 |
| SHA1 | e63627b2be2db8646d0fe086e7de988d2065596f |
| SHA256 | c951e9ab3672549f26fb1c201afeaf80b155c8c459a206de7abcd050d6fe8d8f |
| SHA512 | 481bf6c46e9b94e6c3b75f5ed45f2392c9457c4a57b353f38957d4a5c17a91ac04a8d2ac14f2745451a1df383dbc69e1ce551db691fa7e9203f16deb0e010561 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb0b66e8e3ecae8c0cfaf484d4a5d777 |
| SHA1 | a09b97aea1010333ef5de049374d3e1e3aa05102 |
| SHA256 | 18faac511b72539b54d7bd541829d189b868814d391a722fbdee863b170f51be |
| SHA512 | 9fd8204517f2799468ecdf38dc93192e13d11e56856384feb5ea978795c0fc516d5f3d2922882d9a807197c4ee1d59f4a0b9f9ff6281c27152f7ff30296d1d2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52723ce2eb39d5bbc88dbb8423a1d79a |
| SHA1 | 32221dc2c3a568fa84a79831d93ec57b835f093a |
| SHA256 | aa5c9a867532a097c436084f4e0a8cab3e3cfc8e270f00d4393c62a58c0078fb |
| SHA512 | 4062bc62e2aa084495032d0c7028e73e9764fcf28b086d91f0782bdda2c8ce6b748c5cb35d18a135fa20e77fb797f42214456cbcb7399774bc12efa2472d57ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1c982ea1abf08e115cc01233b09ed36 |
| SHA1 | 46ed626a1a31c53376eba5f2e850757c962de4d9 |
| SHA256 | 148b648bfe884fd26fee949bf791f570c4b811d70f51cf195e296510c773b126 |
| SHA512 | 13a36752b6957e4b4845447a565d79fc89355f703d1aa029826ae76733f216f7a9c15a9ffae7bd01ee155f5279768e58602c8f79e13be07443ff6ac4c7fa89f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd893a2764015b0f44b4c0c96aaae837 |
| SHA1 | 1b17abec5e31147a703bd519375381f1dacf4c76 |
| SHA256 | 32265033d952b55022ae2600e997cbe41420234d5b286d5e9742e55cf27acd3f |
| SHA512 | a19d665bc25ac4838069227c213b09d3bb5139bd503bca80156cbd1f126d7218c0de0df744248ce12b66213547af2d4397c184d8670213f41a1d2949d0bbf01a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16943350855132e0fafef14a30d66247 |
| SHA1 | 6cc1ffacf29eb7df55908413cbe43c397333f82a |
| SHA256 | 01d7b266404c3cd0a95f270d4b579a065f282f0da5aeaca24639a981e6154ddb |
| SHA512 | c2b6d6bce2bc5f704ed4784e0cc9a55dbd50ade64d614d09500bce7a2dc40b193d5202a78716936990cc305a917d5c82949e7b66b81d20dd2900ed5585cce8ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48baf9b348e8da3b2f75d5dda5342aca |
| SHA1 | 7bd160bdfced97699bd0b23d8e8e496973e87fc8 |
| SHA256 | d516b46c88dfbd12f71cf6572d8690bb4bef0734875eadd1247aa947be8c4cc4 |
| SHA512 | 68d9164b99c4a94f1f92c3625fb28ed38605d34d5fc565e98552bfebb0d9b71214f3e1a62b29122653831c6c85439efdeea2379df61f8647fe6dee4fd84ba2e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f02f274162696063414f82862a332d2 |
| SHA1 | 75f8d7c2c2c691d71c13749028723fd6d29f8e72 |
| SHA256 | 8864be268f94e643f40e4a5e6259dc0d3b3e341bbf86f8365fc1a843c592fdcf |
| SHA512 | 15b6af5afe14b2adc1ece89cd4f4a46a9ca8af80909c9bdb8ec0f31607a4e80e41bbd357ca0201c458ad00a89693cb528321dd78342e7b289b2675929b3ba31f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6253b0c227ef8ba253ee2acdd68fced2 |
| SHA1 | 20d1578feaa4c58e732d1d75808bc305515a8dcb |
| SHA256 | 2a709dc479d7e3bd89f77b2089514fd5b70c9bc240fd47413de10e0210e43d95 |
| SHA512 | c348fba54445602290ab1b02a713152229098afcc010dfa9eb510d00d77d86dba8b4a8f3337e38ce784f9d2f0d65aeec72ce8801ffbc6b33a1f80d059bb9107e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14db548dc5a56c768192e82533b51226 |
| SHA1 | 5294ecf0f721c745eca2bdd5cf2081cd2e00b079 |
| SHA256 | a63a32b8e1d24435241c2a4cc46c1b916161fb1bf8609c386661f991bfbf9a3b |
| SHA512 | c68a7b41082d28d13afb5ff958166dd38b0b746768e05f8da9eec6b59ce256d1914667d3b1c8f5b4b53b68434befaeb41ed1e1319f5f61b5b5c5c8a1a4ea2ef6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cef6bdf9873d4f9ad9a8ea3ecd0900f1 |
| SHA1 | 57bb37ce8e3b6e364e0a9df617421756edf3f2c2 |
| SHA256 | 6c3e0cb7e236ca33c4fb7a69ee79e1f53dfdb58ee37c16e7914453931ad14a1c |
| SHA512 | 6780b76d0060c32fa737c0508d3ce3b81b12f4eec6084995dc858d3f9c608752e633b1be149e630d4a6a4f7bc1b5174834822c28045c1c5cdf8f1aeef6fdddf6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:16
Reported
2024-06-03 13:18
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91eaa19599a8c0946026fed0493f9f55_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea6e846f8,0x7ffea6e84708,0x7ffea6e84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,6266072133987486493,7869127796736108938,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,6266072133987486493,7869127796736108938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,6266072133987486493,7869127796736108938,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6266072133987486493,7869127796736108938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6266072133987486493,7869127796736108938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,6266072133987486493,7869127796736108938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,6266072133987486493,7869127796736108938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6266072133987486493,7869127796736108938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6266072133987486493,7869127796736108938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6266072133987486493,7869127796736108938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6266072133987486493,7869127796736108938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,6266072133987486493,7869127796736108938,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.rmgserving.com | udp |
| US | 8.8.8.8:53 | ww2.rinderwayr.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| NL | 23.63.101.152:80 | a.rmgserving.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| NL | 23.63.101.152:80 | a.rmgserving.com | tcp |
| US | 8.8.8.8:53 | b.rmgserving.com | udp |
| US | 8.8.8.8:53 | c.rmgserving.com | udp |
| NL | 23.63.101.152:80 | c.rmgserving.com | tcp |
| NL | 23.63.101.153:80 | c.rmgserving.com | tcp |
| NL | 23.63.101.153:80 | c.rmgserving.com | tcp |
| NL | 23.63.101.153:80 | c.rmgserving.com | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.101.63.23.in-addr.arpa | udp |
| NL | 23.63.101.152:80 | c.rmgserving.com | tcp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_4656_PYGEVFFQOLOTCBLM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 553b882da30ab3617e1a36b000de5388 |
| SHA1 | 8e00890b1815281e9f04ff8d22c9cbbc2865ee2e |
| SHA256 | 1bf5c64047af799679019f8fd14ee925c5d84ea28662e16683a7541f7dab7ed3 |
| SHA512 | 265d22f72d8bdfa79f42e5cb819d4a1190bb9d12160df6735b11e95cf5c553dcecfdaad128b76e4882df79b0316534b3419acf0c655028b1eac00cdda20988c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 89a356f951cf69e9f62a9b15fc3876f6 |
| SHA1 | 15fa57d5d98591fc6a8e0bc8b55e3beb0526f740 |
| SHA256 | 4fcf7d6cef2f72d3099c3c91203aa8f9e49aa057c1d59584276f3e5cc0ef7842 |
| SHA512 | 91a2ff7645cc11d2682fb7dc48b3ecd10965629477b1c8d40a2f130b06fdda10e4783eb856354cfb8e5ada4c2f35eef85365df4963a130f4a595f52367eba955 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4f635d16cdfcdf2342ac9952b390e5a4 |
| SHA1 | c80ebd1ee6d5d71b56204178ed0c83dcf1b353d0 |
| SHA256 | 1cd663ed8735c9926ff98375c74c80de4a021cf3de1a587ba0a09319743cc8b8 |
| SHA512 | 2432b4721f7cbd37df32a66a14457b66a2fb796218bdebfada705f1dbd17bd0e793ca226ccd100322f7d0bea58fb312a4bb434008d9c88b0c11f5bb00d45520c |