Malware Analysis Report

2024-07-28 07:18

Sample ID 240612-wk9c1sthja
Target a1a153814533c308b7aa090bfb4f423a_JaffaCakes118
SHA256 ffa72fa6feabf346e6b92ea640d5995cf4d16b44ba4a5b6c546e904991f85e83
Tags
phishing
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

ffa72fa6feabf346e6b92ea640d5995cf4d16b44ba4a5b6c546e904991f85e83

Threat Level: Likely benign

The file a1a153814533c308b7aa090bfb4f423a_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary

phishing

Detected phishing page

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-12 17:59

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 17:59

Reported

2024-06-12 18:02

Platform

win7-20240611-en

Max time kernel

139s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1a153814533c308b7aa090bfb4f423a_JaffaCakes118.html

Signatures

Detected phishing page

phishing

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{95885B51-28E5-11EF-9028-46C1B5BE3FA8} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000008d5d45f9397caa13ef26a2f5411fe34051cb5bc4c148167e5f99876169edb51f000000000e8000000002000020000000e8e5eddf08614218b1d8fee66e5065393b9526d199fb0541c5c33d2541eb5f8f200000006a36353ec4370c6f94dbdef5137123599a4c1ba46338920810b249f91c16ee4740000000bf4c0d83ca345ae2f17e70f222f3d664efb003eacb4091548ef2c6bc77a2d539ee01089c4f98c788579abfa51a41b1c433a0269004382f3df32757d2b3de4683 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00ca756bf2bcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424377067" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000316a138950dcf9d06dec45f55acf69496b8a83367615cd9fa1c93e762fb010a9000000000e8000000002000020000000dd9dc41b329d3b5f5ef42398209beb60e2a02e225c3334e654e79da5e605f8fc900000008485bb76de57381cb74f070fabbbc7baede61ce94db78bebceaeed96f52aea39010c9d0ffea2d5f79c33515497760b25da1f5d689511be2a083ee3a201e1d60a066e4d847989f3ccea4de419cfc8deefbd556e6ffa96f527dc3cc9b6df7aee1858e206a4d915ad46ebd27f706f0bc7dc0440132e2c92b1a1538bc48fd18ef216e9d6997de0f2676026cbb2fe0eec719a4000000063b5cdf7969572fae78f1bd6eda61d2eb364de5a1bc536bc77ae346386e42c834937824d1df7c22bd945ace01fc01d4210c11a4c564d5b4608fc70403b243c88 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1936 wrote to memory of 2004 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1936 wrote to memory of 2004 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1936 wrote to memory of 2004 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1936 wrote to memory of 2004 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1a153814533c308b7aa090bfb4f423a_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.acaprensa.com udp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 8.8.8.8:53 player.radioforge.com udp
US 8.8.8.8:53 www.google.com udp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 104.21.53.2:443 player.radioforge.com tcp
US 104.21.53.2:443 player.radioforge.com tcp
US 8.8.8.8:53 static.radioforge.com udp
US 8.8.8.8:53 maps.googleapis.com udp
US 188.114.97.2:443 static.radioforge.com tcp
US 188.114.97.2:443 static.radioforge.com tcp
US 188.114.97.2:443 static.radioforge.com tcp
US 188.114.97.2:443 static.radioforge.com tcp
US 188.114.97.2:443 static.radioforge.com tcp
US 188.114.97.2:443 static.radioforge.com tcp
GB 142.250.187.202:443 maps.googleapis.com tcp
GB 142.250.187.202:443 maps.googleapis.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 www.acaprensa.net udp
US 8.8.8.8:53 www.acaprensa.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 eab8e29e4b8c00845684f455300414dc
SHA1 5ed9f69492de2c64c161c204c772104c6e2ffadf
SHA256 7cf57cfcc7a4b235977e01ebb696be0f0d3b7e02146b92bb1c3333323f2e776a
SHA512 4c52b3e798406bc39bc2927897ff80a23d5d9d4c007bcf4ad3595ace8177204df0f032a39335d91ce49faaa355345362914fd836c5d4cd2ca0e389d03f864340

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11827027c1e360b390ddbacc929fa119
SHA1 08f786bd1abb9983ba4a173ee16f83270503379d
SHA256 948d3d027b2298e8efead8df31dd186f53d33f6bcb92080479505c1b506f049a
SHA512 acfbf96683205b9d584fea2b5032604de93adff512a2df5d4cb970e61796bf27daf1bb9a12ae08bb71061f6751dd32952a2d289d83fa24eede1732b39c4bf9f0

C:\Users\Admin\AppData\Local\Temp\Cab348B.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar348C.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f635c6737ff95e0a4153010a677cfd0
SHA1 8167ec04bde972ab9ec610452986e2be0d60b1de
SHA256 4cfbae6c17059e48c37866c800b28390a7b45129f55dd7d04603586dc7a0b8aa
SHA512 6018a0fe2a2802e629170c74ea4a27d07ee5632c2387cf9b2b41d6d5ac87553a686bbc2f38452294f2d068c393488a5b3e6682a3a70e04c3c3e8b18b8004f270

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d7d3f76e0615752e7db4e43b524e8d8
SHA1 3d066934ca89ea57ad60c9f99f6b0b18d7748073
SHA256 7ad78eb4f0f7a9fa5642686c5c88955565bc4e22c589c89238dc5f0a4a38f7d1
SHA512 8abdf9d0fab31b5c4db9a0d0452e5651f473057aba8c3b581ae4fa926eb5adc8bd5ecc31eecef112c477b649d5929d68c30b0fa5361572113e4a52446e22a51d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f37b618fb7559fabdb721bf0e8c0eb9a
SHA1 5db85f3c30c30e2a7b25431f13c5a13b3159b9e7
SHA256 b83bdfe45c1fca603d6959e2b36f1206bf814ad8c26f69bcee541c008e19d9aa
SHA512 661ce8322d21110d0ccd82c84425cd1ddbf4dc613374814d9c4680972cddccee0690ada34c2f428783d793599bf4a29c25c938612c2704c87ee12426fa47f33c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3339359d04bc97104384f2bb0b8f5aa
SHA1 3a023645693ac8a573af64dc4d7143e97a7d3509
SHA256 a8f9082d6aced1e95aef86704db14c25e51f779550247a68978beeeec65373ab
SHA512 805928849ad7606f63f2b9175f678b9a48e8bdf065a7fdf42300db9d924016f09e9da4610185e3efa2a381d2d3fc76d68a7420e76c71b9dd9a5a2b6b054402b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1968d8c6a7e73d8a417e551dc91c8592
SHA1 b524031bf439efe0d98cbb1c5f52bf7385d0239e
SHA256 2f9c6ab79111792b7b55d2e7d9ee39c43ff9f3b15d31b15d81434ba31996cced
SHA512 ee19db41f75e4cee366dd798979759b230f1583438700c074c36748692e372df1cc174f99e13bae0276d4239df666186b4fff4de583b3799b63b4735bae60790

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ed55f12af78993e59031acf67c1fa40
SHA1 57b45ab51ceb7d22ab05709b9f74a5f56b60f691
SHA256 6efe0c970144db379dbea2b93c42a7f8fe719aa8c54c2dcabc80748c44e8f0df
SHA512 78ea9a887bff25d0927e986fbf1b709dd53081137766587477c375bcf5ee54a0f0a1fbb8d735f2cfecd29b9201e91ff0c66bc7f42982fb7e1e9f40dbbcc2a458

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65e70db70ae7b50ddfef4b8d23211f00
SHA1 d90bce21a1bf947ab402980c64c9fced5b8a6996
SHA256 90c486dc6b3773871cfeb108bda9aaab17d6f00934c8cbe9186f37a643c83fc0
SHA512 6ca348fda5e7980f053b8241522e40646c061ce14d677d498dcc9a3fe550e6d96f5479f68de49be19e421fa58a7bd36a72980ad29ccec27e70c66466f5ad89fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f495ff91d51fce43355076958f315158
SHA1 ea708df5350c3529277a5fa27c1a528161b4779d
SHA256 64abe59d245cb2d91433e032722994bbd11bdd75fcc4d0c5db76ba59ec686e22
SHA512 c44d5bd58ce66ba48cdb83e4f269cfbb074a4e810b1a1f8fe74bf576a16c54731075932c0286d74a326fcceb06dce24a7e0f2205891ec0a6175c0b2d5e8747cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e864adaeccb444cf12a48a73dea9cf3f
SHA1 e4d38ef58215a1c2237c6599d9dc5ccf9f907c89
SHA256 9c75c841f6d2bf6f4067f897c21c649ce7f865d1a7d833c4ff27eb7b2985c88d
SHA512 44fa816526cb6340c3a210d2b6238186cb4aaa7c05060612ab49826eb7f77dee262ba6e10175a92ae73e73a30c72fc0b9b52d0017b1c2d26004004cdd1e775d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cecbda9d3a2f32d00fcb05c4dcf7eb7c
SHA1 b17b9d9479ac3b7dc818d7cb97608b1166febef4
SHA256 3290ba3fa97b8f05f9a0319502fabc194871cdc916946d0784979ea79eff180f
SHA512 6018b7254a7b719114d7350e6306ca786ca56b4949e31df818e4fc6fbb96e0e8eaf8f180ed8d4524d76aaf38b1be78e50b732c35853934de1d408775081d2c48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60db8b2e054825217c35b03067171268
SHA1 88c1bbcdaf0910516b7816557976e13813ee190c
SHA256 c5b7900271602b0e51339caf99fc095c69b0f36858790e96e050d69d1060e3ef
SHA512 c3c28d3ead167c363fc9ba903fb24a917f872a930afa0e7b3d046c05c94f355acbc67fa973d3a8d3e9a5c33a648a99a18ede0730fa733ea855f3c1de46aa233a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 479503176582e3fbf040fc295aee4ff5
SHA1 c88aec02a8bad46e4c10aad967f5604c3346791b
SHA256 783180bba2c0bdf9da4ad1a6b66bc6b903d826eacb7f4d1dcf3899a63a63f0fb
SHA512 1500583f7403366d3f11bc34d366a67060a3f508c380c5cbf2d86c919c9162f7dbb66d74f2df5615c80c07a8ab3c7cf1042033e09c197179731641130951e074

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de5543855abb188d298af7ee1f37e1b0
SHA1 3b083b88b8d75a4e7875609f26c57b88ff6095ee
SHA256 8364b680c27d0b4fb175cdd8c6e1ce29a8ae89777083749cea141d71d70a73f3
SHA512 682261606c954b38fe8c1250170212ddf0d74770f4912a6205a079f670e22e5a2f6e38ce67e20b3b9e982c221980b50b60eedf167b1677b56844076d27377135

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c421b90592b761b6c66561f615dce92
SHA1 7a7581a91f553e4d19f21bb7609459dfb36fa227
SHA256 f7e3e30a2e4c3fb6c1ab12c519b72b333218a39e8dd061ed4419e4f022a61331
SHA512 209dc577baec49f9a78cc74a728d71c6a77ea9ccc2b825c556a076813afcf2d25fa28b4bb9338288961bc42235099a523ab935992a0f6e095f3949ffd49a3e74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9006a9cfccb4b9b7d9f8f24670f19b7
SHA1 3e3c5a917c3aa44cae9c77c574e5f4413ed4cf29
SHA256 3e4529a693d05772d83d399297237a554178c8b9fcc945676fc22de4e019e794
SHA512 a42faf07470b8e7392cb14dd889266df6302b42b64d36cd03f3254eb0157b2b0d70b567bd54bdf2571c5429f250c329d6143f8e53548f6cf8f2eeb9bcc5cd90e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 303695bc9dd3cec28479b5a4b230455a
SHA1 069c85130622acda5dc8fad1b7bf5b190ba7976c
SHA256 074dda46f5ac457dcd093a1de24f8e758a22a35d6de48d2a5747a54cf14a1b8b
SHA512 a4b6f79243faef64fdff6ea7858208b61a94a3bf21fc49a25f0a2cff42f56c0e382d1213199e63e57d7bd5ad479ea1607e5030b42838c431060ef177f8e753c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d919de0facc445614641b5d2fdfd91db
SHA1 748e23514fa2ce735f4c1bd5d237724c981a6e17
SHA256 cc5776353318da2d833ddab8bd35828cf34a8be5f15a52ab3cbf8bfd918ec27a
SHA512 27202cda2873572085eeb4d3e60f9b8021f529e1f1473dae7ff2b1d338f94ff09da16ddd7ae36e2eb125f29043516bfec81ece37fb08b4ac296243e8e88fc8e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a03b6fa10f74dcff4d5f7cdd0a42359c
SHA1 dc5244c04fd33dfb78516ec8f48c62b94167ae7f
SHA256 3696eb80e36eb346238b3c57ef9b0b4a65f98fa9d102eecea3fe9a75ab5e5cdb
SHA512 dd4a8d4fa2316e752babbce36ccfdce641fbc7c57114b693410622d3175eaa9a0edca76609f8a7b203db72e5e12473d2c3f150f949f032f97bc10f4c9a90a119

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87488ca0029303ed7edbf2f2c4d98668
SHA1 b91afd79c69d514de1d2ef63dac18c1748dfcfc2
SHA256 9e30c55262c669328ae2af6d7e51682f67935c0c4c985f05bdf75bec9a65be26
SHA512 20742045e7ec2952ccc80f431d5f1f212cc9b46bb709d4dec61fbd57c0c4f9497db826126d514e89684c7e5882e81beb217662559004238437f66b0c16ebd32b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 17:59

Reported

2024-06-12 18:02

Platform

win10v2004-20240611-en

Max time kernel

145s

Max time network

125s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1a153814533c308b7aa090bfb4f423a_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4928 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1a153814533c308b7aa090bfb4f423a_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf84646f8,0x7ffdf8464708,0x7ffdf8464718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7616407258553327631,3746901966650417341,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,7616407258553327631,3746901966650417341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,7616407258553327631,3746901966650417341,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616407258553327631,3746901966650417341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616407258553327631,3746901966650417341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616407258553327631,3746901966650417341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616407258553327631,3746901966650417341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7616407258553327631,3746901966650417341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7616407258553327631,3746901966650417341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616407258553327631,3746901966650417341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616407258553327631,3746901966650417341,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616407258553327631,3746901966650417341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616407258553327631,3746901966650417341,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7616407258553327631,3746901966650417341,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4948 /prefetch:2

Network

Country Destination Domain Proto
GB 216.58.204.74:445 fonts.googleapis.com tcp
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 www.acaprensa.com udp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 110.12.61.179.in-addr.arpa udp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
GB 216.58.204.74:139 fonts.googleapis.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
N/A 224.0.0.251:5353 udp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 8.8.8.8:53 player.radioforge.com udp
US 8.8.8.8:53 www.google.com udp
US 179.61.12.110:80 www.acaprensa.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 104.21.53.2:443 player.radioforge.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 8.8.8.8:53 maps.googleapis.com udp
US 8.8.8.8:53 maps.gstatic.com udp
US 179.61.12.110:80 www.acaprensa.com tcp
US 8.8.8.8:53 static.radioforge.com udp
GB 216.58.204.74:443 maps.googleapis.com tcp
GB 172.217.16.227:443 maps.gstatic.com tcp
US 8.8.8.8:53 2.53.21.104.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 179.61.12.110:80 www.acaprensa.com tcp
GB 216.58.204.74:443 maps.googleapis.com udp
GB 216.58.204.74:443 maps.googleapis.com tcp
GB 216.58.204.74:443 maps.googleapis.com udp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:80 www.acaprensa.com tcp
US 179.61.12.110:443 www.acaprensa.com tcp
US 8.8.8.8:53 www.acaprensa.net udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 98.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c39b3aa574c0c938c80eb263bb450311
SHA1 f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA256 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512 eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

\??\pipe\LOCAL\crashpad_4928_BYSPXANBWTTXCBQK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dabfafd78687947a9de64dd5b776d25f
SHA1 16084c74980dbad713f9d332091985808b436dea
SHA256 c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512 dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e348523f2719197d5d686ff37f1cf9ef
SHA1 7f6ced93bb8852421d0ea9b94c650a0327c92a9c
SHA256 886851504d53d7f6fe3223d40c1e02613f2bba0dd8bceb0036d6e2e5da6a26af
SHA512 938bec4e237e7f9c1032b390546dbcfe084a0a94f3e8d7779a2533a8c0410cba462eade76f1d41e1d022e9b33c67e7efac430a834882daf4eb931c03882bf1f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8f5cf48442e8b76b4a26b71ae43771bd
SHA1 d2e0c7c69505ff6a6ce33f3e6000f3363ff1397e
SHA256 e07da5fcbdbc0320524de688ee75d7a6c2c6a8678009a26503f2b0286826373a
SHA512 f17fe29650f8a95d68674f9f4827aec79193d9d356ea03bad5396d7a5f0d7143fc0e335702ccceb322d2dcbfaf25288ea0fbdf8bf7478de4adf3a5ce17ef4878

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 50fa84ea5c33090afd93a23fc8882780
SHA1 d0c2475b99f89702065c1f2bd59cb82debdd6e8c
SHA256 9e4ba7814d487825ade57cfef89ca1e4c1f2af616272232ba788b13e2def5824
SHA512 371e8631136ce8681340e435ee93930b597101bcc036a50d9411bc1fcd39456ce73c6d3a8491164c3fb8f9fdd96ee5527628c46144dee2661ca5d4e8c6c512b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b10f58063bfdf7b6c6b60da2d98d576f
SHA1 8437773eb984f1182901a7867c0648b9b3ea5510
SHA256 5d551cdd368e8ebd8ac021ad03d877f5da754e096e7ec7639e8e1df4456f6e1f
SHA512 0df14ceec737d4076a573d8e52adc4a2d06d4445598c95357531996bd3d5271ae04613ae19898c371a77c6c9cabd1d9e66840329a5e76f8008e2f887d8f97aa9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b99834a73d7bbaa035ed3b52ef1127bb
SHA1 1e6024cb63c9b2667a41789e721d2df53d99bafe
SHA256 87c5d682266df7b7a8e6a9ab94a19c58323dd48e75a2f7c228eb1f7b3148a6f3
SHA512 d3808fd98846b9040358243683360f4c0f11898330612fec92a2a304525fb947b0b922e01986574578be6f514304191077c748f335b2d8e666508286c3e9897b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8f4e5d8010d4f494f47e21b22c771d75
SHA1 47be9c93e498568e32c0ad006a3620ac3da96301
SHA256 88ae0603d4244fbd33af24588d181e9650d63f01cb59d42aafbd987212fd7fad
SHA512 13f2481cf67f29fac1a0d9af094699dd6e4b40d980253c4c7e4d6a2ad52b3196e14838a36e556d245e1bc2b7d9596efa94109cd9f5c4b113484f39d69e9ee9f9