Analysis Overview
SHA256
1834b08328eac24f3bf0bdc7c8176707614e314f556b206de403eb56718ebd7f
Threat Level: No (potentially) malicious behavior was detected
The file a34f071812b56ba8dc9d308eca2b24d6_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:11
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:11
Reported
2024-06-13 01:14
Platform
win7-20240611-en
Max time kernel
122s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424402966" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 300221b72ebdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000004be1352672069041f233c10089f35ffca7ead1c5c945c4ada7d469687846805c000000000e80000000020000200000000046af5c2d3ff0ea521c9e9edd501dbf65eaabf32427a72bfebb3867078e0f3a90000000722f5c4e2d5e4ec511108d0970ac467da1d0d77458e69e2f1a376b17a9173d9b3e77349ca42e5c273cc0967346db5b98964f374f64ab4a0c61bb9ec2456be4d02c32e94dee1fdf9f0f34f17dccd1e2c6a2ba83b1b1d4bce4c5f2f37e7e07212b2cc78330d64191ee07fc16f66859d71001f6b871f63dec8e979c11f6e47660713685af48d003931358b9ca92748375f440000000ba7122a5b3aa6a2480dde4a2dffc503b9c7c87b38294c622342e817f60441641942ad83f33b88753e4f56a9a7d474654fd787edca67d110e0fd9f4d9e95840d4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E13D5F51-2921-11EF-8B35-D2952450F783} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000000dd843d4689daa68dd9e77fb0d516872287b99f6ae1faa2017c8784f841b3fa7000000000e8000000002000020000000aabf9b96ffdfab7a44f35b9d53dfce5eb593ad084debe1aa4fed4b069601abd120000000dabd252fb080b751065dea95b80434ea54357313ba3c23aca2cbcb8b9dcb9828400000008bd8345a42636215f5c38c396421006f9a37debf75430016fbc95c33c0cdada25bfb7f8a562c907b4174c3ac8bf83b45e4e731469a10fb93944179292dcc92d2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2208 wrote to memory of 1588 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2208 wrote to memory of 1588 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2208 wrote to memory of 1588 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2208 wrote to memory of 1588 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a34f071812b56ba8dc9d308eca2b24d6_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.dos-protection.co.uk | udp |
| US | 8.8.8.8:53 | 0.gravatar.com | udp |
| US | 8.8.8.8:53 | krebsonsecurity.com | udp |
| US | 8.8.8.8:53 | www.dosarrest.com | udp |
| US | 130.211.45.45:443 | krebsonsecurity.com | tcp |
| US | 130.211.45.45:443 | krebsonsecurity.com | tcp |
| US | 192.0.73.2:80 | 0.gravatar.com | tcp |
| US | 130.211.45.45:443 | krebsonsecurity.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| US | 130.211.45.45:443 | krebsonsecurity.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| US | 69.172.200.6:80 | www.dosarrest.com | tcp |
| US | 69.172.200.6:80 | www.dosarrest.com | tcp |
| US | 192.0.73.2:80 | 0.gravatar.com | tcp |
| US | 192.0.73.2:443 | 0.gravatar.com | tcp |
| US | 69.172.200.6:443 | www.dosarrest.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab6F68.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | dc83d65741ddc59540d007c1a30f59b5 |
| SHA1 | 78d329f2562bfc5c1b469f1bce12ad23eb1620ba |
| SHA256 | f6971c3eebd6f13d6987ecc85e27aeb26d9d6ae4d1a3e0acc1d4437a670848d4 |
| SHA512 | 7b3e220209d4712bb8883aa45806b28788be21ab517f37104cd202722ba9fdd08ae7a9993f151cf70c075d78ddd25975b8c04fe99343b870e4eaffb19348ab65 |
C:\Users\Admin\AppData\Local\Temp\Tar6FC8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13
| MD5 | 191d16d4d17d27a32f61b29ead3999d3 |
| SHA1 | e542db3ee0427ff7c0aca5f430cdeebd00ef92a6 |
| SHA256 | 8b7d9fdd0278b3b24acee4faf7b3bad10a68108a2437cfce11fdb398f03eb00d |
| SHA512 | acb21c92d6dfbffcff5fd48faac9db1b22c907ced047835342cc1c84330f51b51d8b6443ddb3dc379dd638ddaa65e05f4d661336d53a07f43f8f9971797b0d7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | caa378c3004f84371b12a3702c4c5577 |
| SHA1 | b4612f19eb09cd4d417da4a0b450fd9aabc342a2 |
| SHA256 | e7b5e7b77583d6b0896cacbc7f01daddc6d3f19601940ad66c1998a4dd4ae9ee |
| SHA512 | 8ddd19addb396b02d0567de133a9604cfe30517db1382ed9eb8a1fd5fa8dc20c07bc862c8a9cd2eaf72d70aefefff62dfbfb1f53a750499d7f92ee6b3c52074b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d01c66eefc7acf4ffcbafb8c4b3a5fdc |
| SHA1 | 3d657d46ad9df0cf4e264719a0591315b0bdbede |
| SHA256 | e5bbdcf7a138ba7986ff2e1d24ed2dce9614aec0d20fdea67320ac81a89ad1b1 |
| SHA512 | 17fe1af87f6cb63b78678afef521b76aef12e332d27ef9f9e21efc4c1dabe7db5a55289450fcae22c81984a64c471b04f3e878e5e1fb6b8f58c076e961638071 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb9a0dc35cb4300154ea717ae2e1a0eb |
| SHA1 | dd4679c432baf15f8c0f7fff9015be807aa0e3d9 |
| SHA256 | 9b371af534a269745f08a6b408b29cbe7905cf116a176bdc0547072ad72b72c7 |
| SHA512 | be2aa3ad5d71779cbfa84217416770f89805af42c2e59521bb068876ddd4cb335965d6b93786db5178247343ad5bb88b5d783a9129a343d376562956352ad1a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 059cc2a95b0adfd2c1a6510a01fa715a |
| SHA1 | a1fd5e0e0b589a7f59d964f70b20fea65591a3f6 |
| SHA256 | 0ddfff9f17b19178944bc6b23a416efea8c319ac7c4465c39643e1fe93ccca6c |
| SHA512 | 9204da10a272fd44bd4e13421ce24146e9fb6770324be99110f954ff2d5bfc94c2e82ae0ba7d03ded63b836a3a6c50e047ffa9873e09708812585e6dc30ca104 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7556233f1c8a8e633b9104b84c9d55b3 |
| SHA1 | cc6a40a15457a9a427174ba286006674c68dbfa1 |
| SHA256 | fa11078696f7948cb51d9f31388e571288c71fa9d1c6e893579edb33133c7761 |
| SHA512 | c12d1df1f49e2730c38a2522bcd6459335c3c6d07f6f9abde6dab25e7650eb05fd4b27c32fb4632f85b2508b5afdc55753f4901ac88121d3fa211a42364832c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cb7379bac07d641a3a4faddca9862b1 |
| SHA1 | 73e294bcf74a931fc29ec09d3625dbc7bba4388d |
| SHA256 | 3f503b6bda3adb91179212c4de81447888380b857c5e234954e0298716f8dcfc |
| SHA512 | 85b52d904779e4ed4ba08dfab3bc8a315a39f42cd751fe2a286da3a1cc9d7501afd6f1f52d4fb4d9ed7cdfaec15ac1edc09faba20826c2caf707a2bb8657bfe6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce1656f433445a969924d07b5f0343a8 |
| SHA1 | ec3d3126c4c2a3bd4988b55b9324def1eb1849d5 |
| SHA256 | 5dfc19c9bccdbfb793aced2db26df23962c148b4b7fba92bdc0cb71cf9a9b0ef |
| SHA512 | fe538b6a9c0156524f3a99b03354b26897b45156a0aef4ed6f55b21563ba0e64f76e21edd47711e0560e04b485c031fac10393c96f33657a5cfec199e97ff941 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82a6ac18d00f7bbf16854c5a07df71b6 |
| SHA1 | cc14193798b7862d3723a71ed67ebc8223665d85 |
| SHA256 | 9b0a71d0924cc67450cfa7a5a880396b51c476f9a2c17d1ed7c677743e6c3c7f |
| SHA512 | bc7fa394418739d83895e66eb49a71087640928ee10db2b60a383bfb805fcecfa6cd1c7f5a4bc32530a7ca5763533bb6eceb85685ba20e6c80c522fd94152dac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86a0af6ff74120909cf40902d3424eb9 |
| SHA1 | 75a92400b467dc31465b482ae2e8227bc0482659 |
| SHA256 | 6c229daac98f86b0c33b3c99ed4eef87aef3a62514cf9fc48bd29864ce37f4f2 |
| SHA512 | 0609ca29f3200cd602d77d47ba88eae531889fa4b5834489bcaa05162329031bbd8243f4e3dc538e55f7baba891b13043d6c79aae83af3a4d7568d5fb1f70ae9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb743f18119abf4a80f8c85d84a5b700 |
| SHA1 | 3285e671fb6ff840bd3740e3d29c3fa36a00d6d1 |
| SHA256 | d4cd1129b4c6afa1df1978944bd6edf94b46550275466987e54e5b7d9df7cbd1 |
| SHA512 | 328d5d5d8ea4d369699566d8d7d2da9da9802e59ea33a683fba1235e717b34573b2a9b53545adbcc65b19b7a64a7829ef892075ddc6acdf6aa09d8bb637c223c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2770df4d89d9bc9352d9f720e274fc64 |
| SHA1 | cc85a857a8c8db09e93fc2aa15a6c2d73cd399a7 |
| SHA256 | 7b1fb10b0fcd0f926c543fd4ac0723200356c806be8bc8375a861d66b385efc0 |
| SHA512 | 119a1ad6749422ff63a299a129dd6a7f022847b83473886e9e43983dd310bc69d06fce481f0cd3cea29f81e1a3c78afa5b772b700b9a294c037c11f276f699d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71edc10c7bd91a3e8888bd07a2cb1df2 |
| SHA1 | db02c8853695db00b868627d4f4c99d5da14bfc2 |
| SHA256 | a2dcd1e70df35c59c39acc36777f2490354833d6556555652760c3bc67286e4c |
| SHA512 | 66faf04f6c59c7270efd3c8b9b1552b6bf3c09ee3857e6c3a14b913e47aea49a954074296cdb304c71584e4a888e3513bed0c0cb6660bd74bea7f9e0dc3d276b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e0e14ca63348f202ac6aacac7f23b57 |
| SHA1 | 900d3ccd61c4689e8cb016b23e030babd36e5c73 |
| SHA256 | be83af505506d94f7e513ad29908f50b98b38c67d4fa978d2acd2ce3f8c58dab |
| SHA512 | e1b98b57afa0d390488896d461fca23d7e85abbe411849b27e2bb37e43d62db5f7c568683400589d153ffd4698c3775e079453700bc0b8d3fec00aaaa4f6181a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5547e1aef39c29e650ee1a065875e8f |
| SHA1 | b0cb6071a7495b7e6350aa274949722f41a27650 |
| SHA256 | 72be8fe6baeba8777ac6e75ea2e75ecce42523c3bf015cbf6bd191b3b2e17f8c |
| SHA512 | 2856fded7700a13f6b7e3c3e17cae8dd0a70352a8087dd05595ee035961846411dc2ba1a0c933a5b0fa741d3bbc50df87f7fe90f46f05e945d3ccf3583d6ed17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5280f0bd9d05c5f668de3765d5fe8262 |
| SHA1 | b9df36a03653be607d3fbfd64a80ea3191b01727 |
| SHA256 | 66b68190834f9115b96ddb7882068230a35ca87295e14ee5ccebc3ef93e22fc3 |
| SHA512 | 10a6ce792e03de1bd5d90c2d77044568ef77f5847a6de0b165830b6bbbaada10232ed3cdb218987b04daf293a8f554351a8f4148e8c0069c544fad5b1478b6c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7bda6d369d34c59e97fdd8c2524bd20 |
| SHA1 | c48d4e39b936bf90e89aaace6071060d948da932 |
| SHA256 | c6da71eda46e99366788fa80aa315e241089682d2df2e78869c390589fd9111e |
| SHA512 | a9eaa9866d4eb5121cf020c22960eed4740dfa2bb0ecd0fe3c4700c12c0e94d408f9157b219701c042cabd23dcb68d2ba7ee05ccff154182f6e6fb4f1486f0ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cce77eb2ca749af22b8d3e432d759c9f |
| SHA1 | b954be2f15368deb212665dc45317725410a6af2 |
| SHA256 | 101ff8a4f2120d9c6908541deb366762630f1aca30ce7038068d01523f4f1226 |
| SHA512 | ad0cf68e305bc6beca2feca9e60622cc35323be489ddf027d30cb2c6528d66c254e5435c99d90dc589e5d74de7c578e3d5f836661ed44629f8d9cca8c073ecb3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 611a43f608e339af937dad761f026689 |
| SHA1 | 7c48921ee39d6b1da6b630db546b7edc8d87ba79 |
| SHA256 | b6cd9daecb48041772e6e5684b0513a3ff13286dd8cafb30f97ceb84cb3ba45f |
| SHA512 | dce614f34b9980c7c151e1b82bf681416c40d5d055d7e7093d9a539e6900b85a4e76771f841e42848ef271fed7f840742a1572ecdaabf9afb884a9d0cf240436 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d154c093afa98f57b6d5870c50d5fd00 |
| SHA1 | 9b3779f0ff64b90ac0a19a5b2149e18d0394b16f |
| SHA256 | 5562cd08d367a7b22448dc901b4c7dd7997388d9ae6ee2c7b7b9660e78af2aea |
| SHA512 | 0d1642d80d7fa6dc253b613cd0fb6f2585d0c730d1ae170c8838cbfc9475a81c8dafbb3963eec79f3302ab9d26c3605853a466121eab0335316fc02465d7fd58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91827f14054f1e6b0ea23fa45795f3b5 |
| SHA1 | c0e4b3d17aa1c0446fe8b11cb48ad8c7aac33f8c |
| SHA256 | 05f8ea0bf75d367e5b4c4d792be5f427ece2db325f729c2c5b8a890ceac7e49a |
| SHA512 | c3e143c1ab4fad693fea2267e4b68582c6bf827d615a86e91524f3f7af9aaa24501340df7f911d4384cb1c7a231418f84fd366db426aa3be644d17b344266ec9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09571f2c09422aa95babfcfab70c6edb |
| SHA1 | 6fc84ac8c326326f5c83ae526a9502f9130664e6 |
| SHA256 | 0b0c6f9a4e09e004ab70b93f6fe0f0ab95ddbc0afc4c4908c669df6c8a6c1e01 |
| SHA512 | 5dca97afd2fc1042f5e49a239a395a29eaae2dc0a21c99b7c785dac849d0b41b314c21edb0a5900ce2e58cd9136552efadb751ac507cda4d161862089010717d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d5cf155ba66fe13e2ed1bb837fd172e |
| SHA1 | f8b0c11ff9a9ca483c0896ca11681784261004f0 |
| SHA256 | 1e1a3110ff702420f61cbddeb4eb3cc4f82dd98ae119f4b3457449029268dcc7 |
| SHA512 | 509431a24f552d4c3bcb5d925ea2bd4b86de4cc17a3836771a6dab3a9b3a291491eb653444e07a1a475725c8e113febbf1bcd23cb44afa8590056c1ce8d07e90 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:11
Reported
2024-06-13 01:14
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
156s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a34f071812b56ba8dc9d308eca2b24d6_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffca1246f8,0x7fffca124708,0x7fffca124718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12090443601211809538,8662665423232542687,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,12090443601211809538,8662665423232542687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,12090443601211809538,8662665423232542687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12090443601211809538,8662665423232542687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12090443601211809538,8662665423232542687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12090443601211809538,8662665423232542687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12090443601211809538,8662665423232542687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12090443601211809538,8662665423232542687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12090443601211809538,8662665423232542687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12090443601211809538,8662665423232542687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12090443601211809538,8662665423232542687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12090443601211809538,8662665423232542687,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5368 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.dos-protection.co.uk | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.dos-protection.co.uk | udp |
| US | 8.8.8.8:53 | 0.gravatar.com | udp |
| US | 8.8.8.8:53 | krebsonsecurity.com | udp |
| US | 8.8.8.8:53 | www.dosarrest.com | udp |
| US | 8.8.8.8:53 | static.getclicky.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_4824_SYQICONQOGCGCBWQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e69284224a19fc4e3e5fee7c7094ed6e |
| SHA1 | d8bf866dee9086c48faa0ae21e27070e54ae5b7f |
| SHA256 | dfaaa4eb8776bde7c80aabd9c0d09ae0019fdd2b8ae1ffe2757cf0cb78a9e52e |
| SHA512 | 1c4410f7c594af74f0bc46dc400c5dfa08ba776dd88827e2b18d37aa8184d9b94e77637aaae95d56e20a49a9e303a82b295a7c8b149db00caa63d4d9e605a6da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0a619c273dc9e37f192e7bfca03fd9cf |
| SHA1 | 177acaa38fe44db2b8523595b7d6829d6be01aa4 |
| SHA256 | fefc887fbd5938ab61bad8646d5cecee42015e8511e93417256085465bc31dbf |
| SHA512 | 6a9ba8750141af371dbe9d459fac463326cc9040b20fc5a5a817f34b7f912099ab80707de9022d51c839762dcebbac2245a3bf389f72e5beabb3bc6aa4c97ed5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 54dea90f7c987b92ca86bfbc9d2f5339 |
| SHA1 | 51f7486b701f4ed930a048122f5c5d05560ce862 |
| SHA256 | 20a4836efdb81aea7131fad6cd725d661f313366aad504ae235b5248efb7c867 |
| SHA512 | 42aa855583dec3266cfd7aad43e1c8a89acaf9e44644ffcda38b3b5232a653cc014a7e5d321549d33c2d15a54e276dc211b1aec4fe7f6b8bd88157ef42819a32 |