Analysis Overview
SHA256
3f6e213cd3517a9e81226595b89cb37425847b4578a629dd967b866fa1e09216
Threat Level: No (potentially) malicious behavior was detected
The file a3d6f1f32952185785d9d3a56bc34c9e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 04:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 04:36
Reported
2024-06-13 04:39
Platform
win7-20240611-en
Max time kernel
137s
Max time network
141s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424415269" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{88558D51-293E-11EF-9B2D-424EC277AA72} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000041564b84e2093cfe6def106ba9438dba9dd7aa530404be22162922e01ae751c0000000000e8000000002000020000000e1be23877234a909b1446ffc047c5d6eac6e6f096ec2162a2f9531d9429461df200000001a9f272cf569092ca68504fbf3c5c9b17a77f6f13c389547024087aa97134f4740000000539f194cd440068fcb7d74247d3b8b3c85e529947bcf4150c79eac645c6c6ddff84f3e8a9577c190264bef7460dbc554326ce4951884742a51dfb6b25c380955 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000004ca0af27f9c0bfc2bda489b3a355734db6cd12c8edc3b2c80190fa44e00c842f000000000e800000000200002000000024a6fd02560ba0aebb633c9773b287b8f70078e5676a41be13f1976de0f9b7239000000046c3660bb2ebb1d35767a96d0f90b1d8d178ffc84778f46d17dcb3a42fe9b97d9453ddab4ed8f96cf072fcefc0151bd85385f2d60c3e567a691c8c0f592489b6988abd7b6b8fcb927a6ed9f101b348a75f63e423765d834179fa09d4811d0c31172b73fa620d1742e07c121134d983bf95755b9bc2cf452213590ff88ad570ed09c9fdb385035042928df789e1210eaa4000000036fde6d8dd874139d6a99bdfb25f7f275f33103b62af0cbdce3ce7a5f9c2890a2f91f9ae01513271b9f493b73483dcb822e952bc7f4ca8facc77e657470e0928 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d044be604bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 236 wrote to memory of 1740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 236 wrote to memory of 1740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 236 wrote to memory of 1740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 236 wrote to memory of 1740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3d6f1f32952185785d9d3a56bc34c9e_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:236 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.fairebornfilms.com | udp |
| US | 8.8.8.8:53 | fairebornfilms.com | udp |
| US | 8.8.8.8:53 | fairebornfilms.com | udp |
| US | 8.8.8.8:53 | www.fairebornfilms.com | udp |
| US | 8.8.8.8:53 | ceebee.co.za | udp |
| ZA | 154.0.173.83:80 | ceebee.co.za | tcp |
| ZA | 154.0.173.83:80 | ceebee.co.za | tcp |
| ZA | 154.0.173.83:443 | ceebee.co.za | tcp |
| US | 8.8.8.8:53 | www.ceebee.co.za | udp |
| ZA | 154.0.173.83:443 | www.ceebee.co.za | tcp |
| ZA | 154.0.173.83:443 | www.ceebee.co.za | tcp |
| US | 8.8.8.8:53 | www.fairebornfilms.com | udp |
| US | 8.8.8.8:53 | www.fairebornfilms.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d54bb95993495d5b886cbf91be91134 |
| SHA1 | 7dcc9f025a2e83d062d44c73dcadb8ea468b4339 |
| SHA256 | f315684e205d9908c5540e4d163b714875cb3efa8eab1a09083bb8159019ecca |
| SHA512 | b50b5e8caefef6ab678401205fe83816c51d8d82cb6b07076d985894207e8ce4a6d7cfb1a78a524abf314fc015657d031db56a22cf007b2253527f32e3052163 |
C:\Users\Admin\AppData\Local\Temp\Tar4B18.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab4B05.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e96ed46ef5ae0e89bf9514c94d558e1 |
| SHA1 | 21cd266c3bcc054570529d60b5a3eb5975e2827e |
| SHA256 | 75d06f39a04e7f2d960234fae08aefd4358c5adae1771046548fa1a30c18cbfe |
| SHA512 | 5e3fba56877ff7e4ddaedfb95a89076efcdd1989c8e67b3ae3f22998daf371a4392e98647ed4917261f2378948b1575b7bfdccfbd567507fc00e90485bc1cdc4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5abfe564449f4e97fcd16fa72d38acc9 |
| SHA1 | 72963dc8a6bc24b1e71b2175865dd9a445e9cd18 |
| SHA256 | d02ddca6ef7c296a06d9164f5f8580e6e93b764492578b955bf0ae6df9c9530e |
| SHA512 | 22c75a99b41caf2de8007836ed02f632d1aa8ab1763246e1ed5f353553383da1de27e4864b0fad64b7ef8733af25f31bf6b15496576ff86701cd509fb1c3ea41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7d721e306466a3b03f1d3798c6cda8f |
| SHA1 | f6f13972b477fee93a1c09f5cff50d1957370227 |
| SHA256 | 739033797f4ac4395c86b1767f6a91937decda10a5180d7bac82862bddb2b2d0 |
| SHA512 | 016f90063d304a75c29c14bac23832cd5e724c6c9ef6333f548269ed556e5a7eb9bec93bd570146ddacb96ffa6ed2932823e403c0c17c859f22586d81e2ff3ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16e32002efa7257030ac5db22d4bd601 |
| SHA1 | 4fdf7a5a2230e68bdaa51ce5549fdbb19c497c4e |
| SHA256 | b02715e500f431739b504d37ea9c6eb5a59d9df62ca9493c1ddc1b112126bb0d |
| SHA512 | e80fd68d5dd37f7f168e315b0b3df690486bf2f912a95a2dbb9ad652e71cb55020b5bf66f95d378fa5668fb643d4b64230891115e0c2f49032b5879ccb10b651 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d4b1c439d59614e9ce016d665de2485 |
| SHA1 | b49109ce22743582010ebed3347c09d0a3061a75 |
| SHA256 | f531c1845ddc0517a03861846403bbf71d5c2c337888984fbf2262077dfa4535 |
| SHA512 | 209bb6e7c1ad3650268879c1d91e6797e1bea2b6a7152a3704dff6a4024c5aa15f99f2f53f5050fb46ef09b6cebfc492aaca6ada9e1a3c0bca4d103fc3f2e6fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b829a7911012e33077af370e13a72cc8 |
| SHA1 | 5c31a063a8c606693df91ca08b4eb7146690d689 |
| SHA256 | 7922af46e8acb551026661975465bc0e4deda51d528cc29aac2d39876b4604dc |
| SHA512 | f2348613c8ac81ab08f4e39437f342f4e7af1c5522be9a4146f9a98ff507d7a53ef5b496622476bde86bf32f69f4b14861e10551f3070e3022ddf991ddbeedef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 789cbcc24d03b1b944b2cfaefde00190 |
| SHA1 | 099386955e7db149b27a33927a0147c623d3d62a |
| SHA256 | f8eddbff7cd1b318366ff52977b9528959c99bc6f0d145e0da63799b59ff65d2 |
| SHA512 | 3020327cfac6b6667f00094ad9fcd6eb86c1989c700509073a61db724353569b599582f6e77e4cc3188c315d210fd589e1c26350e5b5ad4899aff1badfa6dd39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 336e1bb8ba546790eba0237079d96d60 |
| SHA1 | d4fe8815f3d74243d74fe1d143450b32d65ca952 |
| SHA256 | dd8e2a37027e87c0b6359e25c4aa52218fc19ec8bb3e2e87207e0edaf51a4221 |
| SHA512 | 42587d70f6ce4427b109f6a78e60e466d2d9024aa2379e4b247c83601ad1d8f477ee7a9cb5771c0cc305464e2137f614da60afcbb1e727331c299c5cf43d0b70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 457b0f50af9333ba16629d846d3e58a5 |
| SHA1 | 44ec85b321f359c0b9a9ddc6563e9d1c10aa24bc |
| SHA256 | 8913541f85dadfd89da77a77849dd7ebf66a9abc3fa4c9dcdd0bea8a2721fc70 |
| SHA512 | eb88e3ae40db945cddce613c90c44abb471188189f1a29d1c7f445c5ea6778bd05afa4c8c55ee577c5645ef840ce49ecc3d5abadca7d7a0d6ac9102148ae4c68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e18ab880ca7c6badcf871ae92556c741 |
| SHA1 | de14ff49a3b62ae9cc7dd59867c4b1beb47a6155 |
| SHA256 | 3a61b8866513c347d6de75b5142de6bbdf5f2c391c62481493231e83352fc820 |
| SHA512 | 16b01a888e150268040b25978c044fadd6bca9bf6bfbcd5cd92641f532ae3fad40cf4d17df24ed080a5fbd23eb809051cd7deca3b465050c4920aaf04d421afe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b56d9626d93948026cc7f485968fac3b |
| SHA1 | 011e04307db896c7846bdd427db1b1b816f593c1 |
| SHA256 | f8c8160a8683dab4357a819a37068bb006a5622000d239ccd50c545312f7232b |
| SHA512 | c01889b1a8495520629bec084523eac48ae50bdd5603646d4dd3835ed42cdf287287a311b843b5c57108fdb6eea2990b373f4869e24a33015f2f9deee7b0237f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f286fd2e9ef3f57164743dbec956a6f |
| SHA1 | 83c325faf8b143bd6aa3c03caee6a50e4c18a0dd |
| SHA256 | 7e93f0c37d4e9c339341051757e380c8711ed458d266c309977827729deba54c |
| SHA512 | 4be587dff50713f1a5b8a48b83c55cded7bf29248e5777134c45d29d8895d21d30c6191da9445f705115f13a9fd839e1aececb62688feea97e9a3eebf6aec863 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73796906db4cc9b5a2c0ab0520daf612 |
| SHA1 | 6fa7fbce3f719bcaec015dc983bbab4ec8a78ecd |
| SHA256 | a2b52a07330a6377835f75a8f9f21711ddceb161eae0b23c16e4aa5c61ee5d26 |
| SHA512 | a4fa20d723fe3f4b32c80c3b052e65834225e25f4f581f4e7678538d59b56b3930d0f5cd46a98f25fe1fcee4eabb860f6452a9e562252a412e878f7f42522e25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9993b09406ac0da3db28358141d63f9 |
| SHA1 | 694d35ca6fc8f3280e06a710512b1538e5ea14c9 |
| SHA256 | c9f1ee41ec22b1145d7e6d064e4d74ec4377c65dbc6ddefa6644117fdad73e41 |
| SHA512 | d7364843212fbeedd528f4d07e832d6a426a7085b252c64d0e46fe40f2e87ad40a47d54ebe9c4c45e3581cf415e366f8a856d872c356b801fcbb911169c6c36e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f963a74a152b3522e5d8b8f92ee6091 |
| SHA1 | 182bb72024673343df4834952cea48a241a06df7 |
| SHA256 | 97ebc12d5fbf45a7d07885fd692f4e40bfa6a501c02e55923ffe191f1054deda |
| SHA512 | 4e0526480b0074157cfdf44fddd18e6d5e99af17beea22b30f78028ffe1c07ac4bc18cba141d2e5c334e52b581b7eb8dc1cf67355aa6b2c24405cef98087a6bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c2f05f313e4ba27ade1ca5a04373c56 |
| SHA1 | 2074a663b8d08d016a0ef16a920bbc540ddbfebc |
| SHA256 | 213993762f779a51764a06f225c46082c2f624e53423a360b7580cdd4956325d |
| SHA512 | f9a617435177e62ff2a8a0951068734d73e650971b0600cdd455874f2a7f86a4be35e6a166a5cae6215fa5ae512f0f4d5460cfbc858f9a6989c64ed239d6764d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3524bba1bef2a7d6c8013940b16eab62 |
| SHA1 | fbd14f05bc8842dffb26b44557233f2192bd7ade |
| SHA256 | 647a30dfad57bf8d286d187d95130589a7c809e69f71e8db2cbe152d166fec69 |
| SHA512 | cee1887ebb9dff7c9bfb9e1068557bb227c1d3a46c3dcddb1ebe0a038b41b83da6649d7d586727830ad86e0cc0d0fcb565e75d049a3d9ba8d8c9fe2a1175731b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e8b7a53342686eca17db00d0f958222 |
| SHA1 | 2840f11a2d598dadc273d22d4e389a0e4a2700a9 |
| SHA256 | b8a0f83e52d8dcc39503a8238cdfb10cf2856b681a4df0ff369d72fb3cd740b0 |
| SHA512 | 424929ac53fa2a321b00d703962a71529a8aa9069b34cb2304a53ab42a6f315cf88ae9e132be25bc3062710d49c2e498337d3aeb526ae7a5dc03c950535c8e40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 050f5013e4f5af4bf5ee6fca1de5a435 |
| SHA1 | a40077cc7ff680faca778cc74a22c14a36929d90 |
| SHA256 | 5a349d9845d16f8761e6c78dac774cae0eddd01ddd69f03ae7a842e6e9964386 |
| SHA512 | 33127b3bae97ee35ebe3a6a2b5b602205fd615da25d0142263be2efbdb3dcfbe0bbf8d159fabc7fb1e625e17dd365fc4e0c563f81981b252226b41ec9849bcc1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 214d8dae1e56bf1042596c0e66a660df |
| SHA1 | f1c9eb0c577c284f5b5701211984d10b57a0fc6a |
| SHA256 | 5901bbe5f24107f9105529f67c673596ca068ac1e4abd5421491b5653f19fdec |
| SHA512 | fbc6218a8535aa60e180f2f798ddf63201c9cc0ebd969e5ff53b5d5e60c1e5363750c8e5cf0409b13e8ede1911dc9342b763291e2d7e3c08515cbcbf8670373a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93cd99f7ef742f70e0ed075895c76e3c |
| SHA1 | b016898fdeb8245ede53887dd63c33c4bcf23067 |
| SHA256 | f3741fc3748c8b9f27ba9da1dfab9c89babd965abaa1fb47eafe315be84224df |
| SHA512 | 2ede12c55f5ea689539c56442f6f33b3071944a5a4a99ecda5fc99d3242fe510e5840033b98107d6a35147c4813c371ccfaa255d9913de826b036bef651f7cbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccbc3eddcb276ec03ecd024dc799369f |
| SHA1 | 432ce286a9d624aa75450e25bb68276a53b30593 |
| SHA256 | c3a1d7922e63c4f7912aa668cfa92fde94f99624969240bd4bd11540beacb342 |
| SHA512 | cd8751a74a9e9599fc6c45e65600ff0d7dc791a4eb0846e9bb6a3d1b368ce4d1c0ad1869f1e4cd71ef1cf7ef4ad6bbebcc5ca1c7a3b2c7ca97d99bd1601eef87 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 04:36
Reported
2024-06-13 04:39
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3d6f1f32952185785d9d3a56bc34c9e_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe103746f8,0x7ffe10374708,0x7ffe10374718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,3781754194856406026,2589943655237827978,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,3781754194856406026,2589943655237827978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,3781754194856406026,2589943655237827978,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3781754194856406026,2589943655237827978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3781754194856406026,2589943655237827978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,3781754194856406026,2589943655237827978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,3781754194856406026,2589943655237827978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3781754194856406026,2589943655237827978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3781754194856406026,2589943655237827978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3781754194856406026,2589943655237827978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3781754194856406026,2589943655237827978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,3781754194856406026,2589943655237827978,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1340 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.fairebornfilms.com | udp |
| US | 8.8.8.8:53 | fairebornfilms.com | udp |
| US | 8.8.8.8:53 | ceebee.co.za | udp |
| ZA | 154.0.173.83:80 | ceebee.co.za | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| ZA | 154.0.173.83:80 | ceebee.co.za | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.173.0.154.in-addr.arpa | udp |
| BE | 2.17.107.129:443 | www.bing.com | tcp |
| ZA | 154.0.173.83:443 | ceebee.co.za | tcp |
| US | 8.8.8.8:53 | 129.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.ceebee.co.za | udp |
| ZA | 154.0.173.83:443 | www.ceebee.co.za | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_540_PKEXOGGOZZQDPOKJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c1106449-ee61-44d0-a87a-c6a4677412a8.tmp
| MD5 | 3528c9bf1059de4c42e0206c0c521d69 |
| SHA1 | b10d34c43a0003c78783a264fc1b57023ba42205 |
| SHA256 | ea6a5d68b48edb74412ac5227e4200034640904dd4183fa92c1669d25343e521 |
| SHA512 | 4c46c3b7679f731a79c0a40af74892ee7b2048731515150ebd10458c90ed5caa8aab75f9c812637975ca6fa1e2b7b26211651f0d70df621f6ac9563e9385e3f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6930c19e2c304a775319e608fd1b33f7 |
| SHA1 | 5f5ed6ba8909720dca13c41e814e54bfb6a46fc7 |
| SHA256 | 3e3c623a1135dbf72c4d433a5a654c558a7b9b7a7c9f63f8225c84d3103033a3 |
| SHA512 | a48f1cf614403b632ceccc383e02b4a295dad0878ed5b1c3971b8522dc97d3f78c62b8d19f9b60c90f375efccfe1c41ee5528fbba8ecc4cc713bb1f36655cdb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1dc994a67990e46d4af5e45654ece873 |
| SHA1 | 93b7659779c380fabfa89697f91dd2830b043759 |
| SHA256 | 4195bc0d17f19cb6d1641910abb0689dee20758ea35a9b3e31343e7b0fa6b2d8 |
| SHA512 | 5a4620edbd5983d36f1eef230820c89397c0dfdc016d45fcafc9d81441615b858365cd66cd4683a0f2e190ad490871cca74f488cb5ad3a45054c08cabf993aeb |