Analysis Overview
SHA256
396586d1a7939e059957cc64116f0570f32c0a247afd56725de89f89d12845cf
Threat Level: No (potentially) malicious behavior was detected
The file a43155bcffbca2ff59b6b0ca9deea153_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:25
Reported
2024-06-13 06:28
Platform
win7-20231129-en
Max time kernel
137s
Max time network
153s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b4802d106f6ecb42850b5ee1d9c0cd99000000000200000000001066000000010000200000003cad5bf69a44b9834ca3fad5bbcbcc483b5291e8ff8c00295c9c25984d3cacbf000000000e8000000002000020000000570c251813b2484816014aaa7ba9c0ceab76e6c63d245b1a28450306566b0f5b2000000061425834ff313733f496a5743b47e4d9c89d150e024a447094dd6f4d43eeeae440000000e6fb5063313b2bdbe87bf1f1d36571bc6799530ae83fddad97067694411e028ff9fd509d6e3bfbe39903e4ccf3d5d22f47ea2f0ecdc80255fcfd046e08d22a06 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20a90ede5abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b4802d106f6ecb42850b5ee1d9c0cd99000000000200000000001066000000010000200000006b0a50ac816078984ce70df3d93bdfe0c9c2f1af3651dbf76513f0b8fc22d082000000000e800000000200002000000014d7ee41b796c86033052b4bb801d73fff5bc4a86461d41cbac2d675a25358f39000000017c203a8050a0fe581ef4c59839529bc430b5a4cb12943d867f1b808ddf05751dc9b070016d0e9dccd748c9553217afd976e254a5160999f2a08757a6fb5824b47b796f9b79c849615f39d60924816754373fc9525375de93475981d1a145c7c9d10cf4e403d2eb3ccd1116fe57f17dc0d4163cc84b1a37606c69e597e23d7e781579c8f23e863237be0a0428fd2b3e4400000005ab5a1ed2db36c0bc6019b44e9501415444c3fce921d828bc53a924a27b61a4b2b29c1a42c36b5c6c268724e6a91e91de63d595d14f274e3a636778c3bd69c24 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CA3DB8F1-294D-11EF-B69B-6AA5205CD920} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421824" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1932 wrote to memory of 2712 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1932 wrote to memory of 2712 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1932 wrote to memory of 2712 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1932 wrote to memory of 2712 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43155bcffbca2ff59b6b0ca9deea153_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1932 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| NL | 23.62.61.163:80 | www.bing.com | tcp |
| NL | 23.62.61.163:80 | www.bing.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1008.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1164.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14acbcfc2f4db34cd11e88e669f64aae |
| SHA1 | c2a14a4158edd2b1573f82d753489e25acd8211c |
| SHA256 | 82770f2c125dad0fd527760901d4054b8b5113eacca923624e5a6a50c319e742 |
| SHA512 | 25952c4aaf99015eb9bf71f2e1320ee363b24c14516550982fadee88981178cbbd06bf777809a52c342235dd3c4107fc0614033fa901b51bb542a73d55513cde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3fdc1d306825cdf1fd6d31330f349878 |
| SHA1 | 4303f98c24c2f910e151ec35bb8747ae2d7cd61a |
| SHA256 | b48212e222ad3e6631bd4d31cccc3c4b916248459a7b19cc50f31c85e9ce6478 |
| SHA512 | 95cf54d4ab717485a736631b197983d693c1824631d7b602dd67d44937a64fa2278be35302332398e7a0dc3119a369bf945f27ababa2595f7389dbd7fe11845f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 740ff63e45753dfb07f017ea7ab70489 |
| SHA1 | 1f5af63655a894a96eee337915f7dea7d0a19d4e |
| SHA256 | befc4bfb0f104872a2603d417634a4e130804c30d2ec4927cd29b8306e2e5fa8 |
| SHA512 | 79a74af24da4bdc541d89aa97321aaf9912d49715fa9e5fb65f9fc03c077d2db7dcd25642c6e2ee9d7fc2ae4ce3e53b1c0187d8913777900d6a84514a7e4ad5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbe9046c5c2e16c4011f8f696a1685ac |
| SHA1 | 5c16ae8acbaed103145e2f47f512aaf6c629e78c |
| SHA256 | 15eaf187a046d5136123bdc95a2dddf3db22a1f27c496e765911acd7205fd846 |
| SHA512 | da9d9e96285b3f300c430b3a2061e1f47fedaa0a7e6c5a12a00d68de49b6f2ef5dc433965e82cd2543c34ae57dd3149b5af92e30c5a379818113f6d211b9436d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 995b9eede7f44750e2e690bbb50a16c9 |
| SHA1 | cdddaa56fe70829760c76618c99a66a7741b27ea |
| SHA256 | eb48a1ebee4dcdf7d67767fb90958c85b430f1d7fd99a3213b4fd1268ead8025 |
| SHA512 | bcb1862ae08646b30c1fd449d8a41efa334183589e2ef0cca9ad6815eec6021366b6c9aa8dec6be74020671f9c38bad498d5bb1eba8dcbfa26c91ec0382270d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 939c1d4a110cab5730eedc5f2920f900 |
| SHA1 | 169eb11057f42242e6053ab417fb9766b5c8d850 |
| SHA256 | e4233f837d8e949a4fc55db5089c38f117c957c7b95b8b2f2a0a21974a2416ad |
| SHA512 | 45699a4cd52502c76a1e03eabe2632d3bab9624924189dc332242b2b36f25c1b9a580fe88487a562c5e7d272b8ca365672b897639184ec50b830ce32eea8ec2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | b29d404e5b2478e8511cc247c71602e2 |
| SHA1 | 1944fa18973db0424c6686170615f9bf72c875e3 |
| SHA256 | c363ec2ec9b6f016b6e27dae4c23b33b37c7fe5e74a3e6c5c4675de774996e98 |
| SHA512 | 6c8fcd16d0006930cfa71a88cbf05aee1f4671b86e3dcf0d55cc8616fcb8f7e24cfeb50a9976b3247383fc96d0ff684e7c09062205bea252305b09693094104a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b330379ceab926c134631aca9d4a0162 |
| SHA1 | 7645bf4fac818fb13d4b7815129ab385859e1684 |
| SHA256 | 93005ab8c1ae6270f924a285a466445a40fe106312958421d4e1fb374c0aee0f |
| SHA512 | 2e1656fc6e70c9fcaa7589b374d5dcd94dd28cbed22622929e42e09f5f3d74c82e490e74c39915018345cdccc196bc82f86db9095f9d9c647042cae79850a3f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c51c204e4a1ea3054d1c3145b64aeea3 |
| SHA1 | 76174889fc7e6e1107d7c7562d90525a8fe42da3 |
| SHA256 | 02b6fd84482976f20b75afaf9fc8aeb5e2ebcba1be92dcd29242b57e94625c03 |
| SHA512 | 02828e45051b6a64f6eb4222c08b7ac43962f35520613538a7ed6da4fac913d3e181ec6b1d0a42a9ab8b92be05e0a7720e352668fd51dccfc1a3311713e81aff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f677aeda7ec2030c3d326a3e9b92890f |
| SHA1 | dcae373844b7fd9e8077b126ba75f307ea5f056b |
| SHA256 | 1670a9daed561094a7777cc26efd48ae92d51841e255b73acf1db8a4b259608c |
| SHA512 | 95b7fff6bd1ba72f877e11e59fcd06b2f48270d670d9ca3457dfcdef109290bd2ddcf2279095e47dead4fc7517a2e3c3f16948fe12e48b451e02be00b2222e7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ff95e356e17fe06c14e884a1e9e0d7f |
| SHA1 | f813ac5fa13cc4134718ec3d6b3afb1f0b16905e |
| SHA256 | be53f861aa64f3db1c3f2606de74e0491fa691a14beaf47f1f70ae9ea48a3bdf |
| SHA512 | aeb8c03d5ac8f38c62a7df3d51c32e2449079ea30c4197abd19093fd4856cf46526f61038826a1ab926a27fc4cd0b87fc7aa1022d2e25d0e3271ce906fa3d950 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39e5cee4867faf7491e97d1dc6908d14 |
| SHA1 | f32ff5e84083079e33c852b16baa99cf19c330b4 |
| SHA256 | db540ea0acec7df7e24ff44b8db633ebc0083b066aaddd3d9497d06a902ee151 |
| SHA512 | 8e0a40cbc6a3fead8e724c2ad82984a6c2bda1a7b3cecff4e691656617c9939208089b6a883d14cc1abd901e90aa5aac0a8e11ab440e3978753d2d2724123468 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e872b7faee7dfe1630e5ddde3756da7 |
| SHA1 | f44ec548d3cd06bc605f892765235fc3995b9300 |
| SHA256 | 5290b086ff28d9609947dc78e66191061164e88aaf57fa079a24445060687838 |
| SHA512 | 28301e63421517fa2f566dcceec516ebfab1838fbba5456b71dcd4df470702c3a77dcb56ebe7b1d935c6087a2e24cc40c93292f90e65d6992a3ee73ffc214ee1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ebca515c3c746c4d2966ea32d93b1f0 |
| SHA1 | 99766900ba0cb8761f171aa5432ddf17e7a48eee |
| SHA256 | bf2e5d9ba95dcca42643fb365493c0d7d59bf0ecab238c0c3467cfa1374228b4 |
| SHA512 | e93670bf13433f52bb56eaf0054a5289544f61f729bfe187bb1909e256437ef32cd851c27e383fd4558c81219516914e2a8c5be304bf12988f7879cbfdf62781 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64f7a3d732b34b5d0b3c7c8a181bb67e |
| SHA1 | caf29686c30f9ad3156fef198486dc148dbce274 |
| SHA256 | 0f1fb4eab4105501def69b23777715ce8e04295cdce61e731c4a985c00a37887 |
| SHA512 | f82c1e5095e409cd56a4dcda9c7bcc20c9a422bc32311692bda72d6e7c389297b0a02837a3d37be7fb9cddbfdedb833ab3ad76f31d829ccb94e8c4f0f2d250ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c8eec77c46f278dfe97c13db6e75754 |
| SHA1 | 4bf70fc7b060282158baca8914393e80d31ea256 |
| SHA256 | ce26c5c7d98134f8ba66961727fefba540996430e7748ab2423a722c48fa4bd8 |
| SHA512 | e78c713cf4dde00d0e23ad803de43f6ac443d11d606889e867f78cca1c3d1f51427e337575f99a35def28553ae2577aa20f01df15bcd21a958dea9a7927b3740 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8c98680fa83088930d9fba6c0b9df17 |
| SHA1 | e78c91c24a1ed7726d73196412b452227802f3c4 |
| SHA256 | 774b5cefcc4dda010d1f2b23955901edb18e5187f93a3f5e8f53b74e347622d3 |
| SHA512 | 25eb0ec19215a65b73562cb266dcaeeefe93f39dbfd2cf37f1d70db515ac1f11ae329b6d855aec7adc488f5f22528135a62830fde3d33d72741673263dcd4d3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b7858e2a8f7f2a53960f2a9fdd22821 |
| SHA1 | 754fd34c648cdaa7742f60f5189a2a080e4a2964 |
| SHA256 | 33a1b2bc3c553b5f68b3aec74402f52851830e5f8be38716f7c1d9c3e7217d21 |
| SHA512 | d3ba667be80e14f6eb9e3c8f510960c7d0b3372dbbb468605fe7d8c0c609cab4f6774502d0810a436265c7136d86e188d50248712ec153c77ed7150fc0ef0451 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d4a09e80594c6a4deb06f45fbede006 |
| SHA1 | e5a4b39fbc73bfda7af9427abf2051b4e31fe676 |
| SHA256 | e51a0cda0e345d1457491b1ba0d8966ad92160a4fdf76ec03339f0c01101e79f |
| SHA512 | 8cef75ac732bf6def8bf8bbdb82c062681d501c48a8487f8ac58960a4149bce06f69bd81777a3d40f7e6af60db49acea689e90c2b5bdae1c47f3623e2eebdfcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acb78cc190926e97b7507bf9fddbeadb |
| SHA1 | 3957af4a07fb5b06bba892b741fdda598f0e1859 |
| SHA256 | f775dfa56d2bb4b786f677cf7adeb1b4fa5545ddffe19b58f56c223b247366c7 |
| SHA512 | 5e7ed41dc30781aa9469f0817ef8b6157225f8985bb3e79d0d3c4fcb5a5373608f83990a50ede21e424afd08602406c8b9a4e29e83bfd1d2f3875a8d22dfffbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:25
Reported
2024-06-13 06:28
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43155bcffbca2ff59b6b0ca9deea153_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2f8546f8,0x7ffa2f854708,0x7ffa2f854718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3503980620422401092,13110975485020708123,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,3503980620422401092,13110975485020708123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,3503980620422401092,13110975485020708123,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3503980620422401092,13110975485020708123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3503980620422401092,13110975485020708123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3503980620422401092,13110975485020708123,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4208 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| BE | 2.17.107.203:80 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.178:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.61.62.23.in-addr.arpa | udp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 26.178.89.13.in-addr.arpa | udp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4819fbc4513c82d92618f50a379ee232 |
| SHA1 | ab618827ff269655283bf771fc957c8798ab51ee |
| SHA256 | 05e479e8ec96b7505e01e5ec757ccfe35cb73cd46b27ff4746dce90d43d9237c |
| SHA512 | bc24fb972d04b55505101300e268f91b11e5833f1a18e925b5ded7e758b5e3e08bee1aa8f3a0b65514d6df981d0cbfa8798344db7f2a3675307df8de12ae475b |
\??\pipe\LOCAL\crashpad_4788_PUBJYWOHFIFZSQAO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 257c0005d0c4d0bb282cb470925e4376 |
| SHA1 | f9b8efb511ed64292568977c9f2ec255509e8f7d |
| SHA256 | 8185c36aaacfc71e42f94fad8e198fe7fb2d868398ceabb89261cae94341cb22 |
| SHA512 | 2f3e8f352ed3ef88e8c28650390f93f98c92174d268330b886f3ebd1ba0163999051298ee12a054606b4986005452a241c6864cd292e69492d79c37d500556f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 45e9ded6b31fe5ff2754bd77a03e892c |
| SHA1 | 811362a669312884d6df3ed798cd242dc8b0c367 |
| SHA256 | 5da41154813da02827bf0dffc336a35ddc7b2216952673e0d40d784e25fd0ea4 |
| SHA512 | e9d7f3f29049e68205c84c1209f8a21a7a0a9cef8aabc249049ac579cb55f32bdc85d6893aa595057adbbdb00bb0ab381b4450f6e1dc859d4d2ee3017e7f590a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9aa8e952220382662fcb3d119e517c24 |
| SHA1 | 8e87d77fdf1bd471dc27c7a790713a65b41db9c8 |
| SHA256 | 579389f84fb8262492d41db1e6246bd7bef22e5ea06ff751bffa512e8c8657a3 |
| SHA512 | c383404308c6fdb641bf571813c0ccda0bd83a02596891d288ef3a8897416a3964eba0b022d04d63cfac6c3c0dff00dc68f6f064f6cd4a10cff1449c4788c653 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 36e6d09777166593746d289ea94a69d9 |
| SHA1 | 8eece06927750eeee7350952dad3520c8dabe1ac |
| SHA256 | dfa34c0c08d45372f4ef50748299aef1b5c5b7578e6edf190e15436446ce6596 |
| SHA512 | fcfe62bdd785a1ac5c71e98836f9c2e8005d16f22c6f8938b8ac452afb37b1d4bab460f2d4433d7ffddaea4b3a0aa71f52091ec4b9315a04e7e327ad75cb2cdf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 95cd1581c30a5c26f698a8210bcab430 |
| SHA1 | 5e8e551a47dd682ec51a7d6808fe8e0f2af39e86 |
| SHA256 | d58162c5ae5e18fc06604c285e024c01686093d70994dc93b4ae9d85b4c3f7b9 |
| SHA512 | e49403df10177053634c431203a91d26df5dfb23cbbb88847459ecdf4b6107040d0944a3e84ee6bb26cb4e8017a35c8c31b658387cd1b6938ba4cb9f59606ece |