Analysis Overview
SHA256
0802b8f6bbcdf386631708c05c26d230894ffd81ea7e939c561cb158c2221052
Threat Level: No (potentially) malicious behavior was detected
The file a43d7353b07008d6fe392b026052696c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:37
Reported
2024-06-13 06:40
Platform
win7-20240221-en
Max time kernel
142s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dce07d4db0b4b34d948f4fa629e23ac400000000020000000000106600000001000020000000e41e71de1a26d746a9cdade6d387ff331ea2c578014c277c73e1cf9d3e21318e000000000e8000000002000020000000c97b8586c9eaa5f0b04906c45b48224d678c9c0901c896e4525351abc541fa7c200000000028560edf20fef7d6dcf189d7a992e1439385967ae9e3fe5ef69e4b4b8cc5e440000000745c7192445d0f96aa63643fd559c25766f1a9920327cef036cde0566574231cb82a657a58efbdcc56e21c50d12438e954507d630b46ac0e4e5b4a4cd16b5f94 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{792C6AE1-294F-11EF-9DC0-D20227E6D795} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0666e4e5cbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422546" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dce07d4db0b4b34d948f4fa629e23ac400000000020000000000106600000001000020000000c5e163733982e124f88703e944834bae42cc4dd8a4c323a4312366c34e66a48a000000000e80000000020000200000009870d3ed7593abe4cb1edf042bed7573dd0949d9b9de86567c027163eaf2830b90000000ad6f45169f9618dd7199b30a802880f84d713773eb48387cbdd6ee26a68c4b07a0af5c36cdfc56da69ebe98cd0db6813ba87cb7a1205099f93ae2fe7555ef352bdd50574e7427351cedbebd3af7aa5a1cfad1735ea56b3107f432b4e55429714ae43844ea81f0d0c6558edd3ba8d730673e6dad95a84a9c743df73b45ce91b26ca35c82a0595fc0d623a9a36377429f0400000000f595d83e074b9cd80268527c8aab6a61ed2cbdfdf633edd7d22a595906be56d6dd0eb69a031497dda76d8d588f847173cf6c46ff52fb46cf4d328fc0796a402 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2196 wrote to memory of 2972 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2196 wrote to memory of 2972 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2196 wrote to memory of 2972 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2196 wrote to memory of 2972 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43d7353b07008d6fe392b026052696c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | next.lab501.ro | udp |
| GB | 142.250.187.202:443 | ajax.googleapis.com | tcp |
| GB | 142.250.187.202:443 | ajax.googleapis.com | tcp |
| RO | 89.35.160.250:80 | next.lab501.ro | tcp |
| RO | 89.35.160.250:80 | next.lab501.ro | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4077ee2213fce1b2d274e7ab8ecdc448 |
| SHA1 | 28a10502af49f645c7bfede0e532cfa385ead051 |
| SHA256 | f7b813ac03571d93710bfcf779d05f6166fa0cdf51492529bc3686387f21a339 |
| SHA512 | 7d21d7b555ee44c83f355bb5c6c9dde4994f76199de5247bffb32635cecb83f5efac27d212c6fbb363516023d6cb2095d867f9b11935c2d5ba45c84e2c6126d9 |
C:\Users\Admin\AppData\Local\Temp\Tar4C40.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab4C3E.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab4D1E.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4D32.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa43582f1f25add780ddd0129caf9acf |
| SHA1 | a2a96bafb6a01eee98db7de22918087690021d7f |
| SHA256 | 122a47544d3b26abbe41103c7f5f6efa56b40fc39a4043eae28b27fda18158ff |
| SHA512 | b7411a4abd438018ba4205937c425cbc33175f014806b5129b8d704799ea785d04f3a183135e62e645472c3fc9810f207593df0f7d3a691a42aa03e4005c5b6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bcffb569709bb4bdee2ea453d2df9e8 |
| SHA1 | 340bccf772016ca4266e6996ba34f3364f434922 |
| SHA256 | 26817285abe87292e041542dd518b6aa4c225fab4a6042fe268f6180d12f24f3 |
| SHA512 | 7c19b0fb587a85757a628914b0fc026a4d07a30653ffec583e9d79252945c4c2d81a4d8cccedee59c81a0bb6a0f215992ec49dad5db9c8ead2d7a1b932e2b01c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce03d5e74f2a4f5aa412983ad112b138 |
| SHA1 | 8b5984282359ef462da05fc72d6c0e4207c7165c |
| SHA256 | 03d4a0ad3f52adde0fa6645030c62e85b700146d49d7425de4f1770e6abd09a3 |
| SHA512 | c7d70acbeebf8b3fab18a29404082e936131125546953ba157c46b5f384b04fb5122f87262cf5463aafd58353d4e229e902e37b45115f26f34945614edd25cc2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0190f410787cd9a7ca2b0db60b6dd73b |
| SHA1 | eec50da335daad2887d60d709856b45a3ca0eb8b |
| SHA256 | 48a24d527d4f8d3a908f127d4677e1896bb5b3632be8a5d81acc05e9cd4e6ac2 |
| SHA512 | 380ddabf392947141148067133ca0a625ff988ca66a6eb9c46b5c92b94b0fd7ff4c804aa92adaebfa0c1f8046bbb99e9cf25f05e32b54226e267b9b5d4e513d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7c59be3235ab77b44fbbb76dfdda4bf |
| SHA1 | 2c59b859e38f50375194e05c754025a7a3bcf935 |
| SHA256 | 38b2cf4c4a8458161c0631daf1fbfb653260ca4200083d9c798bea58b1b692f2 |
| SHA512 | 731c649cddf57fcf32961374d49d506bfbe808aa27c8d5358976b6def97856558be0a3adff5473666c81987a7916bbb23586124ed25161fe8060658fb3c86ec8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a3ee9123ca7f751d0d705be51f735f0 |
| SHA1 | be12bdce4007a26f2c06bcf016a1cc181072315e |
| SHA256 | 4cff7fee692fc951834aa9e620149ec0691fcb8d0584337d7e7b0cb7c441fdf2 |
| SHA512 | d93f04b970065de24ad720856d78a0da58e014074265bad781398acec6e47d8683b2ad8b5ca28039377b691b6f03c7af1c8eaf4281533320500411b2e9410478 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed4867f1d64c0554706e8166e3eabf79 |
| SHA1 | ae3677f45d6ec2b056cb0f940d4459b78df37d7e |
| SHA256 | bb872167e6be1d0e9e0f08dd09ae65ffc4a07f6146f320d80c91b65e28ecf9bd |
| SHA512 | 03d0e95309127c354f0c7af7299554f52cdee2d0cf73cfc1b9a701095794db57c4dcc1d34dc6c7b1644ff4563f2dfdc5fd4e4e6fea6fe916f2da09f80664864c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91fee860fa02ff72608ee1a62f5b7b07 |
| SHA1 | 962dec8b68bf076af9050a6cae1880a8d7751bd0 |
| SHA256 | b48c7f88b9697cf15c1bb419942f5c5842b2ccadb74e2301c237f3e381d071f2 |
| SHA512 | c11464f4d082e4a82595133af39c19766cc85cf3e0618f5ac57c79f8f9405d04df5c3eed6e8edc81fe8b9d63491a58f7e41a3f12065990a6df48c199eea3fe32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f01ec5f53dfef4c6504979b99811ebb3 |
| SHA1 | e042a6b34a042dbf1161fb7389ffc5f3987553e4 |
| SHA256 | 90972eb1de63e08dd9c0558814169221f3353f682f1f19c1a4da2b86b7ae9f14 |
| SHA512 | d4188795de8ca1fe475bed3aae7ee3c65246ce7410c43d23d3c950a2d385f4452810db63876b08dec057426289d7f01377ffc401f0a430893c5135e843c6ea16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5e4910b523e71df93ce17d1d4171309 |
| SHA1 | 7494e7d58d537505df8ab6518e8a06042f1f6739 |
| SHA256 | 8ac8af29c40c5e5ed2e3891e32f33bde7f6df3faf30db81a8cbcc79e17a42c88 |
| SHA512 | b10e8a78ae32c532f9b65256ffaf4b7e1c7e063084acba4d61c64574370fe8453c2a68e3fb6c25fbaeee8c2f97c75f74ba0a4d7190418c732262018af8cdea54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | c2994e6875c980cb3f6b0c257436dd49 |
| SHA1 | 1721f4f4590e92401fda6e006c451602167e91c8 |
| SHA256 | bfc1880a0dfb6e732b41ae74d6933deb0c58a874b279331ce12097a787be64bc |
| SHA512 | 60f9028daf2e2b569ce81376645f45e279dc277c567ab85d3fcbfc781a4e70d50885b51e6971fbaf675da8fb3a0219c7c9e1f11ce1a824fd3d5d4523f0e92366 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4211b54199b55075bf9e30c3754beff4 |
| SHA1 | 9a2f4d72409bb1515dff458c5724227bbda2cfa8 |
| SHA256 | 430d032f0dfe106821a6da0583a8c0288553432e835f7a140f101e015d6b3ee3 |
| SHA512 | 71844affed0a2a2d2a30e039b86a6c8cf672a72e7d29846609b9e63b4a25349ac766d16307fd0a655e90952a7adc36647ee9fbb5248a93a45b78e780772214ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a485cbf322d64df6d38cb73d2f1aee6 |
| SHA1 | 2ecc636ee2705f4afd8c05a906e3fa3a147fa966 |
| SHA256 | dee65351c66d9b32e94b23f7a8064dacff7d4e5a12832b2a82e0ed507877c476 |
| SHA512 | 66ce47bea97c806593a0b42537eae5e3c5db7691a0ead1828d22c492272308116e04ab070c9ce9415f4cda5fed393ce86c8f5ce9df421c901c5f810aedeb7a37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acdfde9c653313c45df5b3e6772708f0 |
| SHA1 | 40c64adb6d33aa0ba8bd5433cc214149eb139081 |
| SHA256 | 4e89dd48ff71f9a30e7ba23677f2ec9ff04bcb2884130cbfded3f2af3b0d60b3 |
| SHA512 | 00e5050c0d54fc0d4916e4263ca24bf6d142efe9f9d58376df98c46029f68333f5a14636a6f226d30d9408c0f7570876d52303c7327d8c94a9f1551dd8885f1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d268d5a991f9fa5d8e7f543a854a437b |
| SHA1 | a5a925467baf6960c2191bb0aad3f62f22be2619 |
| SHA256 | 87e442f47c697e20b1afe38c88736a528de43641bb24a8475937b32cc6d7e20c |
| SHA512 | 47e1a0e203ce4c07d9df25d9752aaf0db7e2ddac01051681fa442d18600ae63bd33b2cd4c43d591a5e8bbcb16ad1142b21b150e1147459c986425b00374d2358 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 682317d8061819845cf4c0b375c1a0a6 |
| SHA1 | a0c7b9c6f93808abbb4dec741ed855d412b71f4e |
| SHA256 | 2933b6f4455f75a1d36e4e5849a3cf45cdd1d697a39f2bdb1ca31c3ff18bcaae |
| SHA512 | b1dc9e208829d6d993cd160996f5b0455ce5bfc0e614cf1fd0a18c8a24dd0bc1baf71bcdc60830d1d14de8891fb800476cff51e60bfa98c392c93afc9ded3cc2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 60a7cb2e2aa1783a1ee10ad3760796af |
| SHA1 | dafca9296977535cd111daf022d907b03eb92df8 |
| SHA256 | c9a2884e367af763fac541fbd20d9c2d0c27be0a70d9c69aa5b41025d00a2105 |
| SHA512 | a7f6f4d505d59052c33644aad1763907ce86dde2571e8252e7f8cf6ec98752d18cb7f973e999fd2be758888261a6efb275cbca12a31aa31885497b466330d247 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fb5ee9a53b3f924ef7c09acf9a85aad |
| SHA1 | 4f49825eb155e66948b311a8ecbe72082a6a0772 |
| SHA256 | 2abb88230bc175211119d753bca3678db6cff9215d38b03f5a4a028d800ea4b7 |
| SHA512 | dde27a7a0bab40605068e108b693a78470fd8a7cbf59b4568110a90160694fcaf68462065982e70fc848fcae07a3ee475bb9aba0c0502afe566580b1b893897f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8179254ae94410763dcee8031524bf21 |
| SHA1 | d956020ce314f8000720a04b5b246d36a0701364 |
| SHA256 | e83e4f5a62819833807dab9d5fcdbc1a58792f80931509e39afeaae275e7d9b4 |
| SHA512 | a8ec86855b7a7179f1edb94ce931560f52c3f60cd6c9dc798dd65d9204efb28e18cbc9e16e3777392dff6504af5d5420a44d6c5344a671f14d76f790dfc6a5d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 664fd5d52b71bc8540c617c07b9d02e2 |
| SHA1 | 14c1d5f26545c00ec86013a1c5199955c7ee5ac3 |
| SHA256 | 6b74692f0765d46be6312a6ff0c2405d30594fe1d911080dcfb5fdbeae980b95 |
| SHA512 | add260b8ec4d44cb53c15fe6a5014f76b790cb0f0f9c093655bbe0cc7a822fd54f2d2fd3baaa372b0eeb0039f6e39c2c6471a3db268faca72e8ba0846dfc2ee8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d098b3c0f921f685ef668a62d6c6b83 |
| SHA1 | 70aa91f579afb24c90a691c900b3f37813506996 |
| SHA256 | fe5f3aaacc869e7e43e14665f4fb7ef9e052e7a0bf771221bb655e4f39fc84d2 |
| SHA512 | 994907f20891ec4f0ea9d24e1f2cb9e41190e4b720bd817e634e4151950eca66d15b67c262d1fba66650350b120f239f43f569be65c3b6faf384c454a57f8b1b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:37
Reported
2024-06-13 06:40
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43d7353b07008d6fe392b026052696c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff8c0ef46f8,0x7ff8c0ef4708,0x7ff8c0ef4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14167351337869290384,8009421868454810870,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,14167351337869290384,8009421868454810870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,14167351337869290384,8009421868454810870,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14167351337869290384,8009421868454810870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14167351337869290384,8009421868454810870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14167351337869290384,8009421868454810870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14167351337869290384,8009421868454810870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14167351337869290384,8009421868454810870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14167351337869290384,8009421868454810870,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14167351337869290384,8009421868454810870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14167351337869290384,8009421868454810870,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14167351337869290384,8009421868454810870,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4436 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | next.lab501.ro | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | cdn2.editmysite.com | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_1232_ULTZKNKMPXWTDPQP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6c792a29ec86b230e412d6d5563822e7 |
| SHA1 | 7fb64ee1fb3d820e05d573b42b8f2aa4f7ae5b53 |
| SHA256 | 8a1d463c46c3c6c1e9e3afcbc8c023503ef5cd5529926cd776d5c2326e0b2e54 |
| SHA512 | 393e2c74d4db8ed3877b6c36d7ec2621d9045411ef9a582298769e85290fdc3f80fa88f16d763b4b2e6958845ce204b582a0633acb165eeb0545993e764c7204 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b28a997b5ffdef39b5ff0a5174cf0279 |
| SHA1 | 798b538fd92a7a9fac66253c04f0f9ddb622b4dd |
| SHA256 | 03e2e999cffd3f9a3449740924a0df97551d6894e69208743c5ddd991a016e30 |
| SHA512 | 0f4c4011fef37d8f3fd5e9249e984cbe15ffa4657681a14c990b496f49ee4777913f0904173b1a60f73ed416a9d228965656bf65deb00fabfa04e8cbbebf55a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |