Malware Analysis Report

2025-01-18 01:34

Sample ID 240613-jyepcathpq
Target a48b522f981641edc18a4665f074b503_JaffaCakes118
SHA256 60f404f79fdcd1c12041c66546ffc7781e0c41f73a5d058ad18eaf7dd2ec1c2e
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

60f404f79fdcd1c12041c66546ffc7781e0c41f73a5d058ad18eaf7dd2ec1c2e

Threat Level: Shows suspicious behavior

The file a48b522f981641edc18a4665f074b503_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Enumerates connected drives

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:04

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:04

Reported

2024-06-13 08:06

Platform

win7-20240220-en

Max time kernel

145s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a48b522f981641edc18a4665f074b503_JaffaCakes118.html

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Y: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\A: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\T: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\B: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424427729" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8A7EF6D1-295B-11EF-AAE3-46DB0C2B2B48} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000aba0275261ca04cb2dec7df6f04282a00000000020000000000106600000001000020000000d3999a78ad9e8c3cb69f5a1b394808d6edb0c026babec4e1934011ee37f51996000000000e8000000002000020000000e719246470dbe06a4f3a6a07b6019563f9e7d19cc0d18a107381ae946c93d5dd20000000e9fbc4e4474cc3c79dfeab9ac7204fdc72a74d2677a419d10eba154d76b9f1d04000000084812952a7ef91c04a38f724672d1dd9c56f957e52b03f1b924f93cb4015c87e59047bbab8bdca1a6dbd6f68f449457b464fe8949192217c34baaed97d05b5c6 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000aba0275261ca04cb2dec7df6f04282a000000000200000000001066000000010000200000003f5a0eb617701d82282ed95b599084ecdcfadb2aff4598ce16ef0b21b4ddac8e000000000e800000000200002000000011a16a27d1b9e3ec99bd4d37e794a7e34db3bf482146835dfce4403342e9756790000000aaca91312ce96fbed31b5ce2de0d34bb93e0701772008def8b4e8b7666a03992daef86d568caae7dfb84373bdaf77241b69d5cdfc3c4b84bd77dc5b6feb6a51f86c90cc8becbba94bb5f493465c2216a8ee6a8a3ce0438c2ce426325a45dcbccfaa344a59537f00af2229d815c51fe9d3c507b7512b1ec3211a22594356206d3e590bfa4a6acfda07d682cc7360190dd40000000d93758ee0130ec8ce411f86707cee38fb6cdd8bda97f07d4678aa96fa2dac2eb0dbd1b327335c05ce571d2e3fa1aa96fe524c4b21fc5b8827040cdd6d630715d C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0bcfb6068bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a48b522f981641edc18a4665f074b503_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 img828.imageshack.us udp
US 8.8.8.8:53 comps.fotosearch.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 meubonus.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 lh5.ggpht.com udp
US 8.8.8.8:53 lh4.ggpht.com udp
US 8.8.8.8:53 lh3.ggpht.com udp
US 8.8.8.8:53 s04.flagcounter.com udp
US 8.8.8.8:53 dl.dropbox.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 38.99.77.16:80 img828.imageshack.us tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
US 38.99.77.16:80 img828.imageshack.us tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
GB 142.250.187.234:80 ajax.googleapis.com tcp
GB 142.250.187.234:80 ajax.googleapis.com tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
US 199.87.60.231:80 comps.fotosearch.com tcp
US 199.87.60.231:80 comps.fotosearch.com tcp
US 34.107.249.250:80 meubonus.com tcp
US 34.107.249.250:80 meubonus.com tcp
US 206.221.176.133:80 s04.flagcounter.com tcp
US 206.221.176.133:80 s04.flagcounter.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
US 34.107.249.250:443 meubonus.com tcp
US 8.8.8.8:53 search-blogger.com udp
US 8.8.8.8:53 www.search-blogger.com udp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 216.239.36.21:80 search-blogger.com tcp
US 216.239.36.21:80 search-blogger.com tcp
GB 142.250.179.243:80 www.search-blogger.com tcp
GB 142.250.179.243:80 www.search-blogger.com tcp
GB 142.250.179.243:443 www.search-blogger.com tcp
GB 142.250.179.243:443 www.search-blogger.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 172.217.169.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 172.217.169.67:80 o.pki.goog tcp
GB 172.217.169.67:80 o.pki.goog tcp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.75.171:443 whos.amung.us tcp
US 104.22.75.171:443 whos.amung.us tcp
US 8.8.8.8:53 widgets.amung.us udp
US 104.22.74.171:443 widgets.amung.us tcp
US 104.22.74.171:443 widgets.amung.us tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\platform_gapi.iframes.style.common[1].js

MD5 682c26af19b240f98d2cb951721fa54d
SHA1 18e58b652c7f82a55ab4b1910693686049e25d62
SHA256 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980
SHA512 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\cb=gapi[1].js

MD5 f9255a0dec7524a9a3e867a9f878a68b
SHA1 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b
SHA256 d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d
SHA512 d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 951691c41d709000cbd6d7b813ecf2ae
SHA1 1bb704f177b4988b8b8c94b603bdebe7739e4197
SHA256 ff1ddd26b68f2d988272e6c9cbe091db85d0598c990ae7203399a09ca28ec45c
SHA512 51fa5bda94204e249e3fe8d9098ecf1fd6e9aabbfb7ca4f8eccb116e1acc00189877b203a45a4eddfeceee53ba5ee4c44369b2d97fab0df55ce6358acd3f9082

C:\Users\Admin\AppData\Local\Temp\Tar46D2.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab46D3.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Cab47A0.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar47B4.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad7f4b8485b867ec45e909d608d52dca
SHA1 ef04b028a2fb53114b3831b513d0ee7e56fa2cae
SHA256 da9450393f6e9b067e4817fbd1ee274aa4b504a8e9dc46f95e18e08d38b1d2bb
SHA512 e195066cab313cbb26672231732bc7f9411645a15987184abe07c1cf23c96f16fdf89f952c47f874f45bf12662f15737f5dc8ece98323d9a12b233ab02ef6c78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 256ab77e356542fa1aa680e985e4cd35
SHA1 f52ee4f3b7770bdac0bc987992f79e4f354d91df
SHA256 1841a16913c785a1916a0e5d9a4a1561c7ffcdef9b1b5c0d8d4f39507cec6728
SHA512 22b45d19daa6dfbc7ce028467669a3be9dd2e1c1f467fedeaeb0c213a67eb0f4397beecd62984948622038202252a66acb9a61655e4536a5923453334f9d7f6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b36f20a298ae680dbd42ede99ac668c
SHA1 d2e02ba553760b1acef14869a7391078ce621953
SHA256 15c16031fcf970e567552c5831c165e9120afaca646878065a043b9803980dc6
SHA512 47bc0f4803dc867a4e84a35eb3ee31bb1a228713c7b0c665cd8274f2d9054f9a55c80a02130c11b637c1051de2dbab143e021d9bf349d32870d2efa5e614978a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 575ddb58008ea19daa9b70b8fa313f34
SHA1 25a27b0fccc92ef1a1ee409b0d2b878b6aaad2fe
SHA256 bba9ec479d896323e1fda4ca467c9d3e0a202267aa4a3e55c44ca7966f489018
SHA512 5e25694eda2e7d8d3e7841011313c40fa2fed3e898c5eaccab01b458b727f9e89a786d15caa03f6328deb728e4fd6cbec4e9c62427a84f875e05fabff74d62b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90057da3d66c40731a186b9d67d5fe27
SHA1 71bc953f3c2aecd081646d88b1ee6e3c18226de3
SHA256 2dd01443348c56a5fd73c877c8d0b31fb69064e23122feb3a708f961abf6020b
SHA512 d8cd9f69873704fd88638cb590a07651da27639a234b8461a587e955a7f822aaafd2aebc3a2c301ec05c0c73552316575618985654e4f63d8e785c49a9d60981

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eaa79b013c941d5038ac1dcdb6227534
SHA1 cc5d3cee3b7a3a52a95fae027f077dd851b4bd4d
SHA256 68c69175ef95dbf9ea09f001defba77e4ce1695e1fa585d0aa447279a3278cc0
SHA512 3b1559a3799c93ea2057c9430f915059775aba42ee6f3d5ef4433a636ed4c14e04fe7f811f4a0715746a6f9986d3096d8244d55b1cb5441f34ebcde6d43af95b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1dbb6b9edcfa50ae37f2e17442a9075a
SHA1 0d7ea3d38569e275928e5341c5e35a5c195377ac
SHA256 ef7a279d27f8025e41e80efd8399db9e87d4a9cd7c67a076f7ac9a85a570a736
SHA512 937c73f59887c8f22444fc413ed78f0dde56b444a8b9a0ef7709dbebfb1426768b9faee40388a2027672c89db26409eefb8c0f2a1bb041a542e9395e6da57d8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0a94162adfd2e890d5399d4eb4f232b
SHA1 87cfbb5856faa67415bb3fd0cd779ab0f9afbaf7
SHA256 ac98e942ad959369865abbe010c97c52a62cc554d823f21c826a709e893fe311
SHA512 8c40bf16f3e9df627107de4f078f4b92b786206614d4645c19a168990daf9162fbca93d6c3ba162bc7c0cb3a4947a49f483ccea6b17f7fd8ccf4cfe543ed1e54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aae3332e074010d2b37d80946e7ee1be
SHA1 9ef3b4ef71d35284326eacfb9fc5bbc881f94e4a
SHA256 82810c81abf4b84e01f19c836e5b398b6934c89689f10d21b48b1c0eacdceb62
SHA512 b312f60112b40652f4e18637f86c48bfe0af5a57852af9b13a3f6ab626d87f01b61d4893ad924338cba2329f810811e2060976fde881569e298ad2602a0a7bf4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b72b2878893aedef04066ec17e406893
SHA1 2f8e11602f2ddc5acac321ff0475c174702a267e
SHA256 fb9ce58ed7574f5ee06f3a4ee22bdf673e1417961f4d500d53ee68222106fa28
SHA512 0bbfcbdac4568695d8c1ae8e568fe610a0be6b92c50725ebb38076d4bacac3e6f28e3d86f0e0f99632aacfd0c5b2753cb6bcb16bfac3ac4a6d8fb65538279445

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 103559a2a4c639633381610103710c91
SHA1 6ff2db4b539c3ca8734ba41778ff6744015e4560
SHA256 f0f0414fde9868e42824b4dbf4336911b20ea29d53a11ad8e8331ada93b30085
SHA512 31e07599db3958daf6dbee9e1e27d2fddc9f20f0ba0d1393f0d36b04f04c3d86f55c91b2a81b121f0bed76b1ea0e2754fd1f56a33773640bf4c06f9421f93e75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a722efb81cb18ba89f415f5f26c7fa7c
SHA1 4575243e7d102cbbd4335d1437e38d9ae1c09708
SHA256 68f9ab26d67d7b17a0e4274d4f60ee769679df3a25ede0d0a10023096b1e61a9
SHA512 8fc0fea30db14eb1bf908a0ab6c4a8424ca600b14ec07adb09b2c9bd9c617adafdba1f445fd46d97a19827c474bd37a70600d15ad36aed9353ee7fde725d4eac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fca6caa81a05175fcfd2dfc69b75502d
SHA1 9819b35a927d29c72f637e0d0322b6f1cc38c93a
SHA256 a9b5b58df1547c1f0ce8ad00045cc9ef730eb66898f07eeb0b161cd261060df2
SHA512 ead252c433bb99b98b20fc8c0393f5eb6f4ed31ab7e7aeeab4a4e8c539f5dc4c9d3e1603cae2978f6da031740490a13a8c1487d3b0ee8335967561984cd80915

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d5bd8c00547953931090236b29cacff
SHA1 78f6f1f69beeae510a246af4b6c7b28113e6b521
SHA256 a2be17ce9eecebff470beb494e60f6b5a2a63e35c50dc404fa7ef23faaa7259d
SHA512 61833017a92a25e7152c0885124533b5f6d7f556e97a07dca84bef98c4b2655124659a2810339e148b2881dc49d558761e2988cdf77830b6b1af587e8ca13d89

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1cb56d2b73a0ad288c9188f7b4c8181
SHA1 e6f3f42e8e2a90193a604fabfdef9d43c2753a09
SHA256 c382474a48c64afc3232c7b60fd367e46ac2927cfe816c0a41136fc0fa5f7573
SHA512 f734f3a7b20408e8614950bf12e42abd0b2d354e337be324f2f90363ff7558d964f01e0df1e818c76c936143372cc13eed9d0dfd449fdaf6441d0e38be7d7d87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7585112a9fad905a63f898d938333c6
SHA1 3cabf637f4cc28031f2a35ea116ae6d2e49afeda
SHA256 4b131cf2f56bb2a8ab8779caf61126a89b4a70206dd730dc7536ce048ed4efc0
SHA512 d646f8b32b756c12157d8cb4193fb74dc84ce2a60d05a2da8abee5adf7eaaa6ca65f29756517fc9917269960770c52ef464000c258362ceeac88eb2c1cb99a53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dda8816177e7c3762e30ec46d16ed02e
SHA1 7c425138eb37da99854979d429a5e9ab0081d1de
SHA256 194d4ea878063b9353c47aabb2c777c0b7c71df6ff0f8ae00d833b0ffb4dcd79
SHA512 80894c583dc81f79921f415b4eb3e78e503cdc38dfa1ab709d503a40726b7ba4702cd6f5f4502a9a8824004b9219b0233572b0c2e5017233bf171d8f32cb144e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f671a58005565d35b03603233c52983
SHA1 85baa00bd1f137dc96ab951d55c828a2429b076d
SHA256 2b2bdfe6dc887041ab43a11504585ea160ae08edd9154cc8a4c56b46b781b80a
SHA512 585aaf236693cbe5dbbade924151dd59216b270b16ff6c0ee9bdbc477c317d23d24c2e32ad44d74b867759be4398df9e5e7bd3d8f06a070718d16e2cffe2261d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c9639805c571d6db435137fc979f496
SHA1 85432f9fb86f5dfb21c39903aaa362f504782f62
SHA256 039d9a55f6867cb3f46f7dd8517d85ca3d2d26a82a3643c70f089e77e73d8c7c
SHA512 4a2f6bf7d72356281aefcea63304c810df9fb86996949dc214757c22a5c64ae734782e08db0f0e068e173aa77fe05fbdcb7f9475aff8945e6cc051104b511a0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 af2d732ad9d00c82d4be857b2d9e3ac9
SHA1 6beab08695d12dce2bff98f15318cbaa987aa9d7
SHA256 22994f5de8d96ee615dcaa006108389fec6381058f1104f831d79285ed816e18
SHA512 5173e73018defa97e0353b5114f0a00200dc1b0b82f3c308af513c95650302ba551fe0c4633f90ba4df4553be5c2ba6810b1f7ed4c77f6ecc4c4b5d24b6d7505

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a301f89d62d0c5e4894a307fb258cbb
SHA1 e82b5d0f4cfaedc433f88d54a3adb2567ed71224
SHA256 509fc21306b3d5033d21bb84328a9997ff9db68c028f9ca5ec63af192ebccdf1
SHA512 21b5a98ce09ef8e223fb38e1f361d39458854f87a88ce88524fc6ca8964722a0979918a8c48db64b86f3ea133aa4b626d08eff8df627384e7ce921dcf8601a33

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:04

Reported

2024-06-13 08:06

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

125s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a48b522f981641edc18a4665f074b503_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5024 wrote to memory of 5084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 5084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5024 wrote to memory of 3664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a48b522f981641edc18a4665f074b503_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c0a746f8,0x7ff8c0a74708,0x7ff8c0a74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13992436632134773630,3887273635875333686,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,13992436632134773630,3887273635875333686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,13992436632134773630,3887273635875333686,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13992436632134773630,3887273635875333686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13992436632134773630,3887273635875333686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13992436632134773630,3887273635875333686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13992436632134773630,3887273635875333686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13992436632134773630,3887273635875333686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13992436632134773630,3887273635875333686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13992436632134773630,3887273635875333686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13992436632134773630,3887273635875333686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13992436632134773630,3887273635875333686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13992436632134773630,3887273635875333686,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 search-blogger.com udp
US 8.8.8.8:53 www.search-blogger.com udp
US 8.8.8.8:53 dl.dropbox.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 img828.imageshack.us udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 comps.fotosearch.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 meubonus.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 lh4.ggpht.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 lh3.ggpht.com udp
US 8.8.8.8:53 lh5.ggpht.com udp
US 8.8.8.8:53 s04.flagcounter.com udp
US 8.8.8.8:53 dl.dropbox.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_5024_ITKSTVDWYQRSDADX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0b00553b138f31efc26006c94e86cfef
SHA1 b60886989db598f99f169d507322f5607125a3bd
SHA256 fee6bfa9255fbc313b48e078aab70ede3ba12486005e5c1f47be3b3c00e7eac7
SHA512 851cb6fa530776cdd64660040e029054c81dc09044c1f9547da8fad26151d35647a97be645742bcb9745cacaddd2bb10c4377e0e33cf58192264365d06c4b39c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c5d63122f036c09002a3759c6bf63c39
SHA1 ec51dbe30514457af15bbd7d2850194636f90486
SHA256 b29293b1f1b78818cc227f99fcc8c6df4cb38d739bab57975bdb9a7a9d6ee8f0
SHA512 3fa8bc0cc15cec209a224384b928742814ba08bcb22a89486cbb23620ccf8283595f0d81d7a423791a14dc5ab250ddade1e7e36871cbda85bfe230cad5eb5b60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 15ae0e43179e7166c726d22e3f5d843a
SHA1 8411f691fc0fc82fb0dfc6ad5b90cbc4da670b13
SHA256 39094b315fb36e1e28137217736a37dfc85b6f7c491beecba78432f7853e840f
SHA512 0d76832a551677252d1c00a47ff74ee86220311aa20bb79925d2bb4c04bd8b7eb9316ab92dcf6982cd8610314f848933fa7c29324cbe89905345bc6740954747