Analysis Overview
SHA256
76ebdb7a60d6fe7bebabc257b064f16f2284659d11b927f470898252bc78f395
Threat Level: Known bad
The file a53b9116b0afc6eda3924c3ca182ead5_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
UPX packed file
Executes dropped EXE
Loads dropped DLL
Drops file in Program Files directory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-13 11:11
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 11:11
Reported
2024-06-13 11:14
Platform
win7-20240220-en
Max time kernel
120s
Max time network
127s
Command Line
Signatures
Ramnit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\pxBC8B.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C0B8B691-2975-11EF-8F92-565622222C98} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424438986" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c089e0ae82bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a6bd73758019e04db45aeabe7ae7b7cf00000000020000000000106600000001000020000000b010a6e87e0f8352275cc317a4d8905003dd2266d8afd42dc32c0e1f1b19b1b7000000000e8000000002000020000000e65936ed5286534b94acfbbb64a08bc5c00958e1477ba967237c89c134ce004320000000dca8357d723763d4522ac58e9cffda3971c772cfd43b24cdd63c9994b4436f8440000000e7e1b2680ae609196cab201f7a5aceb3b605a5980fb85a0792c2014e7aa568956addbc75e6ee8e66c479de050a5e1f8902bafa9eb3f9b13b321787bc6f7293bd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a6bd73758019e04db45aeabe7ae7b7cf00000000020000000000106600000001000020000000a45ac8dac243862e73c6d202f8a09c44680d8da8399d1150853dc49c140d4067000000000e8000000002000020000000b69b46ad9f47d2d321c9214520ccd90bc65aa24b8116577e4ee22a9351c1da229000000094ebec9f8549bf480156f30635915265631bfd9d32eafecff7dcc8e18891c20db15d80f025bd3525f47b1f142ceb40b4f544f7c4dc04ee4e8dfafa0b4f2818e7dfae3781bc355f4d38c366947eeac5df634d1e153898507da47cf7040e6cd1b1ad1c33fc177eb634bbe5701d7f4a2951cb012848eb974cda0a4c3336d5e02d4b8de80d15d5c61173018c3163cd65b2da40000000b14f62dae84ec778d990b86304211521559148608a0e9359ed3e3b768dc9ef55e8f9152be0abb389cd6cd1f5fbc641498fd3ae9afa92594fa1d3aa228698f609 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a53b9116b0afc6eda3924c3ca182ead5_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275476 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | znsv.baidu.com | udp |
| US | 8.8.8.8:53 | piwik.cyu.edu.cn | udp |
| CN | 123.124.183.214:80 | piwik.cyu.edu.cn | tcp |
| CN | 123.124.183.214:80 | piwik.cyu.edu.cn | tcp |
| CN | 39.156.68.226:80 | znsv.baidu.com | tcp |
| CN | 39.156.68.226:80 | znsv.baidu.com | tcp |
| CN | 39.156.68.226:80 | znsv.baidu.com | tcp |
| CN | 123.124.183.214:80 | piwik.cyu.edu.cn | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/1064-9-0x00000000003C0000-0x00000000003CF000-memory.dmp
memory/1064-8-0x0000000000400000-0x000000000042E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/2676-15-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2676-17-0x00000000002C0000-0x00000000002C1000-memory.dmp
memory/2676-18-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2676-20-0x0000000000400000-0x000000000042E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabD1B2.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarD295.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c0d3b8611fe8267051965e83e2652a3 |
| SHA1 | 224e10b0869a93a9d150bd3e9aa1304c96778f8e |
| SHA256 | d54378cdedf94e955b94c4f40ee87cbcb6143172f4d57a481d885385e4beae73 |
| SHA512 | 5cd667b58558ba3211296317e9332cb6eccaaaf17e223f81dc18944f7915ddf3b5f1ca84bde3e97a4181da0f280b75f00009c950939fd2e634fb1eb3fb1f1d0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bcd60f26e5ca1175e9e70e6ab07987aa |
| SHA1 | 52ca7034d973ef284fdf3e337d591fdb26809ccb |
| SHA256 | f6992c28ab1800923fb4c8795e0ad08cf07696846cb70442a6c08d2344853318 |
| SHA512 | 530ceace6fdfe5b8203397eaf8d174438d4ec4741d4b257669d79bd478e0401771c9abe9b43377eca12e03f8dbf50bba6dc0a17f88e5f1fdffe4a823b8dac8f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f58a6bbeff5c2bb58102d42b9c6a8136 |
| SHA1 | 6d648d6f29e3775714da530fb50454a2ea8a1a2b |
| SHA256 | 2e3cb92da98688399ce96fb6a1f6572721118b8c35a603fc4e40a2762183db9a |
| SHA512 | 47855731ff6ed2fc18475f3f0757d317fd1d7039bba5eae33e0f1b97c5f82c9db2d993ed52d8d16f23fe5af27da138a3d4f6c22aa89755e554e4830dd91659c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98e62c067f120267995d2f97f27f59ff |
| SHA1 | cc54e1d1ce6a0a1ac7a5bd517f8ba184db2df1fc |
| SHA256 | 45d551a49be9636052c7f27d5bdef3bf1bcfe4e8ff5486929699bba9dc5a1a72 |
| SHA512 | 9865c315e98cdc006d91d38ae79a0a8e840d13d2abe7f7c8831cece0cf948d915f921536799471e7efe027f617512da78a5805325e95d47a243da536cce99285 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c21ab3bf9a03f3981cb7b6d7dcf44dd |
| SHA1 | 2587fe83ef27636c4d4ce46688ec082d6e232f0c |
| SHA256 | 8adab321f3fcd3f8ac2fa0cd818da7f42aae49fbefcf83c23eab9b2844764fed |
| SHA512 | a2c108b75bdbc422f22df764c6459329fab79f33a61f8523c9d6131eec3dd0fededf9eed184bc8996878867c777842c55c319ea2b9fa05d2f52987d5af32a676 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3347e6d6ad3c135745e55a48c2d663b0 |
| SHA1 | 2a6ec21e45e9db2d3436a1f09a33be71f976c753 |
| SHA256 | b446c58ac6597df2779c031b3f3c2cd77bc9de1821365562077b1199a8472225 |
| SHA512 | 1467f736004806d76f20b040fb5a35ee81304faee7476a954110b443f07d76dfbed6d50110a464eee172aba6e595fcd52fc1dca6e9454ee7298c8ff02f88beb3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe77cac050de63079a8331a70e099cd7 |
| SHA1 | 63faa4f1173dbc9726aee9c4b192f30ef22226dc |
| SHA256 | 7c8ab44258029c33f50cb09d2ed358a7facf3a7d0b730f9a3f548c4100ed01ff |
| SHA512 | 8a19bff771065048bf83f023887bd0485aceb9e6d7385ae79eb44c3fcf99ff6bdbebed67554c553d80bdad10f6db2c976d8ce382748443e365d88e12cb39bc84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8c45c57a98496de3ba40af99c9e295b |
| SHA1 | b04ff5129a8d6f355638b23938360eb0cca8293f |
| SHA256 | c765958c42bbed2461d09963ed15a17fe0f0d4f60bf662075f2e138beb4920dd |
| SHA512 | 5dd7104c2a358857a3ef58bc6c34a14b72426f912a721dd355fb05c9ab858bb0ab3529b3917f558636ad4e180f7680b7c4a7d8242e89771715b0717ea9a506d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5da26d7b0836c4ceef9ee3eff3368448 |
| SHA1 | d1de1919c56e072fb23b1bb3b14244af6231be70 |
| SHA256 | a24c1d796970c3ba3520673d62d9b9cd3741ed106369549a1fdde652a11d7684 |
| SHA512 | 3b53e1a72d8478fe4b4579ad929d7180d1188c39bb710a9fc826443b7547c75798792987cc8f0ddcfcbec0ab7a20c47e52ccd5ca10084f248588cae446355d7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5eab27de3dbad2861fe2e6d47f24dfa4 |
| SHA1 | 07d370761023abd2b3f2183839aea8bb4a35e777 |
| SHA256 | 54dca27fd19df30b8219cfcf70b3ad1d54a56625232affb0a3226af12fd7be76 |
| SHA512 | 3a2af3368def6935ce78f1d02423c2cd43b2910905147bf7530929e29a0cb5b533c33388936b49f2077239a64506ce19abd1de5bfd611a41f8b0c3dbe34e9891 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ef94c8a09dbb8b99a298fae1e02e20f |
| SHA1 | 81155c4a023d28723c7b0502613948db51bedd8a |
| SHA256 | 1a5f73b240b8d60e2ec1b7d7671b29d29267ab11ba0339fc4b0e41c1c98e28b6 |
| SHA512 | 2de8685209cb9db9e361e5a89eb7632914d0a276201dc62f52331fd4d04a4958c76423a089b785bdf8bcb1083dfbe6a0f2aa3f4ef930746fbbf400899b10a5e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ceace68f80fc0d617e71a28d49bca153 |
| SHA1 | 51649921412f01efb0f5b2d47d4e776d2f58dad1 |
| SHA256 | 5523b01b4e67f9b0c684ea62e88e430ea011d4736e3634e2dda8c98a00ee5fe7 |
| SHA512 | c21f6de88594319f30738cd146eccf645a5284786f82e823a9bb88abf199889ae5339c8ba9086974f41eeccca929eb499743d0c2cb49253daffeeda1975a25d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 934431005d208dba3d10a3eb9f4ec195 |
| SHA1 | e979725c0b78bf384c65d7660695d85f8a1e915a |
| SHA256 | 5101a1025215a4cc90bfb8f7ad7bc51cc803b7558e7a71d2fd89e0ff11d9b30d |
| SHA512 | a7b554dcaf04395f494c7a7c44eec72e4bc43b0147a339c104cbda3185eb49bad0927567067d9034c2e86d6e71f5b987ac14f609b176cbb303c862cde5d5113d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a04109591c5ed7451a517192cba49c9b |
| SHA1 | 6d55b8b6bec3b48d6929c8826b7db7ac8ed4fb33 |
| SHA256 | 7674db30b42e54bbaa806ab375f8540093498fd60bc483c693e23cb8a1fa30f8 |
| SHA512 | 85c8fdd92940e152b1160d766265830cf8465495d4f3629cc01b58134105cc617b7c21a18d377eb299363e4cf26575176348e7e078d3dde52fc44050290b1629 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae79bce04ba7f8452df3a904e8c2b56f |
| SHA1 | fb3d035ce186c5fda94d0e8849fc34b582df3c3f |
| SHA256 | 423cacc88dccc80afcf961e1d24f61503ccaa0c89f88a46abb061af18baf77bb |
| SHA512 | 1b57bd329948cf11919d9d71ca4d1967764833e43d5babff697666c834e5b31379e044dfbb4e663b7fef67c4938171cbf794133b953cf44da14b499ea3d909a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44ecc90d4dc0969354295062f0ce0ed3 |
| SHA1 | ce7743715435a185d8ea07161edb6f287cc2a80c |
| SHA256 | 7536741191cb04041296750072549e2a18a844085884e5be87b2c688a92558e7 |
| SHA512 | 9a74c96eafcff837abfd9d5cc6e8707541d4bd8e5bdbbca25cee2371ddab6d3c645d23cad0c72ac0b78371e3b2fc249dbd4223b11a1af7d85a1626bd27461f19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4e95a949fb7d6873ef07c57e6c006bc |
| SHA1 | 14bf8a36e7ecb61562f154f93b79def9e5b17507 |
| SHA256 | abaf44d3f976d03d6e52165f96327e4b589586d45958f1dac7a0baacb749c322 |
| SHA512 | dbe100496edbd7398b5d5c2ff1baad139ca01fb41bf52f8fe132a84d0b7f20754017796dd3ef214324fb3c0bb815e8a5ec784a9d6d3a0d8064d0b98f780b010d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3da33938e3ef092911885a6eeaf22f74 |
| SHA1 | ef98340face78f18fb326647ee3ab0f704d70c14 |
| SHA256 | c0eafeed5f12468433ae52cda59c39716dbe2592cae3e00ab70329cca5aac175 |
| SHA512 | 80605fe7c6998a8c3a6257e56d8558da3b389aa9774072ae84afadbd040843ab466c130a793b8ff30e4028c9271ec44db8280d39d9e8c915aeef569a4601a14c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45791306bc98135bd752c675e71782e1 |
| SHA1 | 3ece5e5da455eaaf1434e3f309ce7c0027aff9f6 |
| SHA256 | f2d13def7401385d2b5e4864096ff008bf798d3b475093aac4cd3c1a7a2acdc1 |
| SHA512 | 9ed52d3be8664232413e8c6c0143a3ada2bb24aa4efcb906ab8aee6f6214277b8a183e6759a3f1cda13fcff267b62ac6e921be07b35fb8253ca7112c7b7bc377 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 11:11
Reported
2024-06-13 11:14
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a53b9116b0afc6eda3924c3ca182ead5_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e7e846f8,0x7ff8e7e84708,0x7ff8e7e84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,9201067004363697654,2989283752116925863,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,9201067004363697654,2989283752116925863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2664 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,9201067004363697654,2989283752116925863,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9201067004363697654,2989283752116925863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9201067004363697654,2989283752116925863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,9201067004363697654,2989283752116925863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,9201067004363697654,2989283752116925863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9201067004363697654,2989283752116925863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9201067004363697654,2989283752116925863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9201067004363697654,2989283752116925863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9201067004363697654,2989283752116925863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,9201067004363697654,2989283752116925863,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5368 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | znsv.baidu.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | piwik.cyu.edu.cn | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_3696_WNQTDBSYMKQRBXRI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7f7a8be0a800d6ce0d415e42bb8d54fc |
| SHA1 | 6fa9a8ff694fe076e2ead67d7a78b6f7ee4b7a9d |
| SHA256 | c788dc1254bd87592c0fe049033d84d216619377c94bd3e31be3d42b992125ff |
| SHA512 | 38f560ddbad3701aed5e77a6edcba1dc52227975feadefbbbeca26204cfa38baf020fb7ca0dc91940999862b4520c392c57237a3603597fd297a0198e995fc4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ab73b1ead65246bfa187ca1ce6019404 |
| SHA1 | 9c13d31961c15b3ccb9a9c07535d02af88e168b7 |
| SHA256 | 8ff215b43bf4e118a25447352075daff536c1d1026739f8cb8253a3f44d04d22 |
| SHA512 | c88c1c540bd3210e1591dd252f91180a043db4f38b923c5283f8b689104eae8c8bc022154ebcb8dcd15626cddf39d5a5766f1a7432562ef6f9e0272b01abd73b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | be74c35da4d4da800f898ccb83792bcd |
| SHA1 | 4a4d634e84e2a60d0c530370b4152bfbe4935ef4 |
| SHA256 | 880bb21c86160ecef9a6ee9192edc1d364dec3e0a98c59b8c7198fbdbbb69f2a |
| SHA512 | 092056dabb2d5ec9a83197fb2b795faa8ddea5a99221f1c622ab2fcb190585f8293bb9d05a6509bae2436cc753ff2c9022c55915e31e0256f9b98c5db3874750 |