Analysis Overview
SHA256
b7a2ce8e374f59ccdb7f205474bc2a761733376eddae4a36a464ecfa60e1d524
Threat Level: Likely benign
The file c034664511a27725c844d2c08ef00f27_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 07:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 07:05
Reported
2024-08-25 07:08
Platform
win7-20240729-en
Max time kernel
137s
Max time network
138s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430731410" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c920000000002000000000010660000000100002000000099b350a270ec23e83b161c119d8cdb0252d7012ee5050588aab6d0750cf5f285000000000e80000000020000200000000cb7b5b170f52fd712a78576b87daabab0bcfef95969b1f2c61fdc0a4e822d6b90000000acca33cadbf66cdb7e1a7befdf15ab4fbe90ea4744e267b8c5bc2fad31d96e5a1b46cac405728143dfa8a07c10f10ca848dc5cddc213865197607ae01e0699a468d8c1f948f7da44a614ecc50244d0964372285fd52bb2a0fa22249db8ac8cb5a7dc8481f700159bef4409953aa41344c9748e19b9df6dfb65dafe275259566c90cc0dd88959ad9a79683bd0e22e63fc40000000cfb7b54d20a9385ae7d71824704749fd7a978d45babfe14ecc2e9c0aaa0da9cd063c3c8eed2b9bed98827016b352612943e13965bef26b1c2050876bab4bd5d1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{70864AB1-62B0-11EF-B75B-4298DBAE743E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c9200000000020000000000106600000001000020000000b2a9f0f170fc3a8ebb58eadc1fdb6551872eebee7f0618981dd77234f87af205000000000e800000000200002000000075c28c8109f61f48756e064ed7f7025ef25cb5afab6ed9f6d75eb30e083582242000000014a0c7fbe3d62a717b290021abd67a2b0715cd541926a2f3b4c406537c1d00704000000006fadb05cd17fb492e28c1daae9219628c7c2078a529038add6436677dbf442b1dc1612af946e2657ac5897cb25b3d9dd415ba679aa96fd713b5ee05cc5ec2b5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10d27b84bdf6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1368 wrote to memory of 2696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1368 wrote to memory of 2696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1368 wrote to memory of 2696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1368 wrote to memory of 2696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1368 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gc0.clftx.cn | udp |
| HK | 156.245.23.32:80 | gc0.clftx.cn | tcp |
| HK | 156.245.23.32:80 | gc0.clftx.cn | tcp |
| HK | 156.245.23.32:80 | gc0.clftx.cn | tcp |
| HK | 156.245.23.79:80 | gc0.clftx.cn | tcp |
| HK | 156.245.23.79:80 | gc0.clftx.cn | tcp |
| HK | 156.245.23.79:80 | gc0.clftx.cn | tcp |
| HK | 156.245.23.32:80 | gc0.clftx.cn | tcp |
| HK | 156.245.23.32:80 | gc0.clftx.cn | tcp |
| HK | 156.245.23.79:80 | gc0.clftx.cn | tcp |
| HK | 156.245.23.79:80 | gc0.clftx.cn | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| HK | 156.245.23.32:80 | gc0.clftx.cn | tcp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5FBF.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar602F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3c1c32be5699e29564020da1704868b |
| SHA1 | 6ee0e7c1a180a0f4640b03122f8efb7de7416dfd |
| SHA256 | c84f666898830df6b66145773f92e91552a543edfd19b46a29831a1266a69482 |
| SHA512 | 5dc6d68f5de5596ccfad85dfbdf80d20332c68cd57244b4feb264495f538084ba26decd67db65ce6b649efed44007a786ff040067b77f30b437abb7ab3c5e308 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eaca3945d4a0f95125d576c22268293a |
| SHA1 | 4d30c4c3ab1462250fb8a745f1e0dbef4a99a145 |
| SHA256 | d26da529138d6697ad5870ac2400d7f5ba4a598cbf818dd01aae4d8a3f6f1bcf |
| SHA512 | 896e9af5e41edb75e8ce70739bd1333dd9ea92860ac8c46ad2176f7f9a24cd7a88bcae845840cbedd01522ab3731aaa2c3a2d948177bd3ce755cfc35e2263c17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1874e6bd9ce571a5fbfc3011ceb2aaf0 |
| SHA1 | b4eac2b3320614dd3058b41dbdca9ee9734893d6 |
| SHA256 | 69b4cfe1410b3169023e2ad0f0e16d0f6675ea257ade7a55cbd0be72073ee121 |
| SHA512 | f3acda2ff5c1835181ee311c630a953da7b8e1b713b01fbd90914414fee86e4cf019dc0e011bb7ed750cfbd34ea10459483dda446e4e057403e505f01783c95d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5e12d367ebd3c5855cd67aaca117a06 |
| SHA1 | b4f757ba97bd492fd4471140b86e978d407d4da4 |
| SHA256 | aeec22c8eb62ae20a5346bb5b684c3c7a29d3a37d65e6451d4568ef1a8c338f4 |
| SHA512 | 6c346b72e074cb88bd2fd3273596fdfebe959f7f6be9efb0d95de641a5c81b5691ff9b344edd2a7994089975bb527bee05401ff1f9bbf63199945e27f54b5973 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 108d31d06780ee8554ff843ee20e8e49 |
| SHA1 | c0e689327932f727b0a6e0e66f86f7d66f7d604d |
| SHA256 | 8557232df20913c22fdcdefa201a7be0dadd1f55f6da23758ccce7b214478588 |
| SHA512 | d856f05f611f90501e5769feb39e1672cbe12522fd44056b9b2b6f21c20c3b76331f4de12b8cdd1c573854e0eefb767d3df412fb0be3aebc0474cac0e999f0c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e3e63eefe8f22adae3a39a8ceee20fd |
| SHA1 | b4ffef9a88511adc1861528ba2fea21a9917427a |
| SHA256 | f958b0120e843d3bec2cc8d296807fd9c1368642898d95ac3bb0d12333d5662f |
| SHA512 | 0cf3a7545441798b861e096ffa4c780ad9a97c8046e790c6b06e059be0da18b1b4a7eb6a17c6116172e35a22027a7ba7df9b4794438ae7a300daff2eb17b4604 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 083b3c466950ca9d07f522aba44f798b |
| SHA1 | 76de218ecc18a24f4e9d13c8404c531866351934 |
| SHA256 | 5c726b9b858ee71f1f165341ce7242696f18f88ede96aaeab30b9d5d8689745d |
| SHA512 | 88d3313c2e8191653cb32b2c6d0150ef2508fc13db22ccfa6cc805372dbc2b364187c84fef4fdec931b4fa920e5ca26763e67e5f96579fce96ad3f0f67be6dfb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0183ce6920bee3071b1f8e1caf04e03c |
| SHA1 | f36db05e6bcdc29e07a4b079d025c96a49db2976 |
| SHA256 | cecf7c059631a4f3913e1430d4748610a2fe3e2d1d29bb0e55af9eaed2fd143f |
| SHA512 | 7f22a9cf1be2bf7e0e1ba422684ca8a3acd723a28c85a5935a48ac5a138b31665ad56d3ba2af7c07377970d1a952f5ba4ab4deddb49945f38ffa327c5e0b7f66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7d631b723880f7b4c02ab391f9845a2 |
| SHA1 | c1fa7ef4c30cf6817a2f982242abd9dab5608bf4 |
| SHA256 | 13979abadbe7dbeafc307fedb8f694a94f4aae6488341265eab5bb7f636b7e7d |
| SHA512 | 67a399fd98d74fcf28e31734732877c9685dcbab79a2181c5d1a26a866c320d9739e526219f54b21f0d975e9a02275a91e7d028ed9375b1756672c6289d18a29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6b367e553430652ecdb298600062b1b |
| SHA1 | d8a6a20203d3238bc422ffcc0577abba61678a4e |
| SHA256 | 5030b4d8cc00d063339ff8b049d11e42525a4f25422c10455ebfd1793387c8f6 |
| SHA512 | 664952fb45ab53382b6f95e2218560eeb986a67857090b9962bbcd52061e6bb6102698946e570537213e4b89c4c070a81092050b4e784e075f842499eb06b42d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cee15abaa97c6344b2996eb0ef73d52d |
| SHA1 | 03657d10b8c0944e06bab1ef237a934242ec9342 |
| SHA256 | 929d3c2ad1a9568ea976e63131050f8955edefb191c2029e2bc5e71fa0c8281f |
| SHA512 | 57a391a202ef8736d9ea900a87d395988647a508f3fe9b1340d3b45a2b3de01cadf42d90573773747c8e61539f899122377e0d9b50c52516e1d41a95b8527fa0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2464d5d1f9d4e0c233d0a967dbd25c5 |
| SHA1 | fd2998f4ef1e44fced52253c77deca27c2d8ef65 |
| SHA256 | 1b0f59221e1d6c8c25c7aaa2db6141a1ed1bcbdbcbaad94a3c63cabe43c79a1b |
| SHA512 | 4931b79079855d8ede37072d5a8b7e3bc812e04b6768bff03f78c7d1bc24d5c006e1eddbcbfebf78cc3fba2fc046792cbcf78a5bdbfa0dff24665700e49d67d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08a03f2b595bc6b597ac96ac64075619 |
| SHA1 | f112c4fa787c1cc11604b0c90a872ee9cef76876 |
| SHA256 | 71f7ca24e6909200a0d312af2cf2183356e9015e4520ba6d57b1bc19217d7871 |
| SHA512 | aa78ad255c9f27bfebe75a94f9fdcab320f515ac739ae21661bf37c0286c7b21289240a97c95d396575c74dd0667e74879a2e3883ef1d13f2e64aebf4f056d47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | daea15c13adee157e6e79cae2246a4a5 |
| SHA1 | d08cc2ef3629b0511a5d319b790622152d6ba081 |
| SHA256 | 846d892269dcdf36d438bd258604ae081354e92edae80aeae6973f0de178a30e |
| SHA512 | a8791ad6bed118ee2b120333998dd8bdf6bde26d64db288808cb95aa77930319bbaaaba658ad8d8f74dbd4635e6a3881de02afa124c649abc2aa4fef9d7233ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47797111da99a84865bd6b6359e841eb |
| SHA1 | 23e1edd033a6d4c0b2588e162fe693c0ef49fbc7 |
| SHA256 | 35dcc78617e64c9a6a4968dcd67a591cf3f35c4d81270c873bf38ebbf9040409 |
| SHA512 | 94c2aabefd33a0b2759f486c9e00af2ef9a239d336733b11e0b659497ae7d4e8df774473be3391f9799ab059f2b6337e412c20f0849d17d63b0fd635e9f04830 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ac9b16c8f982d304fe50e4ebdc98e01 |
| SHA1 | bffc0202c06d43fcbbe8f3785f48a9b05d7bf131 |
| SHA256 | aa86511902ded90bdbcad39153283adcc402f9a6a89fe23377df6e4ec3af27a8 |
| SHA512 | b5b4a13d5738c5c44b46dbf31648604f4837d71dcc990442061c832e763c02c9bfca241aeec43ca9e8002b8c823d4347cc86527f24677d02a865ca2ed15832e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56d828a268e6616a85bcdb18524e63f7 |
| SHA1 | 57b122337795a8f746c9a0c0e4993b36391a16cd |
| SHA256 | cbf7012c2074f6759050623f255d2526e6e808c92d7e08f833ac80ccbdb5687a |
| SHA512 | 13a0f4dcb56081b21b5be29fb430a2e4343c3c38891bb35cff4fc3bb356a415c8a9e3c503a032abe14c2826b7cd3df24fc230d179e65820ca9c82b418155b25d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 07:05
Reported
2024-08-25 07:08
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e84246f8,0x7ff8e8424708,0x7ff8e8424718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,12354663300039513006,6745769633167060662,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,12354663300039513006,6745769633167060662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,12354663300039513006,6745769633167060662,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12354663300039513006,6745769633167060662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12354663300039513006,6745769633167060662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,12354663300039513006,6745769633167060662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,12354663300039513006,6745769633167060662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12354663300039513006,6745769633167060662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12354663300039513006,6745769633167060662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12354663300039513006,6745769633167060662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12354663300039513006,6745769633167060662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,12354663300039513006,6745769633167060662,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3048 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gc0.clftx.cn | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| HK | 156.245.23.79:80 | gc0.clftx.cn | tcp |
| HK | 156.245.23.79:80 | gc0.clftx.cn | tcp |
| HK | 156.245.23.79:80 | gc0.clftx.cn | tcp |
| HK | 156.245.23.79:80 | gc0.clftx.cn | tcp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| HK | 156.245.23.32:80 | gc0.clftx.cn | tcp |
| HK | 156.245.23.32:80 | gc0.clftx.cn | tcp |
| HK | 156.245.23.32:80 | gc0.clftx.cn | tcp |
| HK | 156.245.23.32:80 | gc0.clftx.cn | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | api.share.baidu.com | udp |
| CN | 182.61.201.94:445 | api.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 103.212.101.180.in-addr.arpa | udp |
| CN | 180.101.212.103:445 | api.share.baidu.com | tcp |
| CN | 163.177.17.97:445 | api.share.baidu.com | tcp |
| CN | 182.61.201.93:445 | api.share.baidu.com | tcp |
| CN | 112.34.113.148:445 | api.share.baidu.com | tcp |
| CN | 182.61.244.229:445 | api.share.baidu.com | tcp |
| CN | 14.215.182.161:445 | api.share.baidu.com | tcp |
| CN | 39.156.68.163:445 | api.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.share.baidu.com | udp |
| CN | 14.215.182.161:139 | api.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b9569e123772ae290f9bac07e0d31748 |
| SHA1 | 5806ed9b301d4178a959b26d7b7ccf2c0abc6741 |
| SHA256 | 20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b |
| SHA512 | cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795 |
\??\pipe\LOCAL\crashpad_5072_QTOLNNIHVRERIXVK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eeaa8087eba2f63f31e599f6a7b46ef4 |
| SHA1 | f639519deee0766a39cfe258d2ac48e3a9d5ac03 |
| SHA256 | 50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9 |
| SHA512 | eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9b45522e-2789-4633-a02f-34f689690557.tmp
| MD5 | 7c671e30f98ce772b8c504aacfee9070 |
| SHA1 | 21af7784a8434dd70515d4a40a172711bea7182b |
| SHA256 | c223b3289db3c8b4c5eee62cdb2056ba72a29c4ec17ac54127cc15ddc4024845 |
| SHA512 | 06ce82195e262deb226405e190eaadb94c65fbe81ba3d3c793ab824045ef078c6d448668ca63fa53968d9f76ab63da8e45516aac9726e718e8b042df8affa637 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6231569c48358343618d335fe504f2d2 |
| SHA1 | 5fc594ce97ad5e234107c9d9586591164dc25247 |
| SHA256 | c02aecc46b11adc21251d1901ab51eb46bb536d7ab9f5a628d6487dc049320d5 |
| SHA512 | 43fbb626495b64301261eb6d9c3420e0bfff3b44cd151a10a2f217d548968b2f4aa652e12203cbfe164ef35edb43cc40c61a7f9841a8af958f32e32d32d9f732 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 755a75bef3206646fbaf45f6e9d6d5c6 |
| SHA1 | 24248fa32641422992e41b6d0b81448e45db11f5 |
| SHA256 | 7262be72a9339854c095dcac489692d9181dfd8130c0a407466fc8bc354f26e6 |
| SHA512 | 5b9c49104aebae1c3dbc5d05f2a7d3f4f4dba5bbd34208d643d0cead0e74e52f8d82507712fea6418b9bab9666e6f4b5d4b642918d8098e25fbdcf82e73cbfcc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ec25fd739832dde653c893316856f286 |
| SHA1 | c8cadd1f1d0fa4178218a65f487b2c4f7188b79e |
| SHA256 | 646fcd2de90ea904c7d4c0382a71b0ba1172b9bed7b5594e5b08bddf5740c612 |
| SHA512 | 496d6eed0e196c468f6bce1c887e350c81ffcc285f25295fec7a99ea9e68fb7caf3257f4b57a432c0f82665e75a92a298beef5c5074bd8de940f244c24e367b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |