Analysis Overview
SHA256
51b84b839b04d5aa5e12a8bba3f6ec512b206438fd6fd0eee3e80fa86ceff5c2
Threat Level: Likely benign
The file c081b715fdaca7d8e746ce18d500b887_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 10:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 10:09
Reported
2024-08-25 10:11
Platform
win7-20240704-en
Max time kernel
133s
Max time network
128s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c70000000002000000000010660000000100002000000003af8e5f5706d97c088c3ce32c69b9e769741897053c5649b66de019d722b091000000000e8000000002000020000000858f4dff7c324514a23b16d18fc6127f11cabd2e5fda198efbbf23930fd5d1fb200000004467f8c2dedf76b67fc4dcd7ded7f758f6be335f55ad2291aa34d6a743be206b40000000c78212628d5d279fb75538eefbad0374eb5a5de556c61ee2f7c38467ddd6817963f724d3dc17f53bc34e699410bd63a6171d0c195c7debcbf7511bf379449426 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430742422" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 207150ecd6f6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c7000000000200000000001066000000010000200000002f3a4b5977fcb5540700d8bef3bfef5378fd83d72781b5a19e09a2e71b64087f000000000e8000000002000020000000b0ef5b5a63173ef089eff9de1a5bd099ee59d9e82d85315a6abab30bb12267529000000002bd2e53e93e430afa5179300a20cd885ae46074c6891cf6b6538ed5e9d3ade08e0429c14001643ebd6bf56f84342d32836a4e738e5d91d2ec9436c94fb2c5db270a345529b466aa0e85f7b021825669e9e43900f88828410c15e924c92426e841906ed524eb266365fd1d770f19019313ef7721ce8316f0dfef59de39646b14f1c2bf80318177945a93f9fc224a8b534000000015ff8afc3c884a95c1d7294fe6c0f1a0a91252d8fe32f7493b29ae2d2ded337822456fa78c8df5033b7b26ebadc278ff70fb16a273b5a6e11c3414a463b329d9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{14C298E1-62CA-11EF-91EE-7699BFC84B14} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 836 wrote to memory of 2528 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 836 wrote to memory of 2528 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 836 wrote to memory of 2528 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 836 wrote to memory of 2528 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c081b715fdaca7d8e746ce18d500b887_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:836 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | api.share.baidu.com | udp |
| US | 8.8.8.8:53 | nsclick.baidu.com | udp |
| CN | 182.61.200.83:80 | nsclick.baidu.com | tcp |
| CN | 182.61.200.83:80 | nsclick.baidu.com | tcp |
| CN | 39.156.68.163:80 | api.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | api.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabDDC5.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarDE54.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e72cd7f878b125eb5b27fd6785c7117c |
| SHA1 | 855109c0d43fed66077f3ae2d6f21133eeffbb48 |
| SHA256 | 7155c7e488eb0b2b4b6827a8adff06a647bb4872a82863871e7d85e52ddcf927 |
| SHA512 | 47e65660fa5a14f455eae328fb433dad197b9d4fa46c219049e6afb52bbe1b64de32a1a028ae831bafe75c50eb763463f9e37f5b0277b54afb76221031c879a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53bc17b3d83e80dc0d1193b3619db5e4 |
| SHA1 | 388aef143e0f878fedbb62ae87156fae9275f8e8 |
| SHA256 | f3b5a1f682c755cad32f0ca003228fc3f007cd5bef442113078d426ceddded4c |
| SHA512 | 3958e0d82493fe56f88eec6c0821d2d81192075d0aaab730dc95e95c5378999fa9eeec8c05ded1968ad6a14a837ee8f7acfd655f35d3c47e3b598ec30c45e548 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5c4b0ff1c81220fe8f5d537eac6666d |
| SHA1 | 7bca32d968e652651277e665203402fbc6c8a3e7 |
| SHA256 | ba8d6a2024434474bbf8299f64dbc3f5c49ac87daee2114be676aaf452f3e0d8 |
| SHA512 | dd5db72811e748de0f483b8167ad49b6b68e1fb881915aa1ca940a33be02fb454984c1753fc1f0ed87c2074857607ef43384a5fa31350f9c3462d68d38e23e62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 500e433fbc1130455f2fe92ab8fd30aa |
| SHA1 | 280017227aeeb60ffe1418fdbe2d60b0c6ea4bf9 |
| SHA256 | 1dcd710baf4e38af980e99ae74d745a69987b46088f2ac0f6b54043b0b38d6e7 |
| SHA512 | edd58e030ad418bd6387b6e73ddb1faba52ac64f7597303fc81d386a4939da8e1320263b45ff255580c4cc7d01ffc8abf1b1783188b8f1f41a8b771e05f2a6b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 051ebdcc8a4711d21eba6093d26b49e6 |
| SHA1 | 5f616fadb165044816578c9e78e7582f06b92631 |
| SHA256 | 780ada75b2cff35e245a6564bdc11202b7b8ef3d0498dfe469766d011720d787 |
| SHA512 | ec6545a6b211a7e2d25e9de0c9ff4629ad29147c8456c5b187058aa6b39e83cc90ab715a08c1e2be592d78ca1ac5f10d1a273bf73feb92a69b54c1d0be989059 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66484bd812708baa77d4b7b7df028e37 |
| SHA1 | 03686cf5a6aa13601757929fc16e52d2a487e409 |
| SHA256 | c6d448023fd997b70549fa6697607f4b5cc8a741a77fc127700da7025f254f69 |
| SHA512 | ed9be7a50ca1c750fc3ea7acfbc4e6acfcafbe8b581fa5f954ee56b1a3b620be3b3426d1ba1eb9343c0b470211708b0147e9655fae817318b4a620400abe47ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc2784d26c2327bd347f4239ffe64283 |
| SHA1 | a2982ae7188ec64e252115ff3b18e333447dbdfa |
| SHA256 | e58c7142714c330b27d360711cfe4d54646b08ace3b5b341f17193f7ebe42648 |
| SHA512 | d7fd2c265548c0818d3641c149dee23f7b7f8a9bd43d13b835a2a3aa59692e967a57bbaa8f6c8b92535b95a4df109e034c590fa3f943d09266e7323e09c6e617 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c21687ccc95d2aa087628db93f6c0f07 |
| SHA1 | db1eb2a2391e4d38bfcb0feb995efb7874a6ca43 |
| SHA256 | d23f45870bd8e0abc8ce8642f05db8fcf00bfec00eb1a0a3085599fdec1b5932 |
| SHA512 | 0d98de3fcd654a6f4fb1c151aa8a14e92bd0a919f387e65875b85bd850a8f30d491dbeed0588ac5c4fc09e6473665673831df1dcfe54f7f3191fe43181c0bbc1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d27b7656340f7876ae31afa982e5b2b3 |
| SHA1 | 09db7d3aca6c478c39751d478e9086fa564d7493 |
| SHA256 | 6256216c498645629e9c035d0b55c1d8c28a4afeae41d06474d7834e88a811fa |
| SHA512 | 9b3506baed4ebe009727f89c781e9c216de0e5ca2443b1d0178a5ee8e04aa5e3d992e806855be536d1e7d936a896ec58cbaa1e05a374ea630ef6a995b13d51f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9996323c2d30f27d6792b2be57347868 |
| SHA1 | 8b0b078a76c7d3f966c2dbd4a4212b42e8269fc1 |
| SHA256 | e07a7cf2bb293427672302750756a7b1a1fe198949b623c477c3bd5c654598e3 |
| SHA512 | 7f5587509da56066f889c34bc0fa0e29d5908b00548ac014ebd7caacdbc9afb0ad7fa98e47b01f4efb1a48204c5826d62f932f57427c9adf7cc699f7b3a54f7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d74a42c55258a7c1face2dd3339b18ea |
| SHA1 | c2f1a5aa1665f1691b32fa7f82f06eb0ccfc6ffd |
| SHA256 | 5cbfa8df7e9d9a38127425ef93ce0e4730c8872021b76571a9916660531928a3 |
| SHA512 | e91a909871290e3805cf72ecfdc81179c6c988ff6792f25247d33fc9fb1f50be1b9244d2feabb8e95dc11ad165adc27840366b47579511fc79299df6274dc4ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00ecb7b3b566b4b6247808798c4cc48a |
| SHA1 | 901ce4ed201b6161c845910e93a34a40ba87603a |
| SHA256 | 9f330de03d5f71431556e65b87eb6c182f98ca46a6fb0228b525ba75342ad4aa |
| SHA512 | d290c65d953e7c64b4892a1792d01cb6241fff1e70fb319b89f84619183bf7adcf829395bb560f765c501b69090ad5f8b318f7ae080bd31fae0a5abe86c219ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a411de1fd53781988724758e4183ed08 |
| SHA1 | f034a7dd79a753b3e43042e5459f4bfab11edfaa |
| SHA256 | 65aa8288ddb12447e6adf137e66b87e6afa398556251dbdf678047c0cee68e45 |
| SHA512 | 6862011bf473b507b01bca4ef7337647a59257f6dbc13346a5a6c4cb33511a05a1568844f6663d75dbadeb8e4466e6fce9140e4202fd34b5d96e1fba47de1920 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2f2e993bc44e970b8055b3d463ad85d |
| SHA1 | 6ec9c39ff3e85b1fb62a8abbc629559cb9ea441a |
| SHA256 | 360540cc8b8afc8e6f04bb3d2886cbc50dd1067a6784d1f22d18f820b224e6ec |
| SHA512 | 670ef405869662209d8949325ab4bd7e1a6dbce932c010f5845824dfbf9b1ea29d35aecc1d38a4617ffa3882b68413fc3f872af6b3c6750180f23b6c47ea6002 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2524bc5e5deadde3928306dc2c758bc1 |
| SHA1 | 7232bf31d5a3a201e58ba8d30bd41fc4f2d53991 |
| SHA256 | 1d5dd8f6359b4e607fbcd4133815c81cd38bef74fee0f70bbd130920d810dea0 |
| SHA512 | b63ed02e8e1079a9c97b9e20d590f35e788307e09230593cc5399225da116accb09a9ebfeb9a12f7522d56ae601a3a9c2383dede49c02fc701377970002d1b8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fac6763f58c00237439e88e31ba01f2 |
| SHA1 | 4ff9f8976c80adb6476ee264c211a64c3e2a62bf |
| SHA256 | 72ea6991f59faff478898abe5939a6302d64924e4c8b6228fa2523ed31514719 |
| SHA512 | ea124b2a867c222bf3dfef9892be63d0df53d95d1e42165149fbab660633ba9d9d95f0e5624fa20e9cc7e8141f4e766bc7f597a08aecb15ddf5ef912c80c4dd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fe6fa09084cac4e1951315caef4e571 |
| SHA1 | 9dc2845df5357aad19b58c933d1695486c3dd88a |
| SHA256 | ab369917fc55b5020f39038d7664e3ecf3d8dccd6898c325ed02f3d83c8e1a83 |
| SHA512 | 5a540e3fe0f52d728d8302debfc1b943eec5ce4f2f356c04b596895629eb7d0734eab64b04710dea3420e94a1752fbd1f9711756aac0c567fd8c5c9671be4b1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a70181ec6a6b14f764d3bad4e3a31acd |
| SHA1 | 931da73ec2a0cf22c9e8c25d0be9d77ecfb7bd3f |
| SHA256 | d270d87d8d162f85fc66d40524f6cbf1f659cf397e2f46d71199637e86624c8a |
| SHA512 | 14ed96ce08e995f4eb848d71c624d3e1fc699d88c1e93e8f9f82b3fc07b8d0c209c4b01832206961100b052af0cec83d7490d2af5f6d41b31d67e11a57cca2f9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 10:09
Reported
2024-08-25 10:11
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
142s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c081b715fdaca7d8e746ce18d500b887_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3f7f46f8,0x7ffa3f7f4708,0x7ffa3f7f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,6182031188438797961,5642237817618358076,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,6182031188438797961,5642237817618358076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,6182031188438797961,5642237817618358076,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,6182031188438797961,5642237817618358076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,6182031188438797961,5642237817618358076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,6182031188438797961,5642237817618358076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,6182031188438797961,5642237817618358076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,6182031188438797961,5642237817618358076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,6182031188438797961,5642237817618358076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,6182031188438797961,5642237817618358076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,6182031188438797961,5642237817618358076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,6182031188438797961,5642237817618358076,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1896 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 103.212.101.180.in-addr.arpa | udp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.share.baidu.com | udp |
| US | 8.8.8.8:53 | nsclick.baidu.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 182.61.200.83:80 | nsclick.baidu.com | tcp |
| CN | 112.34.113.148:80 | api.share.baidu.com | tcp |
| CN | 182.61.200.83:80 | nsclick.baidu.com | tcp |
| CN | 112.34.113.148:80 | api.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 148.113.34.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.200.61.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0446fcdd21b016db1f468971fb82a488 |
| SHA1 | 726b91562bb75f80981f381e3c69d7d832c87c9d |
| SHA256 | 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222 |
| SHA512 | 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31 |
\??\pipe\LOCAL\crashpad_3980_TBRKWOBNOFUPYBDQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b008261dda31857d68792b46af6dd6d |
| SHA1 | e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3 |
| SHA256 | 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da |
| SHA512 | 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ef8f118467a122bcf566cc7b021c4c26 |
| SHA1 | 41ac78d5112aa18c313be894e14ed1025e5d6b2e |
| SHA256 | f8e27381fb47445b310612f4a7fd0fa8f33098be3773a744c5302919cbdf8efc |
| SHA512 | 9b819b5700c4ca64f786fb61ebf6b7d061aa05f47e74633a6d03febba81b39cd6de22aab8907c9f18fc36b72cb0dbc4a9fff4b5cf3c19c67f4bc971f0ed31c09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6167382bb8f44006caef8f61f4bb971d |
| SHA1 | 560e6813b8fcb2cb166842c1b62cacd616f464da |
| SHA256 | 0e12d6c94014a4cdacd77079ab9b1c71a4910576ce28eef219aa18ea76d7a199 |
| SHA512 | ebe1b4efde457d7953068638f6f59d8293a061772c462c7043f311f9df0001def1145b6be4d606eaa978c8980bd58a1850d85b2411ee929dfbaebaa3a5124bbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 672423c76398ceb9a7f9642478d4aa28 |
| SHA1 | 719029ded41920fa09e2a817dc9a05d9101d5cf2 |
| SHA256 | 30c1630d20fdf2fcf105563aa810685cad01341801df99af6e3fd7cba6442b24 |
| SHA512 | 460de353514e7e3a970e05f67c2ef9cfddb96cc4a9e342d6e647d437e0ba1fb0216c8df1b3332255588a17a0948fcf21edc70cd33aad49222a3079c9571473ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |