Analysis Overview
SHA256
de613b028ed6e81704281817cb486179b5fc2413ac884076c76e330199aca221
Threat Level: Likely benign
The file c0821f52220f91fe341e81bed3d564dd_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 10:10
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 10:10
Reported
2024-08-25 10:12
Platform
win10v2004-20240802-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c0821f52220f91fe341e81bed3d564dd_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff914d546f8,0x7ff914d54708,0x7ff914d54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,4958040698027614996,2205825093434976320,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,4958040698027614996,2205825093434976320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2540 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,4958040698027614996,2205825093434976320,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4958040698027614996,2205825093434976320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4958040698027614996,2205825093434976320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4958040698027614996,2205825093434976320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4958040698027614996,2205825093434976320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,4958040698027614996,2205825093434976320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,4958040698027614996,2205825093434976320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4958040698027614996,2205825093434976320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4958040698027614996,2205825093434976320,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4958040698027614996,2205825093434976320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4958040698027614996,2205825093434976320,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,4958040698027614996,2205825093434976320,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.onlinedetect.com | udp |
| US | 13.248.169.48:80 | www.onlinedetect.com | tcp |
| US | 13.248.169.48:80 | www.onlinedetect.com | tcp |
| US | 13.248.169.48:443 | www.onlinedetect.com | tcp |
| US | 8.8.8.8:53 | 17.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | img1.wsimg.com | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| GB | 2.17.209.162:443 | img1.wsimg.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| FR | 216.58.214.174:443 | syndicatedsearch.goog | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| GB | 2.17.209.162:443 | img1.wsimg.com | tcp |
| US | 8.8.8.8:53 | api.aws.parking.godaddy.com | udp |
| US | 8.8.8.8:53 | 162.209.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.214.58.216.in-addr.arpa | udp |
| US | 35.170.142.141:443 | api.aws.parking.godaddy.com | tcp |
| US | 8.8.8.8:53 | consent.truste.com | udp |
| US | 8.8.8.8:53 | 141.142.170.35.in-addr.arpa | udp |
| GB | 18.244.155.92:443 | consent.truste.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 92.155.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.trustarc.com | udp |
| GB | 18.165.242.33:443 | consent.trustarc.com | tcp |
| GB | 18.165.242.33:443 | consent.trustarc.com | tcp |
| GB | 18.165.242.33:443 | consent.trustarc.com | tcp |
| US | 8.8.8.8:53 | 33.242.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e765f3d75e6b0e4a7119c8b14d47d8da |
| SHA1 | cc9f7c7826c2e1a129e7d98884926076c3714fc0 |
| SHA256 | 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89 |
| SHA512 | a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079 |
\??\pipe\LOCAL\crashpad_776_WCSCARWWNNVHTLHQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 53bc70ecb115bdbabe67620c416fe9b3 |
| SHA1 | af66ec51a13a59639eaf54d62ff3b4f092bb2fc1 |
| SHA256 | b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771 |
| SHA512 | cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 049587d4a3a7de5cfdc376d0137442ff |
| SHA1 | a0ac6729f66705aef34e59a248314d3d60dc38a7 |
| SHA256 | 32333c8f900fbc6102d606bd7c17405873843ab04f0138794f96a7cc06c28474 |
| SHA512 | 6f64bd3d13259ddc0289955a52f4c040828f42f7983e1335599b83716bb0f8aed8fd040805763003848bfa3e08bc5d950a330e4aec84c85c57f4e6438cc9f18d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f510bf7e3fa00c8b5d2cb9b42843930e |
| SHA1 | bdfd48880124e058959a4ed9404181fb7605c906 |
| SHA256 | d79f897b224b78ee9daed179c549bb82d199f95f24bc031a84df99034c5a8aea |
| SHA512 | 3dd30310ce9de99f219ccadc7eafa07358ead473362acbf948c5b18ca4df5d75eb9ababdc9911c50c4f829d244f26c961f6b245c2a821badcbdef890e1c49327 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f3e0daca1bed6611201fea63598ec8fc |
| SHA1 | d41dd6974af1b05e550271daec6a7c053d7228f1 |
| SHA256 | dbc7f40dffdba365f84994ab96ce9bc1b385c817c9b9d27991d36e6de7ab1d3d |
| SHA512 | 5157217c86ae7cb148e95e3810aec5cb36c8e0dbb302432a3f89c59a84c79df05ad4594a6eaef8adc697167f6b27171056df7fbabfb9b02fe5e90f586d590152 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d2bb533701f314c064ccda5fdca0ab1a |
| SHA1 | 3ea062b51ffc2454a172d90dda5a4fa0e51100dd |
| SHA256 | a43798d39612233d33c3d2aae40e979ce3aef218ef825e2f93e499289d173cb0 |
| SHA512 | 3a7b28d5c6b4a910cf6d5265c9fd8bf39c38a1365634a1950b0e8f6df2695a6be097441ac9c64c82a2a46d2f084ea8f42c39c968d9c161e094b8fb9fb25e677e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d6c3be40c7c321a841f44a5288dbb850 |
| SHA1 | fc5341354e5121866c823177a3d6a42c4feb42ad |
| SHA256 | 7ca3bf4f78ed65a72fb8b8de5a08e697834fb0e20ef71553e5fb9dcda47bbde2 |
| SHA512 | 6e9ceb6bbaa2e957639aef3d8b245dca62077f7add757225f7a78cb97d1d29cb96aea8657bacb0d305c6a925a1cbcb67a4abef0110b34b8d6b1e04c95d528d64 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 10:10
Reported
2024-08-25 10:12
Platform
win7-20240705-en
Max time kernel
121s
Max time network
132s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430742478" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{33BD7991-62CA-11EF-B2F9-66F7CEAD1BEF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d99090000000002000000000010660000000100002000000013f1eb80dab6720040e47e10d085743672c63b0ab8e4b2795568b18a80a31d63000000000e8000000002000020000000aa775994d54fe11bf3181afe0c7762ea6849ea3dc81ea99b3516a3f4e40aed2e900000002b80c98da8f328b4de93ce7385c6168afd1b7c8da5a673096aa80e00e8b5c87d32fce5d587612f6f55667b53e0fcd413685d50f698c5821ff93c3817833b7b39484576fb8ef7d2d2079b46838e75c48f833f9dca33c1e34424e6254557a94d4480368dea5105de1634433af370266248557ca2e42d2abc66c58832ae6d62d4dcda90c759e7f920d055fb8bc44fc1286340000000d27212ab19926036a383b6b255a065d0b9f19ac1220e6b7d3607298f28f7547a2f9310f3791b13f911e4e60624a882dbc9dd37e4578ab2c0a10e14214c8def70 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d99090000000002000000000010660000000100002000000091b0a22f5ba0b06f29a7b79030ac09de4983b0fef1e19674646970b81fea5902000000000e80000000020000200000003fdeb6a038361a768d37c9f74de25c47a1328cbb474e756a7f7f9089bf73bdcb20000000c0fd64618e1776683ea87b213e304f1e6fc2473f3f7658280d0fe32b3d247fb740000000efd432467b8b05f6c1a549c3f6952bc27baefa3e8e47ccf69e2ad6bea9af06eaf18fd4f3d3c37b827735dda993277db0571772c8265207b4f76b7041e91a6da5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f02fa0f9d6f6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2584 wrote to memory of 2856 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2584 wrote to memory of 2856 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2584 wrote to memory of 2856 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2584 wrote to memory of 2856 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c0821f52220f91fe341e81bed3d564dd_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2584 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.onlinedetect.com | udp |
| US | 13.248.169.48:80 | www.onlinedetect.com | tcp |
| US | 13.248.169.48:80 | www.onlinedetect.com | tcp |
| US | 13.248.169.48:443 | www.onlinedetect.com | tcp |
| US | 13.248.169.48:443 | www.onlinedetect.com | tcp |
| US | 13.248.169.48:443 | www.onlinedetect.com | tcp |
| US | 13.248.169.48:443 | www.onlinedetect.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab9E83.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9EA5.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8c76ccc7e157ce09a9d701dd1a579c6 |
| SHA1 | 7967f6e28a030e64c2893f80f9b194f746631382 |
| SHA256 | 96e8d26f932cf5a9de3b87aa223b7ffbc13450b8cb25a590787dfd9da8a0c2ca |
| SHA512 | 2776ba31d8d3b041d04c3f30f9f125aca115c6d496297f28367b4b0ec956fd01b89c609e46cae3186f3769a3325e074e41c0a85871ed654e0e0175889fada0b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 271283f1b0400a7a04c16a61f61f97ad |
| SHA1 | 8fd754587ddb1880922a58f5af5b5825726136e5 |
| SHA256 | f94c7e9ba2010374d809da6e9049f0c06a050886d6b74da95e06df1bdfa4b4b6 |
| SHA512 | 30e8721a4b5054d9813671e6401ffda199a263373fc5e72def2ca786069b6e6598db7872fb11fb6a2c815884664ab7b3a0e0a84fff9ac5049cb7ab677cd5e7b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9a23309929d954894d97bbc309ee328 |
| SHA1 | 651adf1333897390b93cc2ba9f3b864fbf181e8e |
| SHA256 | 7f15806d8aad378778b5763a301e759e13c9b8985d979e3a6f84c24b9a473298 |
| SHA512 | 2029f369b7c3f1ef7cd2519ee1cac57eced91851b10e623bbd8731de7aca18757abbccc3d4dc33bdc88070057e4987e4c580125e60a83ab83c5e92ee0df231ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5c7c1ae92b454033d33a2330124c97b |
| SHA1 | 42d076295a684954a1a090ca9eae925f5a6eb1dc |
| SHA256 | 48375f025c33ce040311b0154e9b5069207b138cf717adcff6ee7b627d91653e |
| SHA512 | 232dec68814a5187b7f7fa6e10f974d59884547ace6b29e42a7650ce352077612687ff8e3b27fd235ddfa58b4357616e73e85afadb7298032fef1e3fc60ff468 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 104349122670e658f0332b330a9c8b24 |
| SHA1 | 2e6ddce27b1b0ce4f296d147f5d1a0d3fa8631fb |
| SHA256 | 83b1598268694c658a68243483082ff807ae3d25253d7a439dd890338fb89747 |
| SHA512 | 575c31d6535671b17a7294f35e85d45d0aeb8dd70ed6de7fffbc2b16d50f3a32d3ddf237c8cb0b2f1263d5e42506c101e13627916c3ad15cc7262bdbb30f14d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5efdc50c49bf9fbd9432f17a3a9572e |
| SHA1 | 7bf772cfb49e0d15533f642652026c8b78e5e8c9 |
| SHA256 | 24ddd9ceeec2ac7cff59f745f5b17df6738180d933d88fbff1747adfb583da1e |
| SHA512 | d3399370bbf24c0fb5c85ffeb03f6d49d33f6cadb4227dc4c56738ba98f66465570f2dbdae506414e83ee9b45b117b8c47ed2f2c002417855a7bd71dbc9b2abf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b2029f82256ab1d39759ca73e3b1316 |
| SHA1 | 9039a180af0db319de41ae5deeb7a5a407f43644 |
| SHA256 | 2ea88e3bd6ba09779ce8d5365f6c206b05f62e4f3e7969807faa0b8be99c3470 |
| SHA512 | c7d5832c48bfe252b95148f2b9deb490d72449e3659b6d80bdef9c55fe94eeee36b66b67b3f908252afcc187a46280fefd445a22d9468c50931e2130f33a2ab0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d88012b6ed30f25363c42026daab806 |
| SHA1 | 6b13d64302eaaa11eedc7652bc8b8b1a50d8696a |
| SHA256 | d2fb70537376f00bf152ac1ab4acc4afcbf573be6edd4f4970e47b32e43c36a6 |
| SHA512 | 518aa3c0fc9ea0b4fab31d2c7047293f9fb23e0623053fc587d378960ba87fef6fbaeb1f40d7762e08feadff8d948d2a04faa0df3b9e637649eb3afce30fe2a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f59f53907f11f3296a880bc485c5f07c |
| SHA1 | 79a94f8c67d38e8b3bb160c107cf55e5249a76e7 |
| SHA256 | 5edc1ff5cf498e2ac82ff6da2f6372beec07c0e6cbe97ba8c9e9e9b535744cf9 |
| SHA512 | 660b8ddf77f3cd16de8e7c9965e770c8afa6fc1ff09593ba7cc635e3699f5dbfa44b75a9879b8313fdd7b343ffa976b3c66ee54739ae149879a2fb94613ed7cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a60314068f0225db1a5b24d7c304ea1f |
| SHA1 | 1a37defba4835e4ed641a9b4711e2de148e2a490 |
| SHA256 | 67f3e03cfb8511e2bbb0e77c1f2baa8cbc333d0be7369364f43739682ffd7ea0 |
| SHA512 | 251b1c2a3708ea59be153c7e73e06b013db60f7bb8e854b30128a15aa311a7bfff93bc80286cc48144a7f3c8ccce4c3bf5387ba7dbd3d8a1918c9427f51612ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8754f83c6ecf546d8b55cbcb763d8caa |
| SHA1 | 4ff259f0a23cbef3a87431016f19eb693b22a040 |
| SHA256 | 0a0e7001c767b9e1ffad494a4f8167fa9cc2c03248b4af768179096436d4b759 |
| SHA512 | 7f69080aa9431d7cf3fa192c4d8e1eb68ccb66c23829fb9698f5c31f5f0c6fdca81e8cbaeec0ceea4d600d70842a04d549027e9fafc22b61480416f409b3f55d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7733f74ba8b8fb53d217e410b0b39c76 |
| SHA1 | 59155727c1b4413191e54c89cc2fdbc3c1a6ca90 |
| SHA256 | 58f77381600279b0fcde6f1a5d9c5dd612f9b30bafc1a9e04c56980e58d13589 |
| SHA512 | 3dc08a1fdfc49a75123b9ba1b121021270c69cfcdc6d049bacf8b01923ff76c2931e70d3a5d8c3ae52029a101966a5ca6d02f4ae793198ce9109f1d5e4c27d60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 205f418de22cc1b5d67d8080f4cca318 |
| SHA1 | b5eebe14d060bac8f15bd6a6e65938f8fd32500e |
| SHA256 | c9bec5c5835afffb4643b426c3ef559dd604a04bec4ce10a0084a6c6d3ac3ca7 |
| SHA512 | d02a7dc6fd816d4838b2a9fa1d0143470d9862286065b5880ee58894f414edf5608d4f3069d50e1263f17126a8ddee6a6873d39bcb2b6fc123d959d71a4cfcde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5d44bb40a2db7fbd73ed673267661f7 |
| SHA1 | 88e00a944de53f397d50ea14bbb34adf90a121da |
| SHA256 | 57c1d75045ad9f96a65414300264eaf547d8b2ba5e83740891792ca26118f622 |
| SHA512 | 48913c9bc70c7e668c1234794beaaa3bd055a3d9933555002363380ed9325b6d16fba44ee3d3721de94dc2c594e2581bae60f747026e50859b45889047ad77db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe106d6c29bc5361a1b5ea91b2e8506a |
| SHA1 | c54ebd632e1e2643240cd635c11630020e851727 |
| SHA256 | ca0161409cf4d2fc47d2d2874ccb3393448203fb931dc4e9425a6aa8ee73292c |
| SHA512 | a96bd583c6db26f07562771f0c5b17c843a35857e93772fac4c7721a1fb0db8967a19998adfc1f1e1970692e5ccf655706615a6796ccb3bd32be992d0373c523 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3bd5d7d95b716410058d80d8b59a3f5 |
| SHA1 | 71ddca7a098858c747c115c08c74ec1cdfc988ff |
| SHA256 | f22698fa68506ea95ef230655aa92a7aee35c9505827cc05d82c5aa38ff7e8f2 |
| SHA512 | ac35d8fe2f4ad7416006aaf76f76020d0c4f6e29242a1e42e4b4af9edda35a77253a7c600d2dc61a4b1e1319284383cfec2d802df3c595592a9904be31a64e6d |