Analysis
-
max time kernel
145s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
02-10-2024 01:23
Static task
static1
Behavioral task
behavioral1
Sample
083ce3c5a0bae12a0a2f9c89bfbe17f4_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
083ce3c5a0bae12a0a2f9c89bfbe17f4_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
083ce3c5a0bae12a0a2f9c89bfbe17f4_JaffaCakes118.html
-
Size
53KB
-
MD5
083ce3c5a0bae12a0a2f9c89bfbe17f4
-
SHA1
fc874fbe68978fdc4301e3037b99adca0d80f16a
-
SHA256
73c475284b8a74943ec76cee30718c8de66b392ba731adb880de1e0861e13060
-
SHA512
5abc18562fe31b294c5955e74e60c99203cea975fc4a4969d8ebdc2454de2e6c779e63377303f2d54077fa97d0e521be955455593d6c28d021789367c3c5a9af
-
SSDEEP
1536:CkgUiIakTqGivi+PyUSrunlY263Nj+q5VyvR0w2AzTICbbKo3/t9M/dNwIUTDmDo:CkgUiIakTqGivi+PyUSrunlY263Nj+qc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4424 msedge.exe 4424 msedge.exe 3760 msedge.exe 3760 msedge.exe 912 identity_helper.exe 912 identity_helper.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe 3224 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3760 wrote to memory of 2712 3760 msedge.exe 82 PID 3760 wrote to memory of 2712 3760 msedge.exe 82 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4440 3760 msedge.exe 83 PID 3760 wrote to memory of 4424 3760 msedge.exe 84 PID 3760 wrote to memory of 4424 3760 msedge.exe 84 PID 3760 wrote to memory of 1240 3760 msedge.exe 85 PID 3760 wrote to memory of 1240 3760 msedge.exe 85 PID 3760 wrote to memory of 1240 3760 msedge.exe 85 PID 3760 wrote to memory of 1240 3760 msedge.exe 85 PID 3760 wrote to memory of 1240 3760 msedge.exe 85 PID 3760 wrote to memory of 1240 3760 msedge.exe 85 PID 3760 wrote to memory of 1240 3760 msedge.exe 85 PID 3760 wrote to memory of 1240 3760 msedge.exe 85 PID 3760 wrote to memory of 1240 3760 msedge.exe 85 PID 3760 wrote to memory of 1240 3760 msedge.exe 85 PID 3760 wrote to memory of 1240 3760 msedge.exe 85 PID 3760 wrote to memory of 1240 3760 msedge.exe 85 PID 3760 wrote to memory of 1240 3760 msedge.exe 85 PID 3760 wrote to memory of 1240 3760 msedge.exe 85 PID 3760 wrote to memory of 1240 3760 msedge.exe 85 PID 3760 wrote to memory of 1240 3760 msedge.exe 85 PID 3760 wrote to memory of 1240 3760 msedge.exe 85 PID 3760 wrote to memory of 1240 3760 msedge.exe 85 PID 3760 wrote to memory of 1240 3760 msedge.exe 85 PID 3760 wrote to memory of 1240 3760 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\083ce3c5a0bae12a0a2f9c89bfbe17f4_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3760 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe94a546f8,0x7ffe94a54708,0x7ffe94a547182⤵PID:2712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:22⤵PID:4440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵PID:1240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:4284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:12⤵PID:5020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:82⤵PID:4060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵PID:3672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:12⤵PID:3272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:12⤵PID:368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵PID:572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,16406053141067860596,17457995542855842395,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4152 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3224
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3396
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3296
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Requestwww.wintotal-forum.deIN AResponsewww.wintotal-forum.deIN A195.15.233.57
-
Remote address:195.15.233.57:80RequestGET /Glossar/glossar-js.php HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Glossar/glossar-js.php
-
Remote address:195.15.233.57:80RequestGET /Themes/default/spellcheck.js HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/spellcheck.js
-
Remote address:195.15.233.57:80RequestGET /Themes/WT2/images/WT/wt-logo.gif HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gif
-
Remote address:195.15.233.57:80RequestGET /Themes/WT2/images/star.gif HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/star.gif
-
Remote address:195.15.233.57:80RequestGET /Smileys/Weihnachten/cry.gif HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:49 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Smileys/Weihnachten/cry.gif
-
Remote address:195.15.233.57:80RequestGET /Themes/default/print.css?fin11 HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:49 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/print.css?fin11
-
Remote address:195.15.233.57:80RequestGET /favicon.ico HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:49 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/favicon.ico
-
Remote address:195.15.233.57:80RequestGET /Themes/WT2/style.css?fin11 HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/style.css?fin11
-
Remote address:195.15.233.57:80RequestGET /Themes/default/xml_topic.js HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/xml_topic.js
-
Remote address:195.15.233.57:80RequestGET /Themes/WT2/images/useroff.gif HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/useroff.gif
-
Remote address:195.15.233.57:80RequestGET /Smileys/Weihnachten/shocked.gif HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:49 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Smileys/Weihnachten/shocked.gif
-
Remote address:195.15.233.57:80RequestGET /Themes/default/script.js?fin11 HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/script.js?fin11
-
Remote address:195.15.233.57:80RequestGET /Themes/default/sha1.js HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/default/sha1.js
-
Remote address:195.15.233.57:80RequestGET /Themes/WT2/images/post/solved.gif HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/post/solved.gif
-
Remote address:195.15.233.57:80RequestGET /Themes/WT2/images/stargmod.gif HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:49 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/stargmod.gif
-
Remote address:8.8.8.8:53Requestadsrv.wintotal-forum.deIN AResponse
-
Remote address:195.15.233.57:80RequestGET /Themes/WT2/images/upshrink.gif HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/upshrink.gif
-
Remote address:195.15.233.57:80RequestGET /Themes/WT2/images/topic_starter.gif HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gif
-
Remote address:195.15.233.57:80RequestGET /Themes/WT2/images/www_sm.gif HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:49 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/www_sm.gif
-
Remote address:195.15.233.57:80RequestGET /Themes/WT2/images/WT/nav_unten.gif HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:49 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gif
-
Remote address:195.15.233.57:80RequestGET /Themes/WT2/images/filter.gif HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/filter.gif
-
Remote address:195.15.233.57:80RequestGET /Themes/WT2/images/topic/normal_post.gif HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gif
-
Remote address:195.15.233.57:80RequestGET /Themes/WT2/images/Male.gif HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:49 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/Male.gif
-
Remote address:195.15.233.57:80RequestGET /Smileys/Weihnachten/cool.gif HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:49 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Smileys/Weihnachten/cool.gif
-
Remote address:195.15.233.57:80RequestGET /Themes/WT2/images/post/xx.gif HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:48 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/post/xx.gif
-
Remote address:195.15.233.57:80RequestGET /Themes/WT2/images/Female.gif HTTP/1.1
Host: www.wintotal-forum.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Content-Length: 706
Date: Wed, 02 Oct 2024 01:23:49 GMT
Server: LiteSpeed
Location: https://www.wintotal-forum.de/Themes/WT2/images/Female.gif
-
Remote address:8.8.8.8:53Requestwintotal.de.intellitxt.comIN AResponse
-
Remote address:8.8.8.8:53Request104.219.191.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request83.210.23.2.in-addr.arpaIN PTRResponse83.210.23.2.in-addr.arpaIN PTRa2-23-210-83deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request68.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request57.233.15.195.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request133.211.185.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request86.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request75.117.19.2.in-addr.arpaIN PTRResponse75.117.19.2.in-addr.arpaIN PTRa2-19-117-75deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request48.229.111.52.in-addr.arpaIN PTRResponse
-
3.3kB 7.0kB 18 12
HTTP Request
GET http://www.wintotal-forum.de/Glossar/glossar-js.phpHTTP Response
301HTTP Request
GET http://www.wintotal-forum.de/Themes/default/spellcheck.jsHTTP Response
301HTTP Request
GET http://www.wintotal-forum.de/Themes/WT2/images/WT/wt-logo.gifHTTP Response
301HTTP Request
GET http://www.wintotal-forum.de/Themes/WT2/images/star.gifHTTP Response
301HTTP Request
GET http://www.wintotal-forum.de/Smileys/Weihnachten/cry.gifHTTP Response
301HTTP Request
GET http://www.wintotal-forum.de/Themes/default/print.css?fin11HTTP Response
301HTTP Request
GET http://www.wintotal-forum.de/favicon.icoHTTP Response
301 -
2.0kB 4.1kB 13 9
HTTP Request
GET http://www.wintotal-forum.de/Themes/WT2/style.css?fin11HTTP Response
301HTTP Request
GET http://www.wintotal-forum.de/Themes/default/xml_topic.jsHTTP Response
301HTTP Request
GET http://www.wintotal-forum.de/Themes/WT2/images/useroff.gifHTTP Response
301HTTP Request
GET http://www.wintotal-forum.de/Smileys/Weihnachten/shocked.gifHTTP Response
301 -
2.0kB 4.1kB 13 9
HTTP Request
GET http://www.wintotal-forum.de/Themes/default/script.js?fin11HTTP Response
301HTTP Request
GET http://www.wintotal-forum.de/Themes/default/sha1.jsHTTP Response
301HTTP Request
GET http://www.wintotal-forum.de/Themes/WT2/images/post/solved.gifHTTP Response
301HTTP Request
GET http://www.wintotal-forum.de/Themes/WT2/images/stargmod.gifHTTP Response
301 -
955 B 3.5kB 9 8
-
955 B 3.5kB 9 8
-
955 B 3.5kB 9 8
-
2.1kB 4.1kB 13 9
HTTP Request
GET http://www.wintotal-forum.de/Themes/WT2/images/upshrink.gifHTTP Response
301HTTP Request
GET http://www.wintotal-forum.de/Themes/WT2/images/topic_starter.gifHTTP Response
301HTTP Request
GET http://www.wintotal-forum.de/Themes/WT2/images/www_sm.gifHTTP Response
301HTTP Request
GET http://www.wintotal-forum.de/Themes/WT2/images/WT/nav_unten.gifHTTP Response
301 -
2.1kB 4.1kB 13 9
HTTP Request
GET http://www.wintotal-forum.de/Themes/WT2/images/filter.gifHTTP Response
301HTTP Request
GET http://www.wintotal-forum.de/Themes/WT2/images/topic/normal_post.gifHTTP Response
301HTTP Request
GET http://www.wintotal-forum.de/Themes/WT2/images/Male.gifHTTP Response
301HTTP Request
GET http://www.wintotal-forum.de/Smileys/Weihnachten/cool.gifHTTP Response
301 -
1.2kB 2.2kB 9 7
HTTP Request
GET http://www.wintotal-forum.de/Themes/WT2/images/post/xx.gifHTTP Response
301HTTP Request
GET http://www.wintotal-forum.de/Themes/WT2/images/Female.gifHTTP Response
301 -
909 B 3.4kB 8 7
-
955 B 3.5kB 9 8
-
955 B 3.5kB 9 8
-
909 B 3.4kB 8 7
-
909 B 3.4kB 8 7
-
909 B 3.4kB 8 7
-
955 B 3.5kB 9 8
-
909 B 3.4kB 8 7
-
909 B 3.4kB 8 7
-
955 B 3.5kB 9 8
-
955 B 3.5kB 9 8
-
955 B 3.5kB 9 8
-
955 B 3.5kB 9 8
-
955 B 3.5kB 9 8
-
955 B 3.5kB 9 8
-
909 B 3.4kB 8 7
-
909 B 3.4kB 8 7
-
909 B 3.4kB 8 7
-
955 B 3.5kB 9 8
-
955 B 3.5kB 9 8
-
955 B 3.5kB 9 8
-
909 B 3.4kB 8 7
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
67 B 83 B 1 1
DNS Request
www.wintotal-forum.de
DNS Response
195.15.233.57
-
69 B 132 B 1 1
DNS Request
adsrv.wintotal-forum.de
-
72 B 72 B 1 1
DNS Request
wintotal.de.intellitxt.com
-
73 B 147 B 1 1
DNS Request
104.219.191.52.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
83.210.23.2.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
68.32.126.40.in-addr.arpa
-
72 B 136 B 1 1
DNS Request
57.233.15.195.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
513 B 8
-
73 B 147 B 1 1
DNS Request
133.211.185.52.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
86.23.85.13.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
198.187.3.20.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
75.117.19.2.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
48.229.111.52.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ff63763eedb406987ced076e36ec9acf
SHA116365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA2568f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f
-
Filesize
152B
MD52783c40400a8912a79cfd383da731086
SHA1001a131fe399c30973089e18358818090ca81789
SHA256331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685
-
Filesize
5KB
MD54a130425c4504891bcb817d6546c842e
SHA11d28bf4b2b1bb4467c0443e833b20284785edee7
SHA256c888dc3af14ed211349346120e4518305473517f6fd3c42220e752e82d304383
SHA51211d8daec367b07a0924aa2df66ba5210fc013adec3086479c5637c582c37a00d9d6e635285393dcdc2e3ca0bd6ffc82af20c2f03a86b7cc66da70452ff913b82
-
Filesize
6KB
MD51d6013b8c36b0a13bf68073e64d3190d
SHA1547998b18f4b005117d4aa7e5c3f32ac56d1de9e
SHA256b4904714dc5ec14e4e6168fe390770ce15f781cc6ee09d4105ce8f74fba9006d
SHA5128ba7f613c19a3d29ad149584f20d1427cb7af837b048aab8567be0dc01d88f5a1f3e40b34b97cc9822de20133b2f57f3d7f7522414c30121ddb2c2f62f2c2e9c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD593466f49dc23bacfac8bf295218b918b
SHA1d20a7b9a55e5330e8b16696de75c1a50a337b0f6
SHA256dba40a7e7aa96e19b07416e9d09d026907170735cce22d79e05cbcd58dce3a8d
SHA5128ffa2540d6e76fa6d1b9f22b1261bc6a72508678b0578d549e6ffd0aed8598aede29a2cfbacb956ecb5bcb1289da7aa23fd1ffca646eb80262f157a988d31639