Analysis Overview
SHA256
3ef842afebd57c5b7a34c7a52305a5a0aaf36956f5662c5f9f0a018884cf7f86
Threat Level: Known bad
The file 7a690bdc5bcc7c124964a50e262ee941_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
Ramnit family
Loads dropped DLL
Executes dropped EXE
UPX packed file
Drops file in Program Files directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-28 16:23
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-28 16:23
Reported
2024-10-28 16:25
Platform
win7-20240903-en
Max time kernel
132s
Max time network
135s
Command Line
Signatures
Ramnit
Ramnit family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\px905D.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F50E3E31-9548-11EF-8AE4-465533733A50} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436294473" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a690bdc5bcc7c124964a50e262ee941_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:768 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:768 CREDAT:603146 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.vmk1sd.top | udp |
| US | 8.8.8.8:53 | news.share.baidu.com | udp |
| CN | 112.34.113.148:80 | news.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | news.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | news.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | news.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | news.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | news.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 39.156.68.163:80 | news.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | news.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | news.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | news.share.baidu.com | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\CabA69B.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarA72D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1a295b622edd0b92eb804b4e17d6b2a |
| SHA1 | cd952b88582eca101d09e4b0cee4dc0b13188a60 |
| SHA256 | c6a6a993c5af27f91495b7e30378bc6614627060cfd68793fa7ae3fc3bcfe784 |
| SHA512 | 98600b79056a55f9ad71d00515fab9a446c4ffb09d2081bbdb72b01050a984f1f64d968f9d646a39faaa9c56ade087ee2baeabc816f10ddfab280dd61dc1767e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f030fa40e8107c1ecbddc3ecbd840512 |
| SHA1 | e5619f5e3fdd7f897ffabd5804ac8e54ffe2baf8 |
| SHA256 | 27f432fc23197932c50882099ca996b853ad9a3d36a774215069e5edea22c856 |
| SHA512 | 7df70503fe8edda410fb087f2b3b9c52ec06cfa5520e810fe6115d3689eb8539c70f04c8dccc56648b3c0d372f6a3dfab7ef5d405022991b2b5d9ae4b4000b73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aec37fe25ca780119a6bc1c55d68f88f |
| SHA1 | 9d8fc49316bbbd64d7146e0d947e601fb18676e4 |
| SHA256 | 3c49d2a1b48c9db016c2123400d5d68d12781f9aba096e78c1086198fa4cd371 |
| SHA512 | 16759f8588e49b2feed13fe55085e4f3950a41a970f07614f27d6019b40705f006c960d46e4cd5cbb6cbb6da9854ec565c39b5184af519da3ce59aa17c39438d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e883d394834728ab01b02b6ad2327d8c |
| SHA1 | 70e5d377bcd7815e1b091b41fc3655dcf6ace942 |
| SHA256 | f5573c958effc6b1f8acaad81f17a71c49b9d425dab17cef30c1aad34a1502ad |
| SHA512 | 5f20673d0d6d6b7b77b54719500f7d3115429456c254f316fba7d5f091188be9c85ec54093d8c73fc5162150019d5477f57d4bae39bb01f8419a1c3d822607d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ceb0959da7a6e64afd56091c6fb436ca |
| SHA1 | 7deca5ed0bc66fa64ba8417dfc8b5caf862218a5 |
| SHA256 | 9c527cbee619c6acfb931197396738904fbbe3a77a1a7a415dce463fe0f45c9c |
| SHA512 | 6f715ab90a1e29db237a5476596c0f2aeead2b79a3ae1f0b446dfed4353821d0062e9ed26dd2b3f661c5b99642e480701c62edf852ef4bbb0d72e120d9fa887f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4baf662f7337333eb117eaeef4c1fa58 |
| SHA1 | 1ddca5f954c11041bff31490c59eb4402a6f3e16 |
| SHA256 | b0097ec676ac669ceed60d07c0f0f27655459ef9c3d0933f00d5831ad0b94024 |
| SHA512 | 4ce424c93d08f1c40d82520006d0d24ca54f12e0daa1f6730d7bcabd67b34d9ceb088f06fa969ad0ba91472737f2950018b7c43e9c56f5e8e7bc2b90f9d4f376 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d45cd05d391d160bdac33d77f06b0c45 |
| SHA1 | 304ab1c174a2440144d86bb3ebe5f5c13a350959 |
| SHA256 | 9c737f9e7d6d0e2be11989529147e6d7c353ba2bb852630ac2f42ed81580b300 |
| SHA512 | 5c80cb6165c3d61c0073c71333f434ef6da0544109b9ee78e3b7def3f605188ba16ee1dd67ea6faaaf4bee623246495390fa068e6c4a38f618ee3d8e58b92b80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea3f73ee4b736cdab33550475d1e6dfb |
| SHA1 | 3a09a7ffb1cef7ce2d123fa50beffe74c33d3948 |
| SHA256 | 523231c640b420d28f7d099c78ae58efc223a16408daa439e11295e46e6bb135 |
| SHA512 | 5ef4d58e58b1c5a5838bec3cee7399ebf72499a10ad5ac9fd1c82ab72a47e4db85f6dea1f6a35b7b4a7d4739929901539980ad02489b0f0c6e77e36e9e992814 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b84dc614ac1c22752fb5a9156fb67367 |
| SHA1 | 5418382353d6624e03bc294e0fb51c262b5c9ce2 |
| SHA256 | 443a6e3cc5a2c79d424fa375bd11d95d7bb3a4e0a971424a0d4d53cf027cd16b |
| SHA512 | f4853c2e4aa7dc4c4016b63241bf503b23fd6cbf68854bf6910802db6bcccfef33c548ba55bac8e29fa939c1ae6209db19df02a54d8244479c634e30078d6c53 |
\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/2208-434-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2208-437-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2208-435-0x00000000003C0000-0x00000000003CF000-memory.dmp
memory/2208-443-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2420-448-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2420-447-0x00000000002C0000-0x00000000002C1000-memory.dmp
memory/2420-446-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2420-450-0x0000000000400000-0x000000000042E000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ac64af7c152a270b63a18aceb8c5eb9 |
| SHA1 | 80e7b734e0c1d852849360b374517bd746008209 |
| SHA256 | 2dd4e7f620e867b0a646178c0e7b79aeafdcf7e0cc61240a36e30ad4c43057de |
| SHA512 | 15d9dd07dafedeb8ea0e2321e49c3a4df61c8dbaa50dbfbdcd7bcdbb8842291656f3ea70086c1cbca67322111c8d349ac1998768cdd179090a2bd7c2b42ccaac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac11f802772d31705ee8c9a360b832ae |
| SHA1 | 2c310280e0dc6e560f589e730d5ef010c866d35c |
| SHA256 | df09aadc18f931c06161de6554de9a09ee366639528da9bc6e6526150987cae5 |
| SHA512 | 70ddce5aa04f2a71a5ac926bfe88ae996a173bf987feaf08ccfb52c505a68e12e036df4665e19489dc24b1aef2c46e5c13e18f6170fcf1b71519bc8b6a7d11ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7316a486e25b215d8d887b4c3f157638 |
| SHA1 | 49518a26a927b02b98cf1a161ef08397c8bdc707 |
| SHA256 | a2f2075a850aa331446a046c530b24496e886dea66e283e89ad371b4d2eface1 |
| SHA512 | 2d42a48d8de8263614da1be4b2e6fa3c85f2cc43a189d833ea9bcf7031484567560d0af5acc822e7ef7014617ac92261203e9e51ef6f3290cb0e663f528156fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ca099aeee3de085db43f7c48c1ebcd7 |
| SHA1 | 2b75946fab639b9e63ee6079944af76da64f560c |
| SHA256 | a26f249cbfc7e58c7458348b17705b1bed004ca5772892060923c4ba39e64668 |
| SHA512 | 84c1c2576194009096f83275b5d05a8e05ad514c37b37455a5a11c66624f3b4e50ae55112c96d8b810c78a75b4ed149faa47d75d1c1ce0c922ccb5f07bf80417 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13c901815b62dd8cd6eeb9f9d69535ef |
| SHA1 | 8af08ae73f0c8ee27b6fe497aefebdfd27393ab7 |
| SHA256 | c4765aff18b894132265d0a4d78392b1c5587e71643a5167e8915530b735f114 |
| SHA512 | d84beb82dceccbf327fe1fe1d65cf6e9accca887d03bfa3a1ee5c524e6ff2f427c94ae6002525fd2f8c5ac495810d0c1318837b9b08ccdb92056f0c98d9db89a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e23cb599fa79b8df66d91d8962fba7f |
| SHA1 | 2f7b423215a741b780d362966aea42b0ec1994bf |
| SHA256 | 051414e0a16d552d1fa7955672392bfe8b2404d96bd49cf48afbf0dec082d6a0 |
| SHA512 | 352647251509099c29dc4f30807431ecc89952fceca062e179ebddd81329f96fbcc3634448e2c32570a8e35959bc4a00070dd3f4c630362383b3bb3f87986200 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fde3897f8692171a6c67daf081b8e34 |
| SHA1 | 1363f6fe1056b5fc649cc54a3b4058aeaca674b5 |
| SHA256 | f422b1d40de8d7096b339a8cfc7cb085b98a76f4db08492c20e71c2ba09cfb62 |
| SHA512 | 935b1d2b796acd6017d7f842a46c2b1b421f3ff9c4b79c735add2d480bd6ac97782e94cdfa447cb380135ea988ec9509b9c0c333e3959b596510d9cca8a86ee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29daf2414804ad029e933830f9da1835 |
| SHA1 | 9abd0ed80fe63e355b5444a67f58627aac46580a |
| SHA256 | 974afca6d4cf20caf71d15d6574071695abffff181ae160586fd689c2ef81066 |
| SHA512 | a66fa20346d2c2221fffc5e912e5372ef4375ee260ea6380680f550cedd557e0616b19dd4806bd700ba752f56ff057ab7b61e8a56cfc8979444b5a959bb27612 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33ecc6ecf4f486efe81aada18148ab6e |
| SHA1 | c22ad9b60b24fface58ca0861e62f07961d3d05d |
| SHA256 | c794b9b08dc6acf69fc23226f1bef871df4c1d57db33fbbe43523f351ffc5d02 |
| SHA512 | 4e1a24c0d232f568b2bb0cb1b21879a350d437e88c91e211ae9d4784b1142acaef02272821f9eddd997ebb8cde7ca3aeb1cb1f1843554002cd52c3e3c5f85d36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78ab1943af707e00fadaa1285e51e56b |
| SHA1 | 4084c67dbdbbd12dac7399bf0fd1afddd7c7fff6 |
| SHA256 | 03fd3d8d8a93a51602c5930bcba5850e01283acb4b64e74540c93ce471ba466a |
| SHA512 | 2b5b9f86a2fca6619544cf652b12b0c0bb1dbfdd037fc6b4a06f92d008566fee79b507f135c8e57c0f9c36113b6d27c1eb9add9d50d972cab119930d6e3e02a7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-28 16:23
Reported
2024-10-28 16:25
Platform
win10v2004-20241007-en
Max time kernel
140s
Max time network
139s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\7a690bdc5bcc7c124964a50e262ee941_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff81e1e46f8,0x7ff81e1e4708,0x7ff81e1e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3044 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.vmk1sd.top | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | news.share.baidu.com | udp |
| CN | 182.61.201.94:80 | news.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| CN | 182.61.201.94:80 | news.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| CN | 180.101.212.103:80 | news.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | news.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.209.201.84.in-addr.arpa | udp |
| CN | 112.34.113.148:80 | news.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | news.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| CN | 182.61.244.229:80 | news.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | news.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| CN | 182.61.201.93:80 | news.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | news.share.baidu.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| CN | 39.156.68.163:80 | news.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | news.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e443ee4336fcf13c698b8ab5f3c173d0 |
| SHA1 | 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a |
| SHA256 | 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b |
| SHA512 | cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd |
\??\pipe\LOCAL\crashpad_2360_WNZVSIRUQMLOBSPU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56a4f78e21616a6e19da57228569489b |
| SHA1 | 21bfabbfc294d5f2aa1da825c5590d760483bc76 |
| SHA256 | d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb |
| SHA512 | c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c5f2ee87d198bdef43dc07cc0fa60776 |
| SHA1 | 8cba3881a9edb480499f39649c581e1bf5cd26ef |
| SHA256 | b59ce2ce24c18de1c9ed10167b9cfec7d6da527cfdc9248b9ad31de0a7e5f0e2 |
| SHA512 | ad0fc852dac4cf2b4a5f86ab69af10dba282d990c656cac7d95710634c1ccec879dfca43e999657076fb05a756a1348d1b9e6a9a474e2ce8c8383a843f12e943 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1ca86c77-a6a1-46e5-8361-67e0e210f11e.tmp
| MD5 | 264ab9dded45c89ad392dfd074da3ba2 |
| SHA1 | b22270b27b3fb3f2473eb928b47cec3ad404bc5b |
| SHA256 | 9ec9638972036f53a0cc042d64163262f3dadc2c5ad9c0d8245655e46889f6d1 |
| SHA512 | e6bf96fc980bff1468a545c96017d6a07b292152bf0063f1086e038b031d3ffbb3cc5c47f7bd27b87552683d1b6b389f6ee2c4fe4807cdbef66a25677da21166 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 903c501d19069f2edaae225a82ca4bf0 |
| SHA1 | a52a3c98511ade4d6708c7b8435837c32015883b |
| SHA256 | 33be4bf89653614f6cc2842dee0e736907a4a455edcb3b1fb297ec1f2b634a8b |
| SHA512 | fca11354d7136ef21b0adb26bf222b9b52520b01fe4d05bd12f87cc3571c61c77703cb0633f8d959312e50475515ffd58656aa85e48990b1b64be57de5a2f671 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |