Analysis Overview
SHA256
5f73ea59351b24e8e2db8c2d34d94c4f204041fca14c161fa60c621560c8c29e
Threat Level: Likely benign
The file JaffaCakes118_4394db2fbe28c0771689a0b515bea645 was found to be: Likely benign.
Malicious Activity Summary
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-27 20:52
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-27 20:52
Reported
2025-01-27 20:55
Platform
win7-20241023-en
Max time kernel
119s
Max time network
127s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4078c982fd70db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d669ee435b2a2c4ea8db164ac3e770a6000000000200000000001066000000010000200000005612fc97009199655034e3db83647537286292a9a42355727b8a2fc51af74471000000000e80000000020000200000001a4ff3762b385d57dba5f3baf69dbcb4d940271f698131c8f32db6a82e6efd04900000000e17b7100247f6ff476d775addc6580980fcc334df3b5d0f321e044f1d3a8f1f3d04d14fd61bca02ad696e0e9d801fe1b674210bc5e578a406c4d910b833911c725284ff1a284c741842c1bb40f27d5c320241ca7523ccbb4473d3039c17379fca0115a2b48cb6140e6e46ff27cd3943f8739ccd39a9cfaf8453559f92626d648e9750218ac99ec707cf758346532df140000000771dc725bd16b0ba9cfea879caa46731d35e17ac5dfd5e0c3ecf301f11ba50d56fd972790f9b8829835a2815a05012112db3e25cb6dac7ef5a8767d2f51a5cb4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AB25AED1-DCF0-11EF-A9E4-DAA46D70BA31} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d669ee435b2a2c4ea8db164ac3e770a6000000000200000000001066000000010000200000008ac6387a842ef85b9d8d5f44aebff21210bc1f3a4ae190ba03ca751eb676fb81000000000e8000000002000020000000de3dbb66f08dad9714af042a7f729486f73946fe23455aa5174bbd0ad3c7cf10200000002a5d0a357dedc2aa9c49ed5dc8a499c383004c3f48d36bf40c1dda656268918f400000000c1112665e14ea1a07723ef9e8762dc6f8b0034154539bf69a57d1fee641880a9fc912715297b8640bf1ca2e415d8b4f84fcf015d9db7feeeb9a6e007017e09d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444173037" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2712 wrote to memory of 2756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2712 wrote to memory of 2756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2712 wrote to memory of 2756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2712 wrote to memory of 2756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394db2fbe28c0771689a0b515bea645.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2712 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mixmarket.biz | udp |
| US | 8.8.8.8:53 | mixmarket.biz | udp |
| US | 8.8.8.8:53 | ftp.bodaimage.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab7724.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar77E5.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a5728b4cd41154740cd195f8bbcd2ab |
| SHA1 | 61a6a8723e611e5b91ab931181b5387a77994f07 |
| SHA256 | b863a6b493b0dbae4de880efb5830dbbbb9474b109dcff7974d2c21524a3b3c5 |
| SHA512 | dc78c33b9cab9737712fdf178b309ec9ab93d4450282c8eb526bbb5901c24b4e5a238cffea8b87b0e0832dbc7e0ea20f32ced1e05c9a586a0edb5d62e02ad43c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b439434522c156c2e4de9f53942a3f9 |
| SHA1 | 0ff935e2d67ecd829f6dcac2ba289ca7a34bf276 |
| SHA256 | e3bc36860f343fe495aa41f75dfa52b37d4d1a220792ad7aecee19e9729fa2ae |
| SHA512 | dba05cbe29893b6b85fe5e53db5c75b81b02019025b665827f7ee498ec6660b5b9bf1ac7860f3b3141d54318061e4639921f24f6341f3462f1863b7937c79233 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0763fbcb745d0f1c6173f1bf154384a4 |
| SHA1 | bdee75c26df478ae1cdcdd53adaa5a045e5da77a |
| SHA256 | 1c4b622c76da28eb075c2023f82acc8d169de5bbbb21e27cc3739afd1aefeb74 |
| SHA512 | 0cfd8710be0f2220fe62882926f15c0ab564985e84a99fe72f651779e2312b65fb6fe43c808f936dad3fff655f1641430975c51e998832acbe3d12a37d32022f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 228cfbb065c458400d1992764a341cb3 |
| SHA1 | 1a09fe75640f7421f099c46f0414d3f5fe66725a |
| SHA256 | 058ba91a624c3f4e3e862f661af8f8f581ca7063ae1d899c01eaafdd14841f1e |
| SHA512 | 5be8c89d0ded92f5d32087fc404b437d7052b939c98aa5fea40ece948aae6a59718f4587ff0ae028efb47dcf4a27e85c594c76494fb263fdfbdc171700e6e408 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc1e4d1fb31019809ac110388750a72a |
| SHA1 | 05ecbede1427e1b3c8ac7c5bcd50ec3985645f1c |
| SHA256 | 7079ea9c9215d07fccb4421e8d65b1e84acc1cfff8310318dcd9ef791455102c |
| SHA512 | 37e67236978aa49ccca49eb8986e0f3a6a912e6ff0d2f6e854d9917bb74fcddeb4d867827b1ffd9bd78169945ee1d89fab649a7f65cc4c540d0a843fd2c0b6d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42bbc6aaf0361bced8bed15fe7de821c |
| SHA1 | 4544977695fcb50007836964a941a0ed74927e3d |
| SHA256 | a6a18937e82b6b1d8dbdf04662229991b03649c64bf089969ad8abd90c6c3f80 |
| SHA512 | ba942b700e1c993db064ed4fdf061bb74c4f647c8fc8faf3612fd7195aa1c12fb821d8729e8773b60b891de9da82734026f544c0c6b73ee9ed5d187f6076873d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b89b62d34ea0b02a793bcd165fc00b3e |
| SHA1 | f452f626de2f20d5530d1e5c46149754f4aec252 |
| SHA256 | 70bbe2e5af4a8d917a80f9a2fe76eb872b150851e53c92d838664b62918d9d02 |
| SHA512 | 461ba463a581c9034332351b531a93b85220ca19eed23689ceaa665438fc59e4f27d947dd6844933ab398789fc20bad5c4c9388aedffd02f4f09ca05c559b34b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e688a11c24f8a718207c162e407df2cb |
| SHA1 | 8c636e1274e33bb43601f01f3a608a7a5673e605 |
| SHA256 | 4f3477c0c7cd880f1113f223fb6c6a6be25c5e13db4661a4805e36fab89b61f1 |
| SHA512 | bfdf6108fd3dd11e16fcce6dcf9445ecd007280ec8c61973b5b68354d3e580a19a143dbdd8acca732a4d339352baa5b59d8d9becd7cd4d5b77035d1026851cec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a41566f255d354e3cb6b6a771e33ed5 |
| SHA1 | eaa19a38bb4abc26cc7d819b960dea6fc599623c |
| SHA256 | 9bc9d191a5fe68c6fbc4f654d1734729e2785a6a5e9faf3a36ff43ba1e2158fa |
| SHA512 | 61cd6cf4e147d8852fbea1e6aa2bfb7f0f47fa30eced9c8664baa89f128ba9bb9106ac27915a917ce8f0e83b68f14be80482fbe1c0b3e594fc8ca8338eaf44fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3aacdb1ae61c1067823fd107f6df22fd |
| SHA1 | 93d8a7423807df84dc08e3be754e02b0ba18de1f |
| SHA256 | 655ba295ee628ca6c1eaf13c0fad0aca00cedf38bdef724102e04a2e88a75535 |
| SHA512 | 9a1cfd03cddd46b43d9982d5876f4359393f4d045a1f75b624ea836a9363d96fa66920e68797e692eec51554c8dbe085c28d30b35a11624c555d6441ccf03ce2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ac436d7330974badb8286d5dc91fd36 |
| SHA1 | 18963ce4c1bec0a17f371ce9ba81d3d6b62782d6 |
| SHA256 | f692d05d921bd0bae3990a8ce1edf18f122f7c3b2f7bc0787486f1ba9244a783 |
| SHA512 | d4200c8c2cecc89652272195218137a4d3e00f42426bcc5d9ba8e3028a05ae7e51fab52382b12aaaefe887e5a59e9aadcc86de655a00fdfb239713f6a8ac5b9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 191092b0faf1aa4c4457cd2304bf43c8 |
| SHA1 | 4856e3cf2cc62d1a5aa1054ebdc4fab7c9ecf1f6 |
| SHA256 | 7c4fa05f9c79b8c490e4263f3e58d99857a6a54a47d00f145ef056d407f3944a |
| SHA512 | c5551f41ab9e6500e6270f90bf0f15d4abb683d8e89b8ca2136124bcf165e42023dcdc70d0b8702ca45be42aa5e4e6c57dce73ac53b90c7e1d29f6ec4d08ba33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74f555f4e1ed394e0212b42b4e10133b |
| SHA1 | 39ff4a623519e774c06b005b16094092f09ad90b |
| SHA256 | d486384fcaa67a00c2785190917646ebe5eb360eb5aee37a50ec10d54c1817eb |
| SHA512 | 8ecb162ccd4602d53a5c85ad30946faa271d0bc62075cfda006af72e716c3c739ede7cadd0c91a6edb00bad19134fcc49fe99edaa02550cfdc88c63d6747dd9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 890875db50d194fb2e4383efc51067f7 |
| SHA1 | 5e5e5180233483868d63e2962455c4cbffb2d1bd |
| SHA256 | 4ffe2ab6ffe68fbb2146d7f251ad8dac50c776c1a5d9dcd898d794042480aa78 |
| SHA512 | 782034ff1e67867d0c3259b8972e497f60d1078afc139c5fcac8e4ff289b5f53fe03101724a9401e86872a090858d0d07c1c47372599ac85af410712f4761594 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9180e2acda856ae7ca6dd068d9280956 |
| SHA1 | c8173540ac57a8f62fd8b2c19fa1a9ce29cae256 |
| SHA256 | e9ec404f910765cc84a90b60b5c856e9332e2870713b6ceadfef35253a703699 |
| SHA512 | 9ce10ae2a321e7cbc93fa37046d0f07709dd2ae4c0aeef1926098ef265b507a38a26894967637af04b83350144131024c9a88bed3aa423d2e945440ac12b5252 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f46976b96c50f00340c0ee7f355da48a |
| SHA1 | 63fade3a7751325bcd3260bf7a2f076809d3e31e |
| SHA256 | 1d881f2d1a956fa5d42f09774e1e92491ca059bd69b1ba388ed041746578496a |
| SHA512 | 8c25531fa90000982911520e5c6d46275c2529adea864db1190207cd762aa8685880cb8683e40138bcea76e24116c61273427a454b86af19b87443cb64e051eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 382d2fdd4f6b0cf2fba652b28dd11f8d |
| SHA1 | a3916348af4978413c10d2dfb42f07a00a2cd68e |
| SHA256 | caaa32edd62a1c97cc90ed2b06d9b896cff0d77d4200f8617212505566d79eb8 |
| SHA512 | 7e8467c7b09b63652e1f7f03f0ce62cbb0e2ee5e060cb35652fbe81dab5b4b29a17bb912411f99b5e9d3ff3db8057a342d9e527b6a1c5d49911a64a33942fe47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1b37aafcec6919732378cbe821065d6 |
| SHA1 | 353139993965456d777161bfb6049e841e9cecfa |
| SHA256 | 6934deecb32cf9f30cbcf27df067ae5160daa1c758ebde32c9596addfbcbce58 |
| SHA512 | c284a277882727e05c23556951ab5bf10bf6dec64cdece7546447dfe4a6bdfa7d3f1fd1e4a36a453ab818271e1c05a9287dd7bd7d944cdbcf88c4a555c1c5a2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a19b96f344bbb3c7d2e4e2608138c28 |
| SHA1 | bad1512d464ff57616f661f22d2c1326fff44e87 |
| SHA256 | 26ae06d81c72fa436dd32729f19f6c776cf71d2add784235c74bf1d0b7f101a6 |
| SHA512 | 2928cc545fedcb507fbd92eba7034a3d8b377fc64d65b2a8d13ff1bcc9a3603ecc0982bb237e98d7c75f40b4ceaa957f724a8a27fb4ba8a6d5d56ff9310e368b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb7672dcf9b16ff27e7f1fd1c76f5f6e |
| SHA1 | aa8c43a52b03e1c2b109299bace250931e3a68f2 |
| SHA256 | f1d0f710fb519d9e2d54f20afe86a6665725c32b5ec601c5b48fe5e2fea1873e |
| SHA512 | 4ae524309c07a04cdb5371dc23848cf2cc5b1edf72e596e47e336fa3f0c1f22d7ffb6165ddcbdccbdcc4b437926d649e6460d2d0fcc1d00b67c8ff823a696949 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef1dca2e43f3c8c3200aa380dd181066 |
| SHA1 | f70cafc4fc0832a7e99466e464a4a702f266fdfe |
| SHA256 | 39f0a93061fe135fa18d06d6fdd4fb5ee3bb730558fd117aa0e9e3a2ee5a8a94 |
| SHA512 | 98cc850c96d06ea41c1111bd041f57874a53c1edc9ff9254558152d1a5b337aae6b3e47feaac34a58bed263f0a3630e44b2a94f228212abc4193acad3bab9b77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7070ae6259d3060fea3487dd3619884e |
| SHA1 | 1d08c0241de0c3b088eb827ec28d5e59d0e4132e |
| SHA256 | 2c2f904b752d23ada4a6b3ed4a28c67cb62c2c01e474a79733ebdc12a6300883 |
| SHA512 | 924d2880e2c3d1d699a7f080efc4852de4a6f812514ec5573c93d966d31c83ab84fc8a333bd66b8cdee429204679d4079ce28a7f2239b74d99997edc101e831d |
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-27 20:52
Reported
2025-01-27 20:55
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4394db2fbe28c0771689a0b515bea645.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1bea46f8,0x7fff1bea4708,0x7fff1bea4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6175890049081836534,16575275940014481896,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6175890049081836534,16575275940014481896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6175890049081836534,16575275940014481896,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6175890049081836534,16575275940014481896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6175890049081836534,16575275940014481896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6175890049081836534,16575275940014481896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6175890049081836534,16575275940014481896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6175890049081836534,16575275940014481896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6175890049081836534,16575275940014481896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6175890049081836534,16575275940014481896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6175890049081836534,16575275940014481896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6175890049081836534,16575275940014481896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6175890049081836534,16575275940014481896,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5296 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mixmarket.biz | udp |
| US | 8.8.8.8:53 | ftp.bodaimage.com | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.114.82.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 34d2c4f40f47672ecdf6f66fea242f4a |
| SHA1 | 4bcad62542aeb44cae38a907d8b5a8604115ada2 |
| SHA256 | b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33 |
| SHA512 | 50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6 |
\??\pipe\LOCAL\crashpad_1600_GSPZOBEMOOJLIHBM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8749e21d9d0a17dac32d5aa2027f7a75 |
| SHA1 | a5d555f8b035c7938a4a864e89218c0402ab7cde |
| SHA256 | 915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304 |
| SHA512 | c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 73e0eb1666665cdae1bb86d94fb9c17e |
| SHA1 | 3d6294c35914f39336e56b3e1fc806d06cb86d81 |
| SHA256 | 2a1b9caee6f4e35763d958318fce9702114ee29446485380c675f255cd901c75 |
| SHA512 | 01088fa406c8d34430fbdb5fb598fab47c6bcbcbe07fed54030fcf11216718c6c1cad788449644f918dd5dea53476a72cce1fbb16df8db6baab1e33d457668aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c42bfa51baa1c23198db9d7c590ed2d2 |
| SHA1 | bcdad4af212c32a8951efbb52f6ae137c19deed1 |
| SHA256 | c005702a292a0537f4743131b7a540595461d9355698a04528974aea5a4dfe64 |
| SHA512 | dbdaaa82c204f765cc100a3516acc4584f22e7f907050b6a56e50c74227a30ecd0623e3e78559d260b5099bf1f2ccfc6e470568fff560428f2ec655865f1f181 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1f61e3c3d64ee26929fea661be36a91d |
| SHA1 | ce7179e62a08d459baf3ba7bf66572f230f92faa |
| SHA256 | 1d8fce6aabe30dc5327433469aa8b9d6d0e6e8c868a0968b40141051055518af |
| SHA512 | 8467ff4a680747c4153b3983e6a81214e93fe4cdaceebe7a5abf9ec41becbadd206e66edccfc98cad4bf68a25bee460c1fed3069a74fcfdd93d3ded31420a89a |