Overview
overview
8Static
static
301181a8e0b...18.exe
windows7-x64
801181a8e0b...18.exe
windows10-2004-x64
8$0/SoftwareUpdate.exe
windows7-x64
1$0/SoftwareUpdate.exe
windows10-2004-x64
1add-certs.cmd
windows7-x64
7add-certs.cmd
windows10-2004-x64
7bin/certutil.exe
windows7-x64
1bin/certutil.exe
windows10-2004-x64
1bin/freebl3.dll
windows7-x64
1bin/freebl3.dll
windows10-2004-x64
1bin/msvcr120.dll
windows7-x64
3bin/msvcr120.dll
windows10-2004-x64
3bin/nspr4.dll
windows7-x64
1bin/nspr4.dll
windows10-2004-x64
3bin/nss3.dll
windows7-x64
1bin/nss3.dll
windows10-2004-x64
3bin/nssckbi.dll
windows7-x64
3bin/nssckbi.dll
windows10-2004-x64
3bin/nssdbm3.dll
windows7-x64
1bin/nssdbm3.dll
windows10-2004-x64
1bin/nssutil3.dll
windows7-x64
3bin/nssutil3.dll
windows10-2004-x64
3bin/plc4.dll
windows7-x64
1bin/plc4.dll
windows10-2004-x64
3bin/plds4.dll
windows7-x64
3bin/plds4.dll
windows10-2004-x64
3bin/smime3.dll
windows7-x64
3bin/smime3.dll
windows10-2004-x64
3bin/softokn3.dll
windows7-x64
3bin/softokn3.dll
windows10-2004-x64
3bin/sqlite3.dll
windows7-x64
3bin/sqlite3.dll
windows10-2004-x64
3Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26/04/2024, 15:35
Static task
static1
Behavioral task
behavioral1
Sample
01181a8e0bc4def08284efb5ac9f840a_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
01181a8e0bc4def08284efb5ac9f840a_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$0/SoftwareUpdate.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$0/SoftwareUpdate.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
add-certs.cmd
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
add-certs.cmd
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
bin/certutil.exe
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
bin/certutil.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
bin/freebl3.dll
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
bin/freebl3.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral11
Sample
bin/msvcr120.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
bin/msvcr120.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
bin/nspr4.dll
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
bin/nspr4.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral15
Sample
bin/nss3.dll
Resource
win7-20240215-en
Behavioral task
behavioral16
Sample
bin/nss3.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral17
Sample
bin/nssckbi.dll
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
bin/nssckbi.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
bin/nssdbm3.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
bin/nssdbm3.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral21
Sample
bin/nssutil3.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
bin/nssutil3.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral23
Sample
bin/plc4.dll
Resource
win7-20240419-en
Behavioral task
behavioral24
Sample
bin/plc4.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral25
Sample
bin/plds4.dll
Resource
win7-20240215-en
Behavioral task
behavioral26
Sample
bin/plds4.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral27
Sample
bin/smime3.dll
Resource
win7-20240220-en
Behavioral task
behavioral28
Sample
bin/smime3.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral29
Sample
bin/softokn3.dll
Resource
win7-20231129-en
Behavioral task
behavioral30
Sample
bin/softokn3.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral31
Sample
bin/sqlite3.dll
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
bin/sqlite3.dll
Resource
win10v2004-20240419-en
General
-
Target
add-certs.cmd
-
Size
3KB
-
MD5
5ac423d78077c6ec8d99974dd9681d11
-
SHA1
0d91d80de298fb008f522ed95842932bb92f6099
-
SHA256
664e3b7b27995e01fd31dff1699b39b995c0e9efebaefa16247669eafce08e08
-
SHA512
dce34c3dc7bb2cec567be2e12c0362be260c59b940efc869a2421f647af9ce847c4793c86f5a155206c2d41c40ee07144b81992f629ba8d9d2644834effdbda9
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in Program Files directory 17 IoCs
description ioc Process File opened for modification C:\Program Files\Mozilla Firefox\browser\defaults\Profile\key3.db cmd.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\defaults\Profile\key3.db certutil.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\defaults\Profile\key3.db certutil.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\defaults\Profile\pkcs11.txt certutil.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\defaults\Profile\cert9.db certutil.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\defaults\Profile\cert9.db certutil.exe File created C:\Program Files\Mozilla Firefox\browser\defaults\Profile\cert8.db cmd.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\defaults\Profile\secmod.db cmd.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\defaults\Profile\cert9.db-journal certutil.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\defaults\Profile\key4.db-journal certutil.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\defaults\Profile\cert8.db cmd.exe File created C:\Program Files\Mozilla Firefox\browser\defaults\Profile\key3.db cmd.exe File created C:\Program Files\Mozilla Firefox\browser\defaults\Profile\secmod.db cmd.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\defaults\Profile\cert8.db certutil.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\defaults\Profile\key4.db certutil.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\defaults\Profile\cert8.db certutil.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\defaults\Profile\key4.db certutil.exe -
Suspicious behavior: CmdExeWriteProcessMemorySpam 12 IoCs
pid Process 2036 certutil.exe 2040 certutil.exe 2444 certutil.exe 2584 certutil.exe 2288 certutil.exe 1808 certutil.exe 1432 certutil.exe 2724 certutil.exe 1844 certutil.exe 1256 certutil.exe 1980 certutil.exe 1976 certutil.exe -
Suspicious use of WriteProcessMemory 54 IoCs
description pid Process procid_target PID 2168 wrote to memory of 2036 2168 cmd.exe 29 PID 2168 wrote to memory of 2036 2168 cmd.exe 29 PID 2168 wrote to memory of 2036 2168 cmd.exe 29 PID 2168 wrote to memory of 2036 2168 cmd.exe 29 PID 2168 wrote to memory of 2040 2168 cmd.exe 30 PID 2168 wrote to memory of 2040 2168 cmd.exe 30 PID 2168 wrote to memory of 2040 2168 cmd.exe 30 PID 2168 wrote to memory of 2040 2168 cmd.exe 30 PID 2168 wrote to memory of 2444 2168 cmd.exe 31 PID 2168 wrote to memory of 2444 2168 cmd.exe 31 PID 2168 wrote to memory of 2444 2168 cmd.exe 31 PID 2168 wrote to memory of 2444 2168 cmd.exe 31 PID 2168 wrote to memory of 2584 2168 cmd.exe 32 PID 2168 wrote to memory of 2584 2168 cmd.exe 32 PID 2168 wrote to memory of 2584 2168 cmd.exe 32 PID 2168 wrote to memory of 2584 2168 cmd.exe 32 PID 2168 wrote to memory of 2288 2168 cmd.exe 33 PID 2168 wrote to memory of 2288 2168 cmd.exe 33 PID 2168 wrote to memory of 2288 2168 cmd.exe 33 PID 2168 wrote to memory of 2288 2168 cmd.exe 33 PID 2168 wrote to memory of 1808 2168 cmd.exe 34 PID 2168 wrote to memory of 1808 2168 cmd.exe 34 PID 2168 wrote to memory of 1808 2168 cmd.exe 34 PID 2168 wrote to memory of 1808 2168 cmd.exe 34 PID 2168 wrote to memory of 1432 2168 cmd.exe 35 PID 2168 wrote to memory of 1432 2168 cmd.exe 35 PID 2168 wrote to memory of 1432 2168 cmd.exe 35 PID 2168 wrote to memory of 1432 2168 cmd.exe 35 PID 2168 wrote to memory of 2724 2168 cmd.exe 36 PID 2168 wrote to memory of 2724 2168 cmd.exe 36 PID 2168 wrote to memory of 2724 2168 cmd.exe 36 PID 2168 wrote to memory of 2724 2168 cmd.exe 36 PID 2168 wrote to memory of 1844 2168 cmd.exe 37 PID 2168 wrote to memory of 1844 2168 cmd.exe 37 PID 2168 wrote to memory of 1844 2168 cmd.exe 37 PID 2168 wrote to memory of 1844 2168 cmd.exe 37 PID 2168 wrote to memory of 1256 2168 cmd.exe 38 PID 2168 wrote to memory of 1256 2168 cmd.exe 38 PID 2168 wrote to memory of 1256 2168 cmd.exe 38 PID 2168 wrote to memory of 1256 2168 cmd.exe 38 PID 2168 wrote to memory of 1980 2168 cmd.exe 39 PID 2168 wrote to memory of 1980 2168 cmd.exe 39 PID 2168 wrote to memory of 1980 2168 cmd.exe 39 PID 2168 wrote to memory of 1980 2168 cmd.exe 39 PID 2168 wrote to memory of 2088 2168 cmd.exe 40 PID 2168 wrote to memory of 2088 2168 cmd.exe 40 PID 2168 wrote to memory of 2088 2168 cmd.exe 40 PID 2168 wrote to memory of 1976 2168 cmd.exe 41 PID 2168 wrote to memory of 1976 2168 cmd.exe 41 PID 2168 wrote to memory of 1976 2168 cmd.exe 41 PID 2168 wrote to memory of 1976 2168 cmd.exe 41 PID 2168 wrote to memory of 2084 2168 cmd.exe 42 PID 2168 wrote to memory of 2084 2168 cmd.exe 42 PID 2168 wrote to memory of 2084 2168 cmd.exe 42
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\add-certs.cmd"1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2168 -
C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe"C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe" -A -n "AddedByUser ca.cert" -i "C:\Users\Admin\AppData\Local\Temp\cacert\ca.cert.pem" -t "cTC,cTC,cTC", -d "C:\Program Files\Mozilla Firefox\browser\defaults\Profile"2⤵
- Drops file in Program Files directory
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:2036
-
-
C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe"C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe" -A -n "AddedByUser ca.cert" -i "C:\Users\Admin\AppData\Local\Temp\cacert\ca.cert.pem" -t "cTC,cTC,cTC", -d sql:"C:\Program Files\Mozilla Firefox\browser\defaults\Profile"2⤵
- Drops file in Program Files directory
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:2040
-
-
C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe"C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe" -A -n "AddedByUser ca.cert" -i "C:\Users\Admin\AppData\Local\Temp\cacert\ca.cert.pem" -t "cTC,cTC,cTC", -d "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.Admin"2⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:2444
-
-
C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe"C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe" -A -n "AddedByUser ca.cert" -i "C:\Users\Admin\AppData\Local\Temp\cacert\ca.cert.pem" -t "cTC,cTC,cTC", -d sql:"C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.Admin"2⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:2584
-
-
C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe"C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe" -A -n "AddedByUser ca.cert" -i "C:\Users\Admin\AppData\Local\Temp\cacert\ca.cert.pem" -t "cTC,cTC,cTC", -d "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release"2⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:2288
-
-
C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe"C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe" -A -n "AddedByUser ca.cert" -i "C:\Users\Admin\AppData\Local\Temp\cacert\ca.cert.pem" -t "cTC,cTC,cTC", -d sql:"C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release"2⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:1808
-
-
C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe"C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe" -A -n "AddedByUser ca.cert" -i "C:\Users\Admin\AppData\Local\Temp\cacert\ca.cert.pem" -t "cTC,cTC,cTC", -d "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.Admin"2⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:1432
-
-
C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe"C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe" -A -n "AddedByUser ca.cert" -i "C:\Users\Admin\AppData\Local\Temp\cacert\ca.cert.pem" -t "cTC,cTC,cTC", -d sql:"C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.Admin"2⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:2724
-
-
C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe"C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe" -A -n "AddedByUser ca.cert" -i "C:\Users\Admin\AppData\Local\Temp\cacert\ca.cert.pem" -t "cTC,cTC,cTC", -d "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release"2⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:1844
-
-
C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe"C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe" -A -n "AddedByUser ca.cert" -i "C:\Users\Admin\AppData\Local\Temp\cacert\ca.cert.pem" -t "cTC,cTC,cTC", -d sql:"C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release"2⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:1256
-
-
C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe"C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe" -L -d "C:\Program Files\Mozilla Firefox\browser\defaults\Profile"2⤵
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:1980
-
-
C:\Windows\system32\findstr.exefindstr /i "AddedByUser ca.cert"2⤵PID:2088
-
-
C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe"C:\Users\Admin\AppData\Local\Temp\bin\certutil.exe" -L -d sql:"C:\Program Files\Mozilla Firefox\browser\defaults\Profile"2⤵
- Drops file in Program Files directory
- Suspicious behavior: CmdExeWriteProcessMemorySpam
PID:1976
-
-
C:\Windows\system32\findstr.exefindstr /i "AddedByUser ca.cert"2⤵PID:2084
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5f246333f077ea7b490a063eeb7e22913
SHA1bf10c0615b50279b3d75ef83fe8c594d4868f95f
SHA2563af11109e80d49b16554050e2d90565d1e849512f4279445b6b8f6a80bc41dc6
SHA512da7abc23817a8cfebe3b970a28eaef0eb97b6750439c56bcabb1e6e85056050c8291a17ecab6f7b98193ac30c0554d673321eff138ca03c379860113c85f9c45
-
Filesize
64KB
MD554026638677f2ed4d24a452821a5be4c
SHA19653ec968c1c2595a343f9106a3e7546bc454df0
SHA2562522bb7036f417d293f7c978c414bc463efd281d218d51f90b6d973e3da104cd
SHA5129fe10855179f52dd2f7d3be1fb10f84c9e707b8b6580753f5a21c3ead859463d800906da0424b8ff3ee1f59c734d7ee65c31a2af0701f2e2c6627978b7fefa81
-
Filesize
16KB
MD5f6cd36aaa8773caf03a15628d8943951
SHA1b473fae3265f2023f91396529dce3224dd2b505f
SHA256ae6d6cb4716eceb1447850ee6105e982718c8710c1488bb709338cd074715222
SHA512f32fb28353590c98d61d79afeef7415023542f2833bec43d4df68ee696c5a95ad10160d9d94d3434792b0301a942037bf61f021f82941231ed043a9b43dda7f6
-
Filesize
13KB
MD572f4b5f1d161c1ec50693cd2f57340fa
SHA10d558b1c2701bdd4b5095183b8723de4b9cf012f
SHA256ab250dc9456c82fa836a6918b2db2b3e715bf4beb7613889689e5c19d6801d4e
SHA512b31483cd6c8c2098641e291dd9830a21d2c82e40e81682c8d26fb9d9ea4e977d92c4734f00b56ae1438e8a43f0fdcdc7b22bd9ed16e773f6d373fc1944f5f18c
-
Filesize
9KB
MD5e45c3fb0f28fe6590e3d75c785e65c1f
SHA1d96690392e6428cac59bbaa9b2bcdbac27e683e5
SHA256020b3c13b4dc97a12af70e1330d364ff2b17d08b6e4f607f3527ebcf962a2421
SHA512be49505abd641bfd4a1bf6698578dab5951dbd1b254cf540f863f586a76576833d9f52f82810b047582ff379884d7452085b277132e6627c7fbc4733a0246e2f
-
Filesize
480B
MD555f9a6dca041467d61ec63f314c1fcc1
SHA160900d9f7a0280c4658dc5ba630bfe9cdcddb57b
SHA25698c1ca2204b41fe090cf2273a5ec1bc5f74d69eead900ddcfc3958613e59a4d1
SHA51210e86f5ef2c51798f9214bd5785a50777398efd35531caacaaebcc343f869bf332d1402d55a7e0f235bb6aa6da8075b02e9218f5789f0dbd60bb315bac95993f
-
Filesize
16KB
MD502a3b00dafc8c7fb117bfcb1de9859cb
SHA1c0dbc33717ea22ca740e6039fd3459d614599a74
SHA25638ada995217652d8e48eb6b8eb49e84a0b246ca336254b669285207db61622c1
SHA512b9e425df73287de15714930e8236cd4e4624887d6193d6ccb5f37850b31e94bfbd737992817bd8b47ecacfc04948207e6bb71a3ff5e30caa41472826d7d44a1e
-
Filesize
40KB
MD5ff56eb28f74d652ec0a1bc9f66597ae9
SHA135f2f1fb0bf68e2acc8e5eb24e97c8e6b6d066de
SHA256832d4489d5b1fb22521c4895881e7db73dd8043f3415f5731e214153830afbb2
SHA51273f5143c2c4a1804ee81048328132d1c2315a5f65032511cdb507f4b74581816805100be1ec00555e51a60530bc115a25da1221a2673bc2a21c7f73cc7e78f1e
-
Filesize
13KB
MD5a4e8a9e0d4ec660065de34b44411690c
SHA17eed8beda009e9e73a8808e76b8e2ccfae8f8631
SHA256dc1e4b7041d8225428a6b0653cb88e0e8f03184a6f4231557f7b28b6ae13b410
SHA512b445a88244740fad3570e7de19d81e4b3c345c0081e164f9fd2310a0f0fcd9e734a7ce986c890663603ccddfa7f298491b0ea2425f5338771327d7a517b048f7
-
Filesize
13KB
MD5ce360839bcf8852391708c026fd5bc5a
SHA1f619f68481f3591813df820f48e0cfd91fa090f1
SHA25614a9f868f45da43038c3b8d4be80c2e427155c2256107dca70eb71ea7ffd6d96
SHA512070f67815dee2609181131edc1be9ca0e0fff214e19e528488143cb1861133f91ed07316617180d2c647d504993a846a443615089923281e753a090e87b2bdc2
-
Filesize
496B
MD5094763edd0733ff8a00f111556aea228
SHA11d9c2e5545e10d741d2ebbbcbb6a80715a662581
SHA256d1663e4b909be60b96a8dc2c1bace2d6a64b7134dab0e1e7bb31581893e4f900
SHA5123720d947426818b38372ee3ba955675cceb3c6bd54832ca3623b07e40d28b492a75e3163b35d46732fc6f504662383b10e01f2341544d5eab4d919796de1f1f8
-
Filesize
224KB
MD5fe510473b70e2cdf334a53399273411b
SHA15da99b5fe62043529d26d6e0bd3d3ba0173c7143
SHA256d135248bf3efb0c987b042912eba2511c5b9e969e2c1c126171a02610c27037d
SHA512a5054f620a910bec0b164d62434dcb80f121cac66e932d9d52aa5563d01e5bbd304984d5101fcddd3fab576db60a1ef8d1d3ad7b1b85afd2f38c952b19ebd4a6
-
Filesize
288KB
MD5193e2675a07fa76e64649c3c47abc022
SHA19bdc50220f79cac972cfb3fc9743ef7f5b8e441b
SHA2563102721846020772c2359ef8bc13e61421b488c9ec359beb8c8962c77f5de0b9
SHA51222ab9b640964311033cd746996f0a9d59f7b8fabefc320a7733080e1fdef001d57fd63d59f603a0aa1333d055732da9cbe0ec4441cc411cbe4f7fbf526e5244d