Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
08/05/2024, 12:42
Static task
static1
Behavioral task
behavioral1
Sample
24e309d39105c4584f3e1d70b8ca428a_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
24e309d39105c4584f3e1d70b8ca428a_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
24e309d39105c4584f3e1d70b8ca428a_JaffaCakes118.html
-
Size
2KB
-
MD5
24e309d39105c4584f3e1d70b8ca428a
-
SHA1
fcb9c620e0ef8fd8670b0c6595f56deee8c45164
-
SHA256
9628e6580cdb586deaebb7592256ecfd2a0b9899ec90207af6e7746a353322fd
-
SHA512
7ac954f68881b95354463fbe0923e542bab06adf05d38968816c5773c7aaef3a691b88ab3c5778f1b13b8581863895a6600490c7b7646f4089ceb9c35112969d
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1840 msedge.exe 1840 msedge.exe 4948 msedge.exe 4948 msedge.exe 4432 identity_helper.exe 4432 identity_helper.exe 4604 msedge.exe 4604 msedge.exe 4604 msedge.exe 4604 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 4344 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4344 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4948 wrote to memory of 4588 4948 msedge.exe 83 PID 4948 wrote to memory of 4588 4948 msedge.exe 83 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 3316 4948 msedge.exe 84 PID 4948 wrote to memory of 1840 4948 msedge.exe 85 PID 4948 wrote to memory of 1840 4948 msedge.exe 85 PID 4948 wrote to memory of 3936 4948 msedge.exe 86 PID 4948 wrote to memory of 3936 4948 msedge.exe 86 PID 4948 wrote to memory of 3936 4948 msedge.exe 86 PID 4948 wrote to memory of 3936 4948 msedge.exe 86 PID 4948 wrote to memory of 3936 4948 msedge.exe 86 PID 4948 wrote to memory of 3936 4948 msedge.exe 86 PID 4948 wrote to memory of 3936 4948 msedge.exe 86 PID 4948 wrote to memory of 3936 4948 msedge.exe 86 PID 4948 wrote to memory of 3936 4948 msedge.exe 86 PID 4948 wrote to memory of 3936 4948 msedge.exe 86 PID 4948 wrote to memory of 3936 4948 msedge.exe 86 PID 4948 wrote to memory of 3936 4948 msedge.exe 86 PID 4948 wrote to memory of 3936 4948 msedge.exe 86 PID 4948 wrote to memory of 3936 4948 msedge.exe 86 PID 4948 wrote to memory of 3936 4948 msedge.exe 86 PID 4948 wrote to memory of 3936 4948 msedge.exe 86 PID 4948 wrote to memory of 3936 4948 msedge.exe 86 PID 4948 wrote to memory of 3936 4948 msedge.exe 86 PID 4948 wrote to memory of 3936 4948 msedge.exe 86 PID 4948 wrote to memory of 3936 4948 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\24e309d39105c4584f3e1d70b8ca428a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4948 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb83dd46f8,0x7ffb83dd4708,0x7ffb83dd47182⤵PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:22⤵PID:3316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:82⤵PID:3936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:82⤵PID:3436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:12⤵PID:1420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:12⤵PID:3572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵PID:1596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵PID:4992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5952 /prefetch:82⤵PID:2992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4604
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3284
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4312
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4b0 0x4981⤵
- Suspicious use of AdjustPrivilegeToken
PID:4344
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dbac49e66219979194c79f1cf1cb3dd1
SHA14ef87804a04d51ae1fac358f92382548b27f62f2
SHA256f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562
SHA512bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1
-
Filesize
152B
MD5a9e55f5864d6e2afd2fd84e25a3bc228
SHA1a5efcff9e3df6252c7fe8535d505235f82aab276
SHA2560f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452
SHA51212f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize336B
MD5892d146ffe7f3b9e65b601de91bf4a7f
SHA1c0478c7b5ba5c12b9d8149b2296ccadc0f0e1f4e
SHA256aa52414f038ac5bd5fd76ee7a88d3bac1eaa72e28e23dd44c53565cf918dcbee
SHA5127a8b904525c3f2a4b09544c9605b08c5d46f008ccb9b7ab9302667db454cbc63da6925d4158bd2885b8abb9582d640265e6bcf0b1b6cd4f5e1d0b19166eb6b10
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
753B
MD527236547ae68d933d256b97f8d059517
SHA14a0fd350059108c03855d2da51fb0635842a68b8
SHA256458579670156bee267d66de0a0cc9537c594c040ec44ce177a951b15270a46c6
SHA512215081491abe037a178d1b74f6b73140e504f93739bf3ea784b3bd3aecd760dd48ebc319a0bc86f5c2f2776d46018b1fde179500457ab3df1423f0552346a4db
-
Filesize
5KB
MD5aef912ad7e2abf53c2b622ed1439388c
SHA1933d4518af23ec7f9cd553646c7aea7da9ee93a1
SHA2568a29041cce9274032b7292b5981e67c02ae43daed251fcd1f160e4aa46ccce57
SHA512f7f0965fd8cba3d22b22bc8f58703de74e49591cc65fcc7d84a4543e0d1015a479bc211a329af6ea72aa04425a951f9e599edf3390de9629a2b8046fd4b70d86
-
Filesize
6KB
MD5acb3e042d90d67587eff0cd6ca017d24
SHA100a1d88e8b744e8fd75a9e0a1b2f8cedd49406c2
SHA2567937af8fdf09a15a01379fdbc34958f3d26d1fb4051760032f2fbc497d1316aa
SHA512b4d026a654430205634d0cf8bd2ddecd150979f67a9cc4d99a7fa7d9cfeaaaabd21a2eda0293f7ec1e7a387df8ca29d31204636dc8e9b26d1f3523f14d3508a8
-
Filesize
6KB
MD5a2fa02c83ebb5ac9353024a4abf62c3a
SHA14a4b0df3c2a43d81de0ddbce4541e79f62e6e390
SHA25614e5baace1d691a243202030bda304eb8aa954ec6b2fe5f216066166819d3684
SHA512d5d1fc59fc82176c3b63bbdb0a4abbec7270bb06fc670b1a26375793756de99e0c553e987213898c050cdee09e614b942e7bc3a0ea9fe89984630049f21d132c
-
Filesize
539B
MD5f4e7119a700c92cc4d1495566001187d
SHA1483de0fd780bab74085755c24a6dc9e28fb976e8
SHA256b7ad2b342a3cdf7e1c5727963b500f51ebf06727e966a01038a4f70aa8c09159
SHA512e12554b5ca891a61818d4c0dfa0124e87fd482a51795cbc0c4674eff7decec3e2ddf9a8053498205ad8a946594b2edc4ca8e4c7d6ebd92ee7fb480deec00cc15
-
Filesize
539B
MD5e5044e37466ee1a923c69d84e15ebf78
SHA14cd5128041af48215e1213cdbb03bb0871d66f39
SHA25647fad4a94efa114af14d352cbcdec4f58c4f37aeac25de1fa07438c77bbb7b69
SHA51295d6d15cbbd9dee3b4069dbc1996df8c05301897fca1ac9890f3f898a352c9fa12359ddf3f6ec67f1fb4dc95b6af63a2ff8810ec809f500dd0d7c283c2519c21
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5466ba504289b5ff4c628c60a137c8471
SHA1dc3f4f20dfef61271b455d2bedc5a94f0fed07fc
SHA256bb619188e3347e22462d6f4a6add1b8832aba8af2b844cf0fc7ac2df81358400
SHA5128ec3a975202470f439b498064075c782b2ddc7726d557e3689267222e82316fbcc5c46d662016202db74371ac11739af341a7db78b20d29395e40602facb72dd