Analysis
-
max time kernel
129s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
15/05/2024, 10:46
Static task
static1
Behavioral task
behavioral1
Sample
45cd91de9a805825fe104951d389364f_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
45cd91de9a805825fe104951d389364f_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
45cd91de9a805825fe104951d389364f_JaffaCakes118.html
-
Size
158KB
-
MD5
45cd91de9a805825fe104951d389364f
-
SHA1
ffb07e14084148ac4d2a40141dbef47ef2d87b0b
-
SHA256
3006ea29ebadb7a2e0379e32d1e96a752e3ba067d502be12733b8047dcf2fdbb
-
SHA512
ea5161c37edd576ea4a08509b22fdfa74ba5975e349dfb656c6db5c094f3636715e30fa868fba53d2c6f7de56616ede2555b13bdf6ed683bc73e34a5bf111412
-
SSDEEP
1536:i/oBtCR6RTJukJ+BvThGCrClLi3NInkYNs9xuof2lsA1iVNoZ7lv0MEVCyLi+rf5:igSK7LJyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 1852 svchost.exe 1140 DesktopLayer.exe -
Loads dropped DLL 2 IoCs
pid Process 2928 IEXPLORE.EXE 1852 svchost.exe -
resource yara_rule behavioral1/files/0x002e000000004ed7-430.dat upx behavioral1/memory/1852-436-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1140-443-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1140-447-0x0000000000400000-0x000000000042E000-memory.dmp upx -
Drops file in Program Files directory 3 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft\px628.tmp svchost.exe File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5A77C8A1-12A8-11EF-A18A-FED6C5E8D4AB} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421931843" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1140 DesktopLayer.exe 1140 DesktopLayer.exe 1140 DesktopLayer.exe 1140 DesktopLayer.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2116 iexplore.exe 2116 iexplore.exe -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 2116 iexplore.exe 2116 iexplore.exe 2928 IEXPLORE.EXE 2928 IEXPLORE.EXE 2928 IEXPLORE.EXE 2928 IEXPLORE.EXE 2116 iexplore.exe 2116 iexplore.exe 692 IEXPLORE.EXE 692 IEXPLORE.EXE 692 IEXPLORE.EXE 692 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 20 IoCs
description pid Process procid_target PID 2116 wrote to memory of 2928 2116 iexplore.exe 28 PID 2116 wrote to memory of 2928 2116 iexplore.exe 28 PID 2116 wrote to memory of 2928 2116 iexplore.exe 28 PID 2116 wrote to memory of 2928 2116 iexplore.exe 28 PID 2928 wrote to memory of 1852 2928 IEXPLORE.EXE 34 PID 2928 wrote to memory of 1852 2928 IEXPLORE.EXE 34 PID 2928 wrote to memory of 1852 2928 IEXPLORE.EXE 34 PID 2928 wrote to memory of 1852 2928 IEXPLORE.EXE 34 PID 1852 wrote to memory of 1140 1852 svchost.exe 35 PID 1852 wrote to memory of 1140 1852 svchost.exe 35 PID 1852 wrote to memory of 1140 1852 svchost.exe 35 PID 1852 wrote to memory of 1140 1852 svchost.exe 35 PID 1140 wrote to memory of 1720 1140 DesktopLayer.exe 36 PID 1140 wrote to memory of 1720 1140 DesktopLayer.exe 36 PID 1140 wrote to memory of 1720 1140 DesktopLayer.exe 36 PID 1140 wrote to memory of 1720 1140 DesktopLayer.exe 36 PID 2116 wrote to memory of 692 2116 iexplore.exe 37 PID 2116 wrote to memory of 692 2116 iexplore.exe 37 PID 2116 wrote to memory of 692 2116 iexplore.exe 37 PID 2116 wrote to memory of 692 2116 iexplore.exe 37
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\45cd91de9a805825fe104951d389364f_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2116 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2928 -
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1852 -
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1140 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1720
-
-
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:275475 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:692
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c3b6a62de1afc716a67445717b325f0a
SHA154e06ad42030a76c25e4d604aac4da5da3036d7d
SHA2569b8879748585cbe4660be74cb92563875fd0c921b93acc2617834d7de444f7d9
SHA51204cd279d3d6a8880e009041b52285705bca0403fafdd9f7e8eb11aa4be41194cd2a13ef2ee52b789ea7879d4f51cab090962f791ae62305ce0201ebb9be6287b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5da10225d4398349666b6595ec1e99f54
SHA1fe6eb8089267742c30cd5b79c952d37e9dcc33b2
SHA2569a88085c0ca8428a6ef4717f8c8d59a9704f34ad5c26ee6f0783125df99e95f3
SHA5126edd853048208e147bcc8cc572e999a72847262772429e2126a5b5471636d13a0a34fded35d80735d11e659d54437709e1c9934c833ed6937a07317d9195312e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53760647080658a6e73b4efa6dc233c78
SHA1f753ff9cbaea840d6dfe68a5cc33af7d7394761f
SHA2560a31a573ce2f7e71609da587e2d5e4ee3e8061782ed6a6aff77cb3afab500848
SHA5128485d0906bf758218a8fec494b0c0839041cde58a18d316a4c6b6643c7356a903ef611df3000528453c268745a4269763e168f544f18e367d7c7ebb02bfea4cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e2046457c25c89c21034458a70c73934
SHA19764495434da46d691ba01861f19011a37e602ea
SHA256b5f2ce9413cf08c09a46d4775fc71f35e6b01c45b837d323a086a3aa6c2b8833
SHA512190bf27b461d60dd7435e1d7824c83f4765b8f0cfb3db1675fc1f3c9dba2c3d3830bd40230f4fd763ce8d0b44516cdd6be931677ad295e444f1c52c3b5bbb23d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ed7943767db68a35fe089c1437c78831
SHA1aab849c063de46960b7dfaf0a5a61738b04f6988
SHA256eb59fdb69c7232aa689628bb0a5f5cbb49514d704ccf8e9c39e7cbe576c3c212
SHA5120bd5f9ba590bdff6fc7bf929bd37514d202a137cd0a591dee6d13e600c36765812be91b7989e355640a7eb4d7ded225712f2f2e1ed21e24269aa88e00e21140c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53a8e998aa8b50fb51b4f08474af151a7
SHA11c8b3f4a8d2322c0b40a090dc1c796e34fd48095
SHA256a9c5ace579bd52c50a83182882e3fdf7f2e20bff65232497339d192a786b1d45
SHA5120db50e04db21811963a50806f5f63ca0d28e4f7ecc6264dd6130d0ca996b81f11be2f086bed781c0377f72c99705f6f8ec339fcccbffe7067f875a0a8cd7d5f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD526ad092ce738709c6fee6a8e50573a2a
SHA11aac8c2fa6b7e5fe05b1ac296035e865083f6230
SHA256e88bf93feb336784208384520296da0d9d17d85eab12400774f3b60b90fd2907
SHA512e138df4950e26889aaba0e2f36decd4aef669f7acdd606a3c3fe221c914230c54170739038ea918954806ac8e083ee7ec3ee36a56c1ef4711abf0f4d3251eb20
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD592f72c5e9df131a02e34cc5cc8b6d039
SHA10d1b803a883adaf37f55ed24fb20fd7698dfacf8
SHA25632d54562ee87f5097a80f14292dd1be3cd84ecef2c139e1bc2aa00e61240ad49
SHA512d3bc5f9e89abd6779ad01c39ca6c78d6c6a0196b885a3151556b07b308f33b9cb52372c5e6e54b8ec85c6b0161b2e85412a9ed304dd9cf26849c704be2b311c4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5feddbe11d12dd4b8d9cce456bd3754f2
SHA17106b2de347af16fd91b88745c7b1a4dc54c5097
SHA2567501df156646067b4c128487c62485504a60f497d593e4fe372d10cb2e7dadf9
SHA512b855ee77a9ef6140c1cae89b7ab2eb7624fb783da6d1f5fadc5ce85d6bc43765de815fa1e97843384464ba684bd5ce12bc5efcb20808cb0cf02960f080038471
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD524a9dd6e845b3eacc0710d04a9a59359
SHA1233569f598c3350c3a4dc6b95a5d180c94d1de8e
SHA256b88c918ea9a84941413d2ec08dfac21fe1339290db04c3576b033abf12fe67ac
SHA51246213e6758df4eff37317093c46354fd27a7a14ad0a399bd4abb17076fed9927d1b6ee3490095b2f88f0117a6fd3dfb045ad0012ba21f228925eeaf200712d16
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e8cf17cf0c98cda05cf9461c6402bc2e
SHA1e7cac1ff6b1c38a77208db3b41554d9415ef8ff1
SHA256be8cf29257bf64542cbaaacfae9933cd91a113509c909021436a8ea40c1c16fe
SHA51240c0688517c87c2af4a52da540d7eac8c6de042de2eacab5541b1f293683e15a12ffea9ce32baff07a1d63d559d3040cb59975991ed2ab0b6684580d824820a3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53764bfafe338d57f004078001fb44c70
SHA1d21de32f6b538b7e8b6334ea7c7d71be0f98d28a
SHA25696b92c7b9a736906a5eb8c925ece2e012117557eebe280df8abe2b3ba612dfa4
SHA51277f2574f3643e3d06e0a8f38d889ade368a1d8f43847080ff4801f4ac19313eafb218626e7864206e922b28cd5a5438f5f66cd66ce7c36734d731bd9b263bb3d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53bbd09fbcf1d5ffa7857762c2fa7f7db
SHA11b02af7dd7745b4e60fdd3e89d2d1e6c4f021835
SHA2567da11508ac3ba2db47e79cadd187338f91f8848d2794abf2b941845e959e65fc
SHA512d6023cbb35629041d4a1c011c6d125dd96c550d15848abe42964c3d07a6568b1a32381d8940e1c49c58852fe42ca3e2ad5e87c145073b3eaaf4dc6ed4030707d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d705182f92c972171d65b11489f75147
SHA177bc8f238fea82120b9006143cc68571288585d4
SHA25645928f8f20e6d39e0cf5a238cf55b4e8d394949cd3326c856e9977b69228e4f7
SHA5126323fc0d7ae5782f181fb37092237235c957c71c491f45adf78026c60d0f5ee8e31a3ff0b4792660ff2d4d649eee414eafd5bd793e41c3b61324a0b8f5852b07
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e6795a548f425a942bcb2947d99061e9
SHA10e30f975e731df834b46e6d3d12cae0c1a4dc501
SHA256e13571726a7bdf24f62f7458f1b6c9a8b9369584f717537d2e9ef8f62e24a595
SHA5121c16767a71928267390e50dc9ceabf14ed7df05f1e75dd29722d95a402c32534f5567aa39f79ca7c8f931742e96c74f74375948d5a931aae9c9cba3ea178f2a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b3d8e008318032209d3f91eca2442c82
SHA16e602f0151e813b797ffcf9c4512ee3c285ef0ea
SHA256472addd734b0f9efd006d0d64a0dfaef017ea79e9211feb4849470753f861396
SHA512a5cea9b9601363fedd563ac6365315bfc8c85b444f33b2e008bea8bd75b1a6a583eff5972822a718a7037e69064bb878378dd2259ec9252201f873c82fddd8cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5da6e20c3f3f6956a30bed9275fbeab04
SHA1e77688ab6f823aa640f08696c9197905f805ba91
SHA256a7f458bd4ceb975e1c228c6d657edad314e1eb7650a52718c2602b3f1511f217
SHA512ad5c3899dfc57ec00d6d19e7b8c3d8f685794208776c399367f603eaf3b401d9d360ea96066dbf678239e55afbe918b8572193cea3576475658cf4d337d42917
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a