Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
16/05/2024, 13:03
Static task
static1
Behavioral task
behavioral1
Sample
4b35372090963497e2a1d573625c8ec3_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4b35372090963497e2a1d573625c8ec3_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
4b35372090963497e2a1d573625c8ec3_JaffaCakes118.html
-
Size
112KB
-
MD5
4b35372090963497e2a1d573625c8ec3
-
SHA1
0d6bb420f485ae0646b29cf2074e5e60811d095a
-
SHA256
92a39adb4118aab28c92656dc16a5b89a80f31f3d62072554b406b700e9e999f
-
SHA512
b02177c080efa001195e2adbd339dbd037885a0d9ced9245a4361dda6e9c3eb92c5b36f2c062e2adacafef86ce515d8e422d4fb7df8890ba974ec8e58f547a0b
-
SSDEEP
1536:F9rNAbAGYFQrWI/oqWoIliw9D35i8wSg2Tp5MmBmGTpZHEfPN5:0AaWohw9D39wJcbMv8pZHO5
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2920 msedge.exe 2920 msedge.exe 4840 msedge.exe 4840 msedge.exe 2652 identity_helper.exe 2652 identity_helper.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4840 wrote to memory of 4820 4840 msedge.exe 82 PID 4840 wrote to memory of 4820 4840 msedge.exe 82 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 632 4840 msedge.exe 83 PID 4840 wrote to memory of 2920 4840 msedge.exe 84 PID 4840 wrote to memory of 2920 4840 msedge.exe 84 PID 4840 wrote to memory of 2440 4840 msedge.exe 85 PID 4840 wrote to memory of 2440 4840 msedge.exe 85 PID 4840 wrote to memory of 2440 4840 msedge.exe 85 PID 4840 wrote to memory of 2440 4840 msedge.exe 85 PID 4840 wrote to memory of 2440 4840 msedge.exe 85 PID 4840 wrote to memory of 2440 4840 msedge.exe 85 PID 4840 wrote to memory of 2440 4840 msedge.exe 85 PID 4840 wrote to memory of 2440 4840 msedge.exe 85 PID 4840 wrote to memory of 2440 4840 msedge.exe 85 PID 4840 wrote to memory of 2440 4840 msedge.exe 85 PID 4840 wrote to memory of 2440 4840 msedge.exe 85 PID 4840 wrote to memory of 2440 4840 msedge.exe 85 PID 4840 wrote to memory of 2440 4840 msedge.exe 85 PID 4840 wrote to memory of 2440 4840 msedge.exe 85 PID 4840 wrote to memory of 2440 4840 msedge.exe 85 PID 4840 wrote to memory of 2440 4840 msedge.exe 85 PID 4840 wrote to memory of 2440 4840 msedge.exe 85 PID 4840 wrote to memory of 2440 4840 msedge.exe 85 PID 4840 wrote to memory of 2440 4840 msedge.exe 85 PID 4840 wrote to memory of 2440 4840 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4b35372090963497e2a1d573625c8ec3_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4840 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa4a9b46f8,0x7ffa4a9b4708,0x7ffa4a9b47182⤵PID:4820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3368561985657545124,11805030663238735581,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,3368561985657545124,11805030663238735581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,3368561985657545124,11805030663238735581,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:82⤵PID:2440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3368561985657545124,11805030663238735581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3368561985657545124,11805030663238735581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:1616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3368561985657545124,11805030663238735581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵PID:2412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3368561985657545124,11805030663238735581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵PID:4728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3368561985657545124,11805030663238735581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2700 /prefetch:12⤵PID:3540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3368561985657545124,11805030663238735581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵PID:4628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,3368561985657545124,11805030663238735581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:82⤵PID:4564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,3368561985657545124,11805030663238735581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3368561985657545124,11805030663238735581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:12⤵PID:2304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3368561985657545124,11805030663238735581,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:12⤵PID:1016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3368561985657545124,11805030663238735581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:12⤵PID:1004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3368561985657545124,11805030663238735581,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:12⤵PID:4712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3368561985657545124,11805030663238735581,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4336
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4100
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4616
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
Filesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5f263f63869130f079f12e4dcf63be358
SHA18a4abd1e7131ad7f14669f9038f486989a4076cf
SHA256ca90f3bb8176b87970251b57270d2c99374c56bbf9ee5e96d40f1674b3a48552
SHA512455bace1568d8aaf136c5c74f6e9a252509e672f2e5af23931f03a47b7d8f22f1af1b799b972db1880d4c6c35e518ad35d8c8a4ff29502b48d757c81ac2ab059
-
Filesize
1KB
MD5e2511c8dfa63df6bcdeae76d260e5529
SHA1db9af959c4d1716693fb9636a365392c9f034205
SHA256b84b0bd0dfa46489f14bfbbcb2ea554a9ca342711929d05cb11a5c050d556d5a
SHA5123c5406db2a4b57c283f46f7801592b2b398ed6b51ce0232509680d27586fe84cff14235b2798e680f455638c07d7d7238e6b2f81f01b292a27e348aff51d9802
-
Filesize
6KB
MD57cb7653b0b2e82d858b900878d1b6c55
SHA1c0debfcb843f9c5345de22cbcd38cf6a77240989
SHA2564bd82ec0715bb00c82c8c6b12019a905065bfeedbd917b60c962d5c8e1512cb1
SHA5129da8f6cdbe252f073bf7fce9bba56bccf3f29a55a09b2bfba50d614001cbe345e2bead4a4d9b8793445a63d33a113d1482fb9679dc74e601428d2dd72c59d937
-
Filesize
5KB
MD587d899162b57f8bcba66317526ce6ea2
SHA18ef943f9fd2e34bdac1a578844d5412fa6d2d78a
SHA2565dd42d43783f0f5b23495181028b8d338fe0d7f32348fffcfee837e29a4944f2
SHA51216ceb4a54db75a0b1f02ed52e3403c5f0b05b847ae418b9ce8fc43529a43e439af0521c435e19d98e5b2ad2b954be2925dd327cad54885af6b5785aa1bc78fc3
-
Filesize
6KB
MD5a65ca99853165ebb1ab8593cbd69b301
SHA198aa87fb23c5cab1eb234a3151ca4f5d5c3132a1
SHA256151d1ec0b719b68f0a6fe018bc178336255f5704d69a4d3285141069f618ba76
SHA512fc7fa2ea04197647f902155b7523b98d10d2ab5a9d044b16b6d834f10929a814f2b79ec029b8274765c7c4fe52232694e301ec79059b541286ed61d340f8b9d2
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD5f9af97ae6abac80ab7daf1b25fb08596
SHA1e0b2fcadf62a780669716f8d91bac7e240a10e25
SHA2564f4b44b543040ddc29079d81e28b012291b08f5c41dfb0111786e11976b51db9
SHA512ebb45412e816063711547004c8165715d9f92635d3a3289a6f10f198a07177cbe246d3c7bdd2c0251a52735a8aae6b318c56af3fd623b56fbac18dd16701fe55