Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
17-05-2024 05:23
Static task
static1
Behavioral task
behavioral1
Sample
4e98bb92bcf4ee462cfe4894445e31b3_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
4e98bb92bcf4ee462cfe4894445e31b3_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
4e98bb92bcf4ee462cfe4894445e31b3_JaffaCakes118.html
-
Size
299KB
-
MD5
4e98bb92bcf4ee462cfe4894445e31b3
-
SHA1
a592590d22bfc2081eab293b904befa201a013f3
-
SHA256
c4071063e0126ad7f8dcee2f0aa1adc92959eade1f15c48480176e0c42a249db
-
SHA512
0273deb6b0d0db326f441659f6c35e83558d39c38fd2a566fa9f4dc0e15695df091bcc910ee8d02fdfbfed240e9ef7ca1ce4fc1dea23ff4534a0b47035160e3f
-
SSDEEP
6144:ONxh1egRCtBmIZNO77eKQwyyJyc9R6K92GiGPee+7YjQq5WlB/zFBlxXlQZ:/vxbxVC
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1292 msedge.exe 1292 msedge.exe 4476 msedge.exe 4476 msedge.exe 2444 msedge.exe 2444 msedge.exe 2444 msedge.exe 2444 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4476 wrote to memory of 224 4476 msedge.exe 83 PID 4476 wrote to memory of 224 4476 msedge.exe 83 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 3420 4476 msedge.exe 84 PID 4476 wrote to memory of 1292 4476 msedge.exe 85 PID 4476 wrote to memory of 1292 4476 msedge.exe 85 PID 4476 wrote to memory of 2044 4476 msedge.exe 86 PID 4476 wrote to memory of 2044 4476 msedge.exe 86 PID 4476 wrote to memory of 2044 4476 msedge.exe 86 PID 4476 wrote to memory of 2044 4476 msedge.exe 86 PID 4476 wrote to memory of 2044 4476 msedge.exe 86 PID 4476 wrote to memory of 2044 4476 msedge.exe 86 PID 4476 wrote to memory of 2044 4476 msedge.exe 86 PID 4476 wrote to memory of 2044 4476 msedge.exe 86 PID 4476 wrote to memory of 2044 4476 msedge.exe 86 PID 4476 wrote to memory of 2044 4476 msedge.exe 86 PID 4476 wrote to memory of 2044 4476 msedge.exe 86 PID 4476 wrote to memory of 2044 4476 msedge.exe 86 PID 4476 wrote to memory of 2044 4476 msedge.exe 86 PID 4476 wrote to memory of 2044 4476 msedge.exe 86 PID 4476 wrote to memory of 2044 4476 msedge.exe 86 PID 4476 wrote to memory of 2044 4476 msedge.exe 86 PID 4476 wrote to memory of 2044 4476 msedge.exe 86 PID 4476 wrote to memory of 2044 4476 msedge.exe 86 PID 4476 wrote to memory of 2044 4476 msedge.exe 86 PID 4476 wrote to memory of 2044 4476 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4e98bb92bcf4ee462cfe4894445e31b3_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4476 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b7db46f8,0x7ff9b7db4708,0x7ff9b7db47182⤵PID:224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4995072895027543990,16377184081307619369,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:22⤵PID:3420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,4995072895027543990,16377184081307619369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,4995072895027543990,16377184081307619369,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:82⤵PID:2044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4995072895027543990,16377184081307619369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:3424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4995072895027543990,16377184081307619369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:2964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4995072895027543990,16377184081307619369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:12⤵PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4995072895027543990,16377184081307619369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:12⤵PID:552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4995072895027543990,16377184081307619369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1796 /prefetch:12⤵PID:4272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4995072895027543990,16377184081307619369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:12⤵PID:3240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4995072895027543990,16377184081307619369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵PID:3856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4995072895027543990,16377184081307619369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵PID:3812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4995072895027543990,16377184081307619369,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2444
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4244
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3904
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
22KB
MD55e74c6d871232d6fe5d88711ece1408b
SHA11a5d3ac31e833df4c091f14c94a2ecd1c6294875
SHA256bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105
SHA5129d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize264B
MD52ac3a654d326c7c82ea0b0d436a9d8af
SHA16eca81b448bf558286fb75bda9ecb3ae2070ddf2
SHA256c4a52af2b3a3e17ccda9d5e7010bba6e9d564739c6a33e2f4c72c692fa9490e2
SHA512eea418f3c8daa7b11c5079099e744a86c6a47674a791550d0d45edfffa62492021164073fd3c6c912fbca5b1b1d6ba5089839623bc666218fc3e5408135edd21
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize240B
MD5c778d68d7ea2f61ea563b0c0eb68adf9
SHA1fdb72fb98cfefe4c6633825e313b9d12d932c03c
SHA25607c0941bb6dca0c7e95a10e93aeb32d141ff7591baef2f6f69206503b7fd241b
SHA512dcc79101141e28d16bff53ac51cdccddd6f07c39fe199a63684391c4180c9463c634fadaa8210be4a46dc16110faa53287283d7a7ce3f1c3820f6e96461155f6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD539061537b516f09798653b64781acb5d
SHA16e7ae27b177f37c1b41709f74af4553a38de2d98
SHA256bc61e34b9467d4e6761e6c1e4e48b399f34eba319e5da323ff5805ef3e817619
SHA51284799d950ddb860c0d6ae9539c2a34ce97c804de4d1d8fea8e89ac1dd204af752879bbaf417b7a6b8c7d07191f2ef7c47ca2e71513e07a775a5c35bfe4057a15
-
Filesize
2KB
MD5ae75b791c8f2b5de5c493fe0f06a53cc
SHA15870ac9f6d2c9645dfff1d26b6d05b0cee639264
SHA2565598de0e35a309c1249a5aadfb60ba3226bf2fcb175c39918a245d9e8eeebd49
SHA512e341cb821e3421f609941833f0ce0c0c85b109d6a79d963d1dd8db71ece2e3b218609cb4723352f98b6ce10aa614fca578e33b3f9fc5e0770271184be79886a1
-
Filesize
2KB
MD53fbdc3a81c4b13015dceb402e5f4c5bb
SHA17d5eb5d7a81081380304d528345600be83adf948
SHA2563bba3d7b22cd8fab304d3db640c43ce9fec724a39bea5e57808acf2e89f87e2b
SHA512f60668d6dfbf04a11cfdfb5ab3ea6274498a6171db0c4cfa275213ff047e2480d065c78fc62eb2acd3566336f0f226f6ca25d3d46f372a4cbf24f2b05f4cf717
-
Filesize
5KB
MD5aade9efa28c47cc25964b5aa54066c22
SHA1c38be1e77d767252ac69aebd40c6858833e8c6aa
SHA25626755050524ec83244d6c1ad02f2a854e59dafd310d6daa14093fcb68a428660
SHA51288754592af9ba25e8cb32d0a9d57733a709b8ac257d953df4c078676c04545423111a3f22b4d9053609497eff277e51ee0d051ec27f5dcf447683f5429804235
-
Filesize
7KB
MD5affa59247da4be6a38809f3051fd8e92
SHA1db06faa37598d1b7dd6498095ed033be434a2a6f
SHA256f30bfc5cc629eb755b321d77cc5d5e2c3c38184b56c2beff75db6a47f4bf5d4c
SHA51201a7b64c934d4623f8219a904d90ef315b8e0448e6684aee7f7eaebdcfc147252288e98dc39df68bc7487442dd1a36adffabf80c36c608d1eed772f1f25d2d94
-
Filesize
7KB
MD5fcdd128ced2f968802b07b3246502e70
SHA185c8e4dba324471ed82cb3ab9c129ef9e1ce47fc
SHA256da9e0df438c552acfb0f2545e7bcfadcb70ae4db682e03d16950fcfec8db8dfa
SHA512c784b6b0cf21b30464666584269dba7c20875d1c0de406ac276d198fe85ad00cc8d41da409035f8cc8fd80cda85093e2aef861d9da7f133342b5c8386eb086d5
-
Filesize
370B
MD557db02d17da2866d2e7a801317f2e163
SHA19a81dfe1b971995b5c04f4f4bab8201f2bbe740d
SHA2561bc16bc35d69311ca11a8f0cb7f2d7f3c5dbc3b04362b29c85a240e2cb2efa73
SHA512a4429d8119a50979cdfa155e328fbe3145b9555a3a3e2b186725001a70c917984f2592dbe5f68544975e08c0fdd6671325ebcdf7e8cc810431f64fbe10e17c61
-
Filesize
203B
MD571931e613aab72e68a9d986ff33c3bca
SHA10e46c4665586844ad391bf269723d4d97b7ccb70
SHA2561d64209177f3fa586aaa31d9887690cfc335697452e8301454f69d2012859c3f
SHA512c3af617e4b4991e54caeee4d9b3139957755968318852a79528e2343e8736190c27be5db76c5ef8c7d37bb9aa819dcef1b6103623ae0317b67de9d021f73858a
-
Filesize
11KB
MD553b96e909841a0c713f416e842ddcb6c
SHA1b96ed3230d102eb779542971ccf91caa1497fb47
SHA256875ae6e9d2914f2977c44cc18da2b85e6517d5ff61b9033ef4e4d04ed001c191
SHA5123116948428e1b834a81b18f3ae93de3386b2c54450b97b4f938a6b1637710d222ae9d7d9b1af6d10ea8656f424d44074f0aac0404cda30ee93ab70478b5e3cfd