Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
17/05/2024, 04:52
Static task
static1
Behavioral task
behavioral1
Sample
4e7d791cc7696ea7d9d2aa4e8944ecb2_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4e7d791cc7696ea7d9d2aa4e8944ecb2_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
4e7d791cc7696ea7d9d2aa4e8944ecb2_JaffaCakes118.html
-
Size
175KB
-
MD5
4e7d791cc7696ea7d9d2aa4e8944ecb2
-
SHA1
3df12c3476eaa67bc49174a8d6c10f28e0119f1a
-
SHA256
fefbdfa0759d49c6524002c7e7e4e4ed0b7f6ab424a92bd4a088ec0e26368779
-
SHA512
da6539367d34421442fb1c89810170c599385f4ee7e71943d9c568b52bb60f31fe84d62cc8654b9c851d6c39943a4a42b867505c16260d82638e996db5bcf159
-
SSDEEP
1536:Sqt58gd8Wu8pI8Cd8hd8dQgbH//WoS3gGNkFhYfBCJiZK+aeTH+WK/Lf1/hpnVSV:SHCT3g/F0BCJi5B
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 464 msedge.exe 464 msedge.exe 1448 msedge.exe 1448 msedge.exe 2552 identity_helper.exe 2552 identity_helper.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1448 wrote to memory of 924 1448 msedge.exe 83 PID 1448 wrote to memory of 924 1448 msedge.exe 83 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 1564 1448 msedge.exe 84 PID 1448 wrote to memory of 464 1448 msedge.exe 85 PID 1448 wrote to memory of 464 1448 msedge.exe 85 PID 1448 wrote to memory of 3624 1448 msedge.exe 86 PID 1448 wrote to memory of 3624 1448 msedge.exe 86 PID 1448 wrote to memory of 3624 1448 msedge.exe 86 PID 1448 wrote to memory of 3624 1448 msedge.exe 86 PID 1448 wrote to memory of 3624 1448 msedge.exe 86 PID 1448 wrote to memory of 3624 1448 msedge.exe 86 PID 1448 wrote to memory of 3624 1448 msedge.exe 86 PID 1448 wrote to memory of 3624 1448 msedge.exe 86 PID 1448 wrote to memory of 3624 1448 msedge.exe 86 PID 1448 wrote to memory of 3624 1448 msedge.exe 86 PID 1448 wrote to memory of 3624 1448 msedge.exe 86 PID 1448 wrote to memory of 3624 1448 msedge.exe 86 PID 1448 wrote to memory of 3624 1448 msedge.exe 86 PID 1448 wrote to memory of 3624 1448 msedge.exe 86 PID 1448 wrote to memory of 3624 1448 msedge.exe 86 PID 1448 wrote to memory of 3624 1448 msedge.exe 86 PID 1448 wrote to memory of 3624 1448 msedge.exe 86 PID 1448 wrote to memory of 3624 1448 msedge.exe 86 PID 1448 wrote to memory of 3624 1448 msedge.exe 86 PID 1448 wrote to memory of 3624 1448 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4e7d791cc7696ea7d9d2aa4e8944ecb2_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1448 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbd8946f8,0x7ffdbd894708,0x7ffdbd8947182⤵PID:924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15484372611614809043,7042873574519063912,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:1564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,15484372611614809043,7042873574519063912,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,15484372611614809043,7042873574519063912,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:82⤵PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15484372611614809043,7042873574519063912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15484372611614809043,7042873574519063912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:4824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15484372611614809043,7042873574519063912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:12⤵PID:1540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15484372611614809043,7042873574519063912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:12⤵PID:3252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15484372611614809043,7042873574519063912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵PID:2804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15484372611614809043,7042873574519063912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵PID:1600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15484372611614809043,7042873574519063912,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:82⤵PID:2708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15484372611614809043,7042873574519063912,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15484372611614809043,7042873574519063912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:12⤵PID:1748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15484372611614809043,7042873574519063912,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:12⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15484372611614809043,7042873574519063912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:12⤵PID:2676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15484372611614809043,7042873574519063912,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:4212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15484372611614809043,7042873574519063912,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2732 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3676
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4004
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4220
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4796
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\32ab03b8-39b1-4bb1-a850-1612ec39ee42.tmp
Filesize2KB
MD5b75d6d4eced4a6f95846d33e1eaaa261
SHA18f197dcf585a1083dd8e3ab6c3fdb06a06232d56
SHA2565e5e07dc1cfbd5b8b458881781858ec971fd9e702075be4ad29cc153736b58a9
SHA51289ae9f639138f73ca03aad58a5f24c2f012ee82a4ac140de560daf168e7640bc4bd6234caa08b9f0a7135c9c080e21e49e5704f0516915199b89a9419b2b7619
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize360B
MD52cf91312a80d6293e7904fd0a86a492c
SHA18097cccec8ed1b08519500147147fad5de51adf9
SHA25644596cf56795424a912afb673fc5d953b24a3764beec268b4411dcf5b97bd4a5
SHA512bc4d5d7300eb292999a6ba94610f48c569da2eec776ee1c92729598363e1c69471e8ac3796f78205262f8da225ebfb953add0ec011763b4c40b808b32ec43ad0
-
Filesize
2KB
MD52722d7059f5d8974d6a17e8b3bb57246
SHA14c1d28cc3b1d8924bcdbb5677c4a7872e61eb1c8
SHA256de2fdb5e424bc760d154b0c8b1e6892d3640f0116b5f3f1ff1b18de79ddf2469
SHA512bd99604bba3256df6264e25d1c635f1fee3ac6a4be86a6a1751f97d1d59351294a25afda355d450a99c2f6522646e9593e045e1665891a0b38070d5ec14bab44
-
Filesize
5KB
MD5b97496ddee73ae0bdd5b987ca5776622
SHA189278fcf374cb648a90a305c10b90739aadafe22
SHA256e2114a9183fa2a1480243da0daefb7328d08065dd65f52bed2764add6b33c46e
SHA5122b7aa74f8509056b18b401c464c0dde068358f2e1ecc2b4fe0fd6edae799a32a919ca37d36dc7d4c58e1644cb70aee722944379067991fcd16503c21014db347
-
Filesize
7KB
MD57e850ec9ac7af3da78629b70314d1291
SHA111039090eb72360a2c3019dcb2ce3106affeed32
SHA25615a63447c298d65afb355ab845705c818cd769ca7d70d66a23681a2ad516f823
SHA5124fa0f313e928aa390369d4e5f6d81c7b775dcdfd4d8961e51b5a9208f92e39ef9b57e39b4dd378bd1597c4cc269a134ddf3f71bd858bae9f8a244446075708c6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD552177903688a76f3778c940b6eb73339
SHA1f09968c3df08082e4f172c55b0989c99ebd6f7f9
SHA25678677713ab41ab2cf06ee54c38c48fd9cfea5e3068aa125ae7b529c3c93dfcaa
SHA5120ca48edefc8141ac063408a30df2e3145ba417cfd06bbe54adb615bd5f40392d8df10330592d4e70329e7180e6a912179e6b84133271c1ba5aaa4801383c019c