Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
19/05/2024, 20:26
Static task
static1
Behavioral task
behavioral1
Sample
5b4e28853387982301d3ee3cc14b034c_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
5b4e28853387982301d3ee3cc14b034c_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
5b4e28853387982301d3ee3cc14b034c_JaffaCakes118.html
-
Size
175KB
-
MD5
5b4e28853387982301d3ee3cc14b034c
-
SHA1
ae49f29c1495ae4a830bfe514a7b17cd27f5803c
-
SHA256
3a4d4e8beae96b3f2a74a8d1c8a6ce8ec4ed8e436fff5ffae534116e59ed31de
-
SHA512
e6db83dde039e494cac4a75e22de0a96048e9f78a3a3d393cc71d2530b4e859d6366f16af94ec9d0bbe66053f85cc8a7a25b6bf9cd358f5dcc7f6e12bfbccf14
-
SSDEEP
1536:SqtO8gd8Wu8pI8Cd8hd8dQgbH//WoS3KGNkFYkrnYfBCJiZd+aeTH+WK/Lf1/hpU:SaCT3K/FGBCJiMB
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 4156 msedge.exe 4156 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4444 identity_helper.exe 4444 identity_helper.exe 5912 msedge.exe 5912 msedge.exe 5912 msedge.exe 5912 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe 4120 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4120 wrote to memory of 3528 4120 msedge.exe 83 PID 4120 wrote to memory of 3528 4120 msedge.exe 83 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 3116 4120 msedge.exe 84 PID 4120 wrote to memory of 4156 4120 msedge.exe 85 PID 4120 wrote to memory of 4156 4120 msedge.exe 85 PID 4120 wrote to memory of 3852 4120 msedge.exe 86 PID 4120 wrote to memory of 3852 4120 msedge.exe 86 PID 4120 wrote to memory of 3852 4120 msedge.exe 86 PID 4120 wrote to memory of 3852 4120 msedge.exe 86 PID 4120 wrote to memory of 3852 4120 msedge.exe 86 PID 4120 wrote to memory of 3852 4120 msedge.exe 86 PID 4120 wrote to memory of 3852 4120 msedge.exe 86 PID 4120 wrote to memory of 3852 4120 msedge.exe 86 PID 4120 wrote to memory of 3852 4120 msedge.exe 86 PID 4120 wrote to memory of 3852 4120 msedge.exe 86 PID 4120 wrote to memory of 3852 4120 msedge.exe 86 PID 4120 wrote to memory of 3852 4120 msedge.exe 86 PID 4120 wrote to memory of 3852 4120 msedge.exe 86 PID 4120 wrote to memory of 3852 4120 msedge.exe 86 PID 4120 wrote to memory of 3852 4120 msedge.exe 86 PID 4120 wrote to memory of 3852 4120 msedge.exe 86 PID 4120 wrote to memory of 3852 4120 msedge.exe 86 PID 4120 wrote to memory of 3852 4120 msedge.exe 86 PID 4120 wrote to memory of 3852 4120 msedge.exe 86 PID 4120 wrote to memory of 3852 4120 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5b4e28853387982301d3ee3cc14b034c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4120 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84d7846f8,0x7ff84d784708,0x7ff84d7847182⤵PID:3528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,15512091988037894639,14076100999361387621,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:3116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,15512091988037894639,14076100999361387621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,15512091988037894639,14076100999361387621,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:82⤵PID:3852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15512091988037894639,14076100999361387621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:3156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15512091988037894639,14076100999361387621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:3920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15512091988037894639,14076100999361387621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵PID:3092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15512091988037894639,14076100999361387621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:12⤵PID:3736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15512091988037894639,14076100999361387621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:12⤵PID:868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15512091988037894639,14076100999361387621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:12⤵PID:3336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,15512091988037894639,14076100999361387621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:82⤵PID:840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,15512091988037894639,14076100999361387621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15512091988037894639,14076100999361387621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15512091988037894639,14076100999361387621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:12⤵PID:3156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15512091988037894639,14076100999361387621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:12⤵PID:5236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15512091988037894639,14076100999361387621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:12⤵PID:5244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,15512091988037894639,14076100999361387621,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4060 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5912
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2840
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2184
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3052
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize360B
MD55d1f7487c3c23f6c288210ba3fd133f1
SHA1ac1a8aed2194cd358d951e3008cda54fa7fd6747
SHA256c643f0c16b6b5de3901546c32b8ff846a7660a9d636bcc02d7ae4d21d9973dac
SHA5124f0494ff8206d61f4f354767f701530ccb0a6d9ed7886fa2a26261b071c224026f5954c56c5d62d9d59a4bf66a7e3dd5607aa47995972a49c69ec11be26fe801
-
Filesize
2KB
MD55da5fd6c0aff9cab05e0e70b155e7b41
SHA18aa9d6adfa629c4663585bb005593d22461f416e
SHA25670b7524ebdb4e6d7618c1ba706d82bf814bcdfd2727a9e9766424a9d79dab183
SHA51270da5e31155067e5a39d1ed4ff0d62fd3747e68279639d41f7330fc41d4f7b3b6f9512d768b905e4ef102e3eb0dcb69da1cf568dd07f411a4955045d18afa57e
-
Filesize
2KB
MD5efe712ebff93bb3e896a8cd1187ba783
SHA1f2dba55eefcf8ba8d38fcb335c6584327205d382
SHA25662cd0c378718ec854d4a3f7c39163864844e076339f15aa90eaf01619737ec7b
SHA512323bd88dde458bd657f8d9633c33c914b2a334e9a28a0d740326383bfd390f78a1d9432f67d9aee58d82fe228469a40f27782acfed4213aee4c9302e17ee83aa
-
Filesize
5KB
MD58e34e85dae70b327cb0c406bd8863c93
SHA116c66dfaa9f8a6048aa6ae480ef5799697134e1d
SHA256949017e9253a55d2a92d70d68ab050950770f9e88c6c18a8653a433bbaa20879
SHA5121e075e9f1a80faac09c654d450fa068fe7e925de68e539f2e91704007a93380253219f5ff2028ead84762cf8c438ee3d1ac9d31ccd1e92a27a6f29d2d368e755
-
Filesize
7KB
MD5e5bfd95a3316ec32de05febc382171d2
SHA1e69f87f90c9a522431f4615230e1838473b3653f
SHA256062a0a570f34d38957505a9ec8483ceb28f05d6d9061c4a4bc52d9f38e01ad85
SHA51242c4fecd42a006ce9eeb8c2a9a13fca32d84a5e7478b9c7ee2018a6d47e5fb2597e0a88551dae73906716299532b759a41356a8e1223f608923d25045f5cdcca
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a0ccee525392cf96f029301c2e558a69
SHA1c79169ae5552898bb0a10d33a3a25566282907f3
SHA25672f4f487d8e2641461f129e0ef31eeb100e01225f65e5c5d25ae0f40a4fbbd84
SHA5125154cac20a04973ee1200b50fe357897e80e3e8373d7a1ad53d58766fe339937629cf19c4e7a5cdfcbbc5ae30337ed4b19bc5a02fdefc2fb1b8cd025eaa02bbe