Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 00:52
Static task
static1
Behavioral task
behavioral1
Sample
69338bb2486e0419f3046ba5bce78aba_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
69338bb2486e0419f3046ba5bce78aba_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
69338bb2486e0419f3046ba5bce78aba_JaffaCakes118.html
-
Size
278KB
-
MD5
69338bb2486e0419f3046ba5bce78aba
-
SHA1
995054bdec18cd895fd5d4f57617d18bb21081f6
-
SHA256
ce8acda25ef98dc283f819c8673fa4a6fbc208cd92e5ee3ac2b3667a6e1516ca
-
SHA512
0f2ea30bc6c3e743ebae4fce0eeb990aa9178ba1655982dc423d9d4750754533f4995cfc75ea29db584dd587cf8951d8a714f2c14f2c01b9672e419974cbd1b5
-
SSDEEP
6144:nL56Ikp3Rzi0KYOACT/BthLPxZ9Ve79Qa1kSMXb7dr2aZPLIq:n43phzSf3TBPxJe79QalMXHdr2aZPLIq
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4736 msedge.exe 4736 msedge.exe 1280 msedge.exe 1280 msedge.exe 2352 identity_helper.exe 2352 identity_helper.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe 3624 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe 1280 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1280 wrote to memory of 1036 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1036 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 1216 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 4736 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 4736 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 604 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 604 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 604 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 604 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 604 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 604 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 604 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 604 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 604 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 604 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 604 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 604 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 604 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 604 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 604 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 604 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 604 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 604 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 604 1280 msedge.exe msedge.exe PID 1280 wrote to memory of 604 1280 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\69338bb2486e0419f3046ba5bce78aba_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e77046f8,0x7ff8e7704708,0x7ff8e77047182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,12045806957412154583,9560626832358475107,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,12045806957412154583,9560626832358475107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,12045806957412154583,9560626832358475107,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12045806957412154583,9560626832358475107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12045806957412154583,9560626832358475107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,12045806957412154583,9560626832358475107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,12045806957412154583,9560626832358475107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12045806957412154583,9560626832358475107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12045806957412154583,9560626832358475107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12045806957412154583,9560626832358475107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12045806957412154583,9560626832358475107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,12045806957412154583,9560626832358475107,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1312 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001Filesize
25KB
MD596bb4acd55b9b0dbdffeceff9b75c4c5
SHA1fbd67a0f9ff72ffa15ae340115e9fb4a7d62d717
SHA256a971bd9e399ce1c6ac72c4430f38138cccdaf641669d3e195edca96c2fd8a43b
SHA512d23746e66f5ba49aa04a81ad774c71a39ee4d397635714999b8eaa24163e02f5992924558285d1631d8ee6374906d294030614658cd618248af53bdce5585999
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
269B
MD5575e673799ba73eab0b67b00c920241a
SHA11b9eb4c217438a8983d38e52bec33464c4d6ba2b
SHA256ac71506ea298b0a13c97edc058e836176f43c16a1fa03c4ed1ae4535c23c7f8f
SHA51247e5974681e4ac7273374b7e4476d9930d6ff6a1e4aad9d940b11b0d18c6cde8435f9b8e0adcddbe67658a075e100a0bb958b44057d261da1d49b17b7424f42a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD597b5eaf836e540b4e9c95023e46a1f37
SHA19213a4660ed7e35b29d23174a94dc21303a901c1
SHA256df28c66dbbcfe6a50e17f2ae1a734899b6b13c743a600240984af54b9e020602
SHA512feb748fa9f60b728518a3cc2e1e92ce82954caa8162e8e6ab394a1da47fef4655af84dd6a8b6d79aceb871f14892a6283f71488bd18af39e9487bbccc968014d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD58477d8f145a9a1e1168419f65c0b7418
SHA11d7f0be64116f032b146ed3ba8eb125a9ec5b7fa
SHA256ae6054c38a33eb39f3c324a8b5738e972427e441e09f980da1739e82986349e0
SHA512a0ebf486e548473136c63e901e3ed5e980f604d7efd544c0528c21bba203b1186f23bf1cc6373552aea71791de5dc99fb166881ef818844351faafde20d53bec
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d02b216f27dcee2df84dc836d5140d56
SHA1ff7f9bbc9e9076be80981f783c42c6ada748e6fa
SHA2568054bcef88f197cdf3783934f23de3ca33d3e6079571339f733451b39c55418d
SHA512656a230d015307e2a2e761fc77299b7665c1296de39c9318a113297214c07978e4aa4ebd685b096631d8f0083a8097fd1d0650f2a0b7aab54cb88dc93759f66c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
204B
MD591f35afd25f79b597292c5b64afdcace
SHA15b227fae8af67bfb6d5fc39fa1771adb9b4ff678
SHA2564febf04ff6cb560ba296e630445fe9f48389b4c7b616a63c3b19de477e9845cd
SHA512128dda6b89791daee3074c11a1cf650a1c4172c405366cda152679a2eb97cc64f0eef39596bd0adc3918fc85b6f8f7d84958d56e207a632c1e0090cc27282d8f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c1ba.TMPFilesize
204B
MD5964e19b4ea63ac8fe8d990aaf28f0699
SHA1f555911c3bc280901bda1003087cb61cc42a1fc1
SHA256d0e2e5c352556d109acc9a00c5100c782cd0802cd65a3bbd62ad1dc14fe09114
SHA512898638f32a34cb9967118ffba47274ec1a8c08d16ab7cef64dd1cd6a2e7a32d2d0f89bdfa1172f0f306d1b1ef445645517bf516624baf263af9760087da57956
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD50f9c6fdecf6eb088b8e14587357a5f5f
SHA1fba0092c98830612d26cf674db667d6097cbaff4
SHA2564561ed545322b740aaec97d163c86208fff49bf6f59b596237ffaee518b66d9c
SHA5122a367993326a413cabd4e47c351ceef2c83b555a55339b76d9f6829a7c6f2768e96edab7360bee01da87364375264c18e5deb68eb38f3eff45e8e3590c432b52
-
\??\pipe\LOCAL\crashpad_1280_FDMWEQASIXKBEUUJMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e