Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 18:18
Static task
static1
Behavioral task
behavioral1
Sample
6bd6d3ffa9dc140f7ce0ecb43e71cdf1_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
6bd6d3ffa9dc140f7ce0ecb43e71cdf1_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
6bd6d3ffa9dc140f7ce0ecb43e71cdf1_JaffaCakes118.html
-
Size
61KB
-
MD5
6bd6d3ffa9dc140f7ce0ecb43e71cdf1
-
SHA1
dac0689cc6682e6d0b52b5458b72ca806e3feb24
-
SHA256
1d956693d27791b22503b6aac976b9ba6468bc68f913202fcfde89a8a09efb0b
-
SHA512
46ee7eded436843406fda899819ea7647f388ebea1354361bcf9cb66c69f87293227755c8cb75c6123ce811d8a81dc6fae2637a176ad1cf6e6bef1d22a512328
-
SSDEEP
768:FZJoagGJhHq2jAvjOYg7vOP1B0i7lSgAr7D1c2S1j:V/bhHq2jA27vsugAvD1S
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4244 msedge.exe 4244 msedge.exe 4708 msedge.exe 4708 msedge.exe 3012 identity_helper.exe 3012 identity_helper.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe 3368 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
Processes:
msedge.exepid process 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe 4708 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4708 wrote to memory of 4604 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 4604 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3772 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 4244 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 4244 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3448 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3448 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3448 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3448 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3448 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3448 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3448 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3448 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3448 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3448 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3448 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3448 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3448 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3448 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3448 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3448 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3448 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3448 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3448 4708 msedge.exe msedge.exe PID 4708 wrote to memory of 3448 4708 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6bd6d3ffa9dc140f7ce0ecb43e71cdf1_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4708 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8c3c46f8,0x7fff8c3c4708,0x7fff8c3c47182⤵PID:4604
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1464,7409099162813465697,12517225904824855604,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:3772
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1464,7409099162813465697,12517225904824855604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4244 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1464,7409099162813465697,12517225904824855604,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:82⤵PID:3448
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,7409099162813465697,12517225904824855604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:4076
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,7409099162813465697,12517225904824855604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:552
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,7409099162813465697,12517225904824855604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:12⤵PID:2348
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,7409099162813465697,12517225904824855604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:12⤵PID:5048
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1464,7409099162813465697,12517225904824855604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:82⤵PID:4532
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1464,7409099162813465697,12517225904824855604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3012 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,7409099162813465697,12517225904824855604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵PID:4408
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,7409099162813465697,12517225904824855604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:4452
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,7409099162813465697,12517225904824855604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:12⤵PID:5032
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,7409099162813465697,12517225904824855604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:12⤵PID:740
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1464,7409099162813465697,12517225904824855604,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5596 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3368
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:556
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5104
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
96B
MD5971d7c22dc3eaba12a61b210c4f6043f
SHA194ccd67094e243e06148ae1edbff4be6352bf7d3
SHA2565b67e46361a81db07d1a75396d51b7901fcec120fd4f20e913332963bb48746a
SHA512fa10a8e368c1ac554bc4bc868f309b72a9fd93ce7f6c846cd2850a86883d24ea161209ca33556800e9bb37fa484921e0da8b8430a286886307f3a0e3a8217469
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5cdfddc7505cc38708a31f01a5126e3aa
SHA198ba5b940dd1d597b6a63c739a32ef05f5e52d4a
SHA2561b474663a01d179b8a10d897ddc6472afead284594c0b2f2c12eb99b2fe1a94c
SHA5120209a94acec3a1739262620c918d256c835ae3c46e5847f8b0853f4e70b1053d066dad2d910e949ba5abbccd0c3b2e3188a4d2ae04878f6b02ce9a9e448cd26a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5c6c8f606e97d81b394f43ec7c3f772fd
SHA1f0e3b30324436b57e1dcbe8d7375cf2d7c7fcba0
SHA25606400b87719e934e91ba19209ba8daa25eb5687735e71338b82da0b3984509ce
SHA512457db7bf2108d381c5d92288576dcdf9eacc02174ba64b60ce495f297fe0bb114f46f2d07b8fa1d1b213bbcc07281f1646d3f471ef16e1cca17786ced5200646
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5ba1d676bce48e5a5a267df6a6ab4d828
SHA1647328e0cb8155b42d43c07cce8209389db7eba5
SHA256ace8fcd8c5cead4d8a8983049272ac6ea914716abfa6c29a3ec5400a95b07ef2
SHA5120590f82d3313b18dbd47e78ddd7d8cebe15ae98ca7f9bc1e2f79efe609355c4d8a127c552741a572de4c22f2eca7bf9e6b1f8f3244e426cfa658e09cde1e1bc9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5de278d446edbb4c5a984bc3ebe160c0e
SHA1548c8fde4066b65e301067d37ee2c99d413aee13
SHA2567e0f014c613e890b376b3b7cebbffc85afa70d21b42ffb09a79cc1c5866d5126
SHA512d002c0b8058e7a40c2a07ba016fbf8c74a75ef9f4bf2718ee65e8f231dadc709f5bad044ed7acefa4b056d0a5ddb7eb9fa9a2d3faae631fb20f54883ddad4ce3
-
\??\pipe\LOCAL\crashpad_4708_MPZUTYXZDETUASCZMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e