Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 02:42
Static task
static1
Behavioral task
behavioral1
Sample
a3920c0effc010c15a0c443cbb160614_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a3920c0effc010c15a0c443cbb160614_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a3920c0effc010c15a0c443cbb160614_JaffaCakes118.html
-
Size
79KB
-
MD5
a3920c0effc010c15a0c443cbb160614
-
SHA1
44de2b94ebf8c7d842a69bf2cab8f90805f993a7
-
SHA256
978116de1f90778e39e0c2bc1a21e58cc7a07bafe341f59a93cf46693cff85f4
-
SHA512
02406e8d1dd3ea8186023a23d78b40da7f8c0f5376f028064c528518747b7993464e5a13821fdd243bbe6b185ff15e4569f8e0c1473dd94886f46d810c019736
-
SSDEEP
1536:TBpV0aCTbIs1OOjwi44S+Q18+ftdA7VpW:lTCT50OjwiM+G8+ftdgW
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4324 msedge.exe 4324 msedge.exe 2312 msedge.exe 2312 msedge.exe 2384 identity_helper.exe 2384 identity_helper.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe 1632 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2312 wrote to memory of 1888 2312 msedge.exe 82 PID 2312 wrote to memory of 1888 2312 msedge.exe 82 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 2056 2312 msedge.exe 83 PID 2312 wrote to memory of 4324 2312 msedge.exe 84 PID 2312 wrote to memory of 4324 2312 msedge.exe 84 PID 2312 wrote to memory of 1784 2312 msedge.exe 85 PID 2312 wrote to memory of 1784 2312 msedge.exe 85 PID 2312 wrote to memory of 1784 2312 msedge.exe 85 PID 2312 wrote to memory of 1784 2312 msedge.exe 85 PID 2312 wrote to memory of 1784 2312 msedge.exe 85 PID 2312 wrote to memory of 1784 2312 msedge.exe 85 PID 2312 wrote to memory of 1784 2312 msedge.exe 85 PID 2312 wrote to memory of 1784 2312 msedge.exe 85 PID 2312 wrote to memory of 1784 2312 msedge.exe 85 PID 2312 wrote to memory of 1784 2312 msedge.exe 85 PID 2312 wrote to memory of 1784 2312 msedge.exe 85 PID 2312 wrote to memory of 1784 2312 msedge.exe 85 PID 2312 wrote to memory of 1784 2312 msedge.exe 85 PID 2312 wrote to memory of 1784 2312 msedge.exe 85 PID 2312 wrote to memory of 1784 2312 msedge.exe 85 PID 2312 wrote to memory of 1784 2312 msedge.exe 85 PID 2312 wrote to memory of 1784 2312 msedge.exe 85 PID 2312 wrote to memory of 1784 2312 msedge.exe 85 PID 2312 wrote to memory of 1784 2312 msedge.exe 85 PID 2312 wrote to memory of 1784 2312 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3920c0effc010c15a0c443cbb160614_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2312 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffabdd646f8,0x7ffabdd64708,0x7ffabdd647182⤵PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 /prefetch:22⤵PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵PID:1784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:3552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:4768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵PID:784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:12⤵PID:2432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 /prefetch:82⤵PID:4936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵PID:1824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵PID:3192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:12⤵PID:3288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵PID:3744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,11124267228210121952,9549000134655473785,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3184 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1632
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4112
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2424
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
Filesize
44KB
MD523536ccfe05b737ae639fe63ee4cc435
SHA16d2e9822835dc3e6117a4d2addfc8f241fbdbc82
SHA2566ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce
SHA512f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD52560ca7e7a207486a79a9dff6ab10737
SHA1572ac28672322503099595cb342746fa06e52511
SHA256e46d90f8cbedeb2837285360c6c43c2bb71b277b81cde1cafb3e17c3d1a96d1f
SHA512398776eba80921f5e3648d5a0bf5caae486493c49bf2532e5dcad318536004e5bb284023d298bb11b7a128bdaaf47ce1d8a309c69f1222c884cf5bc1312141c0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize240B
MD5f5939b2988b638c5835fcc039ff2b283
SHA1f3ff63be2f782bd6d6bd8a7faea0841b2d8e6480
SHA256da209cb4229d5886647c4983ec3dcf24902b1473eaf6da9563c2fb5692fc3b2c
SHA512265a8b7eb2be8755141e9b6a5603a77ae61396f6777902b77ef7b6cfb0ca557ac4fd03537beb9de0f8dc025fd00bfe9b50861a078a1d90eb0521c9580d14479d
-
Filesize
1KB
MD569a57b6822edecf68e1b0a69f3b9c462
SHA1a1aeade90c581d74aa51cfa02669075618af6c8e
SHA2567f43bb504dde58ebb07df9df809cdc1acc62c3f3997be54c10b4fc8f53bc83b0
SHA5121d9117b85855a71e4c7689cf2a7962aaaf850c15215c6349283e6409178dd51c1924f6cb52850d48bf1c4b5c6d57af5fa997f29aa7f0a61650e7a2c6fda8626d
-
Filesize
6KB
MD5e2320266a755e19e418110ba5110da28
SHA15fd8de3d15372d292ef29c2c11411a2809411d48
SHA25616b6e5aa4af846aaf6809c5d685837532eeba6e73bee694c04d78fa6f89fa6f0
SHA51208ab88a20052085e515811e2ebce57b83054a4848a42a8d496468a434aaa74d0b4abd3a3453dbb8e9b98f302e6d4641a59a4a395351842d3a39359706af48534
-
Filesize
7KB
MD55273034401731f747d683f80572bbc08
SHA15d089e1ea28e5b1ad0743cb2fc5705afd9f6c5ee
SHA2567817ed012682dbd47a62e00e0e8968cd9c9ac3d9897abbea3fb6209ede925527
SHA5123c9b70b0bc8d251b69653a884dc2807eebc9b826c96ce9db958243e539b4795f6355f4445229d581956b8d2c5cd8b4181131a2df285537079cd5192f1b341f3a
-
Filesize
7KB
MD5411e44954f85f81f940b1ab6f1cca549
SHA1727cdf97e44babd0ef3a052e4ad3dabb938a62e4
SHA256cffc60ad9b42f98e4c788f5ce51d217f3f6286356c74109788161ee44fb2e76f
SHA51276b77e0dc9912fadde5d89107a59f71d22d3657a149e7fbf5cf7b038b7c7603257df7743915c566eda8beaef9c6eaf2a9b3f592d3b73ce082c0ff17277ead0b1
-
Filesize
7KB
MD58c232684a912b9ff9113d8ced1a7ea50
SHA1f3f66be274f3e2d6363e6036531e2d51f5492dd5
SHA2568391b0d57c2965e327d23675a0e06afb2b87f2666a195bf467b732083a018232
SHA51221af81e3307d94431cd357ceaef210cd6bd75c81d7130b5f48c4dfb48c3c55395fd5850dd802132cfcb304d19bc178fe42eeb12cb03c926cc694234979712e2c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5799e782249e9a1e41c04c6467c9c4ec6
SHA1e82bcbe65b77452425c172f425b84bace7bc5834
SHA2563eef5c23280c97899a9c3b0a78bc235c8fec7f70a9513723c1dddc1892b2a61e
SHA512944371a20c958587230354d7a5318a57b3ed21ccc5c6fc20b0774d2d09fe1cd2512982f12671c706677aebaa2ef97916d654effecee71f9f09afc5f35f6d984c