Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 03:42
Static task
static1
Behavioral task
behavioral1
Sample
a3b551c69d3290510af8b28e0391a7c5_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a3b551c69d3290510af8b28e0391a7c5_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a3b551c69d3290510af8b28e0391a7c5_JaffaCakes118.html
-
Size
301KB
-
MD5
a3b551c69d3290510af8b28e0391a7c5
-
SHA1
73318340eabeff8972d71cea6c91fc1cebf7a6df
-
SHA256
07f5078ab31c2d0dbea434a479881ce6a4e6219856c3423bf3420d0fe457b669
-
SHA512
25da399ec4791d633b25074d6bd0f4449fc41c1d69ca6c491d7feeb53aa64d0b0193c62367b0b6dc221e83f30224b73f6dd9370b3d2f50ca1e0da8ed4ab6c0c6
-
SSDEEP
3072:N2+WLn6/66bqsiCCojc8cUxV0HIQqiHkueFMg:XJ66wCJbT0HIQqGk7
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4632 msedge.exe 4632 msedge.exe 1640 msedge.exe 1640 msedge.exe 1080 identity_helper.exe 1080 identity_helper.exe 4660 msedge.exe 4660 msedge.exe 4660 msedge.exe 4660 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe 1640 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1640 wrote to memory of 2336 1640 msedge.exe 82 PID 1640 wrote to memory of 2336 1640 msedge.exe 82 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 3864 1640 msedge.exe 84 PID 1640 wrote to memory of 4632 1640 msedge.exe 85 PID 1640 wrote to memory of 4632 1640 msedge.exe 85 PID 1640 wrote to memory of 2292 1640 msedge.exe 86 PID 1640 wrote to memory of 2292 1640 msedge.exe 86 PID 1640 wrote to memory of 2292 1640 msedge.exe 86 PID 1640 wrote to memory of 2292 1640 msedge.exe 86 PID 1640 wrote to memory of 2292 1640 msedge.exe 86 PID 1640 wrote to memory of 2292 1640 msedge.exe 86 PID 1640 wrote to memory of 2292 1640 msedge.exe 86 PID 1640 wrote to memory of 2292 1640 msedge.exe 86 PID 1640 wrote to memory of 2292 1640 msedge.exe 86 PID 1640 wrote to memory of 2292 1640 msedge.exe 86 PID 1640 wrote to memory of 2292 1640 msedge.exe 86 PID 1640 wrote to memory of 2292 1640 msedge.exe 86 PID 1640 wrote to memory of 2292 1640 msedge.exe 86 PID 1640 wrote to memory of 2292 1640 msedge.exe 86 PID 1640 wrote to memory of 2292 1640 msedge.exe 86 PID 1640 wrote to memory of 2292 1640 msedge.exe 86 PID 1640 wrote to memory of 2292 1640 msedge.exe 86 PID 1640 wrote to memory of 2292 1640 msedge.exe 86 PID 1640 wrote to memory of 2292 1640 msedge.exe 86 PID 1640 wrote to memory of 2292 1640 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3b551c69d3290510af8b28e0391a7c5_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1640 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb750746f8,0x7ffb75074708,0x7ffb750747182⤵PID:2336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,14666891478760557782,9400096509646128817,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:3864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,14666891478760557782,9400096509646128817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,14666891478760557782,9400096509646128817,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:82⤵PID:2292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14666891478760557782,9400096509646128817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14666891478760557782,9400096509646128817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14666891478760557782,9400096509646128817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:12⤵PID:3648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,14666891478760557782,9400096509646128817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:82⤵PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,14666891478760557782,9400096509646128817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14666891478760557782,9400096509646128817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵PID:964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14666891478760557782,9400096509646128817,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:12⤵PID:1320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14666891478760557782,9400096509646128817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵PID:2604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14666891478760557782,9400096509646128817,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,14666891478760557782,9400096509646128817,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5744 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4660
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4944
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4580
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
Filesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6040f970-b9ac-4271-9426-f242fe0f8375.tmp
Filesize6KB
MD5e70be6d8b291b4a99b7d9fa2409f001f
SHA10afe84bd1c012ee2692a3d647d7c1e1a7a3796bb
SHA25654eacb0734ce6c9c10e63dacc754d2d33343a081a7685ba16fd4710ede410c70
SHA512a18afad95f457fa8085401503d03bd2fbb96e5b83a8afdf36b7f7b22b9f25b41a6e805c366cbce434a66543d92ea99c095d1a0effdf5127ace35fdb6238e119b
-
Filesize
1KB
MD58844910f038321d604f8f822aacb493f
SHA11b677dde20bd2280ede079472b30d149e1aeb61f
SHA25634149bf02a472e08b170847d1d3560f3359af05cf62b3bb3d52aca479148bde3
SHA512ba50c7d5c0680c21b122481a33b18fb0111fe27c609b3b8d43d4c17e5f798411104b0815e33e3fb2c9ebfe0e4689e956085df18a4cdc10c39300e93c6818d43f
-
Filesize
1KB
MD5e542c384ced1ad40b91c5a93bcb40c5a
SHA1c17ff0f7655f11c3f37c85eab706a624d3c6fff4
SHA2561e748bc82575595f80f19a81f4c51a6dc4cd7acf79dcc2666ef4090c0096d206
SHA512b3b55042156c75a346d9cd04878d04008d4d960c7a42000c4eb0ae0e7288f5635910aad7d1bef1966b65f34531aac86d9fb2d5c22a02fdd089096d4e77f7155c
-
Filesize
6KB
MD59e0faa05d62f21e5576ffb350a252be4
SHA12da0ebb92fb18a2965376628e9aba055404fb3eb
SHA25614b68c5275cc20ccfd72495e20970c244f61c4ce62d5795b40cbeb93090140f4
SHA512a8683ec2cb3519c4d68fcb65fd243ce802caaf7026f13571b58c8170f4e1c8d10ffc5f08c44d8e57b31a3da7e7a1396f780e2f44f7c42a6727cee667c4011628
-
Filesize
6KB
MD511f732388edcbc6ebde852770ef8fc07
SHA17055d8af760beceae8a5c0bb2eeee2d4e322bdff
SHA256f59d707efcab71a68028a1aa614a2f7658a1a48e96dcbd82cfae25d1c71f94b7
SHA512649eaf420ae957179a61820c3920deba4b2e8dc19cfef25a46b8aef88967eb72857af96983255f7f6d2a1e5a6035e55b1aa68a7dc4ad912f3e0e69c418707086
-
Filesize
698B
MD5bccc52d6779a28d1226da80dfa5c50d0
SHA14e5c3cc77568cbfd7127fb8e1ef24f5f0d4f66f9
SHA256822c409b6a392867b1f5e0edb5b1db7448ef43e147e8b5dca78f4fcb7a6f8f65
SHA51275d4d078d9f53b4f4b3a179960424472f889c9f64bfebc9b0135d303320bbbada0c1e32ad8843edc472b09b253916538191d49bb1a30e6daef3d1274459aa880
-
Filesize
698B
MD5dc7e64d7524e6d2fc1ba3d90ab2020a1
SHA13e8f24d19821fef230d84ffb9a93fa8065e42096
SHA2563f62e5db8e3742ea9feb440d2a8eb146d7629f4d5edbf81a53e36661c9d30d20
SHA5124807de7969d8c92014c6c3859cdf1302afc65b1bd19f54a3e41dcbd4ff31373d428e58575ea7117cbcb8df410c4a924917ccec1869b84e497ab0f4b93296c780
-
Filesize
698B
MD5e1d70096de7cb185909a506e8fcd9763
SHA10b50bbe51bcaa0c645362aaaeacc22fc88d2ecad
SHA2565053236f40902c0d417f05d3516c082034bf3e9800cf6283e2183660ffd82abd
SHA5128dcfd36d8bd187ce89e1d35017de6cd6d700af6146fef77b745ee9de71609cb067f83ff192c3275130674773d005f00ca76da8b971b8b0459929ec64932ce066
-
Filesize
368B
MD5f2b4b508f0bc9bcc9a30b46721ab5a2b
SHA183c011f24bd2cd68ec5c95dd986bfd159bbbb7d3
SHA25693d98b1a0e5048ce9ca1cb5cd8678e57058367d0b586df75a849742f0c55d4b7
SHA512f56e5f0a1695a48ff29d2ca49506b54846c1e41eedecf639e98a599f79a253393d9319b9e09e2ed0f57c3e33800e04cc3d58d5e2350acf8f056fe85291ece7c9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD563a3e239d4ed77a003206cedefc76ee9
SHA11d854b3f51fd9047ca1932b8fc1a151c6878f307
SHA2566a9ba35c37dfe00ca56874ab6692902a8f9ab8ee7aee5d20f23aa2ef27fb70f8
SHA512bc8ba8cdc664f7e846495ff61946a1ad5750481015a90587c800d4ed275e2e13c53c9cdbcd65ff45912de320d45b45806cd430dbb0facfa2d4efe6bf1c8a9ba4