Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 10:05
Static task
static1
Behavioral task
behavioral1
Sample
a4ff3d2b2b1ae1dbad47e043377d1945_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a4ff3d2b2b1ae1dbad47e043377d1945_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a4ff3d2b2b1ae1dbad47e043377d1945_JaffaCakes118.html
-
Size
175KB
-
MD5
a4ff3d2b2b1ae1dbad47e043377d1945
-
SHA1
7c0c8a29cc10e5eb9bed40451772047bcf899da6
-
SHA256
ef043622280dfa409f718d98b971d67bdd070059a4b1cb1d994c9a2af0187de8
-
SHA512
27782dd5a3329a8c51600ffeb9171d1e5d53d805ed5100583205284569842e7e3c964109cf2cc132f34e869323094da4ed65a12228d6a6e4101be924fd597d11
-
SSDEEP
1536:Sqtk8hd8Wu8pI8Cd8hd8dQg0H//3oS3XGNkFSYfBCJisi+aeTH+Wf/Lf1/hmnVSV:S7oT3X/FjBCJi89
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 244 msedge.exe 244 msedge.exe 1276 msedge.exe 1276 msedge.exe 4200 identity_helper.exe 4200 identity_helper.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe 1276 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1276 wrote to memory of 2112 1276 msedge.exe 82 PID 1276 wrote to memory of 2112 1276 msedge.exe 82 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 552 1276 msedge.exe 83 PID 1276 wrote to memory of 244 1276 msedge.exe 84 PID 1276 wrote to memory of 244 1276 msedge.exe 84 PID 1276 wrote to memory of 316 1276 msedge.exe 85 PID 1276 wrote to memory of 316 1276 msedge.exe 85 PID 1276 wrote to memory of 316 1276 msedge.exe 85 PID 1276 wrote to memory of 316 1276 msedge.exe 85 PID 1276 wrote to memory of 316 1276 msedge.exe 85 PID 1276 wrote to memory of 316 1276 msedge.exe 85 PID 1276 wrote to memory of 316 1276 msedge.exe 85 PID 1276 wrote to memory of 316 1276 msedge.exe 85 PID 1276 wrote to memory of 316 1276 msedge.exe 85 PID 1276 wrote to memory of 316 1276 msedge.exe 85 PID 1276 wrote to memory of 316 1276 msedge.exe 85 PID 1276 wrote to memory of 316 1276 msedge.exe 85 PID 1276 wrote to memory of 316 1276 msedge.exe 85 PID 1276 wrote to memory of 316 1276 msedge.exe 85 PID 1276 wrote to memory of 316 1276 msedge.exe 85 PID 1276 wrote to memory of 316 1276 msedge.exe 85 PID 1276 wrote to memory of 316 1276 msedge.exe 85 PID 1276 wrote to memory of 316 1276 msedge.exe 85 PID 1276 wrote to memory of 316 1276 msedge.exe 85 PID 1276 wrote to memory of 316 1276 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4ff3d2b2b1ae1dbad47e043377d1945_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1276 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe33b46f8,0x7fffe33b4708,0x7fffe33b47182⤵PID:2112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5054628765079715625,13528342528636997910,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,5054628765079715625,13528342528636997910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,5054628765079715625,13528342528636997910,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:82⤵PID:316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5054628765079715625,13528342528636997910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5054628765079715625,13528342528636997910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:4956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5054628765079715625,13528342528636997910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵PID:2720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5054628765079715625,13528342528636997910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:12⤵PID:3492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5054628765079715625,13528342528636997910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:12⤵PID:4996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5054628765079715625,13528342528636997910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:12⤵PID:3216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5054628765079715625,13528342528636997910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:82⤵PID:2392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5054628765079715625,13528342528636997910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5054628765079715625,13528342528636997910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:12⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5054628765079715625,13528342528636997910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:12⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5054628765079715625,13528342528636997910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:12⤵PID:2428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5054628765079715625,13528342528636997910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:12⤵PID:2484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5054628765079715625,13528342528636997910,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2960 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2564
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3336
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2280
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4848
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c5abc082d9d9307e797b7e89a2f755f4
SHA154c442690a8727f1d3453b6452198d3ec4ec13df
SHA256a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c
-
Filesize
152B
MD5b4a74bc775caf3de7fc9cde3c30ce482
SHA1c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA51255578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD50c2b06e4240f20c5dc72e6a3b10c105d
SHA1905c24c425572d0d333d2cb8e2bcddb378d5833a
SHA256fe6c5cbe2cbd3fca1287c2d0bca809bc1a2fa443ae81f6b8913294be29ca506e
SHA512c108fb176788a0ffc66ba88f243941924f16d058b3b8410e8a1bea88668435acef9c36f0e3652741b4676172fd8516c6301e0e5ce5fe66d7dd1df1d6a3498cb9
-
Filesize
2KB
MD53c9dba7b6d230dfc4ee0421819b34c6c
SHA106d14e77f4d0430079e95b65a98596c3cf874189
SHA2567aa813a1895d8df1a053bdaafccdeb37785f0aac02e91ecb4feb0868cb742802
SHA5129e4da3f488a986e89a88e98831b38c67eb6e9b0bdb5ed4b9e72a2214a6b074723064f180481f4982acb93f9304b979a39aaa8eed2cd8266e4a251588da6b7006
-
Filesize
2KB
MD5f5f66832dc05a5d656622eb9a4fc6f8f
SHA1e84b950b2e54fbffd0e39b7b8f5a5b56bc06e3ee
SHA256e130702e39b3f8cdfc657a94dc74c5f5f7c78a7444197f20eb32e8888ff6fdc9
SHA512a71b48d068d2fbdcaedbc3c1bd30331520d3bf545e23ce82d5ea356bb4fda37e874b04f8e9e618a98ae5bad24b9773b426cf789026eb455084dd1ebe9595a6bd
-
Filesize
6KB
MD515d7530395c6ae13abd03f8cd9cf99a9
SHA1f7bbc0bdf6daf9358375334471f616d6d6844606
SHA2568c552c5b01d0efc88b65fafd6ced6fa0b4635c5a527ec35330abc0887f855755
SHA51292b241a904298fa2e4343f48c711aea224a0f664eb48306833a763d3c91f9cffc83ccee1535789b8684f68144e3454e30edca60c5a88bd30e8b34ab9cca20596
-
Filesize
7KB
MD5cd59bed9a6e4d5dacd2ad28062292e35
SHA19e6f60dc1e6906959039d52fdb96e8614b2c27be
SHA256af657a54f64aeec4ae47aa39b02998b76f34d69907387964be7ae84c00bf2457
SHA512aef01c344dc47f3bd6271092e4eb217c0e6587ae745c1eb73da3562e96c7d19c7ef3482399eceeb911ae725ffa53a501490a81cefc878355377fa1ff10b3f614
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD51d08f9dcaf3eaff86b3bccfa4399de85
SHA1df177288fe12c6a097e1e6498f45a2c890fc06fc
SHA256e65d0dd0dba0c8a913f39f8a832de690c43fb42002874fe870ce68dead62e6b5
SHA512eb37fba63e92a15cf18c891478b4ca1f40c24107038afd9c3058cec9c04402acde1214286de1669a60be3c2f2ec0271e4db5d6c52033d98896b043306070bf65