Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
10/08/2024, 00:14
Behavioral task
behavioral1
Sample
841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe
Resource
win7-20240708-en
windows7-x64
15 signatures
150 seconds
Behavioral task
behavioral2
Sample
841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
14 signatures
150 seconds
General
-
Target
841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe
-
Size
326KB
-
MD5
841cb772ed5e46e1e187fd2e34f95110
-
SHA1
2c79f894fb1142bb6906c1639b355457e47cd8ba
-
SHA256
7a993b8cc6a588035b80f56de898fa7a9600a6d30152cd2ca96cd1f9fc612582
-
SHA512
f83bfca0dbdd979ab382f5b374ada0142c2948b45b264f878830b61045dee24bd8912c281ec612f4b4d0f80456f4cc654da06d86ffb5eb907f7c190ec2922331
-
SSDEEP
6144:+cM5DWnN6aAW/2kXz20ckY+NIMZKHuW9KQwY:ZM5DSN6aAH0XNed
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4544 lsass.exe -
resource yara_rule behavioral2/memory/1732-0-0x0000000000400000-0x00000000004A2000-memory.dmp upx behavioral2/files/0x0007000000023470-5.dat upx behavioral2/memory/4544-8-0x0000000000400000-0x00000000004A2000-memory.dmp upx behavioral2/memory/1732-7-0x0000000000400000-0x00000000004A2000-memory.dmp upx behavioral2/memory/4544-23-0x0000000000400000-0x00000000004A2000-memory.dmp upx behavioral2/memory/4544-24-0x0000000000400000-0x00000000004A2000-memory.dmp upx behavioral2/memory/4544-25-0x0000000000400000-0x00000000004A2000-memory.dmp upx behavioral2/memory/4544-26-0x0000000000400000-0x00000000004A2000-memory.dmp upx behavioral2/memory/4544-27-0x0000000000400000-0x00000000004A2000-memory.dmp upx behavioral2/memory/4544-30-0x0000000000400000-0x00000000004A2000-memory.dmp upx behavioral2/memory/4544-31-0x0000000000400000-0x00000000004A2000-memory.dmp upx behavioral2/memory/4544-32-0x0000000000400000-0x00000000004A2000-memory.dmp upx behavioral2/memory/4544-33-0x0000000000400000-0x00000000004A2000-memory.dmp upx behavioral2/memory/4544-34-0x0000000000400000-0x00000000004A2000-memory.dmp upx behavioral2/memory/4544-42-0x0000000000400000-0x00000000004A2000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\configuration = "C:\\WINDOWS\\configuration\\configuration.exe" lsass.exe -
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\x: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\a: lsass.exe File opened (read-only) \??\e: lsass.exe File opened (read-only) \??\p: lsass.exe File opened (read-only) \??\e: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\n: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\q: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\r: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\v: lsass.exe File opened (read-only) \??\b: lsass.exe File opened (read-only) \??\k: lsass.exe File opened (read-only) \??\n: lsass.exe File opened (read-only) \??\o: lsass.exe File opened (read-only) \??\b: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\h: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\l: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\p: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\q: lsass.exe File opened (read-only) \??\a: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\k: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\t: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\g: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\m: lsass.exe File opened (read-only) \??\s: lsass.exe File opened (read-only) \??\y: lsass.exe File opened (read-only) \??\r: lsass.exe File opened (read-only) \??\i: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\o: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\y: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\i: lsass.exe File opened (read-only) \??\z: lsass.exe File opened (read-only) \??\z: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\j: lsass.exe File opened (read-only) \??\l: lsass.exe File opened (read-only) \??\x: lsass.exe File opened (read-only) \??\g: lsass.exe File opened (read-only) \??\h: lsass.exe File opened (read-only) \??\t: lsass.exe File opened (read-only) \??\w: lsass.exe File opened (read-only) \??\j: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\s: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\v: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\w: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\m: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\u: 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened (read-only) \??\u: lsass.exe -
Drops file in Windows directory 12 IoCs
description ioc Process File created C:\WINDOWS\CIDD_P\lsass.exe 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened for modification C:\WINDOWS\CIDD_P\lsass.exe 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened for modification C:\Windows\CIDD_P\41646D696E lsass.exe File opened for modification C:\WINDOWS\CIDD_P\41646D696E\nfie.dll lsass.exe File opened for modification C:\WINDOWS\configuration\configuration.exe lsass.exe File opened for modification C:\Windows\configuration lsass.exe File opened for modification C:\Windows\CIDD_P\lsass.exe 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened for modification C:\Windows\CIDD_P 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe File opened for modification C:\WINDOWS\CIDD_P\41646D696E\br.dll lsass.exe File opened for modification C:\WINDOWS\CIDD_P\41646D696E\nam.dll lsass.exe File opened for modification C:\WINDOWS\CIDD_P\41646D696E\clm.dll lsass.exe File created C:\WINDOWS\configuration\configuration.exe lsass.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language lsass.exe -
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Use FormSuggest = "no" lsass.exe Set value (str) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FormSuggest Passwords = "no" lsass.exe Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 explorer.exe Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Main lsass.exe -
Modifies registry class 38 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 50003100000000000259596e100041646d696e003c0009000400efbe025988630a59cb012e00000068e1010000000100000000000000000000000000000002c69400410064006d0069006e00000014000000 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\MRUListEx = ffffffff explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\NodeSlot = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ explorer.exe Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 7800310000000000025988631100557365727300640009000400efbe874f77480a59cb012e000000c70500000000010000000000000000003a0000000000f9f6d80055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 explorer.exe Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\MRUListEx = 00000000ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 50003100000000000259a66510004c6f63616c003c0009000400efbe025988630a59cb012e00000086e10100000001000000000000000000000000000000795a34004c006f00630061006c00000014000000 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 explorer.exe Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ explorer.exe Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 56003100000000000259886312004170704461746100400009000400efbe025988630a59cb012e00000073e10100000001000000000000000000000000000000a10bcd004100700070004400610074006100000016000000 explorer.exe Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 = 4e003100000000000a59cb01100054656d7000003a0009000400efbe025988630a59cb012e00000087e10100000001000000000000000000000000000000a7d74d00540065006d007000000014000000 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 = a6003100000000000a59cb0117003834314342377e3100008e0009000400efbe0a59cb010a59cb012e00000068340200000008000000000000000000000000000000a7d74d00380034003100630062003700370032006500640035006500340036006500310065003100380037006600640032006500330034006600390035003100310030005f004a006100660066006100430061006b0065007300310031003800000018000000 explorer.exe Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags explorer.exe Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = 00000000ffffffff explorer.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4168 explorer.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4544 lsass.exe 4544 lsass.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4544 lsass.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 4168 explorer.exe 4168 explorer.exe 4544 lsass.exe 4544 lsass.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1732 wrote to memory of 4936 1732 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe 87 PID 1732 wrote to memory of 4936 1732 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe 87 PID 1732 wrote to memory of 4936 1732 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe 87 PID 1732 wrote to memory of 4544 1732 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe 93 PID 1732 wrote to memory of 4544 1732 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe 93 PID 1732 wrote to memory of 4544 1732 841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe"1⤵
- Enumerates connected drives
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1732 -
C:\Windows\SysWOW64\explorer.exeexplorer.exe C:\Users\Admin\AppData\Local\Temp\841cb772ed5e46e1e187fd2e34f95110_JaffaCakes1182⤵
- System Location Discovery: System Language Discovery
PID:4936
-
-
C:\WINDOWS\CIDD_P\lsass.exeC:\WINDOWS\CIDD_P\lsass.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4544
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4168
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2736
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
326KB
MD5841cb772ed5e46e1e187fd2e34f95110
SHA12c79f894fb1142bb6906c1639b355457e47cd8ba
SHA2567a993b8cc6a588035b80f56de898fa7a9600a6d30152cd2ca96cd1f9fc612582
SHA512f83bfca0dbdd979ab382f5b374ada0142c2948b45b264f878830b61045dee24bd8912c281ec612f4b4d0f80456f4cc654da06d86ffb5eb907f7c190ec2922331