Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
26-08-2024 18:55
Static task
static1
Behavioral task
behavioral1
Sample
c39e50db7bba6d5e7f8d1a591c30c453_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
c39e50db7bba6d5e7f8d1a591c30c453_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c39e50db7bba6d5e7f8d1a591c30c453_JaffaCakes118.html
-
Size
54KB
-
MD5
c39e50db7bba6d5e7f8d1a591c30c453
-
SHA1
481b2fa24dd41f41d9fc7fd63fe24611ab26ca7d
-
SHA256
24d04be48b29e48a80f8aa38785280974026a204a70651ef10e33a3b47539c0d
-
SHA512
6ef22ed7a2cfb1acab5c1e9f9a5b6af3cabd714a7f13f170cff5234f0296a5404f40c215d6324bff19b39b1fac438d2d92146e63c21f3247c449e101641c74db
-
SSDEEP
768:xACNXPIpB3Jgt+fl5FQijPXncxFfkRNbeKQq7lq2SfH:xAGIpB3Jgt+fl5FTjUJYF7lI
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2076 msedge.exe 2076 msedge.exe 4844 msedge.exe 4844 msedge.exe 968 identity_helper.exe 968 identity_helper.exe 2956 msedge.exe 2956 msedge.exe 2956 msedge.exe 2956 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
Processes:
msedge.exepid process 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4844 wrote to memory of 3408 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 3408 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4044 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 2076 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 2076 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4100 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4100 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4100 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4100 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4100 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4100 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4100 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4100 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4100 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4100 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4100 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4100 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4100 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4100 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4100 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4100 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4100 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4100 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4100 4844 msedge.exe msedge.exe PID 4844 wrote to memory of 4100 4844 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c39e50db7bba6d5e7f8d1a591c30c453_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4844 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7fdc46f8,0x7ffe7fdc4708,0x7ffe7fdc47182⤵PID:3408
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,9581478713306687229,13003013671525059319,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:22⤵PID:4044
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,9581478713306687229,13003013671525059319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2076 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,9581478713306687229,13003013671525059319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:82⤵PID:4100
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9581478713306687229,13003013671525059319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:5052
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9581478713306687229,13003013671525059319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:4452
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9581478713306687229,13003013671525059319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:12⤵PID:1224
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9581478713306687229,13003013671525059319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:12⤵PID:4152
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,9581478713306687229,13003013671525059319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 /prefetch:82⤵PID:1240
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,9581478713306687229,13003013671525059319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:968 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9581478713306687229,13003013671525059319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:12⤵PID:3060
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9581478713306687229,13003013671525059319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:12⤵PID:5116
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9581478713306687229,13003013671525059319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:12⤵PID:2568
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9581478713306687229,13003013671525059319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:12⤵PID:1752
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,9581478713306687229,13003013671525059319,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1876 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2956
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4724
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5076
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59b008261dda31857d68792b46af6dd6d
SHA1e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA2569ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA51278853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10
-
Filesize
152B
MD50446fcdd21b016db1f468971fb82a488
SHA1726b91562bb75f80981f381e3c69d7d832c87c9d
SHA25662c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA5121df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31
-
Filesize
21KB
MD5c3a1bf5fbff5530f55ad9f9fa464f25c
SHA1449a621b775cbe1d3ab69c54a0e18c0ccf6d6caa
SHA2564ea6b3a39d794db93d1084770cc340272f8e5ffd5cd8d0c05c1f5841e5dc13e0
SHA51275aa617b33be2eabe9f67166d14939d58abdb2396b9911dc7ba612130d2ba9adfc90a3cc9b6de4dd6cf8731c90f2ca74b7f9cfaf4a9d0bcbf90d03c907e45a54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD57ede366b69661635eca0f8cdd8a0d96c
SHA1a3b3ea4140f7651814357f04818d8d4576941420
SHA2568e0132891bdd8f7ba996fffd17984ed9d9bf46c64dc36c6ca0bd329bf16c8bc0
SHA512b77da68bdc63fc125b462a9fe23f2034eee3ce00e6c0b9e15e00a7d85d525b9b6f62053021527c742d71d8a095e9da9b02159aa28a74d026a3c0e7caa83d6382
-
Filesize
1KB
MD5a8586f00b1826cbd0db132cb9f0ef880
SHA168f3941ce8f7acb67f4a020fbb425b6066c3ace3
SHA256ab3560f778304dfe68c6c5fa96eb4c5c9a344becb1e7e1e02b1bcd6dd91231b4
SHA512ee60f029e5ace3c337c58c88d97e0e4de7a40ed816c9cc7a6425affe59f05ebcc599394919dacd2532b8684668f15e57eedf6ea713835f1e6c24ad705c345ffb
-
Filesize
5KB
MD52f03b90d0dba19da481459b2f1fb286d
SHA1d97388f56789fab3892f729632b67fd62014c972
SHA2564cfc0a6144ef2e024e42d9a8787a26dace07df1277f5bad3cbb15c8f00c04939
SHA512ae8b4a3d27568785389006c702c2c39c26c40da6c9e0a7bf1e1759debcbbb12ab475484040db16b0809cc61a2b4fe3e19c342bc343be82e70357d0a64182aceb
-
Filesize
6KB
MD592c238a9c0363f98434401347d02b813
SHA1f40fb35d050a651289baa756384cd979d3e136ef
SHA256c52d1dc9db64a627b0ee747891aff0a5d5ee9bb2fba75cc54a34f7f7bd48e413
SHA512cb908574a795b1f58a3f52b4a9a7e4ee21dd0239a2582d09cd2c387ac3811077c5a9e534fc77ca0c90b63ea9e37bbeecd5d5ef0c5c4645fd8a3ab09acdb756c0
-
Filesize
6KB
MD57cd3fc39f252697c71d07e6ee45fa5a5
SHA1782ce06db344c4ca7e88d95521448f1c6b2e2942
SHA256e2a40720d1f59c1fb7b87bf1f2da60d03a65814441550d14091cc257e42856f7
SHA51278bfc36db4f881b0c2f54e279d8e9548d4c0183ef299a0da884e8a4661bcbe9994618dd501ef33219cda1e5328a733441fa1f86d9d47720a4b2393285514af94
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5c5c2d401d8332852262fcd194d5b910e
SHA1d68dd9ef86b815402bec3383fac7ed86c5d86a37
SHA256c8388b773a02af3ee3d89ac3c591cdeb4e1ecc89a45b03fa1f4d9c51471b7865
SHA512dc296e4793b2168432b8193b36e4036b896d02b176dc0139d113b30bf59b40b16456f2b0b3174623a8448031036bc321ba62daea121db156368292a7d06d79da
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e