Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
13-09-2024 17:54
Static task
static1
Behavioral task
behavioral1
Sample
de9bf212a234006bf2132134da73c758_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
de9bf212a234006bf2132134da73c758_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
de9bf212a234006bf2132134da73c758_JaffaCakes118.html
-
Size
6KB
-
MD5
de9bf212a234006bf2132134da73c758
-
SHA1
bea5af33dd32b9a70a69a1222c33d057c359481c
-
SHA256
b06b3da33aef638b40e07e54707c12e915e12ef182f97422a910b70beee14e9e
-
SHA512
c20c1e049d54d8337c4337d2c8f885f7f02cdb7dd8122c36ba75d317589a8672b41c26b187d637a53763663eea09ff9ddbbaa538ad6618c8333114e38cf1ca42
-
SSDEEP
192:yv/qROy5T8KLznu28Pe9nc7nVO0laYe2L/:b957meFc7nV53
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4004 msedge.exe 4004 msedge.exe 4420 msedge.exe 4420 msedge.exe 4028 identity_helper.exe 4028 identity_helper.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4420 wrote to memory of 3372 4420 msedge.exe 84 PID 4420 wrote to memory of 3372 4420 msedge.exe 84 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 2244 4420 msedge.exe 85 PID 4420 wrote to memory of 4004 4420 msedge.exe 86 PID 4420 wrote to memory of 4004 4420 msedge.exe 86 PID 4420 wrote to memory of 3484 4420 msedge.exe 87 PID 4420 wrote to memory of 3484 4420 msedge.exe 87 PID 4420 wrote to memory of 3484 4420 msedge.exe 87 PID 4420 wrote to memory of 3484 4420 msedge.exe 87 PID 4420 wrote to memory of 3484 4420 msedge.exe 87 PID 4420 wrote to memory of 3484 4420 msedge.exe 87 PID 4420 wrote to memory of 3484 4420 msedge.exe 87 PID 4420 wrote to memory of 3484 4420 msedge.exe 87 PID 4420 wrote to memory of 3484 4420 msedge.exe 87 PID 4420 wrote to memory of 3484 4420 msedge.exe 87 PID 4420 wrote to memory of 3484 4420 msedge.exe 87 PID 4420 wrote to memory of 3484 4420 msedge.exe 87 PID 4420 wrote to memory of 3484 4420 msedge.exe 87 PID 4420 wrote to memory of 3484 4420 msedge.exe 87 PID 4420 wrote to memory of 3484 4420 msedge.exe 87 PID 4420 wrote to memory of 3484 4420 msedge.exe 87 PID 4420 wrote to memory of 3484 4420 msedge.exe 87 PID 4420 wrote to memory of 3484 4420 msedge.exe 87 PID 4420 wrote to memory of 3484 4420 msedge.exe 87 PID 4420 wrote to memory of 3484 4420 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\de9bf212a234006bf2132134da73c758_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4420 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba9d046f8,0x7ffba9d04708,0x7ffba9d047182⤵PID:3372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,4387796556091628066,15569573600062165195,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵PID:2244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,4387796556091628066,15569573600062165195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,4387796556091628066,15569573600062165195,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:82⤵PID:3484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4387796556091628066,15569573600062165195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵PID:4100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4387796556091628066,15569573600062165195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:2444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4387796556091628066,15569573600062165195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:12⤵PID:4264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4387796556091628066,15569573600062165195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,4387796556091628066,15569573600062165195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:82⤵PID:3992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,4387796556091628066,15569573600062165195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4387796556091628066,15569573600062165195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵PID:2720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4387796556091628066,15569573600062165195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:12⤵PID:2428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4387796556091628066,15569573600062165195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵PID:3492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4387796556091628066,15569573600062165195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵PID:1496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4387796556091628066,15569573600062165195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:12⤵PID:1392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,4387796556091628066,15569573600062165195,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5068 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1136
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2012
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4644
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59b008261dda31857d68792b46af6dd6d
SHA1e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA2569ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA51278853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10
-
Filesize
152B
MD50446fcdd21b016db1f468971fb82a488
SHA1726b91562bb75f80981f381e3c69d7d832c87c9d
SHA25662c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA5121df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\35c59e70-7da4-4775-a851-7a28fb7cc279.tmp
Filesize1KB
MD5a30b2f4b41f1c19da05f61c26a29c1b9
SHA1f303fd9b215f257eb3e36d8243ab366790c74c3f
SHA256bec3c5701275a4ce665c353993fb4ca982a99dd3239794e50b564758d64dc870
SHA512f8a1cf17e0abd64ce80816db5d7f4cdc7cd61d5a346589f54dcdf400e6673e8623d452d35a31b2940581b0b945cf9f237e00b2d872f599978d4f8f89097f2cb4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize360B
MD5b3e386237ef8ca88183d6dd8faddb80d
SHA1f7c92f9137aba99db979b8b334251df581ec21a1
SHA2563ebec449af05738c050a8867e9963cf61d7b51315690fa085c356d872592a6c3
SHA512bb6dac0804401bf7e53dc1e0c6e786aee14cccf306f8c05b486b792f45ffc663df5d6d554e62e12a7a7b15e8ab234c63e6efdd6d885453d84090d2959e3aae7c
-
Filesize
5KB
MD5c586fff0dcabd2220debc4dca6ea2ae1
SHA19f8d72ce37f28bdaa5900eeaa646d312f7d02233
SHA256dbe1bc4f3cf8b35d888e769119a735484e8e7fb2aaca29d3a684239e9a60b981
SHA5126f46f5b8b86f371cad0857f491b5e13bd854cac53d8c80e6cd18c6332e112b5b712314e6c940217ac654f68362232b342a22ea4cb993b1ffa44798b9e0dad8aa
-
Filesize
6KB
MD5af062f764952562af6b690a6cc6626b1
SHA1043315d0488edef028c49af9dc0a24f79ec9d8d1
SHA256f2ab08c03d28a41f7288644b2a6232b71016be90cc37491ca44e162e957f9fe8
SHA5122ebea76b03329b7be972cb392ad57ad1dd62a8c0b0f18abb9643619ec1b48407875e159ab612313276b42691d4a914096a678e826a40dda444fc6ef796a42fce
-
Filesize
370B
MD54671452810f9f2da272041e29fba15e4
SHA194368b171621c491487c9345a60e7b93bc198e7f
SHA256a5f269fd4ac1147cf66dbf673e82e49e6d5115706048fa31061af02c583b8c39
SHA512306f14779ae474850b3fa29c43e702a73f81e2b555fdee6c35c59f22d7b384be953c89e0d7f1f46ce0922bdbc8fb8853d343ac27296d41450c9199687148f350
-
Filesize
203B
MD579d5ad9c278518bd989ac53c14d32369
SHA1b23bb463c4ccaa6c488036fe11dca1b31a123588
SHA256df6d600da7d13139a21e6a118414a47b0882f4b9c80f2b99e14520b8a45f5f05
SHA512ef3a5230bb26eb9113d22d477d6fc3984ad579f049966a3ec93234e471269da02359fd5c3112e79162827694c30581c50da48070c8458ab3329256962dedf5db
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f329175a-3cc8-4ad4-984b-a1b500db8819.tmp
Filesize6KB
MD5c45cb51791e9427bf2c3c687c8f76b04
SHA1a5b3b599512e422a8e77c92afe74ae8eb7a10d17
SHA2561e21e4f7f2e966c6817225a25f52e509cbb7aa36b83edd6ecfef0c658dcf773a
SHA51214df08ebdc45482d193bbfc180bc03d5bf8746302eeff9cfd672d0d6b386eca5ad8effa9281b1094d1dae67c43439541175f8ad13c37641ea382f105640e0d03
-
Filesize
10KB
MD596d7266cf052e269728580059a96f1e5
SHA1beb6524fa7bac44caa7546ae4e5a58ffd29529e6
SHA2563efba131203b2cee454480840f0a20c2c290cd4ab1309bd7f4fa357ee82f00fe
SHA51282ed64eea35d5c8c4aca71ad901da217ab04fe9df0bcb27483c8622231eb7acf23185212e8212b71f23f8fa19f73eb3b6cd71e246d2258104942080bd0e26c7a