Analysis
-
max time kernel
119s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
19-09-2024 06:20
Static task
static1
Behavioral task
behavioral1
Sample
eabf8fcaecb99beca5a5ffe33fbca5c9_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
eabf8fcaecb99beca5a5ffe33fbca5c9_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
eabf8fcaecb99beca5a5ffe33fbca5c9_JaffaCakes118.html
-
Size
6KB
-
MD5
eabf8fcaecb99beca5a5ffe33fbca5c9
-
SHA1
ac64366148dd23b0279ddd45386ca202fe4d7bfa
-
SHA256
92f9c0302644c50876c4905bba8fbc73000535fe9ff589bbcd94fe0db5fea060
-
SHA512
2830d1fb1cdba5a69090d0dc9ec698c55dc783dec717011625a96afcd715cbc536c7c0be2dc97d1af2ef8af07ea37a4508d29fc0891323dc2a97bd5697381cea
-
SSDEEP
96:uzVs+ux7VHyLLY1k9o84d12ef7CSTUnZcEZ7ru7f:csz7VHyAYS/+b76f
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000e95d089b35335bcd1ee67aaadbddc2df3c521e19f5bcae55c0108f9d4fa2c619000000000e80000000020000200000000476ea3205383256f31090e5a08699dcfe5b78761bccfd8329c864fc7e133aff900000009c2776cdeb2b470443153bbf0d0587e258c76d32a521dcd9e4045268b22b40c791485736b5a1050a1a23ef65752c72bc20fd9eca43579e86b8c2ebf3ecaf57474a2278fe1631cc1a4e548e68aebf0f0c55e5a6f84191d518c5d08c79d4f398d74b560c0340770d89b0c9faa320f47c120f9e0bcdce0baa3c9625e6b8953221ac97febb2f8b6dc79a2b572e0a131663e040000000c9e81df418f63bdd1340315981acfc98025d84becfafb343f083854329e4d15d17a36763f8c4f0c322da341bbd5b5c9686ad536db71d479d7e4ff18c88ef994d iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432888686" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000ff45d1585c7aaa6538be00a3c2013429fe764d55338dc68d1126d3b1ad765733000000000e8000000002000020000000cb5ee3c2a756da81197a5a56165ed200fe8fe1f16988d3be08575f64f6020e68200000001f72b45895f1a3550867960d7b5af728c6def9b3036fa0ab61ec89cd24c3d0e8400000008fd8e2d81360ca015e5a5594d4a9da46c5190bed469a9063447689258e09528ceb566aa66565fe23154dd29a1b203430dbe0de9643ec8a884b4e18733f223bd0 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 706f5b135c0adb01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3E61F5E1-764F-11EF-8DAE-C28ADB222BBA} = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2704 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2704 iexplore.exe 2704 iexplore.exe 2680 IEXPLORE.EXE 2680 IEXPLORE.EXE 2680 IEXPLORE.EXE 2680 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2704 wrote to memory of 2680 2704 iexplore.exe 30 PID 2704 wrote to memory of 2680 2704 iexplore.exe 30 PID 2704 wrote to memory of 2680 2704 iexplore.exe 30 PID 2704 wrote to memory of 2680 2704 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eabf8fcaecb99beca5a5ffe33fbca5c9_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2704 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2680
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD563a79bc546d191d034857bd0e0608d8f
SHA12b54e748d011d0f88a196275e4494eab6a05f981
SHA2567352827bdc78b6eb4b5a2e355865f2362050456366677c4379472fff27903cc8
SHA512ee560ec543c7de16264bbde7be8367ef342cb9b6cc739cfc688547332aab0c9fbba6c9ca1408804d8c7409e839ef024fe9ce67781fc782021c644c25a8619834
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54394898bf44cb6b329aab9a223a1b974
SHA1478f8405e6f8d8b025140682453b02ba5a89f191
SHA256784353f809d40e3e6991f6364754b78574f0ce327b3cec1fd8364f0fb81ed9ea
SHA512f3cd5544c18f778401a9f2ca63f2afdedd4d8e3938cdb8ff8338744f7a1a699b85c8d578a4c8853361c5a515a0ec7c7c8b88a8363d1c388f0662e7fc753fc7e6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55d6d9484a739aac19669c40027ef4f59
SHA1e3fd7e3cfa9472103f68231f51368a368c6b7b00
SHA256b92b97e42c8510356fa762d88c99b3732da62b7c8d5f19cbecf11c883b4e6840
SHA512842fef8f6914ae9c2b330e07eb0ff2946cd07a2e3eb897e5fb8d278349a6dcc69bdade164d103e44e7354b8ec8794bba45a23d84b258b6bc6d0460140999b394
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD511b20dee89ab6ce37b1049c29f1c65de
SHA18c0939dfc1485aa2159bba5bc8ea4e9e9af34648
SHA256c3a4c6fea04c9b746e666480abd0f9bae4e7aa1b3e45aea40a67e4b2c93e5e15
SHA51213dedf0214391bb5a3d6bed462d38cced37288953acb56c8cb545adb68f54489cd7c7e39823dbbf49e4cfdbc84f42c6e5c72a8f14357721157c2d1d4d56e5101
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD537d612661e65ff647dfd1c257fdb4d02
SHA154cf5ccc9e8c8d1f76bb6a85d890127b0d4a1c6d
SHA2566e8fdc16cab780ddb8a0bef77a0df621a6866740583ee5c0b7df5e799e53aef0
SHA512134ac8131c7efde6a15dcc98247fbd4078f1c9ba7dcac1c22b17b073bc92ef0ff6dc0bb6baa0f8fa80afc77986e46354ff207844a6e8e78d0e2910e0fcec7562
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53fa6c8fe4a54f5c9c61059a78f385c4f
SHA15914ffde158dd8a063d659299949c449238da437
SHA2569f188995078d05fed1b3b5924a1093009ac9358dbb1f10cae988bc993d2c6d62
SHA512ea14809b9176702c0ff990b9f12f87aa8ef7b8d9fd8ce6572d09c811eb080546424ee38ff2d9d3d7b9d658a0f99d1c5cd81e1ed026ba853997d113fc691eaa36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5de894f41a8eaa05cdebd07914c797bff
SHA116fc9a1679a95c9111386f3d4a19309095993439
SHA25614174dda3a936b7e01e495629c08472aa6e67c8aaf238db29985be9c9ea67dd8
SHA51261224b85bd35cceefd45363395cd3f2d6d8bc36890cdb30acfafd7f9c98183e45f1d42334706733395444969d1f2be4065510682cd6c49af921fc46094f195ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59edfc576e8425cd9bfc00302d532aacd
SHA1e79669be104b350a92b403a85bf23383b943711c
SHA2564ff3a8500f0d3578b71bcd17fa02b7f094439cfa28a087007ee2f0f04863b6ba
SHA5124d1e709e0a5f2654781837ed5f7ea8a4fb4f53d029067acb386a862a914804747514a0054e47344a2250df8f900fc8b055956f6ea1423b845cfc758a191a3675
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5728ae35f0753f953239494fcf8b14760
SHA1c79708b67ac8dd2a8d8e1c8483b3f37dc112f701
SHA256315658f1f559a6c7205a2ef98d48013a6755ebb35dd4a57334fef1ad4c4157db
SHA512aa80578cc7064ceb117c48ae9f6e472e20294557c49c58e5debe5c8f2045f023cd80ddbb636a42e26f49336721e3c9cd251ab1c286b468a770fc04912a01a1a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e4ddfc89a880410812b464bfaed6a7e5
SHA15b4e843fdde3cba641cef63c347e9afc9514a2d3
SHA2565d756dea290e520303ff67ebfe842fcd1bdae07e311b1735dd9e513b5b4062cf
SHA51245c4e60f5701e1bbb3d7fa234947ca994c51be4726a2cf274102c3f3a8a211c2ce1ad58769a91ee6ea91105fc423b246001491d4a4a071bda4494b2286a91860
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57da7435d35807275c564e02c1ac538b7
SHA1736f30a058ee576f08724456286579e619a61dd8
SHA256f1fe0a244d2812d6897030dbba5167da7066dd950dae499a84a4e951aa6580a1
SHA512853a241765a9aeaa494b1eceb257f7cff1528672c3e007a5b02fc207fce51933c4f586f396c4b043b1be10d17767dba35877369c4d860f4dd2df397b76ed4cd8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51f9652330efa4fe7cb5bf4d06ef7af07
SHA15f1fe1ae2f40d914ad5236633089dc3e0b8000f0
SHA256f3f667832c817a71eb03db96d8e5ed1cca447f4e3dc93a64112cd5a53f029e8b
SHA5128f4012d01554d53f7c48e7ebc16035b6fdf8ef072cf2cfc617fde4cf4f51fbd58cad43dd138dbe9f03233bd47f8cde119f2c839b585f88c39b168541ebc62766
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD571bd03d5d5b36a896c0e39cc9db2d2a2
SHA1e7eb98d7f3d9242515c59e419f779ee22a60d2c6
SHA256cf1342503df86534d0ff009e124e46cfff68965209d68cb81ade732424fc55f9
SHA512e25f8701d79efddbbcf99454778dd4abefc169519aa71fa7168840cb55cc4dc169b204034c85718b4c7e02556353e20596135c788236470401bf6c50b816cbcc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c2bf601cba707190183997f5f3066d96
SHA1c22c68ad0c5596de34f30bb0966cee30e6f71f91
SHA2566108c2610b0ad5e7c7acfe4acd7b2beffdac293d6471abefc9442b41e941f9e4
SHA512591087575fcef380f7cfe31c4843fe28201e2ef8c866d93bd1a85a9aa0d1a8b16e407a33c0e89a503f32065ea0fcde46db4731112b9540d5aa16f536fc4e6a0a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cb57128a5522ba065fc79e49005b0943
SHA1e914957592f8d6b0aa3d1dfd32fc88a0a69592ad
SHA2567bb24f1552b016371e8df21163dbea25760093c05c3c5a22589c0e6b8e3c43c6
SHA5127b903b4f3b25180a88232f0fa1eb8821d1731cd5af3853607c7164a938caa45e1f39e21a2bd14e793967368180557af1dd914d7d90ab68138a8e50370622c9e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dcb69cb0d71696a4a6cf288ecb21a41c
SHA10add41f05877bcaa7f5d03be82acf8ccf4657cd8
SHA2566b8d98ee478fc9c12ed803e4f75d17e19afeb1e9e1d8aebc048f3e5d842c7793
SHA5123c40331efcfdfde5b6edde0c6c1eeb0d35099d6ac6b4af04a7dde123782760310375e6d8958ffcb006eb8b7bb47449fb1bb0bf85d573297e0d057d0ca485f8f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ea06a88a4473374b014ea38fde5c1cce
SHA11d794c34f7d720a103028a648befdc094179bd98
SHA25622245c5a06d9819eda781647c6062fd19f084d624c344d61d3ba4c5ea7844ba7
SHA51252607944d8852f1ba349507236baa9db24e1e1e3338f2d487c6d02accd32f5744846cbc0d16420b7ee2a7bf2fd321e9022451e160f493c96ef3449e297c19a63
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d922c21e5b1db79be8e9d9cb2760cf27
SHA198fb9c6e4f5a68f9859bf472c1b49a99d373d550
SHA256721f7bb57278268d6efecd2529e64ac6d8e17089739d738978a3b07ebd0993ab
SHA512d4308b35b16fb56c7d35cd8aeee888d4c918baa3f135362562a006361c4709cbc9a71711c030c4d5c17f6d16754b3ef101979c11b993224bc721f4c1debd6891
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e12d0175dfe7a67e885ccd3c6ae49afa
SHA157cc58504e7ae7873c8f09599bd4824b9a10666f
SHA256ff7191789ae1cf71d8d6856981969338023a2a34982b16a524c811fc74d9d910
SHA512f9d7a6dc8366b478fdda65f460942e8c12ff524aef3a43c7aa31024ef0490350f00af77559bdbfc76931d77c3400a8d4457947d6de146df837814204b7a6e58a
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b