Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29/09/2024, 16:45
Static task
static1
Behavioral task
behavioral1
Sample
fef2c0544d5151f30e8d6d62a33e337f_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
fef2c0544d5151f30e8d6d62a33e337f_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
fef2c0544d5151f30e8d6d62a33e337f_JaffaCakes118.html
-
Size
176KB
-
MD5
fef2c0544d5151f30e8d6d62a33e337f
-
SHA1
40fb28c44df3a7ae74d659e14d3438f9beaa203f
-
SHA256
70d017d8248ebe44faca6efbcf7c59d6f26202aa309f1ada8a8c0b7bf4af380d
-
SHA512
a8f0dfb230aee409234ce111642ffce4e95eb96aeb760061ff467a48961277868edbb6fc8e940a524de073e84b83bf0727c6ce34412a00a5aa2344ab2054df61
-
SSDEEP
1536:SqtH8gd8Wu8pI8Cd8hd8dQgbH//WoS3bGNkFtYfBCJiZC+aeTH+WK/Lf1/hpnVSV:S9CT3b/FoBCJi5B
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4868 msedge.exe 4868 msedge.exe 4952 msedge.exe 4952 msedge.exe 3032 identity_helper.exe 3032 identity_helper.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe 4308 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4952 wrote to memory of 2992 4952 msedge.exe 82 PID 4952 wrote to memory of 2992 4952 msedge.exe 82 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4304 4952 msedge.exe 83 PID 4952 wrote to memory of 4868 4952 msedge.exe 84 PID 4952 wrote to memory of 4868 4952 msedge.exe 84 PID 4952 wrote to memory of 4396 4952 msedge.exe 85 PID 4952 wrote to memory of 4396 4952 msedge.exe 85 PID 4952 wrote to memory of 4396 4952 msedge.exe 85 PID 4952 wrote to memory of 4396 4952 msedge.exe 85 PID 4952 wrote to memory of 4396 4952 msedge.exe 85 PID 4952 wrote to memory of 4396 4952 msedge.exe 85 PID 4952 wrote to memory of 4396 4952 msedge.exe 85 PID 4952 wrote to memory of 4396 4952 msedge.exe 85 PID 4952 wrote to memory of 4396 4952 msedge.exe 85 PID 4952 wrote to memory of 4396 4952 msedge.exe 85 PID 4952 wrote to memory of 4396 4952 msedge.exe 85 PID 4952 wrote to memory of 4396 4952 msedge.exe 85 PID 4952 wrote to memory of 4396 4952 msedge.exe 85 PID 4952 wrote to memory of 4396 4952 msedge.exe 85 PID 4952 wrote to memory of 4396 4952 msedge.exe 85 PID 4952 wrote to memory of 4396 4952 msedge.exe 85 PID 4952 wrote to memory of 4396 4952 msedge.exe 85 PID 4952 wrote to memory of 4396 4952 msedge.exe 85 PID 4952 wrote to memory of 4396 4952 msedge.exe 85 PID 4952 wrote to memory of 4396 4952 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fef2c0544d5151f30e8d6d62a33e337f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4952 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff227e46f8,0x7fff227e4708,0x7fff227e47182⤵PID:2992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2683268943764693790,8130792016268194172,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:4304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,2683268943764693790,8130792016268194172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,2683268943764693790,8130792016268194172,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:82⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2683268943764693790,8130792016268194172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:1208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2683268943764693790,8130792016268194172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:3524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2683268943764693790,8130792016268194172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵PID:4560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2683268943764693790,8130792016268194172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:12⤵PID:636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2683268943764693790,8130792016268194172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵PID:3548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2683268943764693790,8130792016268194172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵PID:1444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2683268943764693790,8130792016268194172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:82⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2683268943764693790,8130792016268194172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2683268943764693790,8130792016268194172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵PID:4116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2683268943764693790,8130792016268194172,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵PID:3444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2683268943764693790,8130792016268194172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:12⤵PID:1476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2683268943764693790,8130792016268194172,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:12⤵PID:2220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2683268943764693790,8130792016268194172,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4308
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4472
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1568
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1760
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize360B
MD5c72f18306612a65d8e59fbe882ed6e37
SHA134a84944767e71e1599ece5bccb77d43c3078953
SHA256e023cf64c6d0608aef4a6a3b6e93f86aebe8a2b4d2c037ef7879f1d93caa9c83
SHA5128ea418a13bdc52371fe6579bde708fc639e80754b15741bbc426dc159d5ae4ceabe5e0055b1930283d8970aeecae29c4bcb6bd9a7baec0fb8e72bad51b1a5d7f
-
Filesize
2KB
MD54a2c3cd4588aa8aaa196a56bdbe29121
SHA1d5fe07d5e354cd3d09339a548e7f5e7803d05ab4
SHA25692e515f71e041a3bfc07c48c0b301c63e195ccfaa4d65e829b6fb567a8a1cf25
SHA512b4cea74da8a0922fa45c10f21bbdd1de98aa15e72b886b21664f26c308642f55fbe84247b788301c7810e0d43332306b56f736b366a4ca926829ea37ac6f6eb3
-
Filesize
2KB
MD5a12a7265de5568ac089e58ab4508a0b1
SHA198c313de0fa6783e9a3ff34d9cabb95de2671984
SHA256b9d0d7ea4c53694b96890802c7dacb06427ef3110b36ca82a05a90ff9bf606b7
SHA5125128022548f49a98b5cf8754943f5171411bc447b2e431dd102cc05715e705c04d1c62a3676d7924ee3896605f71a37a04f9bd51e4148edbc3f3dd36f73d76c4
-
Filesize
5KB
MD5775606ed0209c7bfd90843a994827220
SHA18f1798ae474522de57b6236c88fcc43e6d0bab58
SHA2566cddfdee0d42b903400b3163e2d87f7bacbd360de526c233e2dc95435f9a2d8a
SHA5127cdc58a6b6153b5e44d8fc96b20c3d7949912d2ae7ed35c2e99feeff61237964e4a9572d0d50603fe7ba4aa100972dcff921ad442b52d9e052e1a538d5fda427
-
Filesize
7KB
MD5697085cf859dd1f5923c37edbc4b750f
SHA17caca439378959963b897b894a0f56cbc8952e4c
SHA2565baba7be5628a974acfb6f7ef9b09d3431f1f903963d9eeaa5693b5bd035fbb3
SHA5123572df7f7a3677cd1dfa7f582b78e8ea2a6d1f8047da394d052578c8e30d065091c2a6a40e6d0de57cc3935be7fd079d33151d74f8e62c73fe60a5511c8a26bc
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5cb5524b813c588b5961f38b7c2fdd81f
SHA12df13c53ea366c1a071101497c448ddc10936e0c
SHA2561049f33aaf0e9ac689f2354885dc4e4716c4193c710e0a9adbb1dcbbcb81c20b
SHA5125305995822a25346275680fc2d99936b3473d585fc5af8975fab717f8ef730ac57d5ba8c8882bf6a3d7a6976db8f697601529fc673e01c96a245d2ae900211e9