Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2024, 23:30
Static task
static1
Behavioral task
behavioral1
Sample
3c9a494d25cd1fcfe2c32d08b2e122de_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3c9a494d25cd1fcfe2c32d08b2e122de_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
3c9a494d25cd1fcfe2c32d08b2e122de_JaffaCakes118.html
-
Size
73KB
-
MD5
3c9a494d25cd1fcfe2c32d08b2e122de
-
SHA1
0f6d630ea6798e8f91de7c922d20e41bc7cb3ae3
-
SHA256
ad183f0d8022534b09def8dc6bb480e844ca8337aa73698903bc111034a73ed2
-
SHA512
d117ce3d44efc94d7da9a439ba3e40c8d24333549c01812029091bb9fb2deca0b9c6ec6df684dcee3d7d7b26b4b4c85e1f4874804d47a03286f6982a895ed9ee
-
SSDEEP
1536:sBYyDjBUUNmLX88JiNBfLRBxmOGantoya1vP7:UYyOJDantoy4vP7
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4624 msedge.exe 4624 msedge.exe 2500 msedge.exe 2500 msedge.exe 1932 identity_helper.exe 1932 identity_helper.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2500 wrote to memory of 1532 2500 msedge.exe 83 PID 2500 wrote to memory of 1532 2500 msedge.exe 83 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 1088 2500 msedge.exe 84 PID 2500 wrote to memory of 4624 2500 msedge.exe 85 PID 2500 wrote to memory of 4624 2500 msedge.exe 85 PID 2500 wrote to memory of 3972 2500 msedge.exe 86 PID 2500 wrote to memory of 3972 2500 msedge.exe 86 PID 2500 wrote to memory of 3972 2500 msedge.exe 86 PID 2500 wrote to memory of 3972 2500 msedge.exe 86 PID 2500 wrote to memory of 3972 2500 msedge.exe 86 PID 2500 wrote to memory of 3972 2500 msedge.exe 86 PID 2500 wrote to memory of 3972 2500 msedge.exe 86 PID 2500 wrote to memory of 3972 2500 msedge.exe 86 PID 2500 wrote to memory of 3972 2500 msedge.exe 86 PID 2500 wrote to memory of 3972 2500 msedge.exe 86 PID 2500 wrote to memory of 3972 2500 msedge.exe 86 PID 2500 wrote to memory of 3972 2500 msedge.exe 86 PID 2500 wrote to memory of 3972 2500 msedge.exe 86 PID 2500 wrote to memory of 3972 2500 msedge.exe 86 PID 2500 wrote to memory of 3972 2500 msedge.exe 86 PID 2500 wrote to memory of 3972 2500 msedge.exe 86 PID 2500 wrote to memory of 3972 2500 msedge.exe 86 PID 2500 wrote to memory of 3972 2500 msedge.exe 86 PID 2500 wrote to memory of 3972 2500 msedge.exe 86 PID 2500 wrote to memory of 3972 2500 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3c9a494d25cd1fcfe2c32d08b2e122de_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2500 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff8b7e846f8,0x7ff8b7e84708,0x7ff8b7e847182⤵PID:1532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:1088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:82⤵PID:3972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:3208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:1656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵PID:3516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵PID:1536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:82⤵PID:2380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:12⤵PID:3996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:12⤵PID:3312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:5052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,16687969808627197977,11202114313965656868,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6020 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:228
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3260
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:220
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5bffcefacce25cd03f3d5c9446ddb903d
SHA18923f84aa86db316d2f5c122fe3874bbe26f3bab
SHA25623e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405
SHA512761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7
-
Filesize
152B
MD5d22073dea53e79d9b824f27ac5e9813e
SHA16d8a7281241248431a1571e6ddc55798b01fa961
SHA25686713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6
SHA51297152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413
-
Filesize
23KB
MD52f24e0f5d2c2997a89fb4a8d943c141f
SHA199515bde1a5bf72105116ac902ccf3db1dd3df29
SHA25660c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf
SHA5120f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD59a18ebbd1a5259eeaf99bedd8cffcb4d
SHA1dc24d5d2e0a63b943f8d1052a21ea89c308eb160
SHA25680a3e25101739fef60e4ce128f1d81bdeb9d7ef3cda06f3f6de483adb2e4450a
SHA5125ab1915f6462035c0fcdef54846ff9abf2d7ec527447738861fdad2616b82b2b17a307027af1c7217f4c0f4f00a06ccc862179ff435b024bf2189448314fa490
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5114a3b107904401f8a0358c0f51a15a0
SHA196f8a12d9bb07c853a57fb13709292321dd7c642
SHA256b1421b0871329040acc8b81d39b369be426ad0cb664daca2a194dd2eb5666338
SHA5122e7e1ba0a7f1782eb2846ef9dbe74a604c477ec2126923eec99d1d685f7d965738279d4d736a8eda8017610811e925387b1c413ea648cfec528d5018eb4758c5
-
Filesize
1KB
MD517d921778580233e9d4c58d2eebbfbee
SHA1616bda05dfed0e2df07d447d20c1913be17f23d9
SHA256a297f0c52a3e514e6dc45793d930a77dcb8de1d9df4b0fe9e7d9bdf623ca1f03
SHA512edc09ad319e45ac88bc3c35850d67b4e0d8aaf0de1f3043b0ff75b5a7f0ae50d9df81887b490925cac83edcc8e35d9f874de2d33b4263865367b0b4f33cddfc0
-
Filesize
6KB
MD590db16e98bd45fb9b8a3cfa30405b09f
SHA1e6b3e39ea50c8ca53a4a107d9fba3902dbaf0bc6
SHA25645bfa818cb700c9ef5f31c7fec7e508daf8f700e5fd9eb821b773d08ecbdbd08
SHA51243e3e04b9fda816531e0440417d01c6e8a66704783597224c399aaad8f86e03130744f549adbd9bc8fea2ac9d083b33b5e9ce95a1b1803b6ee89360addd430f6
-
Filesize
7KB
MD5c1b898ec5fcad8e8213f9c2d2fe90a02
SHA179b705582b884da262129d9f0ee4369b5d291547
SHA256cdab1c8c6c98af547d91e65ef42bff4fa851ae0d493d14dc57c5aa0b2339aa58
SHA5120deaa4b99b26325dccebafa9d2c51f674bd488f5b877b9da6d82f13b59dd968fc895e91b57480b6afa95d12f379198d7bb75295ad868c578b1c1920ea5179ffc
-
Filesize
7KB
MD5ccc1086d7ceb069733b98f74f16542b2
SHA19c3063b2aeb210d88bd49d0af78aa36eccae694f
SHA256b7196d9014fa215172701b2fb43d5f4a58aa5f6a32fd992a554bdf56261fd64e
SHA512e4cbdca225547cf0f59c3b1272744ef364ea7113c80f1f774838bf53f4cd154f2bcdc6bc11ae52239237cdcb6c216f7e3c5601dc39a152efc2da76bd4ad60be6
-
Filesize
6KB
MD56c723760f935a20790387d3f3362fb18
SHA170b13279600642e9baa2ef8efd4e31fa37df5082
SHA256f6522af2ba57ddc071935eaf0348e131797c88012ba544174543836e45d32fe4
SHA51218b483d0bcd9c0cd6bc0f69a34a5054f5aa09174928f8d651067dbf12464d2d9d551a186433f20593648306b984f0c75ae6ecd2d2e760eaf16fbfb89b3061e60
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD59379047e43b3b4628847bf4dd8441ef3
SHA1e8e437ca53d38fc7dfc6438cca493f7931ee7a8b
SHA25673fda18fada419f753bee7b4b60fe3d0b030273df3863bc42e8601d858b6dd6a
SHA5122109cefa693ce4fdc25293b9b0160cb7d0e7617fa26b6bb4c38219cbf272be1a4a11d6b837e1b8493f3b66cfdd9a0c1b1cff51f9595fe9ea36d2a2d312e1f372