Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
17/10/2024, 23:04
Static task
static1
Behavioral task
behavioral1
Sample
54295d722394086826ef076848db1c7a_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
54295d722394086826ef076848db1c7a_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
54295d722394086826ef076848db1c7a_JaffaCakes118.html
-
Size
430B
-
MD5
54295d722394086826ef076848db1c7a
-
SHA1
46787f3aba61166e9307917b718eb615e2cc64e0
-
SHA256
3a798ea9b6fec02e728c795ad122116fd035bf79d53923202cdb3cbda499d0cd
-
SHA512
1084a1d139febe201800e5ad0f5279602596993500711c603e4bc9ece4c9da6ca9d710a7f940a3a7d5af68277b941953f449fc05199925e8da68e88073bb9ec9
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4940 msedge.exe 4940 msedge.exe 4880 msedge.exe 4880 msedge.exe 3564 identity_helper.exe 3564 identity_helper.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4880 wrote to memory of 1688 4880 msedge.exe 84 PID 4880 wrote to memory of 1688 4880 msedge.exe 84 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4112 4880 msedge.exe 85 PID 4880 wrote to memory of 4940 4880 msedge.exe 86 PID 4880 wrote to memory of 4940 4880 msedge.exe 86 PID 4880 wrote to memory of 4132 4880 msedge.exe 87 PID 4880 wrote to memory of 4132 4880 msedge.exe 87 PID 4880 wrote to memory of 4132 4880 msedge.exe 87 PID 4880 wrote to memory of 4132 4880 msedge.exe 87 PID 4880 wrote to memory of 4132 4880 msedge.exe 87 PID 4880 wrote to memory of 4132 4880 msedge.exe 87 PID 4880 wrote to memory of 4132 4880 msedge.exe 87 PID 4880 wrote to memory of 4132 4880 msedge.exe 87 PID 4880 wrote to memory of 4132 4880 msedge.exe 87 PID 4880 wrote to memory of 4132 4880 msedge.exe 87 PID 4880 wrote to memory of 4132 4880 msedge.exe 87 PID 4880 wrote to memory of 4132 4880 msedge.exe 87 PID 4880 wrote to memory of 4132 4880 msedge.exe 87 PID 4880 wrote to memory of 4132 4880 msedge.exe 87 PID 4880 wrote to memory of 4132 4880 msedge.exe 87 PID 4880 wrote to memory of 4132 4880 msedge.exe 87 PID 4880 wrote to memory of 4132 4880 msedge.exe 87 PID 4880 wrote to memory of 4132 4880 msedge.exe 87 PID 4880 wrote to memory of 4132 4880 msedge.exe 87 PID 4880 wrote to memory of 4132 4880 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\54295d722394086826ef076848db1c7a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4880 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ed2946f8,0x7ff9ed294708,0x7ff9ed2947182⤵PID:1688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,4374282226287105678,15984467279737933131,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:22⤵PID:4112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,4374282226287105678,15984467279737933131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,4374282226287105678,15984467279737933131,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:82⤵PID:4132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4374282226287105678,15984467279737933131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:4088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4374282226287105678,15984467279737933131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4374282226287105678,15984467279737933131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:12⤵PID:2980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4374282226287105678,15984467279737933131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵PID:1068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4374282226287105678,15984467279737933131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵PID:856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,4374282226287105678,15984467279737933131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:82⤵PID:2160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,4374282226287105678,15984467279737933131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4374282226287105678,15984467279737933131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4374282226287105678,15984467279737933131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:12⤵PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4374282226287105678,15984467279737933131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:12⤵PID:1684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4374282226287105678,15984467279737933131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:12⤵PID:4932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4374282226287105678,15984467279737933131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵PID:608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,4374282226287105678,15984467279737933131,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5020 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2976
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3204
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3500
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58749e21d9d0a17dac32d5aa2027f7a75
SHA1a5d555f8b035c7938a4a864e89218c0402ab7cde
SHA256915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304
SHA512c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a
-
Filesize
152B
MD534d2c4f40f47672ecdf6f66fea242f4a
SHA14bcad62542aeb44cae38a907d8b5a8604115ada2
SHA256b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33
SHA51250fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6
-
Filesize
348B
MD59d5224eab003381869430d4a1e531da8
SHA1ec842ceffd7a108e626768047318db98a0e7161a
SHA256e6936fc6882cb015f53ad7af9487ea1ca9456a1f7fab9c8905507d8f98b02652
SHA5123c12d059d8273ded1d81b435b9a1cb9d7b3494f5ca8cae0f46d22a76be974f2c966de50a533fac716804948acdee4c73717e29507475fbfd3034c32d7cc34be7
-
Filesize
5KB
MD5e2b49dc54138794fce5ec1358446dde6
SHA1b00260cb3b925b4a6547022e275b9287263c9dff
SHA25696dce7d84fada6e9c2750d0e2301839e1709e584f2717dd2c6908a9bb5d3978f
SHA512b0532b19f0fd83feb11f55df6f928b90489d7e2d4a10b824a0cf9b20fdc7a61fef5ad5659568ee54941e5203abf357741166734e1e0636af3c3352b9454f1f5a
-
Filesize
7KB
MD5596fafdd5ada729572b48d88e60bd8d9
SHA14253483d67c3b985c6775491a8adba800f42a7db
SHA25682ca95c4971b210f6ce114774b2e85842bf7a6b3ba8a4298f4fa123d22baade1
SHA512e2061d21128f5dba9f574d865fd9a071a326dd3012908503e9ee3bf39905a48b99f6c80b634acbb8e79740ae68269ccd74750e22f8bc9bceb87ee048c557823d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD563896b67a70a59ce09782582e1edf7af
SHA198e1b8d8f2fa20090cd8c36e78ee1693389b7cac
SHA256486cd2843ee27e612416d085a101a867e515c36065016c611958fbedc8ad49d2
SHA512851c6c026f4386f2802c9eee2ef29a0597bafb63e81a70e1f6411de96c4eb47805015455273e1ea1c5eb34a30fa23c05f2b53f239163e1fcd85ca9a0f5668129
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d820.TMP
Filesize48B
MD55c1f658897cd59c90f3bcb848bf0fd71
SHA1a0811104592112c1d99e2a1a2ba5e65245bdc5c5
SHA2561f856e91bd5aa387dee37130ccab644e1de50e5ffa7d293ea0746195d8563250
SHA51272462dff16ad95afc9930af81c27ac999a7c33f0301fc227bd7106f3b78bf8b5cfee2906513e094f3cf0f7a4c82c2c12bfacad872367ad6ef4916eace2c0b8dc
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5694b2e0189df1a0a7e4c86cb57a27e22
SHA1b8c968c29ef9ef5145689597c18cc28634c875df
SHA256dc3e12b916b482c56bc8cddb7aa9c12c49019fee6863a0aae3e5f7be8dce4103
SHA512bc9c91c5da5df6f8aaf8a6e8a6bba37d6071d92b0f8be6482e8acc04bca8e6d6592cc2b3817686697b564ed910dcca8cb52bfe9e4ee11a2298b19a7bbfa41b1b
-
Filesize
11KB
MD5e499fc7e22a584a07e412f5cb5fe43a1
SHA1a8281933e38fcccee63597de4031545ddac0894d
SHA256b0e63a81a0cfb24c7c57343a04d66ef083ae2c29d3cd6c4c933fce4201d9ca89
SHA512da5ae9dfacdb4bb2a5621b0e85a860d24bbc4cd8bb92b3e45d27282fc2e1dbdb93448035720646a68460eb443e2277b6b96022c5e30140f4010208b88480df96