Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
132s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
27/10/2024, 22:33
Static task
static1
Behavioral task
behavioral1
Sample
76475ba7f7f7aaa9788d5ab112845f80_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
76475ba7f7f7aaa9788d5ab112845f80_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
76475ba7f7f7aaa9788d5ab112845f80_JaffaCakes118.html
-
Size
156KB
-
MD5
76475ba7f7f7aaa9788d5ab112845f80
-
SHA1
33b25db768a810bbc00af81161bf91779dbe3407
-
SHA256
ea736e14519706011b835802c5daea77bdf1bf460998c6de258907aeb51252ae
-
SHA512
2c3d6f3dd12441ff6d1e6bc0abf20361c8e0ad545dde95b5bbcf382cd349353641df36de54f49f5b4555ed5bd19a9da610db2ff7bdc174b29007b3c590202a87
-
SSDEEP
3072:i7bIjV4PWBCAABSyfkMY+BES09JXAnyrZalI+YQ:i7bOWPWBLABXsMYod+X3oI+YQ
Malware Config
Signatures
-
Ramnit family
-
Executes dropped EXE 2 IoCs
pid Process 2364 svchost.exe 2088 DesktopLayer.exe -
Loads dropped DLL 2 IoCs
pid Process 2932 IEXPLORE.EXE 2364 svchost.exe -
resource yara_rule behavioral1/files/0x0036000000016edb-430.dat upx behavioral1/memory/2364-434-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2364-437-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2088-446-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2088-444-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2088-448-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2088-450-0x0000000000400000-0x000000000042E000-memory.dmp upx -
Drops file in Program Files directory 3 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe File opened for modification C:\Program Files (x86)\Microsoft\pxB329.tmp svchost.exe File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DesktopLayer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436230273" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7AED7571-94B3-11EF-A8AB-EA7747D117E6} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2088 DesktopLayer.exe 2088 DesktopLayer.exe 2088 DesktopLayer.exe 2088 DesktopLayer.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2984 iexplore.exe 2984 iexplore.exe -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 2984 iexplore.exe 2984 iexplore.exe 2932 IEXPLORE.EXE 2932 IEXPLORE.EXE 2932 IEXPLORE.EXE 2932 IEXPLORE.EXE 2984 iexplore.exe 2984 iexplore.exe 2124 IEXPLORE.EXE 2124 IEXPLORE.EXE 2124 IEXPLORE.EXE 2124 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 20 IoCs
description pid Process procid_target PID 2984 wrote to memory of 2932 2984 iexplore.exe 30 PID 2984 wrote to memory of 2932 2984 iexplore.exe 30 PID 2984 wrote to memory of 2932 2984 iexplore.exe 30 PID 2984 wrote to memory of 2932 2984 iexplore.exe 30 PID 2932 wrote to memory of 2364 2932 IEXPLORE.EXE 35 PID 2932 wrote to memory of 2364 2932 IEXPLORE.EXE 35 PID 2932 wrote to memory of 2364 2932 IEXPLORE.EXE 35 PID 2932 wrote to memory of 2364 2932 IEXPLORE.EXE 35 PID 2364 wrote to memory of 2088 2364 svchost.exe 36 PID 2364 wrote to memory of 2088 2364 svchost.exe 36 PID 2364 wrote to memory of 2088 2364 svchost.exe 36 PID 2364 wrote to memory of 2088 2364 svchost.exe 36 PID 2088 wrote to memory of 1056 2088 DesktopLayer.exe 37 PID 2088 wrote to memory of 1056 2088 DesktopLayer.exe 37 PID 2088 wrote to memory of 1056 2088 DesktopLayer.exe 37 PID 2088 wrote to memory of 1056 2088 DesktopLayer.exe 37 PID 2984 wrote to memory of 2124 2984 iexplore.exe 38 PID 2984 wrote to memory of 2124 2984 iexplore.exe 38 PID 2984 wrote to memory of 2124 2984 iexplore.exe 38 PID 2984 wrote to memory of 2124 2984 iexplore.exe 38
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\76475ba7f7f7aaa9788d5ab112845f80_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2984 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2984 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2932 -
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2364 -
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2088 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1056
-
-
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2984 CREDAT:406544 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2124
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58fdd6fbb6cfbe0446223699dd5f67c1e
SHA1a83338ede33a46c4db13f8707f88e891903a243a
SHA2565921eb4919515e0ce0c7dbb836aef7614e3a9e9d6aa2b8d6f2fbddad7969fcf0
SHA512674b617d2a821ed5c503ee50a668d78533904a24b93af5a03b17f0748085a01e3841911078c299f02fba48b60902aa51075350c2bea752d8f7bdc4dde1da18e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f24a06e19ebb708077e78a4546608430
SHA10d92658b939788fdb65a5c7cc84cfeaaa5ed2905
SHA256622701fd0576126153d99bd19365290bce8aaaf03c06e99b0115683016ea1049
SHA512b2943e1e3a0cb4345d433b2d1308ae307907ac4466002f2ffa195d8b391df75eca4260dff52aa497e76727531d92c48b202ba16c9ba3338baecae1336c9ac0ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c0514f02ed4279dc4bcac94c71aaaecb
SHA1b2cd4ed19a992f0d3545327408efe6e83aad81ed
SHA256eb512dc82d5c2d82727656cac07e85eb3cfca6a42134b4924f9de87eacd30bad
SHA5122142354cc8d4618d2d123104b064f270fea846362520e7280e0dd4af8a637cb85c36ee28421baf8fdcb146854597ea0c4d3b37ed05fce003c740c0b044912e62
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a462848a2b99b1167c37227d24be008a
SHA1f7d820c3665b4051ecc6fe042a489026b0922659
SHA2567c3e2351aadec705c5d7f11c2b8c3f1f261c6b1f7b5ddaedc82026596fab0fcb
SHA51210dc791669e233e3a88910967b796eafa38a825f2a1d01714f495cf6b0e332a1905637a6d783a67e8992ed1da6ca44cacaf4db09f390ecb7f056be9076f2b09a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD524283681e39b417830f1d6e958f8e127
SHA19bdd000b498bb3625b20234d87ecab95391347d1
SHA25690d3d6b5efd1df23dc28463556bf1597888d439fd67f1ed2184c1a099fb2984f
SHA512113b9c756538fa17055a59a86ee4bcecc206669c665cd40154a3739dcf2699d04c8dc2c36fb7a532b381ab47deb19d69682df4cbc5a8bd5c94b6cde10b6c5794
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ffc59330bab663679c6fbc81df513d2c
SHA16ef275ae039f7fab0d26cdc2cf65197628755c69
SHA2563909fb8b1af08d576424c4ad7baf2a62d03ad8fed7079e96d342308731fb3cf4
SHA512b7ae4984eac41b6fdc2fd381b7c5800ff24345b220074616f7a9fc5fc9e1db466c2d77d53d6203e550952076fcd3a1a05f95387d8a1d05583f2fe23f4964b129
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b4ec5b8814fefdf155dc7340b9c8a181
SHA1ab7b005da0ad5aa866ae4e9c6ab8cd56220247ea
SHA256b05453e00476474fed65a8f141d96258f8248719b8248087b2d5837882fe5c56
SHA51249ece356a2974f3a608574afb886beb9b6895db282262290c7397172eb0f821fbf00bac999e21cf7373ba71a1a31a4e5b159d57a53b5c1c756de92cd810586e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ced4b71678993c6ed30ac150eb9763ff
SHA1a0236a068ac5edc71ca46c3a52c6e2b135f0879a
SHA25690cb89a12057849d209945ad7f5814a47b3620446976a94e26e155a86d40a166
SHA5128dae0b9ebd1033af22e1169e2c02019a07d6b3b7763155c2fe9fb56e601df924998420271890f05f3bcad132c4001ef1f6d6196b1515b65fad582c7f3d7e2e11
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f9a518117ec832d3ad1570d0d43d70df
SHA14f55c8230d0ae02ad723f830276b93a544339845
SHA256a3f97f74748adfbc3a2b23f52a2caea443cb4917113572d388f9cb81035c166b
SHA5123db061af5cef8c2b64cf5e16c078558f6ba8cdfde832c392df9a46fd7bd66e7e01da8660e4f59d8dd893a9b5a2174186416a9dbe5f469998ce5ab89e47e36467
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bc563349af0bb35daadece1afdad9c12
SHA122670d0bb081d71b6dc4da655b0e268242170868
SHA2566e9263c64174b6b1988a415c537dedc7054f8f9bda87c1e33a27c5c9d3ebe3c9
SHA512e3ee76f1ccd25062144c9aaa54e721e6d001ebdb770033b0ee58a47a52e347daa082d20d5888e7a59d2cb8e57e148fbada4e05b405f090e3249df5c2630629bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52d1cca394ab3e7bf07a4318ec7e87ef8
SHA1da4aec879d68daef877ced4e08561f8bc63b1389
SHA25686ad73ec80f3e506232824d7a62f7683ca38cf7b4ae4f292d6c3cbb34d693120
SHA51280f90fff553d654df4e5cd987db221570dc37027a02432bac563ed262426ae14dc8816e0a284228c5de4f0618afb0a35bd46c4e83c1b7f8721298d6b5cb11e8a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51058371811784e0d9d5940fe49250cb8
SHA141987c081b1f11d6c6c6f45332ca0aea9b51a0ff
SHA256bbc9c9e2fb505a9b79c50f17df2e55f12e848eb9d4cd2fda3d05f5cd612707db
SHA512b404ea87c0e901e5864f4bc0768dd532ee3e8cfa2b51da8383dffff7209199697bac6b9aa5ab05b1d12327cf8395f51764a68b54036d37f6f25b271b77e7d64f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e9ebf31afbd328d96c6938767e5f529a
SHA19b8e15dace2cf19665fa273e3a83283474d3b9e3
SHA2563c73c05bc7420a7bec2dded6e30660da38d903c934ddd1eb7a4346cd443f5a68
SHA5122f5933ed6ca5387e85c98ac67a05e37546898cc9ff5340f481d3dab07f0b6efe679d4c3b94800a82d89bf961debc1edb041db71699c2b6b949ddbd2de8ce38c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59f93449e1c178c0d1620f68f8120060b
SHA15b1a0919b4db850122733c3cb5c5aee168b14114
SHA25684c9ffaa0a3ca36a1fffbea8666ad1efddfdeec1c5d8bc13596b45b7c9a28a44
SHA5122a364e02c421f0f0e96c2f346c222c1a58816cc6b35250b80706d8aa80c4b8c32c12db5deb3cb11531ac4ad06eb6543cd2babe9c47e3c3855e48e35a132664bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eca7b0bf3d57f9bdf4a54ea074325da7
SHA17990fc8825af4651b671d9548f9976236e2ebdbb
SHA2564404dc4816818c440da7fed0c54ee720208a221838e2f2c70172406ccd933235
SHA512e0d00aad0316c89eb6492e9fe11ffc36039598e4655b2999373a96648241c528424c359dc482342dbbd62e9cdd5a0f892921ff1751424b42d69ff87e59fcf324
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a