Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
04/12/2024, 22:48
Static task
static1
Behavioral task
behavioral1
Sample
c4b73e909516ee1844667e24a9dfce13_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
c4b73e909516ee1844667e24a9dfce13_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
c4b73e909516ee1844667e24a9dfce13_JaffaCakes118.html
-
Size
27KB
-
MD5
c4b73e909516ee1844667e24a9dfce13
-
SHA1
33abfa8a35f2cf1c7b27443d4e7669b951eb2396
-
SHA256
1a01b829f860f823f533eb7eaee3ba7dd40ed340973fbc5710466f1fd16f8128
-
SHA512
564c86f5f0e260ee21a2cacdf8760ea6fd170c3dbed4b7f73c709046edd7e087bf67cf416619822a7b90b65454b655903dbac017ba99edf1c9e2e528244ce104
-
SSDEEP
768:mkdlSFcT++HYCGy7DpejlayV09fd/E9YzGvJa+G:mkdlSWT++HYwDpeRayVcxE9YzGvJa+G
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3020 msedge.exe 3020 msedge.exe 4764 msedge.exe 4764 msedge.exe 1964 identity_helper.exe 1964 identity_helper.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe 4852 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4764 wrote to memory of 4228 4764 msedge.exe 82 PID 4764 wrote to memory of 4228 4764 msedge.exe 82 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 976 4764 msedge.exe 83 PID 4764 wrote to memory of 3020 4764 msedge.exe 84 PID 4764 wrote to memory of 3020 4764 msedge.exe 84 PID 4764 wrote to memory of 2628 4764 msedge.exe 85 PID 4764 wrote to memory of 2628 4764 msedge.exe 85 PID 4764 wrote to memory of 2628 4764 msedge.exe 85 PID 4764 wrote to memory of 2628 4764 msedge.exe 85 PID 4764 wrote to memory of 2628 4764 msedge.exe 85 PID 4764 wrote to memory of 2628 4764 msedge.exe 85 PID 4764 wrote to memory of 2628 4764 msedge.exe 85 PID 4764 wrote to memory of 2628 4764 msedge.exe 85 PID 4764 wrote to memory of 2628 4764 msedge.exe 85 PID 4764 wrote to memory of 2628 4764 msedge.exe 85 PID 4764 wrote to memory of 2628 4764 msedge.exe 85 PID 4764 wrote to memory of 2628 4764 msedge.exe 85 PID 4764 wrote to memory of 2628 4764 msedge.exe 85 PID 4764 wrote to memory of 2628 4764 msedge.exe 85 PID 4764 wrote to memory of 2628 4764 msedge.exe 85 PID 4764 wrote to memory of 2628 4764 msedge.exe 85 PID 4764 wrote to memory of 2628 4764 msedge.exe 85 PID 4764 wrote to memory of 2628 4764 msedge.exe 85 PID 4764 wrote to memory of 2628 4764 msedge.exe 85 PID 4764 wrote to memory of 2628 4764 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\c4b73e909516ee1844667e24a9dfce13_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4764 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcccc46f8,0x7ffdcccc4708,0x7ffdcccc47182⤵PID:4228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:82⤵PID:2628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:2148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:2060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1200 /prefetch:12⤵PID:3884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:12⤵PID:2220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:82⤵PID:3896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵PID:3236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵PID:5076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:12⤵PID:4748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:12⤵PID:2820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17510177899395337953,5452419483811702471,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4852
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1872
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2220
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dc058ebc0f8181946a312f0be99ed79c
SHA10c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA51236e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa
-
Filesize
152B
MD5a0486d6f8406d852dd805b66ff467692
SHA177ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a
-
Filesize
20KB
MD54b3121a05808b99aa6e0cc12924f77db
SHA1ee5805bb76c384d1e1667aea2976bd2f4f94c7cc
SHA256e4fea32bac89d9ad34b13a25b0b4da1321920b2c6be2cabb75ff91bf6109152c
SHA5129b83d55691b41d2a45a542d163c1b6a47208969720ec1fd15233f29ddcef2243e79895cfcb008767f91b3d1cf3a6288248e8b1ec50027eb96db04cde56cb2605
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD52664e2d490c4708eed9e2d80fa93389c
SHA1d15f43412f1fda19823945aff28c42fbcf891b36
SHA2562fe0b8b9eee6bea041b959f19fe3dd3f4ac15769f7b8fec62dc31dcdf5a0e716
SHA512cb80f1676a26498a7c14fa80c07a36444205fdcadebbbbc9073afc063912a979e17a32fc0d17854df0dc25e0b56b8add5baa89fc1ecc12122a4925fe4c13450e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD55cf7f265da54083d84d305f7e9e35b62
SHA1071fea05064f67b167779180f5f91170db3710f9
SHA256a306c0f54f2dc7293aafc1707a9c5bce29551d83f641a8cd456f6e8d69fdff45
SHA512e1ad38520d0485832cce6f099818ba79dcbc1492cee3089c60a9259852ba9a7a5aef6f930c4ae27d05f66923d117bc8b2ad91619ccf45b286476a31de1e8d297
-
Filesize
1KB
MD550f54d720bb9a389a9060028d80976ee
SHA17374caadb8b543e940e9b3e7b21c96db3f06b681
SHA256da011c8b8a98cd8397c96fb52daae17688e49c25d646a31e318c132264a0ac85
SHA512db7ce600e07600ff5d6f5ea4690419ef5a27a9fbba43ecb1204829a73dd70894dec164f1e267ac36f52d5d8a133138567f0f896522a566b6a4f3ad2284c1e405
-
Filesize
7KB
MD5dc6461139f138f469f5d48e1392609bf
SHA17046127a00936e48d641615f2d47dab7543d3f4c
SHA25697e0575f0065579b995a68f0314e6e98ebca44fc99db67dd47a231fcdeef13c4
SHA51256555cb8250369b1b618a7e265aa087ced3a07bdbf9b54fa63fa1f54704e77bb01e382e014662e37d1318e0ab73e1a04e700e0be9949f3d01bd5aff2cb6377e3
-
Filesize
5KB
MD55be7c14b5e30440a2febad1ba370dc81
SHA1ef8342e5c48b8fe0feddec178d54c75fc2022b82
SHA256af251e38f8dd2f56f2e233bfcb90e2e1b6d30245518aca539b037600b06cf699
SHA51293e7128251b86e0acb5dcf44a624db956d8727829fc76d387b0724489b4a6fa8d86c7302675a63af74aa9335d065e08c640d664d037168782ab5b59258452e90
-
Filesize
7KB
MD560c7b55678b2e335e79f0523d1868005
SHA1e95c9e37263de89a83a544dad2c7e51dbc193408
SHA2561df7b0d4dcacc226d6eaf84a46d1856a0a99994c413bef12dd05749e0aa6aad4
SHA5124c9e2015ceffa88d3de787a05cbdaba9d3d36b4cd5dc9888b27561b21cea38ec8110c51e8beb4cc22aa033f048bc38d7abc100c2f2af129a8f18cdbc791bc045
-
Filesize
6KB
MD5040b8736b5b76545dce7e11f038dbef9
SHA187059291fbaf46c992bbc152cef8d1bba4e535f5
SHA256d65b17c9b7b4320d04800b9c8ffff05ca1ffdcc663e5249eb75f873b1002d8f8
SHA512efdc376b0a23625956facbd5d522f1009fd1f3cbfd41afa47846d1d2b46cee2108a23589505fcc4f18b5d3239b60e332612b71b2fc0a763d94c79529c0ad6496
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5429f31ce8cb154b5716b547257b9ba84
SHA1f70e39448ce2a58b97abdf802dab4c95a289b510
SHA2560c806b7c72501933be7f41e36e7591a9a129ba139f00eca3f680022350bce3b0
SHA512d9ce367d2b33c3ca9ddad0fcc8098f0533b2d18f459700a11f7cd6f7df816a9a7e011d0b902c1fce365e3e7e5c9f9f00b10dc678b45aceeaedea6d486cd442eb