Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
129s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
11/12/2024, 01:08
Static task
static1
Behavioral task
behavioral1
Sample
df4c0ee7637e95a38d8133c2c81b415b_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
df4c0ee7637e95a38d8133c2c81b415b_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
df4c0ee7637e95a38d8133c2c81b415b_JaffaCakes118.html
-
Size
158KB
-
MD5
df4c0ee7637e95a38d8133c2c81b415b
-
SHA1
dd38ab5d6c9647a6cba9598f9e11b9e3db1143f5
-
SHA256
5b933eaa8427fff7db0e3e604f40f289329fa0941ff5a5322afbc11a1fab90f9
-
SHA512
197434b8f4b6cb91cee5a6c48341d07394d9b7500006efb03be3f638abe3737a48ab18624ab686f255b8b0f8c847546fda45384ae6ab1c7cea14b44c537690a6
-
SSDEEP
1536:iPJRTFJO9fvZmqkyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJA:i3swqkyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Ramnit family
-
Executes dropped EXE 2 IoCs
pid Process 772 svchost.exe 1968 DesktopLayer.exe -
Loads dropped DLL 2 IoCs
pid Process 2548 IEXPLORE.EXE 772 svchost.exe -
resource yara_rule behavioral1/files/0x00360000000187a2-433.dat upx behavioral1/memory/772-434-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/772-437-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/772-441-0x0000000000240000-0x000000000026E000-memory.dmp upx behavioral1/memory/1968-450-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/1968-449-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/772-445-0x0000000000400000-0x000000000042E000-memory.dmp upx -
Drops file in Program Files directory 3 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft\pxDE5E.tmp svchost.exe File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe svchost.exe -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DesktopLayer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{779B5EC1-B75C-11EF-A5D8-F2DF7204BD4F} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440041199" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1968 DesktopLayer.exe 1968 DesktopLayer.exe 1968 DesktopLayer.exe 1968 DesktopLayer.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2984 iexplore.exe 2984 iexplore.exe -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 2984 iexplore.exe 2984 iexplore.exe 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE 2548 IEXPLORE.EXE 2984 iexplore.exe 2984 iexplore.exe 316 IEXPLORE.EXE 316 IEXPLORE.EXE 316 IEXPLORE.EXE 316 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 20 IoCs
description pid Process procid_target PID 2984 wrote to memory of 2548 2984 iexplore.exe 29 PID 2984 wrote to memory of 2548 2984 iexplore.exe 29 PID 2984 wrote to memory of 2548 2984 iexplore.exe 29 PID 2984 wrote to memory of 2548 2984 iexplore.exe 29 PID 2548 wrote to memory of 772 2548 IEXPLORE.EXE 33 PID 2548 wrote to memory of 772 2548 IEXPLORE.EXE 33 PID 2548 wrote to memory of 772 2548 IEXPLORE.EXE 33 PID 2548 wrote to memory of 772 2548 IEXPLORE.EXE 33 PID 772 wrote to memory of 1968 772 svchost.exe 34 PID 772 wrote to memory of 1968 772 svchost.exe 34 PID 772 wrote to memory of 1968 772 svchost.exe 34 PID 772 wrote to memory of 1968 772 svchost.exe 34 PID 1968 wrote to memory of 856 1968 DesktopLayer.exe 35 PID 1968 wrote to memory of 856 1968 DesktopLayer.exe 35 PID 1968 wrote to memory of 856 1968 DesktopLayer.exe 35 PID 1968 wrote to memory of 856 1968 DesktopLayer.exe 35 PID 2984 wrote to memory of 316 2984 iexplore.exe 36 PID 2984 wrote to memory of 316 2984 iexplore.exe 36 PID 2984 wrote to memory of 316 2984 iexplore.exe 36 PID 2984 wrote to memory of 316 2984 iexplore.exe 36
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\df4c0ee7637e95a38d8133c2c81b415b_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2984 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2984 CREDAT:275457 /prefetch:22⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548 -
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:772 -
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1968 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:856
-
-
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2984 CREDAT:209948 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:316
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cf13371ded5342acf1e0835a72a98d3a
SHA14d15bf217fdb688311133abfa8f93e684f579e79
SHA2561148713cecb3dbc157f7964374a72b31295f06710951154bf4e08b48b6214bfe
SHA5127ee59c7db1559e99a4152613eaaac2c0e2240e6b217f2059876433c92a8fe836f3059f7d95d87dafc9dfbdb4c75f095464546861fdf4df7eab62381bd67208c2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f6df15e36aa512561890f157fd4986ac
SHA1b2a42ba401179ffb9c8131092fae754690c169b2
SHA2569d78b6d006d05892598b176564083c37d694c87babd79efd4c30dd410814612c
SHA5123495460db80dd54a6395a25ff0e94081d4f1a913b47e384068be70136056ad62e8db9d73dd37ed8f0824c07ad32b16ec5d546214eca53af1abf9cf8a59ff8c28
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59e4cfb930380b09fd4452c649358fa0f
SHA11cb6d7047e5268c64649d03696d52c09f8150c0b
SHA256b7c89c6768084cea447f3a04663b58cc35fccc8ae2f301761ddda9dd53626432
SHA512695162e7de90207be6df1046b3e84e3c3af09c3927adb9781da0c32d85ba2bbb9b30900ca5f1eb4be4cc0d4fa84252e01688f29e9a3e142699d4477110feb106
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d1254fed6280e8d67c4ecb1c390e8c22
SHA11b126217fca2db58894cbcd4ea1100f5822f4ba1
SHA25699dbf738f47e866b1bb92a933e866df3f4ef43580208913bea13a780cd92a9fc
SHA51279c31a7b80705f8c6eee500ab5bd39c0baa089c7a310ba80e3ac56dc265080807a9dbbc3a60240ce583102b62849803054c0a908ce2449b9e4e3e463749e392b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c195567a4f823c26a80f0316b98769f4
SHA1b2e9c10dd7ef7b5827095ad912cfe65becf13717
SHA2561033992f3c90e3c508a04f65ce0c849ba7da4f5920b3012e7477ba304e1b44a7
SHA51213c52946607a50b5be10b06e10b1b51949a8c91478ff6cda0f5f28fe4f953bf582a3d194f19713b239af2895b1b6aed68736433e831d4a29d3e63d84ead4cf1b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d34fb623e94053d2f4fc568a74e26b49
SHA1eeb20ade119bcdd47c4fbc9416a25cf9f4b350e0
SHA256c62ccb963041a06aae75a76e482b7d715a2a219246c3d3f9074a3748ad3fce06
SHA512a21eda94cf32b895eb2d1f8d70e7ed727fea5be8215f35b873322aa9b04b16ccc5c30e56ecf11e465b06e2b8eb833794dac28783a571bf6d42dcba6c104b90d8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a5fd4ff1c9f57e3865d56f7703d1a834
SHA1ada167483eeee7983210a7b4047016b295855ef6
SHA256ab6fdf8732eb6e98ecbcf83d99066902656574ac60c6662fd18a88a8ace3bb3d
SHA512aca8fcb8221ae8e3f992bf9cb84fe86733e3c19fbf8244a8eaf910eaf02513ce9d124e09531f65b56e56a4a14ee68b8e67fa2ba0cbe91d2817bda7915162702b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD537eaed4433084644aff098df238d6615
SHA16d350b3ad2c9368849a1a2db63e3f7feaa392dd3
SHA2560d876784b89f3a3154c68dda3c54fdaf2006a3045f6862546f7d0f1515b50ec4
SHA512422db88231a3f2d7e0aa664ff2b125c9f9d8bc94e7defd07482128509c2ef529038fbc241ed565bba94c4b350fac629859ae3052d6927477cc7edd0522be49e6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD595029def517fa590819df4e0d4d96720
SHA136caa7e2dda21072c8e2e696468a86518d4199d9
SHA25642ed774c8d5af894a10818028c5d02ed04f376a7395dbfdff040505e051d32a9
SHA512d8d531291f0b9dc4e227aaf875d438c23638980e6ac30daf79d0299e454be2ac24883761f44505264b24d7c44fd07b770bc707298ff0f2631c1333c644085967
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54160b2868ff5431f47f2a4889f341e6c
SHA154bf243cc8c81b77fc6af2428107bae704a7d7bf
SHA256d8527ff57c0cf16a6c1c4c0e78e25b8feea31daa62684c2f8bb0a41daeb3eb01
SHA512ed5aefc65b70df39f692ce9aaebc3e9c755d25e18b3194ee5d58915559d223d5fd1ecf9181e1e190ba2079ebf4ca790cabe240b0ccef0310469522aad0daac9d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58c6a161eccf9b1cebcfb6c8ef46b725e
SHA18b8babf386cc6094c3dc7fe0eb5ec5c8823328b2
SHA256189305c1e9afa2256303589aafd74779a630ab942735dfba40f6969ec920a9a9
SHA512f2eb7fc839cdba608840f63948c6aa67818f66fd52b8d2585c2b21aad1a56bc9deac3e0a5c86eb7fdd27540519f802abd8412f289b891ddbaf76c7b2185a6b54
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD536e781718f37604601181d9905287d6c
SHA1bde82c4559be39e15a3fa191dbb317fc9d3a6747
SHA256656bab8e291f73481c1b5ea75923403b16e4105865f36259aa6750c81200607d
SHA512a4757bda0e48e94db3a53b202960458c078b256fbbda732b50b646bdd5e682e2d68a2df56b2af2c0d0cea6d5a7a5ced96a9edc424a35725c3cb9efcea77cebed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD579f13d4022a5c302402c58db675e0dd6
SHA169daf55846423bfb6cbedac355d9693d9836e4a8
SHA256e8745452d23f32e026ac628371aa294641dc05a2b27deda04c33197c4a0f7dcb
SHA5128c2771ccb97a4a371581ff870f8126ad2ac8b34f2af96372c90be57cb9b22761248bacbdca04e29176e84799d953fe0ebe2db532351a46f990e5dffd3f204c7c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d56d001af76afa5088605e98e8394648
SHA1294fd1c5bd9153e43a76679c589973b99049f575
SHA2563254a9848810287c23a8dd7ccc349309778268ae69f959d8f45b4df757fa9220
SHA5128adf860a10027bf343e3846cff5c1d32cc6027ba0df0e86389d566d8954d416ff8a98a20f60fdfc30fbc17d6c5e5c0a0831a91f1cff27046a8832d42b9c09f51
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c97ef097396c45ac0db17ae1ed2b9edb
SHA1fe6032c07fb4439f27cf5ee237b47fdd3ef5ca21
SHA256d0d344f9863fa13f1eb6b2d3232356ea81e2bcf6060110d6915371b6ef837b92
SHA5122b9aa8167d571b4bfe69ebeb447bf7229ca14ae14ddbfc48bc97a1290cc70192939aee5e87b3c9ea6b6dff4a3fa5742a8f238a5707e369a6c2c499e38b1749c1
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a