Analysis
-
max time kernel
157s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
05-02-2022 15:16
Static task
static1
Behavioral task
behavioral1
Sample
5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe
-
Size
70KB
-
MD5
fa7bc80be251a4ab8f68be18149b50f1
-
SHA1
eeed35174700516ad6d500b7976d3ff86582579c
-
SHA256
5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e
-
SHA512
e1828e9e20cbb9fd06d2addf446b957ccce96739adb286bc57c68f0b23269ec1ac27b7e0e14d96718b405834d117e56db9cd1c8bcc739b8d650f58e5b74e4ee9
Score
10/10
Malware Config
Signatures
-
Balaclava Malware
Balaclava malware is a ransomware program.
-
Drops desktop.ini file(s) 3 IoCs
Processes:
5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exedescription ioc Process File opened for modification C:\Program Files\desktop.ini 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\$Recycle.Bin\S-1-5-21-1346565761-3498240568-4147300184-1000\desktop.ini 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe -
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exedescription ioc Process File opened (read-only) \??\A: 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe -
Drops file in Program Files directory 64 IoCs
Processes:
5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exedescription ioc Process File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse_2.1.200.v20140512-1650.jar 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Square71x71Logo.scale-100.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookLargeTile.scale-400.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\Microsoft Office\root\vreg\officemuiset.msi.16.en-us.vreg.dat 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-32_altform-unplated.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-32_altform-unplated.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources\strings\LocalizedStrings_pl.json 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-phn.xrm-ms 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ms-MY\View3d\3DViewerProductDescription-universal.xml 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-200.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-125_contrast-black.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\bg6.jpg 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyCalendarSearch-Dark.scale-150.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\HOW_TO_RECOVERY_FILES.txt 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File created C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\HOW_TO_RECOVERY_FILES.txt 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\SmallTile.scale-150.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\HOW_TO_RECOVERY_FILES.txt 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\ZviewOverlay.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Context.Tests.ps1 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\ssv.dll 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423496926306.profile.gz 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL048.XML 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Dark.scale-200.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\HOW_TO_RECOVERY_FILES.txt 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\Logo.scale-100_contrast-black.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\System\vccorlib140.dll 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-100.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\FileAssociation\FileAssociation.targetsize-20.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-200_contrast-black.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailWideTile.scale-200.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\HOW_TO_RECOVERY_FILES.txt 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-36.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dll 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\Logo.scale-125_contrast-black.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsMedTile.contrast-black_scale-200.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-loaders.xml 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\DESIGNER\MSADDNDR.OLB 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\jscripts\wefgallerywinrt.js 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\HOW_TO_RECOVERY_FILES.txt 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\lt-LT\HOW_TO_RECOVERY_FILES.txt 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-GoogleCloudCache.scale-100.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-16_altform-unplated_contrast-black.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreLargeTile.scale-200.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\HOW_TO_RECOVERY_FILES.txt 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-96_altform-unplated_devicefamily-colorfulunplated.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-36_altform-lightunplated.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\HOW_TO_RECOVERY_FILES.txt 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\thumb_stats_render_smallest.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-96_altform-lightunplated.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailBadge.scale-125.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-96_altform-lightunplated.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\HOW_TO_RECOVERY_FILES.txt 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.scale-200.png 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\MediaInkTransportControls.xbf 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar 5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe -
Drops file in Windows directory 6 IoCs
Processes:
svchost.exedescription ioc Process File opened for modification C:\Windows\WindowsUpdate.log svchost.exe File opened for modification C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk svchost.exe File opened for modification C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log svchost.exe File opened for modification C:\Windows\SoftwareDistribution\DataStore\DataStore.edb svchost.exe File opened for modification C:\Windows\SoftwareDistribution\DataStore\DataStore.jfm svchost.exe File opened for modification C:\Windows\SoftwareDistribution\ReportingEvents.log svchost.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
Processes:
svchost.exedescription pid Process Token: SeShutdownPrivilege 1748 svchost.exe Token: SeCreatePagefilePrivilege 1748 svchost.exe Token: SeShutdownPrivilege 1748 svchost.exe Token: SeCreatePagefilePrivilege 1748 svchost.exe Token: SeShutdownPrivilege 1748 svchost.exe Token: SeCreatePagefilePrivilege 1748 svchost.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe"C:\Users\Admin\AppData\Local\Temp\5d38ebafe05f6b9a2a94dd107bdda796b33563865ca6a1b9e562bcea63526a8e.exe"1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Program Files directory
PID:4756
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1748
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
a7a2139059f03ffb3402309f35cc2e04
SHA18abcbe25488c96c1a5887d5628d57db6e0cedc0d
SHA25624168f0be075da61de9289152f765bbad9e09b515f54344fb9fddb2b233e9a56
SHA512ff8dfe2e240b468b6acf493de8daf49346c5f9965daebbc46cfc1b0aaca9c6d3a1acdbe340ff4151dd0a2d0f02a1669c272d05327f274b8de82f3b62474e2eae