Analysis
-
max time kernel
165s -
max time network
192s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
29/11/2022, 04:03
Static task
static1
Behavioral task
behavioral1
Sample
a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe
Resource
win7-20221111-en
windows7-x64
17 signatures
150 seconds
Behavioral task
behavioral2
Sample
a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
10 signatures
150 seconds
General
-
Target
a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe
-
Size
187KB
-
MD5
5d79b9abc8ffeb582925677af7ff0d47
-
SHA1
18fc49e124dec8ef8a53157765b6043b7c78580a
-
SHA256
a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959
-
SHA512
f90031b7a683e598c766c35fcba03349908ee7c10f91a0eb9248909c3bf78e4ae02229afef089254b490a51bb3f415d0b4ee357eb1948b3bec82803ba9477578
-
SSDEEP
3072:i0CHU/GlIwVfYXnmya48P5jqUEA5d1xYu1K8Pq:iv0u2eMmE8xvEAVxY0K8Pq
Score
10/10
Malware Config
Signatures
-
Modifies firewall policy service 2 TTPs 18 IoCs
description ioc Process Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging Process not Found -
Modifies security service 2 TTPs 22 IoCs
description ioc Process Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinDefend\TriggerInfo a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MpsSvc\Security Process not Found Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Type = "32" Process not Found Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "4" Process not Found Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MpsSvc\Start = "4" Process not Found Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MpsSvc\ErrorControl = "0" Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MpsSvc\Parameters\PortKeywords\IPTLSOut Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MpsSvc\Parameters\PortKeywords Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MpsSvc\Parameters Process not Found Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\ErrorControl = "0" Process not Found Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\DeleteFlag = "1" Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Parameters Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinDefend\Security a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinDefend\TriggerInfo\0 a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MpsSvc\DeleteFlag = "1" Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MpsSvc\Parameters\PortKeywords\RPC-EPMap Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MpsSvc\Parameters\PortKeywords\Teredo Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Security Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinDefend\Parameters a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MpsSvc\Type = "32" Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MpsSvc\Parameters\PortKeywords\DHCP Process not Found Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MpsSvc\Parameters\PortKeywords\IPTLSIn Process not Found -
Sets service image path in registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\etadpug\ImagePath = "\"C:\\Program Files (x86)\\Google\\Desktop\\Install\\{f6ae883d-87b2-8e92-33b2-e7745dda3830}\\ \\...\\\u202eﯹ๛\\{f6ae883d-87b2-8e92-33b2-e7745dda3830}\\GoogleUpdate.exe\" <" a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe -
Deletes itself 1 IoCs
pid Process 1540 cmd.exe -
Unexpected DNS network traffic destination 11 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 194.165.17.4 Destination IP 194.165.17.4 Destination IP 194.165.17.4 Destination IP 194.165.17.4 Destination IP 194.165.17.4 Destination IP 194.165.17.4 Destination IP 194.165.17.4 Destination IP 194.165.17.4 Destination IP 194.165.17.4 Destination IP 194.165.17.4 Destination IP 194.165.17.4 -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Windows\CurrentVersion\Run a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe Set value (str) \REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Windows\CurrentVersion\Run\Google Update = "\"C:\\Users\\Admin\\AppData\\Local\\Google\\Desktop\\Install\\{f6ae883d-87b2-8e92-33b2-e7745dda3830}\\❤≸⋙\\Ⱒ☠⍨\\\u202eﯹ๛\\{f6ae883d-87b2-8e92-33b2-e7745dda3830}\\GoogleUpdate.exe\" >" a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1776 set thread context of 1540 1776 a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe 28 -
Drops file in Program Files directory 22 IoCs
description ioc Process File opened for modification C:\Program Files\Windows Defender\it-IT:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\MpCmdRun.exe:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\MSASCui.exe:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File created C:\Program Files (x86)\Google\Desktop\Install\{f6ae883d-87b2-8e92-33b2-e7745dda3830}\ \...\ﯹ๛\{f6ae883d-87b2-8e92-33b2-e7745dda3830}\GoogleUpdate.exe a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\fr-FR:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\MpClient.dll:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\MpOAV.dll:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\MpSvc.dll:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\MsMpCom.dll:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File created C:\Program Files (x86)\Google\Desktop\Install\{f6ae883d-87b2-8e92-33b2-e7745dda3830}\ \...\ﯹ๛\{f6ae883d-87b2-8e92-33b2-e7745dda3830}\@ a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files (x86)\Google\Desktop\Install\{f6ae883d-87b2-8e92-33b2-e7745dda3830}\ \...\ﯹ๛\{f6ae883d-87b2-8e92-33b2-e7745dda3830}\@\:@ Process not Found File opened for modification C:\Program Files\Windows Defender\MpRTP.dll:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\MsMpLics.dll:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\MsMpRes.dll:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files (x86)\Google\Desktop\Install\{f6ae883d-87b2-8e92-33b2-e7745dda3830}\ \...\ﯹ๛\{f6ae883d-87b2-8e92-33b2-e7745dda3830}\@ Process not Found File opened for modification C:\Program Files\Windows Defender\de-DE:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\en-US:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\es-ES:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\ja-JP:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\MpAsDesc.dll:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\MpCommu.dll:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\MpEvMsg.dll:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe -
NTFS ADS 19 IoCs
description ioc Process File opened for modification C:\Program Files\Windows Defender\MpClient.dll:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\MpCmdRun.exe:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\MpRTP.dll:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\MsMpRes.dll:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files (x86)\Google\Desktop\Install\{f6ae883d-87b2-8e92-33b2-e7745dda3830}\ \...\ﯹ๛\{f6ae883d-87b2-8e92-33b2-e7745dda3830}\@\:@ Process not Found File opened for modification C:\Program Files\Windows Defender\MpAsDesc.dll:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\ja-JP:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\MpOAV.dll:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\MSASCui.exe:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\MsMpLics.dll:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\fr-FR:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\es-ES:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\it-IT:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\MpSvc.dll:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\MsMpCom.dll:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\de-DE:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\MpCommu.dll:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\MpEvMsg.dll:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe File opened for modification C:\Program Files\Windows Defender\en-US:! a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1776 a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe 1776 a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe 1776 a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe 1776 a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1264 Process not Found -
Suspicious behavior: MapViewOfSection 2 IoCs
pid Process 1776 a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe 1776 a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe -
Suspicious use of AdjustPrivilegeToken 37 IoCs
description pid Process Token: SeRestorePrivilege 1776 a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe Token: SeDebugPrivilege 1776 a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe Token: SeDebugPrivilege 1776 a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe Token: SeRestorePrivilege 1776 a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe Token: SeBackupPrivilege 464 Process not Found Token: SeRestorePrivilege 464 Process not Found Token: SeSecurityPrivilege 464 Process not Found Token: SeTakeOwnershipPrivilege 464 Process not Found Token: SeBackupPrivilege 464 Process not Found Token: SeRestorePrivilege 464 Process not Found Token: SeSecurityPrivilege 464 Process not Found Token: SeTakeOwnershipPrivilege 464 Process not Found Token: SeBackupPrivilege 464 Process not Found Token: SeRestorePrivilege 464 Process not Found Token: SeSecurityPrivilege 464 Process not Found Token: SeTakeOwnershipPrivilege 464 Process not Found Token: SeBackupPrivilege 464 Process not Found Token: SeRestorePrivilege 464 Process not Found Token: SeSecurityPrivilege 464 Process not Found Token: SeTakeOwnershipPrivilege 464 Process not Found Token: SeBackupPrivilege 464 Process not Found Token: SeRestorePrivilege 464 Process not Found Token: SeSecurityPrivilege 464 Process not Found Token: SeTakeOwnershipPrivilege 464 Process not Found Token: SeBackupPrivilege 464 Process not Found Token: SeRestorePrivilege 464 Process not Found Token: SeSecurityPrivilege 464 Process not Found Token: SeTakeOwnershipPrivilege 464 Process not Found Token: SeBackupPrivilege 464 Process not Found Token: SeRestorePrivilege 464 Process not Found Token: SeSecurityPrivilege 464 Process not Found Token: SeTakeOwnershipPrivilege 464 Process not Found Token: SeBackupPrivilege 464 Process not Found Token: SeRestorePrivilege 464 Process not Found Token: SeSecurityPrivilege 464 Process not Found Token: SeTakeOwnershipPrivilege 464 Process not Found Token: SeShutdownPrivilege 1264 Process not Found -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 1264 Process not Found 1264 Process not Found -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 1264 Process not Found 1264 Process not Found -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 1776 a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 1776 wrote to memory of 1540 1776 a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe 28 PID 1776 wrote to memory of 1540 1776 a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe 28 PID 1776 wrote to memory of 1540 1776 a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe 28 PID 1776 wrote to memory of 1540 1776 a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe 28 PID 1776 wrote to memory of 1540 1776 a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe"C:\Users\Admin\AppData\Local\Temp\a46a11f43181681814978059fbd1f9522ee40d52d559cf7e2535f7e9d6d77959.exe"1⤵
- Modifies security service
- Sets service image path in registry
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Drops file in Program Files directory
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1776 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe"2⤵
- Deletes itself
PID:1540
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Google\Desktop\Install\{f6ae883d-87b2-8e92-33b2-e7745dda3830}\ \...\ﯹ๛\{f6ae883d-87b2-8e92-33b2-e7745dda3830}\@
Filesize2KB
MD5ab73511a478e2b2c683e4108abd802f8
SHA130c30c409cce3034ad275f37f2665df65e2feefe
SHA2567a047d00f56437151adf510aa38a404f57b5c14ca8581697629a88972de7baa1
SHA512a11c52889a92f541dca5b61fc5ce82ffcc0f45898c964a1719940a93241603d944cb207ed67ffb79a5048d2fe211d49981b11586736434d018ef979b5526ca6a