Analysis
-
max time kernel
59s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20230621-en -
resource tags
arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system -
submitted
29-06-2023 20:09
Behavioral task
behavioral1
Sample
HP Mouse USB.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
HP Mouse USB.exe
Resource
win10v2004-20230621-en
General
-
Target
HP Mouse USB.exe
-
Size
1.6MB
-
MD5
58f5d3f738283351db8a2dbafb50be24
-
SHA1
9c18d5b5957ecf187fb5a2e68a6868a8cd719265
-
SHA256
0ddb866d33fa7277ea51dbaadd197e08318d1c6cd524c352ecb325cad85b82ba
-
SHA512
80bbf70fc808c593f1b9c58d11d2d32624040917ae54d0c0eb577bde522a1bb1b914c8578a811743bcbc2dbe62a0b8609cc65093d81ca296662e33c71913e3d0
-
SSDEEP
24576:Di2Q9NXw2/wPOjdGxY2rqkqjVnlqud+/2P+A+ZecdyFoBkkAnexMrdgL/:mTq24GjdGSiqkqXfd+/9AqYanieKd
Malware Config
Extracted
stealerium
https://discord.com/api/webhooks/1122279032260665414/W-unCHniD2YI670Bytn7FIpY-nux43_owoRzlVZOux3NvAnntnyH_9eSHWkJsi-nQBDo
Signatures
-
Stealerium
An open source info stealer written in C# first seen in May 2022.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
Processes:
HP Mouse USB.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 HP Mouse USB.exe Key opened \REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 HP Mouse USB.exe Key opened \REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 HP Mouse USB.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 5 icanhazip.com -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
HP Mouse USB.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 HP Mouse USB.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier HP Mouse USB.exe -
Delays execution with timeout.exe 1 IoCs
Processes:
timeout.exepid process 772 timeout.exe -
Kills process with taskkill 1 IoCs
Processes:
taskkill.exepid process 1480 taskkill.exe -
Processes:
HP Mouse USB.exedescription ioc process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 HP Mouse USB.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 HP Mouse USB.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 HP Mouse USB.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 HP Mouse USB.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
HP Mouse USB.exepid process 1696 HP Mouse USB.exe 1696 HP Mouse USB.exe 1696 HP Mouse USB.exe 1696 HP Mouse USB.exe 1696 HP Mouse USB.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
Processes:
HP Mouse USB.exemsiexec.exetaskkill.exedescription pid process Token: SeDebugPrivilege 1696 HP Mouse USB.exe Token: SeRestorePrivilege 1052 msiexec.exe Token: SeTakeOwnershipPrivilege 1052 msiexec.exe Token: SeSecurityPrivilege 1052 msiexec.exe Token: SeDebugPrivilege 1480 taskkill.exe -
Suspicious use of WriteProcessMemory 44 IoCs
Processes:
HP Mouse USB.execmd.execmd.execmd.exedescription pid process target process PID 1696 wrote to memory of 600 1696 HP Mouse USB.exe cmd.exe PID 1696 wrote to memory of 600 1696 HP Mouse USB.exe cmd.exe PID 1696 wrote to memory of 600 1696 HP Mouse USB.exe cmd.exe PID 1696 wrote to memory of 600 1696 HP Mouse USB.exe cmd.exe PID 600 wrote to memory of 2036 600 cmd.exe chcp.com PID 600 wrote to memory of 2036 600 cmd.exe chcp.com PID 600 wrote to memory of 2036 600 cmd.exe chcp.com PID 600 wrote to memory of 2036 600 cmd.exe chcp.com PID 600 wrote to memory of 1252 600 cmd.exe netsh.exe PID 600 wrote to memory of 1252 600 cmd.exe netsh.exe PID 600 wrote to memory of 1252 600 cmd.exe netsh.exe PID 600 wrote to memory of 1252 600 cmd.exe netsh.exe PID 600 wrote to memory of 1920 600 cmd.exe findstr.exe PID 600 wrote to memory of 1920 600 cmd.exe findstr.exe PID 600 wrote to memory of 1920 600 cmd.exe findstr.exe PID 600 wrote to memory of 1920 600 cmd.exe findstr.exe PID 1696 wrote to memory of 952 1696 HP Mouse USB.exe cmd.exe PID 1696 wrote to memory of 952 1696 HP Mouse USB.exe cmd.exe PID 1696 wrote to memory of 952 1696 HP Mouse USB.exe cmd.exe PID 1696 wrote to memory of 952 1696 HP Mouse USB.exe cmd.exe PID 952 wrote to memory of 1692 952 cmd.exe chcp.com PID 952 wrote to memory of 1692 952 cmd.exe chcp.com PID 952 wrote to memory of 1692 952 cmd.exe chcp.com PID 952 wrote to memory of 1692 952 cmd.exe chcp.com PID 952 wrote to memory of 2036 952 cmd.exe netsh.exe PID 952 wrote to memory of 2036 952 cmd.exe netsh.exe PID 952 wrote to memory of 2036 952 cmd.exe netsh.exe PID 952 wrote to memory of 2036 952 cmd.exe netsh.exe PID 1696 wrote to memory of 1772 1696 HP Mouse USB.exe cmd.exe PID 1696 wrote to memory of 1772 1696 HP Mouse USB.exe cmd.exe PID 1696 wrote to memory of 1772 1696 HP Mouse USB.exe cmd.exe PID 1696 wrote to memory of 1772 1696 HP Mouse USB.exe cmd.exe PID 1772 wrote to memory of 1968 1772 cmd.exe chcp.com PID 1772 wrote to memory of 1968 1772 cmd.exe chcp.com PID 1772 wrote to memory of 1968 1772 cmd.exe chcp.com PID 1772 wrote to memory of 1968 1772 cmd.exe chcp.com PID 1772 wrote to memory of 1480 1772 cmd.exe taskkill.exe PID 1772 wrote to memory of 1480 1772 cmd.exe taskkill.exe PID 1772 wrote to memory of 1480 1772 cmd.exe taskkill.exe PID 1772 wrote to memory of 1480 1772 cmd.exe taskkill.exe PID 1772 wrote to memory of 772 1772 cmd.exe timeout.exe PID 1772 wrote to memory of 772 1772 cmd.exe timeout.exe PID 1772 wrote to memory of 772 1772 cmd.exe timeout.exe PID 1772 wrote to memory of 772 1772 cmd.exe timeout.exe -
outlook_office_path 1 IoCs
Processes:
HP Mouse USB.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 HP Mouse USB.exe -
outlook_win_path 1 IoCs
Processes:
HP Mouse USB.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-3297628651-743815474-1126733160-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 HP Mouse USB.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\HP Mouse USB.exe"C:\Users\Admin\AppData\Local\Temp\HP Mouse USB.exe"1⤵
- Accesses Microsoft Outlook profiles
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- outlook_office_path
- outlook_win_path
PID:1696 -
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All2⤵
- Suspicious use of WriteProcessMemory
PID:600 -
C:\Windows\SysWOW64\chcp.comchcp 650013⤵PID:2036
-
C:\Windows\SysWOW64\netsh.exenetsh wlan show profile3⤵PID:1252
-
C:\Windows\SysWOW64\findstr.exefindstr All3⤵PID:1920
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid2⤵
- Suspicious use of WriteProcessMemory
PID:952 -
C:\Windows\SysWOW64\chcp.comchcp 650013⤵PID:1692
-
C:\Windows\SysWOW64\netsh.exenetsh wlan show networks mode=bssid3⤵PID:2036
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpAD1E.tmp.bat2⤵
- Suspicious use of WriteProcessMemory
PID:1772 -
C:\Windows\SysWOW64\chcp.comchcp 650013⤵PID:1968
-
C:\Windows\SysWOW64\taskkill.exeTaskKill /F /IM 16963⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1480 -
C:\Windows\SysWOW64\timeout.exeTimeout /T 2 /Nobreak3⤵
- Delays execution with timeout.exe
PID:772
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1052
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a7da8f8ec66a9391db9f993577f7c971
SHA11df8c656dcba9b6766754aea53ff9642c89639ec
SHA256b970f91792ec9dc73dd54d580bae3fcc0ce21cb1f69f2d0cb6dcd3433e10dc54
SHA5123869293e9b8d62b28340db61ee177088a84732cd450ffe99bc7b362cac7ecd81165f69fc9ea9aa17230ae96bfa423a4e6b1135c59aef655a20ab4a77b2ca3dbd
-
C:\Users\Admin\AppData\Local\6924f613c70f741e564a6a1b4017c16a\Admin@HHVWDVKF_en-US\Browsers\Firefox\Bookmarks.txt
Filesize105B
MD52e9d094dda5cdc3ce6519f75943a4ff4
SHA15d989b4ac8b699781681fe75ed9ef98191a5096c
SHA256c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142
SHA512d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7
-
C:\Users\Admin\AppData\Local\6924f613c70f741e564a6a1b4017c16a\Admin@HHVWDVKF_en-US\Directories\Startup.txt
Filesize24B
MD568c93da4981d591704cea7b71cebfb97
SHA1fd0f8d97463cd33892cc828b4ad04e03fc014fa6
SHA256889ed51f9c16a4b989bda57957d3e132b1a9c117ee84e208207f2fa208a59483
SHA51263455c726b55f2d4de87147a75ff04f2daa35278183969ccf185d23707840dd84363bec20d4e8c56252196ce555001ca0e61b3f4887d27577081fdef9e946402
-
C:\Users\Admin\AppData\Local\6924f613c70f741e564a6a1b4017c16a\Admin@HHVWDVKF_en-US\Directories\Videos.txt
Filesize23B
MD51fddbf1169b6c75898b86e7e24bc7c1f
SHA1d2091060cb5191ff70eb99c0088c182e80c20f8c
SHA256a67aa329b7d878de61671e18cd2f4b011d11cbac67ea779818c6dafad2d70733
SHA51220bfeafde7fec1753fef59de467bd4a3dd7fe627e8c44e95fe62b065a5768c4508e886ec5d898e911a28cf6365f455c9ab1ebe2386d17a76f53037f99061fd4d
-
Filesize
5KB
MD5a8e916667ae083f44aaaf4f9156a8382
SHA1330a9f75db4f79a2eb62b088ca4e5931c33e0421
SHA2563225939decf68ade19b9bb43ca190f1e972a971aa5ee9fd5ae7f29141eb6477c
SHA5129aa775e49c8eb4e3b3f98b98511212d0f703c9e6983ad08c1e7e725f3131fcc24e36fb012be0cf80b47be10bdede3a30aaad695df22c28b08e14d409a28d82c6
-
C:\Users\Admin\AppData\Local\6924f613c70f741e564a6a1b4017c16a\Admin@HHVWDVKF_en-US\System\ProductKey.txt
Filesize29B
MD5cad6c6bee6c11c88f5e2f69f0be6deb7
SHA1289d74c3bebe6cca4e1d2e084482ad6d21316c84
SHA256dc288491fadc4a85e71085890e3d6a7746e99a317cd5ef09a30272dfb10398c0
SHA512e02cf6bff8b4ebd7a1346ecb1667be36c3ef7415fff77c3b9cfb370f3d0dc861f74d3e0e49065699850ba6cc025cd68d14ceb73f3b512c2a9b28873a69aff097
-
Filesize
19B
MD5b451dcc4a7fc38516fd542f24c134f18
SHA16df9d3a6c26f283f0ad9740d6ca3ea14feab7e5b
SHA256dba8487f8d4c02fca5f6b28bf942b2e89eb6dbaec5c5a51bfd42eae40c3fbb4d
SHA512bfa88ebce56680505639455a232738c9e95c041cc2ebbbeaed4fc44efa5d78f555d5242672eafbe1edc48e29cbae391459fb9051ba00a4434710998a71daae45
-
Filesize
62KB
MD53ac860860707baaf32469fa7cc7c0192
SHA1c33c2acdaba0e6fa41fd2f00f186804722477639
SHA256d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904
SHA512d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c
-
Filesize
164KB
MD54ff65ad929cd9a367680e0e5b1c08166
SHA1c0af0d4396bd1f15c45f39d3b849ba444233b3a2
SHA256c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6
SHA512f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27
-
Filesize
57B
MD5e1a7bc17e29c007926718c8394473ab0
SHA1710dfe809aa2dacea1834b8ed332a4b4c0004760
SHA256f7134ab0bf10574f341ddd6cf085299258a26e6e72c3175179a96ec394c13b49
SHA512ecf617ee7f94b082136f0346f8c9d7df3b2dee2de5de70cebfe15121e2c0c98e7832d95eebec855b387e4d1a4c8d3ed5e19232bb3b8b74289920f3e54190cf76