Analysis
-
max time kernel
149s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2023, 11:12
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://Ptoszek.pl
Resource
win10v2004-20230915-en
General
-
Target
http://Ptoszek.pl
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4976 msedge.exe 4976 msedge.exe 3288 msedge.exe 3288 msedge.exe 3964 identity_helper.exe 3964 identity_helper.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4976 wrote to memory of 1392 4976 msedge.exe 58 PID 4976 wrote to memory of 1392 4976 msedge.exe 58 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 924 4976 msedge.exe 84 PID 4976 wrote to memory of 3288 4976 msedge.exe 83 PID 4976 wrote to memory of 3288 4976 msedge.exe 83 PID 4976 wrote to memory of 4472 4976 msedge.exe 85 PID 4976 wrote to memory of 4472 4976 msedge.exe 85 PID 4976 wrote to memory of 4472 4976 msedge.exe 85 PID 4976 wrote to memory of 4472 4976 msedge.exe 85 PID 4976 wrote to memory of 4472 4976 msedge.exe 85 PID 4976 wrote to memory of 4472 4976 msedge.exe 85 PID 4976 wrote to memory of 4472 4976 msedge.exe 85 PID 4976 wrote to memory of 4472 4976 msedge.exe 85 PID 4976 wrote to memory of 4472 4976 msedge.exe 85 PID 4976 wrote to memory of 4472 4976 msedge.exe 85 PID 4976 wrote to memory of 4472 4976 msedge.exe 85 PID 4976 wrote to memory of 4472 4976 msedge.exe 85 PID 4976 wrote to memory of 4472 4976 msedge.exe 85 PID 4976 wrote to memory of 4472 4976 msedge.exe 85 PID 4976 wrote to memory of 4472 4976 msedge.exe 85 PID 4976 wrote to memory of 4472 4976 msedge.exe 85 PID 4976 wrote to memory of 4472 4976 msedge.exe 85 PID 4976 wrote to memory of 4472 4976 msedge.exe 85 PID 4976 wrote to memory of 4472 4976 msedge.exe 85 PID 4976 wrote to memory of 4472 4976 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Ptoszek.pl1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4976 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffddf5946f8,0x7ffddf594708,0x7ffddf5947182⤵PID:1392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,585005752091899606,17416441738432819710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,585005752091899606,17416441738432819710,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,585005752091899606,17416441738432819710,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:82⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,585005752091899606,17416441738432819710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:1748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,585005752091899606,17416441738432819710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:1440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,585005752091899606,17416441738432819710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:12⤵PID:4676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,585005752091899606,17416441738432819710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:12⤵PID:4072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,585005752091899606,17416441738432819710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:3016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,585005752091899606,17416441738432819710,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:12⤵PID:2236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,585005752091899606,17416441738432819710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:12⤵PID:4432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,585005752091899606,17416441738432819710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:2468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,585005752091899606,17416441738432819710,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4556 /prefetch:82⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,585005752091899606,17416441738432819710,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:12⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,585005752091899606,17416441738432819710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:12⤵PID:1768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,585005752091899606,17416441738432819710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:82⤵PID:2204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,585005752091899606,17416441738432819710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,585005752091899606,17416441738432819710,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5224 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4988
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3684
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3272
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2f4 0x45c1⤵PID:2724
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54d25fc6e43a16159ebfd161f28e16ef7
SHA149941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4
SHA256cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5
SHA512ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize192B
MD507ee8aa42a01358bb1ef05cede50f30b
SHA12ccd468cfe5581675eff8f511fc9256a199b9785
SHA2564e54f99870b33f9d73e8ff6791b1d2fc44a58c9b7803799f5f700ff1b46906d6
SHA51288efc3a0a80b32fbc2ef2e8a6943cebf84655fe1cd24091ffdd8136c8e250b6e96e76e97d40e5f2c7775214cdd6eec6cb53807774fe0a6d1a8c3d52256913c58
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
990B
MD5bc2c4dc82ba3dffb8685ac523a27f8a7
SHA1e960220315491f96b73d0b946052595c526f0df0
SHA256382243cfd1a3dd73dfdf08b535d91aeade336069928a4d46bf35281c255fc930
SHA5129335194e39f3e7699d72502a2f2eea25304682507632488a23274460860208eb5b1b51d68d63a6d9aa1141b7db66b8d4f1af62f0096b5ef02e187f3a0170857e
-
Filesize
5KB
MD5a553337b23109ebf836b15e85df55108
SHA1d85eadbc166b1d84083dd19754565bb37702b1c6
SHA2564129d0c7b48e7827fa946322b746667aef97882d868dcdee3a7ec07fe482d80d
SHA512fa4f2998c36edc3d47c565b96841196c744c0e994d0153d53cb319fd92da27b872a9ce865a21055495ec4ef8bcc5f4626ca6e6bd5bc97a1191989c25f7db08d0
-
Filesize
5KB
MD58188bc73b6f08ca8939820ff9b942767
SHA195cd671710496a03de046a13428b59fdf4a9667b
SHA256ce02f2579386f4b0b12956e399f549fa2a352a579fbf6ad56d43393527fd8e6f
SHA51236a20ac548ac928d907b81e8dc814db24b776117a2f516addcb1b42b1233ec4907f454deef9cde94ddf92aead493bf1a92dd22959453e3f2666a5c0cfe1425ac
-
Filesize
5KB
MD5d45ece3a152b3cce4d4c4b18294eec52
SHA106ec48b5f0b7e1843947a5b9149ec33d98bc0ff7
SHA25678088adc0d8c24bba3e3746e787f64e8c4976c68ffb4b6815b1f0fa6e5710a8b
SHA512650435cde9fbe3f3a5de69c7f44e31811516c4c4401668c6ab1eaf84c3c17d1091a3dbc9febfe13e6a2350ca5fb7e1adab9baf8711672e317c6fa0cf3baea7f9
-
Filesize
6KB
MD58e08c6f77b09c112b1f3e5ee32d8ad37
SHA13d8d4f8f9c88af7ffb7218f57d0dfc1c5b04fbf1
SHA256204abc2da12e0f7f86398f68abd1ee2b3962641d7983739c3addbf5d9497b0fa
SHA512e8ea7933c6842d963ab94e8ae1179ad85a646823bdd4ee2b9d06b42995601b91dc5277937b1ae1dcd6d4dc27c4f884b6a2fd7c41e23b27424c46f50d3834bcef
-
Filesize
24KB
MD5d555d038867542dfb2fb0575a0d3174e
SHA11a5868d6df0b5de26cf3fc7310b628ce0a3726f0
SHA256044cac379dddf0c21b8e7ee4079d21c67e28795d14e678dbf3e35900f25a1e2e
SHA512d8220966fe6c3ae4499bc95ab3aead087a3dd915853320648849d2fc123a4acd157b7dba64af0108802522575a822651ecc005523c731423d9131ee679c2712f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD54f8ef2208e1a2b7558429d00bee56ab4
SHA1a2cb3c8194086a2c4eff33cae1235e4fdfc53453
SHA256c6ec3a4ef1150435546a48c19f13931fede88050947bc4d07faccff1038c1d2a
SHA5123a55f3213d3cb3a4c07a36e21c883e77a14af10d814a07146e339495982f86fd5204719aa77c18b3f664eed13a8d38180101c552ac3053fc87c71f1f2830713e