Analysis
-
max time kernel
145s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231130-en -
resource tags
arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system -
submitted
08-12-2023 00:20
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://replika.com/
Resource
win10v2004-20231130-en
General
-
Target
https://replika.com/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1456 msedge.exe 1456 msedge.exe 2936 msedge.exe 2936 msedge.exe 4516 identity_helper.exe 4516 identity_helper.exe 5152 msedge.exe 5152 msedge.exe 5152 msedge.exe 5152 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
svchost.exedescription pid process Token: SeManageVolumePrivilege 5912 svchost.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe 2936 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2936 wrote to memory of 3704 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3704 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3540 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 1456 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 1456 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3420 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3420 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3420 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3420 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3420 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3420 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3420 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3420 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3420 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3420 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3420 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3420 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3420 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3420 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3420 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3420 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3420 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3420 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3420 2936 msedge.exe msedge.exe PID 2936 wrote to memory of 3420 2936 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://replika.com/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2936 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff921df46f8,0x7ff921df4708,0x7ff921df47182⤵PID:3704
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1456 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:82⤵PID:3420
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵PID:3540
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:4580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵PID:396
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:82⤵PID:3900
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4516 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:12⤵PID:2824
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:12⤵PID:3268
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:12⤵PID:620
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:12⤵PID:452
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5080 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5152
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4716
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4116
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:5760
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5912
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD56f17d201a62bf18f6cbd01b23b72a8fb
SHA11af5e43fb9aed83487b31c1d2d28e73c2a158c13
SHA2566cc8937137ff604ece72ccb17148f814d3d86d90c940b0d21fe679b9914a5718
SHA512b548cce56ee8d3fc88fecf74225c8ae1b983e0f79003145d5ffc70466a23f4fbb868a1bf01c85b30655c66f46e6011271b4156faa9f1c8c227ddb21febbd9752
-
Filesize
152B
MD558a9ee207caef8b6881b10e37b4cbc97
SHA1fa5f0c8626915f39161abb48df2212a79c9c6abb
SHA256fa60e147e18bd39cb6ce21d725ef37a2072d1d682547d9f7393d3f99e63711f4
SHA512dd20d10299a8c628c74adb51239c3869a01a731e42946f0039c9138c03524d8c8a940716226f10aab0b0c7aa230195a27e91aea54eed611c6e5dc9f02fa90355
-
Filesize
1024KB
MD5a3e64fda1a3fe8e81d3e557b4ca8d50a
SHA1ae924ffcd832832c0c7a79d764088c340fdb0a3c
SHA25677f192dab72db61e10952ba9b0f00cfd8f1c69247a3fd6b7aca1b8736e569efb
SHA512ca50fe9964aba59254ee97c05205401e0bb1f1062d8561f856dba0aa0533f465ccb81c88700eefac62847f05bd6946e9b2dae1b9f5482af44310ac9cdd94f105
-
Filesize
529KB
MD5e84a71bbe4fdd72f4329aab267af1cb1
SHA18d5586af94743a1f8a9b6e10ec5dfe3bf63feb19
SHA256ec370beb065b3b4feec1d89edfaa0f2f2dfa7a9f0c4be65cdad1f07196040730
SHA512c3a963e88c46e921c7fddacf5b2855a3c79654875f3ca66366b84d05e03f82993c0c9bdb40eaa6373830fed0dfa1836d5e266d91475ec18b9f5a9c3dcfd77ba5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD5d8bdd9a2106ea12530dcdc360fcbabca
SHA1ccc66929dd69b2e7946967dff3bd0b128fcb777a
SHA256ea6a886c34441c362a3b7db9ae9149ed87ff6f4c713dc9a0372cd2aadd0d2962
SHA512777baa591d3cfdc3fdd8df049c4f1cc90a9948642081db17ed08d517d2e3e53781fddb6cf77415a9957d18bbded55acf8a351795e07dbe5409f2de4118fd8388
-
Filesize
1KB
MD5717b04fbae4d564abe8fa73d30ca3feb
SHA1fb532c9d8d4935f464baec9adc9f10ff27deb548
SHA256d2849932c917329effa33b0f7d2e93b5c78c9e80117e40002abaf7a1d130b2cb
SHA51295cde1c07e0b2d81dbff522d9dc1ed87bbde38e1e91e8003d0c539d86584a8a33744e44ef0448bf8d8eeedd0ebd6861f5dad02982e9406c80d7b02513c821797
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD59a6721057bac9e91aabb1a27bc925452
SHA18e1c2054dececb1ca4237e282f7800e8457e8a53
SHA256b3486d39572507b60eae305ff5f8e884b8e0a4f99ba11f4d3d77e35b99a0bfed
SHA51291ad20fefa78c118084b5e8f4a4dfdba3183f23ed969265f9a160fef29de4a26803c3ead4811e4d0999585bdfaca0631f7d0e22437670962c82444eedf11bea2
-
Filesize
5KB
MD5e9e103d17d1908277e6ab58448061a70
SHA1a9b27083562284fe54048e3ec6281a8402c3204a
SHA25646f4895af3beafdcf2ac8f1c1c12d23b4ffe199a12f3fcf03878c66d1da04255
SHA512e8b4a98f2437f6e9c89d3508a1228c6fced01c0d93524c03d1a28840b112d243d20110649f57fad8c84a47e55dc0f3607d04f5ff9011ba322f93bb1ec1782536
-
Filesize
6KB
MD5319779890df5cbbc1ce967516b21f1e2
SHA111e050f4036df78be38255cd8314dbc9b500db8f
SHA2562acaef4232bd0a581ab41b4345c8455a1547a25cb4700d68769c516b9d9ac339
SHA5125de6dbe76981a7aa63f9e6cf485b6304a3bb34d0b645f72d62cdc6adc1adcf58d1305262af4ea8af2887e9a99496bcd490e27c550df5e50e24dc7a9131aff4bf
-
Filesize
24KB
MD57be049d7c959fde1e41f35b7a720efe9
SHA152ad63c6660922da4e8f6adeb3ffc02c4680b5f6
SHA2563e0f584c3f5eed5d694d28d0341dbeccd25f72ffc95dd44082cd087a8e7dddb3
SHA5124d46689ec5be60bc5e4de95f0547bde8670a99c483fe9395f2df77e78a4f1f438d5865a024a6daecce3c0e7314d006b3e84682bc7e201e521f7c33b3343590da
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5adbfb315c534ead7a69afe5685e15c35
SHA12cf8577135ab1071b4774a3b53c100ac9a11c498
SHA2565ee8fcc0d88f13c2e944e7b2247851ae72550db86b9529615f42393b9b85b48b
SHA512301dcaa367cb825b90eeee7b2d991a7fdee24713237af1f12d4e6009fd4d3dc67dd2f7df3c5c1646d292b37ceba043fba72b6c647d0fc56c43e3810160459ad6
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e