Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
70s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231130-en -
resource tags
arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system -
submitted
11/12/2023, 03:42
Behavioral task
behavioral1
Sample
f2b05b334ede2a9df37cf699e7e6e137.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
f2b05b334ede2a9df37cf699e7e6e137.exe
Resource
win10v2004-20231130-en
General
-
Target
f2b05b334ede2a9df37cf699e7e6e137.exe
-
Size
37KB
-
MD5
f2b05b334ede2a9df37cf699e7e6e137
-
SHA1
3ef4b04f68a1ce7e75edd7d3f74bf71830ca9aba
-
SHA256
f7d72c2cf94d9b4ff3ed9abec4dc6b3b10891f9e6a58d7db9de3a7debb473a85
-
SHA512
855601a8791975bfbf8d46fa43ec7ff1dd8469379eb4127f0590cafb90ca963f14950bb2eb87ce0943f9fd6f06dd92d33ffb87f0056da6c00c935cab25381d1e
-
SSDEEP
768:d8n3N4JRqwg8UTB+8zx70f0PSuopLwlFFWO7:dmN4JRrg8ypxSKFFX
Malware Config
Extracted
smokeloader
2022
http://81.19.131.34/fks/index.php
Extracted
redline
@oleh_ps
176.123.7.190:32927
Extracted
smokeloader
up3
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
resource yara_rule behavioral2/memory/3560-81-0x0000000000040000-0x000000000007C000-memory.dmp family_redline behavioral2/files/0x000500000001db68-73.dat family_redline -
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Deletes itself 1 IoCs
pid Process 3308 Process not Found -
Executes dropped EXE 2 IoCs
pid Process 1656 96E1.exe 4916 5408.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 4032 4204 WerFault.exe 125 -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI f2b05b334ede2a9df37cf699e7e6e137.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI f2b05b334ede2a9df37cf699e7e6e137.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI f2b05b334ede2a9df37cf699e7e6e137.exe -
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 348 f2b05b334ede2a9df37cf699e7e6e137.exe 348 f2b05b334ede2a9df37cf699e7e6e137.exe 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found 3308 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 348 f2b05b334ede2a9df37cf699e7e6e137.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 3308 wrote to memory of 1656 3308 Process not Found 105 PID 3308 wrote to memory of 1656 3308 Process not Found 105 PID 3308 wrote to memory of 1656 3308 Process not Found 105 PID 3308 wrote to memory of 4916 3308 Process not Found 108 PID 3308 wrote to memory of 4916 3308 Process not Found 108 PID 3308 wrote to memory of 4916 3308 Process not Found 108 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\f2b05b334ede2a9df37cf699e7e6e137.exe"C:\Users\Admin\AppData\Local\Temp\f2b05b334ede2a9df37cf699e7e6e137.exe"1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:348
-
C:\Users\Admin\AppData\Local\Temp\96E1.exeC:\Users\Admin\AppData\Local\Temp\96E1.exe1⤵
- Executes dropped EXE
PID:1656
-
C:\Users\Admin\AppData\Local\Temp\5408.exeC:\Users\Admin\AppData\Local\Temp\5408.exe1⤵
- Executes dropped EXE
PID:4916 -
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe"C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe"2⤵PID:4132
-
C:\Users\Admin\AppData\Local\Temp\Broom.exeC:\Users\Admin\AppData\Local\Temp\Broom.exe3⤵PID:3392
-
-
-
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"2⤵PID:1044
-
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"3⤵PID:4204
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 3324⤵
- Program crash
PID:4032
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"2⤵PID:4064
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -nologo -noprofile3⤵PID:740
-
-
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"3⤵PID:4808
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -nologo -noprofile4⤵PID:1816
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\tuc3.exe"C:\Users\Admin\AppData\Local\Temp\tuc3.exe"2⤵PID:2596
-
C:\Users\Admin\AppData\Local\Temp\is-7M9K0.tmp\tuc3.tmp"C:\Users\Admin\AppData\Local\Temp\is-7M9K0.tmp\tuc3.tmp" /SL5="$D0022,8423542,54272,C:\Users\Admin\AppData\Local\Temp\tuc3.exe"3⤵PID:3284
-
C:\Program Files (x86)\xrecode3\xrecode3.exe"C:\Program Files (x86)\xrecode3\xrecode3.exe" -i4⤵PID:2852
-
-
C:\Program Files (x86)\xrecode3\xrecode3.exe"C:\Program Files (x86)\xrecode3\xrecode3.exe" -s4⤵PID:3384
-
-
C:\Windows\SysWOW64\net.exe"C:\Windows\system32\net.exe" helpmsg 14⤵PID:1188
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 helpmsg 15⤵PID:3832
-
-
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\system32\schtasks.exe" /Query4⤵PID:3716
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\latestX.exe"C:\Users\Admin\AppData\Local\Temp\latestX.exe"2⤵PID:2740
-
-
C:\Users\Admin\AppData\Local\Temp\5B0E.exeC:\Users\Admin\AppData\Local\Temp\5B0E.exe1⤵PID:3560
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4204 -ip 42041⤵PID:1764
-
C:\Users\Admin\AppData\Local\Temp\8D88.exeC:\Users\Admin\AppData\Local\Temp\8D88.exe1⤵PID:3760
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD5e0876183964fee81399852ff17b83d9f
SHA12b5e11112920cf534504aec04216088391d77cc9
SHA256a7806bbd46d430792c5a79fc645acbd1318ecd620b6fbdc46c42f80403b6266c
SHA5128d0f7a5ebce00f61c794c12bb6639663d1edb37cbf8d1f7e0b2392fd458532bc27dcc964ed1281c27a7b4983e4a0adc75b41cf7bff13ade24278b100ccf2581d
-
Filesize
166KB
MD5da0d147771ecddcbec78efaf91a66952
SHA15571bbb2ce569af0828e616e040c1b48284d7822
SHA2561c6d52c3eb571c4d38e519c957d21b6bdc6499da0c36f0578a3749cf4eda7e1d
SHA512449cf99373f1e20b9f2b9cea29d99bd399904aea1446f02e568b009da8172ac4e61d28a7c89cf75c6dddd9bf98603e423cd487ca36b4dfc4c1889e25cb4a64ef
-
Filesize
57KB
MD594c8fb967b3b62d69d11cee72772ff38
SHA118e418f0481c96350f14a7dfc8beeb17fa7e9b87
SHA256e1f40811354ea9325afc8c35f4d5efc1922512ec9867716d55670837aba5c679
SHA5121ee0ed5271379c3a82cb124315e5a668541ac405540ca26756cbf6c8f64515ea37a533ee7fd1420f56f91bb824e937747d6f3d187b6614b25f3736d67587373e
-
Filesize
168KB
MD5a252639f09591bc08e82aea36e92aa72
SHA14c0ca2067556097fb262c7c1fb86476368e85e28
SHA25608587e65c801632ee4bc28c803a31e4e7fef4fbaff671ae30d03ebaedda78ef8
SHA51233c50b76dd1070065a4f909fb074e3084ff2a5b5a23ea96c90d52d89889c8fce46ea219985519fd4b29fdd2a353708f2a9c67732ab3008cb1828647db6dd90c9
-
Filesize
5KB
MD5d7a4e10b96616bb86833c87ff42e6b8f
SHA10dfaf37a5a34a1eb244d3adc9150243a7846e32c
SHA256caf2cf8775251f3879e132046dfd594cc8e8b367cf3995a9bf4764f80a5ed668
SHA512b900a6bc0abc1d3b96754ef1207aef1275657d0c591a7612eda7a6335f1e5a7dbdf30e599b09e4651f49ae11a3b64d17e4933e9b5b458850fd900308645664f8
-
Filesize
174KB
MD5e88995f64f8589c138b5fb816f253b16
SHA1f4fabb637808012621d653a42ea5d8000b296072
SHA256a95ff8db909850df8ef37b09b964d66ade6222dc62479edc2ed3b4a37b5ad1d1
SHA5122d511f8eb9030bf257a14cff5a9c18a200bfaa055fdcb7ebaeff6f587af2bf022e11438a45c333087cd8ae6dc187c4fd9bbc9d4f88d2e92fc5081a45d7d2a544
-
Filesize
254KB
MD57c9d4d5a6bc5a619a17c67beb24a662a
SHA1321ad913f126b2479954f4daa8e9aee62c8d7402
SHA256d79da89a1e1e28cd68a51425a99c2b8f0634746427854c561997a0345418e6d3
SHA5121cf5a1b7cc0d907fb624c98772a0f310b1f8f0724bb2f8126d3bcc9c502a47b9485fe682a565eab105c6e4fb9674256c191e465b3fc75ef281d235e372b4240c
-
Filesize
482KB
MD56e423858131ca4a1a5193fb9837d8cf8
SHA1df282275b5db64a77ce3d611dd3605d90c405de6
SHA256de1c816ced1066e631e755088c40b10c80d766cde63fe566c0362d710227bf7e
SHA5123e14efc1b6a4b4f7655dd9a09417f793a11aab98288918c58a9fba039e645e284048b0d423b847f18f5a39b5f363a4da733c4c76a091de3fb28132c63ad2afaf
-
Filesize
934KB
MD57f800d9c50fc736d25ea0566d0905169
SHA1782b9cba612551830bff48962042a3fd609a12ec
SHA2567a96853e72f4282a05109c249f2a994ef60c1514f3deaa23f9b6a1dcd208eb0f
SHA51233e081f98b6817d8b1f2bf11aa34ae94b070a4a2c6ccbd5ba53b9d0ad655ddead1e40ecbf7f77302ffb5d71ba63441af26ed9b7841ad1d7d828abd55136e093c
-
Filesize
824KB
MD54e21fedf35e1c7e4344b720bcd8048e7
SHA14b7b7d3edef401b8c1866e09a0f2bf3e77c55a7f
SHA25632084714bf42088331a3abc34f0290ea4da960e78d704a6c8e71c58a70f8a259
SHA5121bd76d440799a98639f901ccf700e82c07ecb8affb7eb3865b9fe04c0dfcde3b7e2d22a7d10933c0177ed8f329a1994eb80970347b0a06dd2ce48d7355991e05
-
Filesize
219KB
MD591d23595c11c7ee4424b6267aabf3600
SHA1ef161bb8e90cebdf81f4e53dfccb50c1f90a9a02
SHA256d58937d468f6ca92b12ee903a16a4908de340f64f894cf7f1c594cd15c0c7e47
SHA512cb9ed75c14e7b093cabab66c22d412371c639ace31fbe976c71ffec6007bf85b3d7d3e591fe5612e2a035298398d32e1aa7dc0d753f93328ebc2ce8e44fb8d2b
-
Filesize
89KB
MD53a3995d4cb58af7aa602874d5d4eac58
SHA186950df3fe94c81b37a2445a032d2b1f8ba94118
SHA256e1c30ed6d3e0d4008b32c368cf725c53409ed467ba82d7fda67ff6bf94620a9b
SHA51220390b1d43f5cbe212d3843d3e5d55e3fa4811cfd59879d4a6659d74df1e092765df7b56ad6723f3ad396322d82055471761d3cdc04ab96e00f4b0eb1824e983
-
Filesize
92KB
MD5dcc5159d5572687064ed6485f9c9d9bd
SHA1e35d8b3194c98199a33a84c7a65c9d8ab1900be3
SHA256786618896a897e764cee0d07326e3e0c2cbace97e1fd7485930ed8a00f021cfb
SHA51209b581e07354927ce122f0ccbd9552fb61dedda33903eccaaff6423f89cdf4ab50bf728cf6e47b786d8b4c8f5fdd1baa9a2c4d5377ad635d37bf8e6d2ebe2820
-
Filesize
38KB
MD58118259269cdd54ecc123739c2242444
SHA111ff5b288ceb7600531fae336457bab126da4842
SHA256b9454061905aff47a1a8b6c104706328c30bd74fa51245933e8ccd1e87604ea3
SHA5120feaaaf7931ce5cb5f064df183e2c4c7af316a1d72cecfe9ce0cc259fd42dae5409f3118082b638c27c92a009a024f8ca7fa5c8df6f8f9596a13445d54d7fe63
-
Filesize
142KB
MD503a90ab86fb9acd673799e29fd2d25fb
SHA1315c213c501f4e3449ce73cb617d052bad8440a6
SHA25612a718320903ea148c54b2e233eec08c2fb4369a4c9a73a9b3ef1ca63d127440
SHA512689a31206c58c874a8632fc9a73246a81f4a58806bc26313e87dfd2fe17a6deeebfa602b8f4f17847d1da2b30a8d44d6e4d8be695cc2aa41f92c549cde44892a
-
Filesize
384KB
MD5ff467c77f54807d5edc89d72ac0499e7
SHA103d573a9f85c75ac08c2211d2c6a470191a5749b
SHA2562a5b6631f02d016176aa7ffdd7a2382facfeb4a50d0d29196e806e1959deeb96
SHA51260177af2342ceccc2435de61e7a638248fca46f2016b48465eaffa6ac796623c438d701a66275d4c09868da8c9019c8a01646af2c72b30e11f93ae061cfa5ebb
-
Filesize
354KB
MD5f5d123d24d59b50b07a0424d732921c8
SHA17b73abcb4d766a6df5b4be28ec69fa1f40dd1b4a
SHA2565f7b38ebb1e3b10b8cd981eeb43dc30367e66322b097099cb32d20bfb65a02ef
SHA5121caf8a989b2beb1e12bb2eee2d130603c3b19dbc15f6b14edf886b029b133d9d2612401d2a751ee0a62f4d3567701ad844f3180181dc3edd08388dd9616d3bb7
-
Filesize
821KB
MD51590b1e4bd7d7503fdccfca676cc1336
SHA1783842058e57dc72f57b9c5fa8b7324d406193ac
SHA2569bcd3b786ccb5f7f1e400b6560c7cc9d6ba5959fa99f041d38437f60857d7552
SHA5128452f08da2d961de6e852f8f44e7064f004c2a3f232dc38e8d2751a089c241c3437e5911cfc8931e9f5b67d9b7c130e3ccb54ea18be09b8b878e9045a1c18c71
-
Filesize
325KB
MD51050cfd90e587a9db88bcbf2c8a2dac0
SHA1ea636343ff21fb16fac8068b73f98687148af9e8
SHA256d65ae19983f7c53dfc15c98b9d8807233950df64ff6c0c30bdf0645488464386
SHA5124e819158acd6ffcd0e716ccbf1d4ee480d1969aeaa91522dc4a7f35d3a6964a2a76d50e05b39cc3a55caf3bc55d627e709d5d9a0c2f01ba4231bd9b111a771e4
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
589KB
MD55b5b178e4080248788fb1e1741e7d39b
SHA1170735b6e067d8acf85672b7355b0c7ec13cb5e2
SHA25650677457167d1319bbba30076989655952e45be8186b93139078b992ba7b972b
SHA5121a35a1cb0baf346119e69a5311bd43cbcd762d4616d08147cda83fc4b17f0ec221184ea723634df06c42bc3682d52a58111af5d1c81ef42c6a71654ea610f3bd
-
Filesize
694KB
MD55525670a9e72d77b368a9aa4b8c814c1
SHA13fdad952ea00175f3a6e549b5dca4f568e394612
SHA2561180706added2a7899f08f25a9f88ecff5d003ba8964f918d00779565e4a6978
SHA512757249f7e67f82522a8e3079a22c5cf92111626446a32ad3ef876f23885f62d1bb5bf3238d564e23531d062fe18742568dfc00e33b049bb8eef05eb953ef981a
-
Filesize
2KB
MD5a69559718ab506675e907fe49deb71e9
SHA1bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA2562f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63
-
Filesize
13KB
MD5a813d18268affd4763dde940246dc7e5
SHA1c7366e1fd925c17cc6068001bd38eaef5b42852f
SHA256e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64
SHA512b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4
-
Filesize
665KB
MD5e993fedf46874ba00c5255a4c2d6142a
SHA1c1bfa46a17684fa5893b8a83447e9b05c17474be
SHA25625995fda77507be6812c5d278196a775cd1f4efdba60340cb6b870b79c81a407
SHA51255697762adf6daee924017381998b7762a116ce894c2deadb11e94a8816c5dac9043737fa592833e9fb7a130c6ff9ccd29624fbe1eabf90e913a123ba1b0782c
-
Filesize
1KB
MD51b159fee94f49e50da540d2c70bdb412
SHA1fa8b6fcfe71f716bb719b038cb400d7bcc29b26c
SHA25688b132ebf36bd0451f56345998cb52145f45d4d3b0ba7dfdb05fc147afb891a0
SHA512ad7424efb79f84acd287391d4f69a0d11ddac676853abe57b49f2612a703dbf5b72d0ea515a8933bf7c97cc3bc23c95cbcbda8d934c9a45b5b4a0e6cadfa15e7
-
Filesize
239KB
MD5ff3ca662eaa22b501f923f9825ab6313
SHA1205f95f83a77206d204362cf5e38305259c082e3
SHA256accfa115f7b188efb85d150e46206566e4a512df42cceda0b8216bdfc21a4843
SHA512116890bcd42bbc3797948a0dd1f9271084793ec5d1e7de4801a2a3d6f4a410cf9d33a34f253e0dfeec80aee5ec13e9e963a6a1526ff9716926cabe972d2e2826
-
Filesize
291KB
MD5cde750f39f58f1ec80ef41ce2f4f1db9
SHA1942ea40349b0e5af7583fd34f4d913398a9c3b96
SHA2560a434be25f55f27ce0adbdfb08efeac1da01125b3e9194a94669bc7e9c6fe094
SHA512c181faacbef70f8a91606943470af50cfd443958c48601051371ff5d9bf66bb9ec794571b05a347a7f5776f06484dc007f535591d2f5e1c57e3c0ee04f3e9580
-
Filesize
953KB
MD5da884f3cb455132c4b82d81d5ac259c4
SHA19851e1ffbd14de621915e54dbf5fdab7a11f1323
SHA25603ee82f07536cd7e190f9c70567a9ff063c927e89664e837c2b46bec9102b9e9
SHA512d15d00733fb3f48d518b2f224a043a6d06e9e61dec13a01388c07a2df2a1c6ff632c0bd03be7ad576834241b7f976b4044806328e5a0e334bf0e84e07f9f5824
-
Filesize
735KB
MD58a32d905d1ec4133a2aa1590636a0276
SHA14911ae6dd4842ba303ad874da628f9e5bbaadb09
SHA2561993a7215a0c8a4e40d9249b75c4bc006dc5bde3f9e9c124e0586cbe0d92bde2
SHA512ab731d5475da76fe45c874d69e8646ba6ea4c555def3d3b302dbbdd5580c3d3a633006728ba981bac0ca3b9e43fb4037c82a2a244679cd5da3807df7c585a6a6
-
Filesize
650KB
MD50de68c4b897405cd3703833fc8ad51b5
SHA1df8e27640c63761d984d22a72c9bfa503723c4f5
SHA25614b89ae37bcce511e2b91c1fe0129e54e7436b28b28b1bd056962e82bc644b73
SHA512080d152fc639343424cc1c78aa42599c867f43bc316cdf42d3994e49181d196d1deec306deab93d2dff15fe500897b7b303fa03507f2010042aebf650c727856