Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
18-12-2023 01:17
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.paypal.com/nz/smarthelp/home?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000238&utm_unptid=83c3a100-9906-11ee-b3b5-40a6b72932c5&ppid=RT000238&cnac=NZ&rsta=en_US%28en-NZ%29&cust=&unptid=83c3a100-9906-11ee-b3b5-40a6b72932c5&calc=d9d426c3d52fd&unp_tpcid=invoice-buyer-notification&page=main%3Aemail%3ART000238&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.219.0&xt=104038%2C127632
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
https://www.paypal.com/nz/smarthelp/home?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000238&utm_unptid=83c3a100-9906-11ee-b3b5-40a6b72932c5&ppid=RT000238&cnac=NZ&rsta=en_US%28en-NZ%29&cust=&unptid=83c3a100-9906-11ee-b3b5-40a6b72932c5&calc=d9d426c3d52fd&unp_tpcid=invoice-buyer-notification&page=main%3Aemail%3ART000238&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.219.0&xt=104038%2C127632
Resource
win10v2004-20231215-en
General
-
Target
https://www.paypal.com/nz/smarthelp/home?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000238&utm_unptid=83c3a100-9906-11ee-b3b5-40a6b72932c5&ppid=RT000238&cnac=NZ&rsta=en_US%28en-NZ%29&cust=&unptid=83c3a100-9906-11ee-b3b5-40a6b72932c5&calc=d9d426c3d52fd&unp_tpcid=invoice-buyer-notification&page=main%3Aemail%3ART000238&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.219.0&xt=104038%2C127632
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid Process 1552 msedge.exe 1552 msedge.exe 180 msedge.exe 180 msedge.exe 4788 identity_helper.exe 4788 identity_helper.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid Process 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid Process 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid Process 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe 180 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid Process procid_target PID 180 wrote to memory of 3548 180 msedge.exe 87 PID 180 wrote to memory of 3548 180 msedge.exe 87 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 4424 180 msedge.exe 90 PID 180 wrote to memory of 1552 180 msedge.exe 88 PID 180 wrote to memory of 1552 180 msedge.exe 88 PID 180 wrote to memory of 1192 180 msedge.exe 91 PID 180 wrote to memory of 1192 180 msedge.exe 91 PID 180 wrote to memory of 1192 180 msedge.exe 91 PID 180 wrote to memory of 1192 180 msedge.exe 91 PID 180 wrote to memory of 1192 180 msedge.exe 91 PID 180 wrote to memory of 1192 180 msedge.exe 91 PID 180 wrote to memory of 1192 180 msedge.exe 91 PID 180 wrote to memory of 1192 180 msedge.exe 91 PID 180 wrote to memory of 1192 180 msedge.exe 91 PID 180 wrote to memory of 1192 180 msedge.exe 91 PID 180 wrote to memory of 1192 180 msedge.exe 91 PID 180 wrote to memory of 1192 180 msedge.exe 91 PID 180 wrote to memory of 1192 180 msedge.exe 91 PID 180 wrote to memory of 1192 180 msedge.exe 91 PID 180 wrote to memory of 1192 180 msedge.exe 91 PID 180 wrote to memory of 1192 180 msedge.exe 91 PID 180 wrote to memory of 1192 180 msedge.exe 91 PID 180 wrote to memory of 1192 180 msedge.exe 91 PID 180 wrote to memory of 1192 180 msedge.exe 91 PID 180 wrote to memory of 1192 180 msedge.exe 91
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/nz/smarthelp/home?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000238&utm_unptid=83c3a100-9906-11ee-b3b5-40a6b72932c5&ppid=RT000238&cnac=NZ&rsta=en_US%28en-NZ%29&cust=&unptid=83c3a100-9906-11ee-b3b5-40a6b72932c5&calc=d9d426c3d52fd&unp_tpcid=invoice-buyer-notification&page=main%3Aemail%3ART000238&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.219.0&xt=104038%2C1276321⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:180 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffbf77546f8,0x7ffbf7754708,0x7ffbf77547182⤵PID:3548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,13703962407702556536,13622526078627137562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13703962407702556536,13622526078627137562,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:4424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,13703962407702556536,13622526078627137562,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:82⤵PID:1192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13703962407702556536,13622526078627137562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:12⤵PID:920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13703962407702556536,13622526078627137562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵PID:1672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,13703962407702556536,13622526078627137562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:82⤵PID:768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,13703962407702556536,13622526078627137562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13703962407702556536,13622526078627137562,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:12⤵PID:3676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13703962407702556536,13622526078627137562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵PID:3420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13703962407702556536,13622526078627137562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13703962407702556536,13622526078627137562,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵PID:1420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13703962407702556536,13622526078627137562,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:692
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4496
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4788
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5efc9c7501d0a6db520763baad1e05ce8
SHA160b5e190124b54ff7234bb2e36071d9c8db8545f
SHA2567af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a
SHA512bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize840B
MD5b786d549b79b56ad801dbf5b9c7531bd
SHA19b013dd239bc56c9ee4ddbcb77d7e88cd99966f9
SHA2561748a257265f7279dc2829a30316eac49cd120384cca01ba469ea07b1da24803
SHA512b80146b798ed8a8a02ad4a5ab224e65f9099e7c19e7406d1773d86e390ee2684a1aa42c8c48caa2a9c45287b8169e3063add0b8cb8c9eb6722dfef8be11b1044
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
1KB
MD572d5e91afa05a5e72be0df940db62055
SHA1356898279365dd2b1cec8d0b53232d7432ad0066
SHA2562018c6c66bed0f0a70e5f703081a75e440f3842ddf05839880f80d6e59452809
SHA51273adf3fe6ecd4c727e665aa1b55fdb613a8fe37c07209397e0552d84dc09cd212a1f52aa28080c8a2db0d8beffca3ce764412cf4950012b671041ee0a492a39d
-
Filesize
6KB
MD58ecc44e43305cfa53057e1eaa7c66913
SHA1df965da4d5bd6882d2fbd3c4052a0196e23099f9
SHA25678ee2c6aa07ef3f95378c713ac78b2f87adb263d740c88af604b89dad0a77e50
SHA51264a3214171129c3e369d169bf79e31d13f54a6560c51dc6079de07c0315aae4aa08c556680df913eb2d9c8c892b37d92bcf27fecfda6282a7b8df6764dbb877e
-
Filesize
5KB
MD57bfd20ceaa95816537ba28fa11f52bad
SHA12b7cb239546934ded5782e59a524bc0ac8418ed4
SHA2562e5ccefef0c1fba8ef9e69f91d7e3e4794c665c8fc0489ee41138bd012ab1dfa
SHA512a0bd37b5ebb618cdc193f5719d262299bcb58e885cb62ed4672b0f42f75bd2642d3f482deb9f14a46e0fea9b695c9424d875b1ab7e3a653272a8135530b972cb
-
Filesize
24KB
MD5121510c1483c9de9fdb590c20526ec0a
SHA196443a812fe4d3c522cfdbc9c95155e11939f4e2
SHA256cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c
SHA512b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81
-
Filesize
1022B
MD59e55cd9ba0e49a43fc4a72bca5e4cbbb
SHA1df584513e61ef47e3f938af3d947d98f13821008
SHA25659ad371b7bdb0f480b653b87f838eeb7f411d7d067a5a1bf5bb278c25766410d
SHA512b8db32ae5f75a65d1a297c1f017752efcc98a8ee0331ca10857e167d1247b676c57c40899ee1e78c35067b65e76eca2dbf97cb34f00da3b68f621b97f60d25fc
-
Filesize
1KB
MD55e8690f72d6f7fbc7ceea1042a84c246
SHA1efdea7a29a715350229aeffee462461598de0bd4
SHA25692263bc0c5f6a2780bcefb5e2acf11a532991b9a170e087c11069f7133ce2a3f
SHA51220e8ab271ea5684d67d870bfee4386ab2b8edf1902d986fce32a77763646510b1b1f6cf11588ff61654cdda4575d2435e2900a615617abfcba39fef02c84b3a2
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5ba7ea776ce755eb81d207122d574d126
SHA1a0ca07f596cdf25fcabf37bffc6ff8ee4b1ff723
SHA256c88e492e9ed40ce8f19dbb87e0066647400f85c42b86bd783d0b0cbb1e7554db
SHA51235faada0601b4ee8220e91c04fe97308b362c3f37856eb7fdd5a5b4dd22210c2d96bba1073d130bb7be56bfa6beb6bfdd329a14e298997d0266aea538dc6acbf
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e