Overview
overview
7Static
static
3External 4.2.5.exe
windows10-2004-x64
7External 4.2.5.exe
windows11-21h2-x64
7$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...ls.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3EpicGamesLauncher.exe
windows10-2004-x64
7EpicGamesLauncher.exe
windows11-21h2-x64
7LICENSES.c...m.html
windows10-2004-x64
1LICENSES.c...m.html
windows11-21h2-x64
1d3dcompiler_47.dll
windows10-2004-x64
1d3dcompiler_47.dll
windows11-21h2-x64
1ffmpeg.dll
windows10-2004-x64
1ffmpeg.dll
windows11-21h2-x64
1libEGL.dll
windows10-2004-x64
1libEGL.dll
windows11-21h2-x64
1libGLESv2.dll
windows10-2004-x64
1libGLESv2.dll
windows11-21h2-x64
1locales/uk.ps1
windows10-2004-x64
1locales/uk.ps1
windows11-21h2-x64
1resources/elevate.exe
windows10-2004-x64
1resources/elevate.exe
windows11-21h2-x64
1vk_swiftshader.dll
windows10-2004-x64
1vk_swiftshader.dll
windows11-21h2-x64
1vulkan-1.dll
windows10-2004-x64
1vulkan-1.dll
windows11-21h2-x64
1$PLUGINSDI...7z.dll
windows10-2004-x64
3$PLUGINSDI...7z.dll
windows11-21h2-x64
3Analysis
-
max time kernel
120s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
28/01/2024, 18:28
Static task
static1
Behavioral task
behavioral1
Sample
External 4.2.5.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
External 4.2.5.exe
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win11-20231222-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
EpicGamesLauncher.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
EpicGamesLauncher.exe
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
LICENSES.chromium.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
LICENSES.chromium.html
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
d3dcompiler_47.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
d3dcompiler_47.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
ffmpeg.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
ffmpeg.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
libEGL.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
libEGL.dll
Resource
win11-20231222-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
libGLESv2.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
libGLESv2.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
locales/uk.ps1
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
locales/uk.ps1
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
resources/elevate.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
resources/elevate.exe
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral23
Sample
vk_swiftshader.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
vk_swiftshader.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
vulkan-1.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
vulkan-1.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral27
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win11-20231222-en
windows11-21h2-x64
General
-
Target
LICENSES.chromium.html
-
Size
6.5MB
-
MD5
180f8acc70405077badc751453d13625
-
SHA1
35dc54acad60a98aeec47c7ade3e6a8c81f06883
-
SHA256
0bfa9a636e722107b6192ff35c365d963a54e1de8a09c8157680e8d0fbbfba1c
-
SHA512
40d3358b35eb0445127c70deb0cb87ec1313eca285307cda168605a4fd3d558b4be9eb24a59568eca9ee1f761e578c39b2def63ad48e40d31958db82f128e0ec
-
SSDEEP
24576:d7rs5kjWSnB3lWNeUmf0f6W6M6q6A6r/HXpErpem:rovj
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133509407989158939" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1660 chrome.exe 1660 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1660 chrome.exe 1660 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe Token: SeShutdownPrivilege 1660 chrome.exe Token: SeCreatePagefilePrivilege 1660 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe 1660 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1660 wrote to memory of 3880 1660 chrome.exe 83 PID 1660 wrote to memory of 3880 1660 chrome.exe 83 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 1388 1660 chrome.exe 87 PID 1660 wrote to memory of 4128 1660 chrome.exe 88 PID 1660 wrote to memory of 4128 1660 chrome.exe 88 PID 1660 wrote to memory of 5092 1660 chrome.exe 89 PID 1660 wrote to memory of 5092 1660 chrome.exe 89 PID 1660 wrote to memory of 5092 1660 chrome.exe 89 PID 1660 wrote to memory of 5092 1660 chrome.exe 89 PID 1660 wrote to memory of 5092 1660 chrome.exe 89 PID 1660 wrote to memory of 5092 1660 chrome.exe 89 PID 1660 wrote to memory of 5092 1660 chrome.exe 89 PID 1660 wrote to memory of 5092 1660 chrome.exe 89 PID 1660 wrote to memory of 5092 1660 chrome.exe 89 PID 1660 wrote to memory of 5092 1660 chrome.exe 89 PID 1660 wrote to memory of 5092 1660 chrome.exe 89 PID 1660 wrote to memory of 5092 1660 chrome.exe 89 PID 1660 wrote to memory of 5092 1660 chrome.exe 89 PID 1660 wrote to memory of 5092 1660 chrome.exe 89 PID 1660 wrote to memory of 5092 1660 chrome.exe 89 PID 1660 wrote to memory of 5092 1660 chrome.exe 89 PID 1660 wrote to memory of 5092 1660 chrome.exe 89 PID 1660 wrote to memory of 5092 1660 chrome.exe 89 PID 1660 wrote to memory of 5092 1660 chrome.exe 89 PID 1660 wrote to memory of 5092 1660 chrome.exe 89 PID 1660 wrote to memory of 5092 1660 chrome.exe 89 PID 1660 wrote to memory of 5092 1660 chrome.exe 89
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1660 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff984fe9758,0x7ff984fe9768,0x7ff984fe97782⤵PID:3880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1868,i,15522395665547961035,14320885714679452184,131072 /prefetch:22⤵PID:1388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1868,i,15522395665547961035,14320885714679452184,131072 /prefetch:82⤵PID:4128
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1868,i,15522395665547961035,14320885714679452184,131072 /prefetch:82⤵PID:5092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1868,i,15522395665547961035,14320885714679452184,131072 /prefetch:12⤵PID:4348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1868,i,15522395665547961035,14320885714679452184,131072 /prefetch:12⤵PID:3544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1868,i,15522395665547961035,14320885714679452184,131072 /prefetch:82⤵PID:3632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1868,i,15522395665547961035,14320885714679452184,131072 /prefetch:82⤵PID:2576
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2256
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
824B
MD54cb715b1232d879a5600ffa9ad7f47dd
SHA13730ceb510389d9e61a5412f08034a132656c434
SHA256fdd259f6e56d31f853c85314b2e4ae3edc294d3c9ccda2d569890c00bc69c8af
SHA5123ed4b1a163efac26c34ffa3fbe49e1069c58d54d6282d1288a37c8eb71ebd6665ed6ecb88541eb617c2357d17b3d74ac241768450f85c7b2b6c53aae08aec63b
-
Filesize
6KB
MD56e616ee9ce14653859ae49f86565ec9a
SHA1f51f42d6e51a0650da8ab07a896107bf568449c8
SHA25698ba473feec9fa4fe8006ee8fe87f2b7aa4725a8a8de932d7a267d664b3936cf
SHA5120ec72fe66a1314926ea7fa56e6c2ece16c083472087591efbf6ed52303ea076484635fe764dbba2d27e8e6fd5dcd44e65d70f0383bf3e585cb013652e63009de
-
Filesize
6KB
MD503de7d390393b682bbc9544667200d66
SHA103b9fe434c6ffa3e6bf0e8c3e4baf1315347c1fe
SHA25677c68be77962f494f46bf1091c2e350aff04e04baaf985c1677dcaaea00a582a
SHA51221fda125cdbdb5355754f6a0aa19d34f9f9b90b363910b6edd34b023f0eae3347fbac2de7a6afa698d4cde826a9675520db79670a0fc99cb2186d120c7704030
-
Filesize
114KB
MD5fc0ad7a952bc3d09f6ab97d3e4c51325
SHA14f99fa72521b33c9e3d912cf8c1aa970d0fa2f0f
SHA256df74dd60c3ca3193de3cf75878e9e9805869d0d08b52daabf342580c9b9118b4
SHA5124e5ec8decb5867399c267b453fcc597b2bea75c6fb4686def86ff836b0b6446a4b2f71a0deb2344717143a0d0bbcd521f459f32036399fe795fe0268517034ca
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd