Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
15-02-2024 04:42
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://tgrbdbydthntjdtydntsbtr.blob.core.windows.net/tgrbdbydthntjdtydntsbtr/url.html#cl/67436_md/9000/77970/517/11956/407285
Resource
win10v2004-20231222-en
General
-
Target
https://tgrbdbydthntjdtydntsbtr.blob.core.windows.net/tgrbdbydthntjdtydntsbtr/url.html#cl/67436_md/9000/77970/517/11956/407285
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3500 msedge.exe 3500 msedge.exe 3408 msedge.exe 3408 msedge.exe 1700 identity_helper.exe 1700 identity_helper.exe 1776 msedge.exe 1776 msedge.exe 1776 msedge.exe 1776 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
Processes:
msedge.exepid process 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe 3408 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3408 wrote to memory of 1600 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 1600 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 4740 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 3500 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 3500 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 468 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 468 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 468 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 468 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 468 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 468 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 468 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 468 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 468 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 468 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 468 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 468 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 468 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 468 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 468 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 468 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 468 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 468 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 468 3408 msedge.exe msedge.exe PID 3408 wrote to memory of 468 3408 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tgrbdbydthntjdtydntsbtr.blob.core.windows.net/tgrbdbydthntjdtydntsbtr/url.html#cl/67436_md/9000/77970/517/11956/4072851⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff94c0346f8,0x7ff94c034708,0x7ff94c0347182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,5873553027299963292,16311966629812203000,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,5873553027299963292,16311966629812203000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,5873553027299963292,16311966629812203000,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5873553027299963292,16311966629812203000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5873553027299963292,16311966629812203000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5873553027299963292,16311966629812203000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5873553027299963292,16311966629812203000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5873553027299963292,16311966629812203000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,5873553027299963292,16311966629812203000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,5873553027299963292,16311966629812203000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5873553027299963292,16311966629812203000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5873553027299963292,16311966629812203000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5873553027299963292,16311966629812203000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5873553027299963292,16311966629812203000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5873553027299963292,16311966629812203000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5873553027299963292,16311966629812203000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,5873553027299963292,16311966629812203000,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5936 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51386433ecc349475d39fb1e4f9e149a0
SHA1f04f71ac77cb30f1d04fd16d42852322a8b2680f
SHA256a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc
SHA512fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD51086b28e882d99f151f5442b754d63f8
SHA1656a3002d7b887d464ee30be4410971ad7bb2339
SHA2565b08fb34eda5457a5bc399fd4514b0aca3711f51c18750e8a3c8f977cd702605
SHA512ab39f4bd366a7bc4386b01c6d2baa9307d0983650d1402516b21a684d6eeb52d5fcfdff321d642c389c00ea4765f25d49b230c57925a5d5277fa4a838d7a2829
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD55c628d0e5a3824d8333d06ee68f48951
SHA108fb7bc26b4439de78d6a27e1a2fb82a1b17208b
SHA256632fe3599c382e3db981be7ee25ccfcc02c0e19fe4911bdc2b8d137c20505050
SHA5128c4acd6dc697bc7cf078ba96756fb677b8911938441b973794506113cc9d02410852f5530ad100e3fc09a5db757f4dc96768398c6b0af17cb0fcaf2d5fccd9d0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5e56ee4d9f6918eaacdc1df164b85a963
SHA13f3ad28a84fb3a47f23f6ec5c3ef5cf887aba297
SHA2562909821a75e5c50ab2e528cdba821fa6fe182441434409960daecac9d72efe56
SHA5129025bf3768e4818b345209076c85d46e8502cb8f310c5c7f6e0e6298bce215f69d3ad730e0fb2be2c9ef3f43a6adaf0da482339dd15c611674582516ac46ce3d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD5e664066e3aa135f185ed1c194b9fa1f8
SHA1358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5
SHA25686e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617
SHA51258710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD58973c2465db4e22131d11a1fc86bbbdb
SHA1587bbdddb6665df7ec00a48f0ea1d4032ad9916e
SHA25651e00b18568a8e99f52ac21a28424842f28d8dbeb8c1d602cb5c845506baee96
SHA512a2806155f8d837cd9b3eb5e347296ae6ca1f58c131393e428fbcadce7beca38c1f41a841197d85313a075388829deecae6c8853a089e3107cfab50c474ee7939
-
\??\pipe\LOCAL\crashpad_3408_KBLPAVSSAVQBNHLHMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e