Resubmissions
04-04-2024 18:48
240404-xftx7sfb6s 823-02-2024 00:20
240223-amqsssgg7v 122-02-2024 18:16
240222-wwwlasde8z 10Analysis
-
max time kernel
41s -
max time network
35s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
23-02-2024 00:20
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://
Resource
win10v2004-20240221-en
windows10-2004-x64
9 signatures
300 seconds
General
-
Target
http://
Score
1/10
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 51 IoCs
pid Process 3748 msedge.exe 3748 msedge.exe 3140 msedge.exe 3140 msedge.exe 3968 identity_helper.exe 3968 identity_helper.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1084 taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 1084 taskmgr.exe Token: SeSystemProfilePrivilege 1084 taskmgr.exe Token: SeCreateGlobalPrivilege 1084 taskmgr.exe Token: 33 1084 taskmgr.exe Token: SeIncBasePriorityPrivilege 1084 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 3140 msedge.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe 1084 taskmgr.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3140 wrote to memory of 1960 3140 msedge.exe 84 PID 3140 wrote to memory of 1960 3140 msedge.exe 84 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 4488 3140 msedge.exe 89 PID 3140 wrote to memory of 3748 3140 msedge.exe 88 PID 3140 wrote to memory of 3748 3140 msedge.exe 88 PID 3140 wrote to memory of 3700 3140 msedge.exe 90 PID 3140 wrote to memory of 3700 3140 msedge.exe 90 PID 3140 wrote to memory of 3700 3140 msedge.exe 90 PID 3140 wrote to memory of 3700 3140 msedge.exe 90 PID 3140 wrote to memory of 3700 3140 msedge.exe 90 PID 3140 wrote to memory of 3700 3140 msedge.exe 90 PID 3140 wrote to memory of 3700 3140 msedge.exe 90 PID 3140 wrote to memory of 3700 3140 msedge.exe 90 PID 3140 wrote to memory of 3700 3140 msedge.exe 90 PID 3140 wrote to memory of 3700 3140 msedge.exe 90 PID 3140 wrote to memory of 3700 3140 msedge.exe 90 PID 3140 wrote to memory of 3700 3140 msedge.exe 90 PID 3140 wrote to memory of 3700 3140 msedge.exe 90 PID 3140 wrote to memory of 3700 3140 msedge.exe 90 PID 3140 wrote to memory of 3700 3140 msedge.exe 90 PID 3140 wrote to memory of 3700 3140 msedge.exe 90 PID 3140 wrote to memory of 3700 3140 msedge.exe 90 PID 3140 wrote to memory of 3700 3140 msedge.exe 90 PID 3140 wrote to memory of 3700 3140 msedge.exe 90 PID 3140 wrote to memory of 3700 3140 msedge.exe 90
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3140 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd966246f8,0x7ffd96624708,0x7ffd966247182⤵PID:1960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,12859444263696414851,8160199264831836321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,12859444263696414851,8160199264831836321,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:22⤵PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,12859444263696414851,8160199264831836321,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:82⤵PID:3700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12859444263696414851,8160199264831836321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:3044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12859444263696414851,8160199264831836321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:2900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12859444263696414851,8160199264831836321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:12⤵PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12859444263696414851,8160199264831836321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:12⤵PID:4616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,12859444263696414851,8160199264831836321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:82⤵PID:4512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,12859444263696414851,8160199264831836321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12859444263696414851,8160199264831836321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵PID:4720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12859444263696414851,8160199264831836321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12859444263696414851,8160199264831836321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵PID:2748
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1756
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2876
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1084
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD566c89a802f77fc3f581029bfd4ffee0d
SHA18782c5cd73815a9e5f547133fb162df6d31f0f69
SHA256acfbef1f73c4fdec4cf1a2b70a84a0186f22c6e8cad711fcca8d2e072c5a5294
SHA51228af6aeaca4387e26de7b2557f25dcd29a88d961cb7c7fafdbf1d8230bf9c24d90d269f9e4acda6c5f95353670a5938e2008d35c3e8dc8f76647dd13145f521b
-
Filesize
152B
MD5343e73b39eb89ceab25618efc0cd8c8c
SHA16a5c7dcfd4cd4088793de6a3966aa914a07faf4c
SHA2566ea83db86f592a3416738a1f1de5db00cd0408b0de820256d09d9bee9e291223
SHA51254f321405b91fe397b50597b80564cff3a4b7ccb9aaf47cdf832a0932f30a82ed034ca75a422506c7b609a95b2ed97db58d517089cd85e38187112525ca499cd
-
Filesize
152B
MD5d4c957a0a66b47d997435ead0940becf
SHA11aed2765dd971764b96455003851f8965e3ae07d
SHA25653fa86fbddf4cdddab1f884c7937ba334fce81ddc59e9b2522fec2d19c7fc163
SHA51219cd43e9756829911685916ce9ac8f0375f2f686bfffdf95a6259d8ee767d487151fc938e88b8aada5777364a313ad6b2af8bc1aa601c59f0163cbca7c108fbc
-
Filesize
6KB
MD583c946ff5946fed81599d48c2e6a3d9e
SHA1a97572254800aadfb567b983227e7a2d395a8b79
SHA256f3360f97f10a678294bd82f180f75f9762c35468246d834e1c7945a9d64751b7
SHA512c39042694c60011e55f300bcb8b142e24ec67d22e9f2ddb97f5441e5e6c8e40ec1913455a6b5ec72b0e725753612b3dcb4fb1ec77c2b87a5ee587fa6f5a09d06
-
Filesize
6KB
MD5606b9c2a7fa29d1a1c14addd5041efb3
SHA1454870e17d445af1fb39f7418187e22783d89698
SHA256451f44fcbb3d7b4eb83d570cd2a566eba0af0e33774fe4fa6bedb905424c9a9f
SHA5122ade13cc1abd1d7c3fa6e947a4660fcfc098099b5389cc25d8ef0745a833597f5839ee16a2f2792729a63a85436a681afb2cd05bd6235e62f6c2c914d8300b5a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5c85a2ce8ee137d1ddf2c8985566e80d1
SHA1a21323b9b37ecd18caae95e7ba672112942b9086
SHA256710a624dcf7a03dd1e58dc6121b4d655b7ff69f5f70aec9abc3feb2e429890a3
SHA5124e07eb36f35af9c63af7ba81e39885659e21e237e78273a1853b31b4aca966ed0ebeb5200bebab0ff15903ec0da986fdc46bd949a074b10ffa8e889006cd26f5