Analysis
-
max time kernel
329s -
max time network
334s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
12/03/2024, 02:51
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://rb.gy/hzjhlb
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
http://rb.gy/hzjhlb
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral3
Sample
http://rb.gy/hzjhlb
Resource
android-x64-20240221-en
Behavioral task
behavioral4
Sample
http://rb.gy/hzjhlb
Resource
android-x64-arm64-20240221-en
Behavioral task
behavioral5
Sample
http://rb.gy/hzjhlb
Resource
macos-20240214-en
General
-
Target
http://rb.gy/hzjhlb
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1104 msedge.exe 1104 msedge.exe 3536 msedge.exe 3536 msedge.exe 3960 identity_helper.exe 3960 identity_helper.exe 6012 msedge.exe 6012 msedge.exe 6012 msedge.exe 6012 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe 3536 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3536 wrote to memory of 4944 3536 msedge.exe 89 PID 3536 wrote to memory of 4944 3536 msedge.exe 89 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1128 3536 msedge.exe 90 PID 3536 wrote to memory of 1104 3536 msedge.exe 91 PID 3536 wrote to memory of 1104 3536 msedge.exe 91 PID 3536 wrote to memory of 1404 3536 msedge.exe 92 PID 3536 wrote to memory of 1404 3536 msedge.exe 92 PID 3536 wrote to memory of 1404 3536 msedge.exe 92 PID 3536 wrote to memory of 1404 3536 msedge.exe 92 PID 3536 wrote to memory of 1404 3536 msedge.exe 92 PID 3536 wrote to memory of 1404 3536 msedge.exe 92 PID 3536 wrote to memory of 1404 3536 msedge.exe 92 PID 3536 wrote to memory of 1404 3536 msedge.exe 92 PID 3536 wrote to memory of 1404 3536 msedge.exe 92 PID 3536 wrote to memory of 1404 3536 msedge.exe 92 PID 3536 wrote to memory of 1404 3536 msedge.exe 92 PID 3536 wrote to memory of 1404 3536 msedge.exe 92 PID 3536 wrote to memory of 1404 3536 msedge.exe 92 PID 3536 wrote to memory of 1404 3536 msedge.exe 92 PID 3536 wrote to memory of 1404 3536 msedge.exe 92 PID 3536 wrote to memory of 1404 3536 msedge.exe 92 PID 3536 wrote to memory of 1404 3536 msedge.exe 92 PID 3536 wrote to memory of 1404 3536 msedge.exe 92 PID 3536 wrote to memory of 1404 3536 msedge.exe 92 PID 3536 wrote to memory of 1404 3536 msedge.exe 92
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://rb.gy/hzjhlb1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3536 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc04d746f8,0x7ffc04d74708,0x7ffc04d747182⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵PID:1128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:82⤵PID:1404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵PID:212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:2184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵PID:3640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:12⤵PID:912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:12⤵PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:82⤵PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵PID:4184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵PID:1596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵PID:5196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:12⤵PID:5204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2900 /prefetch:12⤵PID:3140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5092 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:6012
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1008
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4100
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5cbec32729772aa6c576e97df4fef48f5
SHA16ec173d5313f27ba1e46ad66c7bbe7c0a9767dba
SHA256d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e
SHA512425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0
-
Filesize
152B
MD5279e783b0129b64a8529800a88fbf1ee
SHA1204c62ec8cef8467e5729cad52adae293178744f
SHA2563619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932
SHA51232730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD56a14d4dd7b393373ee8bdd1cce24b8a9
SHA1493a3dd88d42f722ad1f9142c5e5dc1c9c569ec7
SHA256e21db1f4f47be723a464a5770802555bc0aaf66a56c774a330521563cbb3fd59
SHA5120c36121c19a8c413895dc286284a56d6aa30f4e13220c9a1fc1912de695a8b1e1bb50beda72ceedb8437a7f72318716ef8bc35dd24ba9f3ee7f937d0f8ff5d54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5a14c2969ada420622695ba103865b623
SHA1a6715f16531b1bf5c821ff212d070ef4e5c19a3e
SHA256c05ad58047c45311674c0f31dbe496f97490ec6bfc8155cac50081260e21bb24
SHA5123855a4968bd06f55616fd2554fc4f37ad119cee3eb0bc72c514474294e81bc34dca55d197cf89cecfd3ac1cdb1312163488dc2dbdc15485d07d682d5af1304e7
-
Filesize
552B
MD5abe64c528afa7b43c069409225255128
SHA1df63ea74733d28e8e31782dcc48e15b04432bad3
SHA256d5e4a83f58727631ec69742e25f1aa128bb9c573594d621af1f30f78557284b0
SHA512855c46e7667aa2e3b51d6f2e8e49ee5db9e1bd82fd842d34723ffc8487e9e5ee127238df6596f9f591660846fc60abe3abe2f038b0b1cee032a0c99d5c7ec8f2
-
Filesize
552B
MD5645d8ac683c48122a1201af64921ed56
SHA1143fa55659762861533acb8ea96db957d3fe8a3e
SHA256bc356a1889182c56e1617f8fb211c4cee48526b6c0d592734234dd05d6361b0c
SHA512dfa989f8c09f825a6bb2836e643a8375d5ea9246332ffb3028b54a833a28cd4da2039e8aa48518cc1e9583663a675740e6979510ddd2b23607da1fb9e3f1eb23
-
Filesize
6KB
MD549a8ef04133f0587edb968e6827e5e9f
SHA1c51ab05ed2c9b60ee2e72a426f62efc8fc0a0da6
SHA256aa2c1d0ff7e1fbdc2ecf63b92db727c5a1f7b0bf7f448b8a41987b202bf23eb8
SHA5120cabf4f25aa18ad6ea7bc094b99856f2771a64e948a7bae151214e9fec8215918252aa80d0eca2ffb7f7be498fd62e2bcd8e8b68b446823bc9b9d1c458b9cc35
-
Filesize
6KB
MD5c650113e887008d65bd39535792ac953
SHA140a978e305b0ca21dd03326bc7dd62bc38f9f694
SHA256404a2d2c7c45d5d6c0648742b699c7fdffd74daaa8d5dc6ef708160bacfb4730
SHA512f73b2c9be86d8bd52450cabfb283c760b5cc6f3fa7a38e56c09eaca0164a551494488abade5f01361615049d5cc7e7fd21c8c43f52c8fe6f1cb71edaf207430e
-
Filesize
6KB
MD5af3edaaaddcb4d44040939c2d2793693
SHA1dbe97f38b477ad2e8904a1ea195689b531979881
SHA25658775b4c42e1152e2ccf623dc062d846bc50827750e02abdf5cc88e8ab003bce
SHA51291822ba227b152b44d0e8fd3a3ed4600048770d94fe6895ddd73629ec420be00489c40ad5e0f75a662fcc6a6c38c25eafa1be075eb51f701e3870ac03299f345
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD514af913ca5c9b647d700669cf9e25f2a
SHA1d6566a77aae327dcacc185c1d6852f0b630e6c8c
SHA256403947483ec071f4ed25a4dde6b0812d0fecef02df2236a97997e7b5d925b582
SHA512988a5307efe80b811f2687abbcef9673a90de95ee187c33ac68dd9babff49a0b83157e5475d2b3dc92c3261b77606768f294dfea440463aab7916de3a78fd58c