Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
27/03/2024, 10:11
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://caspio.com
Resource
win10v2004-20240226-en
General
-
Target
http://caspio.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4048 msedge.exe 4048 msedge.exe 3864 msedge.exe 3864 msedge.exe 3976 identity_helper.exe 3976 identity_helper.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe 3864 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3864 wrote to memory of 1368 3864 msedge.exe 88 PID 3864 wrote to memory of 1368 3864 msedge.exe 88 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 3668 3864 msedge.exe 89 PID 3864 wrote to memory of 4048 3864 msedge.exe 90 PID 3864 wrote to memory of 4048 3864 msedge.exe 90 PID 3864 wrote to memory of 2164 3864 msedge.exe 91 PID 3864 wrote to memory of 2164 3864 msedge.exe 91 PID 3864 wrote to memory of 2164 3864 msedge.exe 91 PID 3864 wrote to memory of 2164 3864 msedge.exe 91 PID 3864 wrote to memory of 2164 3864 msedge.exe 91 PID 3864 wrote to memory of 2164 3864 msedge.exe 91 PID 3864 wrote to memory of 2164 3864 msedge.exe 91 PID 3864 wrote to memory of 2164 3864 msedge.exe 91 PID 3864 wrote to memory of 2164 3864 msedge.exe 91 PID 3864 wrote to memory of 2164 3864 msedge.exe 91 PID 3864 wrote to memory of 2164 3864 msedge.exe 91 PID 3864 wrote to memory of 2164 3864 msedge.exe 91 PID 3864 wrote to memory of 2164 3864 msedge.exe 91 PID 3864 wrote to memory of 2164 3864 msedge.exe 91 PID 3864 wrote to memory of 2164 3864 msedge.exe 91 PID 3864 wrote to memory of 2164 3864 msedge.exe 91 PID 3864 wrote to memory of 2164 3864 msedge.exe 91 PID 3864 wrote to memory of 2164 3864 msedge.exe 91 PID 3864 wrote to memory of 2164 3864 msedge.exe 91 PID 3864 wrote to memory of 2164 3864 msedge.exe 91
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://caspio.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3864 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98d4246f8,0x7ff98d424708,0x7ff98d4247182⤵PID:1368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,2413835843687632175,12811188932642609027,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:22⤵PID:3668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,2413835843687632175,12811188932642609027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,2413835843687632175,12811188932642609027,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:82⤵PID:2164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2413835843687632175,12811188932642609027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:1144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2413835843687632175,12811188932642609027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:4012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2413835843687632175,12811188932642609027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵PID:4432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,2413835843687632175,12811188932642609027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:82⤵PID:4216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,2413835843687632175,12811188932642609027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2413835843687632175,12811188932642609027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:4756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2413835843687632175,12811188932642609027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:12⤵PID:1096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2413835843687632175,12811188932642609027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵PID:2240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,2413835843687632175,12811188932642609027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:12⤵PID:3604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2016,2413835843687632175,12811188932642609027,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5828 /prefetch:82⤵PID:4280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,2413835843687632175,12811188932642609027,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2768
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2912
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2240
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x354 0x41c1⤵PID:3948
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e494d16e4b331d7fc483b3ae3b2e0973
SHA1d13ca61b6404902b716f7b02f0070dec7f36edbf
SHA256a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165
SHA512016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737
-
Filesize
152B
MD50764f5481d3c05f5d391a36463484b49
SHA12c96194f04e768ac9d7134bc242808e4d8aeb149
SHA256cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3
SHA512a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224
-
Filesize
19KB
MD58d49bc58b7036fde5650ad83f65fef8f
SHA1caf7f9ef944e9c625a35d8c1108903f225cfdd4f
SHA256297df247698fb78a26bb95fd60ae8b631e3047c587d0a20f21d4957a6125a92d
SHA5123928af3354f2534954ffdca11fe8f71b74952eb7759091d87995a8a77966e3f40e23483be729b498c57dcb524e4f2499563dd222ea8d1d630467293e1f3736b7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize792B
MD5a098ed077697e61f6235dc7ece955e47
SHA11f09324808f73b7abfcb843863a438a612bc5795
SHA256fafa7c6f699908c19e2d9c312cc61a3ae4e0be9c67b266c18c1b0f28a261c6dd
SHA512b73c3f162b23f5e1bd4c746bdbe1a81c1cdfb0bab5d7aec878f4bf3be46a8976dfd1f6ccc21d1c109c9662f8a09f919f3f25cafda1b4626d1134fb6a55ad5a9b
-
Filesize
3KB
MD51ef9da6eae43df74b5c38fae2cfe0850
SHA166b6de56192e86b3ff1bce5cea50fa8853e7deb7
SHA256cfa7bbfe714ae89564863c989606f9fa5b06b2cae8924965a409b863662a2f88
SHA5122561b0c61bbe40c10306f341296538a4e85ae9dddb2d1150dbf678d9203dcc0840f17cab6eec267ec027b471b804f5e3313d2946b4320716e1562d6efc42fd15
-
Filesize
6KB
MD586a89fa6f7c7920adea7538904c83a0d
SHA1e2b501e01d55201fc712881f5149c083a75bc05a
SHA256d0ee8a3e57e93c5a64d838d335a880b1dfc6821ffdf422e2c8635337c06ce952
SHA5120322e60f995506fe1dd8bf0fecd7f2f7065a1ff9961d465e148901d95453fdf869639f70bf2dc54877163eef66bb316d452e9973a4ecd154e4dea8d5ff9fdda4
-
Filesize
7KB
MD5be3b11c6a9f43ce538e7c7892d555d3d
SHA10cdce2b3cd111e209d27edf3c5c7c0810b0d1a03
SHA25672fc9dcc0c72d7ac86a9502388aa5e8047e8caca9b625d381e773544b3bbdb3e
SHA5124fcb7780618fa80690318511dc16d8734088ff65883c47fdceab21f029e5dd8883c8295d655a3f77b3fb2d76cf436ea69e17f4e5e27c5a39e77a05cd2ac987d3
-
Filesize
6KB
MD5555bceec39a78d2e96a8d49768a933c9
SHA1f6a7816674f72da29dbc85181b29e14b2673c142
SHA256d89f854c7ee5793de64e0eba192445efde6c5a8f470d85079275c91926eaaf0a
SHA512a59bcb87d8f5d9cf140482699b3ffa2c12dda9fc83b15f049ceb4e00868506ee5ae8e3508ad405800a14a6c5ce9eb6516bef0b786a0a2a847886301d0b4cadab
-
Filesize
2KB
MD537c48380d1b416f07b9964d5334ab0c5
SHA187b3253d9127249c904c8235f3f903c93c898e0d
SHA2561e8fb71b61af8f953c2cd7cd2fc5d760b231f92dfe70806d02a5ea8f922cc2ac
SHA512f434b27bf176f3f08f2d0bd7663f8d5122e99c212203508c33b0f2b1df8a47dd235c5b470e2e69d2760ef5f396bc227d461137da8cc5ca2c21e4467adf423b6f
-
Filesize
2KB
MD56e3a71053b4cabb936122911c1d27c65
SHA1a8a696160cd1901c9b7ad11e2eb5f5d000450eef
SHA2563ba080b2b9e88ea8b9127b13a1d8f00884fdd1109b75cbcb647c7fffbbd3fc9e
SHA512644e40a5be03f6ced85b214bbeb1b1069e3d4699ba4246d9dcbed9a9b632166291309728dc709cddb7a95729d147b6687a30a491fa772287869beb761f0c3522
-
Filesize
370B
MD5471a6bab2c5f8e6957e4897917502e3a
SHA1e1186ca37e908ceedc3e5eb9c17ef8df8108b2af
SHA256ee6b4697971d294d3918a4b8bf29fffbecb8e9ec091378e1cd5de39945f845fe
SHA512cf2c765606060c98aa64f3152b92b06f8b6002ab4f45e3bba4094f3a60da1efb486ceb5dec028fbf70e181967ec9884e3e26b591b5e7a20f2d0f2e4eaaf81eae
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5e2a98484c9af95a2330cc9971c7b79a4
SHA145c9990db9306c4c7fba781ce004ac7c969b87c9
SHA2568fdb8086b62b618d2ab4d0a3576601b0efa94d428135637399574ba4ad368a38
SHA51296424458afb5cede51ee6a877002b0bdae2d67f14310d722ac244219b8014faaa64921a8a6de4afab3b84dc9caa2f24d1a67bab1f7447b6237408f4ba2a0b60b
-
Filesize
12KB
MD502bee40a0743fac6362c6d08e322f103
SHA1bd84e86e18497118a90ea40f9e31d82b71a7b011
SHA2568b768ad1ebc8b445b148267d3eee9f097faeca5e15bc50dda69bbe2b0a8d468b
SHA51214ffcf5821c2679b135ac7e9ded4489453d131e843ce1f73d9370c257ea53d80cff1702fb9cf32dec888c4659d07302b743b3bf10bc2c4f7f6f7ef543ffbc28a