Analysis
-
max time kernel
43s -
max time network
42s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
02/04/2024, 00:31
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://afcc3a49-0553-4865-a79d-1ee5dfa1465f-00-1jjmbzmgsvm64.picard.replit.dev/#[email protected]
Resource
win10v2004-20240226-en
General
-
Target
https://afcc3a49-0553-4865-a79d-1ee5dfa1465f-00-1jjmbzmgsvm64.picard.replit.dev/#[email protected]
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 748 msedge.exe 748 msedge.exe 1748 msedge.exe 1748 msedge.exe 3116 identity_helper.exe 3116 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1748 wrote to memory of 4492 1748 msedge.exe 86 PID 1748 wrote to memory of 4492 1748 msedge.exe 86 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 656 1748 msedge.exe 87 PID 1748 wrote to memory of 748 1748 msedge.exe 88 PID 1748 wrote to memory of 748 1748 msedge.exe 88 PID 1748 wrote to memory of 3828 1748 msedge.exe 89 PID 1748 wrote to memory of 3828 1748 msedge.exe 89 PID 1748 wrote to memory of 3828 1748 msedge.exe 89 PID 1748 wrote to memory of 3828 1748 msedge.exe 89 PID 1748 wrote to memory of 3828 1748 msedge.exe 89 PID 1748 wrote to memory of 3828 1748 msedge.exe 89 PID 1748 wrote to memory of 3828 1748 msedge.exe 89 PID 1748 wrote to memory of 3828 1748 msedge.exe 89 PID 1748 wrote to memory of 3828 1748 msedge.exe 89 PID 1748 wrote to memory of 3828 1748 msedge.exe 89 PID 1748 wrote to memory of 3828 1748 msedge.exe 89 PID 1748 wrote to memory of 3828 1748 msedge.exe 89 PID 1748 wrote to memory of 3828 1748 msedge.exe 89 PID 1748 wrote to memory of 3828 1748 msedge.exe 89 PID 1748 wrote to memory of 3828 1748 msedge.exe 89 PID 1748 wrote to memory of 3828 1748 msedge.exe 89 PID 1748 wrote to memory of 3828 1748 msedge.exe 89 PID 1748 wrote to memory of 3828 1748 msedge.exe 89 PID 1748 wrote to memory of 3828 1748 msedge.exe 89 PID 1748 wrote to memory of 3828 1748 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://afcc3a49-0553-4865-a79d-1ee5dfa1465f-00-1jjmbzmgsvm64.picard.replit.dev/#[email protected]1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1748 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3de146f8,0x7ffa3de14708,0x7ffa3de147182⤵PID:4492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,15410787781297950927,346068731825039976,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:22⤵PID:656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,15410787781297950927,346068731825039976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,15410787781297950927,346068731825039976,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:82⤵PID:3828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15410787781297950927,346068731825039976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15410787781297950927,346068731825039976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵PID:1496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,15410787781297950927,346068731825039976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:82⤵PID:2336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,15410787781297950927,346068731825039976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15410787781297950927,346068731825039976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:12⤵PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15410787781297950927,346068731825039976,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:12⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15410787781297950927,346068731825039976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:12⤵PID:1684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15410787781297950927,346068731825039976,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:12⤵PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15410787781297950927,346068731825039976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:12⤵PID:1028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2196,15410787781297950927,346068731825039976,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3568 /prefetch:82⤵PID:1656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15410787781297950927,346068731825039976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵PID:2920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15410787781297950927,346068731825039976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵PID:2256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15410787781297950927,346068731825039976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:12⤵PID:3540
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2880
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3184
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x300 0x2ec1⤵PID:3896
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f35bb0615bb9816f562b83304e456294
SHA11049e2bd3e1bbb4cea572467d7c4a96648659cb4
SHA25605e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71
SHA512db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1
-
Filesize
152B
MD51eb86108cb8f5a956fdf48efbd5d06fe
SHA17b2b299f753798e4891df2d9cbf30f94b39ef924
SHA2561b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40
SHA512e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\32a27ac6-dd32-43ee-a50a-45d1efc43994.tmp
Filesize6KB
MD57c2ea57097f2ac1f9837313fe6ef3ce2
SHA1e20a054615602a90299185641960fc181761298d
SHA2562f33d9a721753ac99e2fbc81129032a7a99fc5199b117a6cd29b051f13d3c5da
SHA51260438ab175e1906dd5399542f70a082b2e6216d0d58cb7b9b54228283c648dfbe658c9d79ebe0a2dd6243b1eff7387f473ac4a6007a56461c98783dcf1efd56b
-
Filesize
198KB
MD5cda68ffa26095220a82ae0a7eaea5f57
SHA1e892d887688790ddd8f0594607b539fc6baa9e40
SHA256f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb
SHA51284c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62
-
Filesize
6KB
MD56eeae140aa797643cca04f381022f362
SHA1188d11d56b88f1a47c3bf66658576802ff021f18
SHA256a6e17543d30736eb86a04ef16360639efbd7e6eeaa9c023d52c94f8691d6f2d7
SHA5129e607f5ba6c5c8b525b1a058d2d08d34a93737ef459af20712191122b9922f9c2a5582ac864c8537302ecc5be5a7648cbe2b50c1fc4f491277379087ee94a9e8
-
Filesize
8KB
MD5751339fafe94173d70c47d3013efc193
SHA14b5e69f840dc74ad11b4528c4f9d3997e846b935
SHA25639930cde0c40cbccd4acf5f934f0ade20f81d195e03bbfa69f2afdd03081381e
SHA51229ca20114a76a17079847d7e274cdb60ccdb4c9130e38275b72ef4b962ee484c020453fef6d760a10b9092e1a776a4ceb3fe7fff82580ee3daaf8b9e851bffab
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
2KB
MD5cf4bfa6a831e3aa1236043927366713e
SHA1931bace84f08fc0122ddf6c2157bb8ed9078c9ec
SHA256cd7aca526b7495a60bb7c74e9b389e7c797cf0f3a394322bc6895a701f205529
SHA512f39b01448e23da97f49dec5ce0aee5ba38cdcbafc88eec005edef5c4e4ebbf40caf6aec9e8158268f5b1ce69b7a3dc015d529e8af1bc08198d5262e1b7bdb322
-
Filesize
2KB
MD5858a6b6c3c3fd171cea4f47869a63c62
SHA1e18a873fbb52356c4aaf35f8f1fcded685ccb6e4
SHA2565e741aa3f36668bf4dba31e762fade27de2d1e244a29a62bd58d021466ac3b2e
SHA5121748ce9686824ad9ea4a60ed91c831b18802ed679872dc65d4e033c31d87407abc5506e475fd9780c9e63fb6e7837a2b629f75c97cedee056e2816d5442c1604
-
Filesize
204B
MD57ada61f1fff4d13955d41b0d52cd64e0
SHA11aef50e6540b838255de0deef7661118b6a1244d
SHA2563ca3b549007ea0ee250c638b614178267d1181e8b35b05df41c174c8a808f3db
SHA51270579e5336200e721c8e44153f28f0e8766001f4dba8f6c2e291cd16c74d8e3912effc5289d6aa971e1bd12404f171baf09e579995f10d4b5e6e3dc9d374df4b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD52ff7c445c9310db05f8f2f08da900f28
SHA199acfd012f55a0a8e71b4611d250f4071155f2cb
SHA256555d5cb7fcbfa1ff1f162d94644ab16f4db45b70bf0b4d43553dfdacfa295f8d
SHA5128008efa521a0fc6dc5421abfd25f219c99a173372ea30d0dc7fe2ec6399fad4d39f797e8f15142a55b874bf30d1978e065fd799cbbc8bf02ca121521d4de0f52
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84