Analysis
-
max time kernel
139s -
max time network
322s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
03-04-2024 22:42
General
-
Target
Araneida.exe
-
Size
22.8MB
-
MD5
9786d9a60eee23198843b481f086b321
-
SHA1
0b2986cbd862a0e19161ed78a9f8a541fb1fcec1
-
SHA256
fd41dc07b772e71d75bb65868152d0dc9f652578d535bf17ee27b02c6079ef1d
-
SHA512
153ffc8f3739b81781206fa4674c4acb9bb379feb32eb0cce807f7e58224c5debd01defafca41f6dbffdb7ad9d860b241f912c36b9ad580ea241ccc53573db10
-
SSDEEP
393216:pX7VGSptnIVZd7p9mdLt/WVi0teZKwnOEGL26VjSQS6yhB4V:RtDGL7p8dai06KRq6RSH6yIV
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
Araneida.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Araneida.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
Araneida.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Araneida.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Araneida.exe -
Loads dropped DLL 1 IoCs
Processes:
Araneida.exepid process 1580 Araneida.exe -
Obfuscated with Agile.Net obfuscator 4 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral1/memory/1580-0-0x0000000000400000-0x00000000008EA000-memory.dmp agile_net behavioral1/memory/1580-4-0x0000000000400000-0x0000000000838000-memory.dmp agile_net behavioral1/memory/1580-60-0x0000000000400000-0x00000000008EA000-memory.dmp agile_net behavioral1/memory/1580-113-0x0000000000400000-0x0000000000838000-memory.dmp agile_net -
Processes:
resource yara_rule behavioral1/memory/1580-10-0x0000000180000000-0x0000000181D0F000-memory.dmp themida behavioral1/memory/1580-20-0x0000000180000000-0x0000000181D0F000-memory.dmp themida behavioral1/memory/1580-26-0x000000001E7F0000-0x000000001F581000-memory.dmp themida behavioral1/memory/1580-28-0x0000000180000000-0x0000000181D0F000-memory.dmp themida behavioral1/memory/1580-29-0x0000000180000000-0x0000000181D0F000-memory.dmp themida behavioral1/memory/1580-30-0x0000000180000000-0x0000000181D0F000-memory.dmp themida behavioral1/memory/1580-31-0x0000000180000000-0x0000000181D0F000-memory.dmp themida behavioral1/memory/1580-32-0x0000000180000000-0x0000000181D0F000-memory.dmp themida behavioral1/memory/1580-33-0x0000000180000000-0x0000000181D0F000-memory.dmp themida behavioral1/memory/1580-68-0x0000000180000000-0x0000000181D0F000-memory.dmp themida behavioral1/memory/1580-69-0x0000000180000000-0x0000000181D0F000-memory.dmp themida behavioral1/memory/1580-99-0x0000000180000000-0x0000000181D0F000-memory.dmp themida -
Processes:
Araneida.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Araneida.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
Araneida.exepid process 1580 Araneida.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 2 IoCs
Processes:
MiniSearchHost.exemsedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-647252928-2816094679-1307623958-1000\{41D81F8D-901F-4AC3-9F13-5903EA86C591} msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
Araneida.exemsedge.exemsedge.exemsedge.exepid process 1580 Araneida.exe 1580 Araneida.exe 1580 Araneida.exe 1580 Araneida.exe 4148 msedge.exe 4148 msedge.exe 2776 msedge.exe 2776 msedge.exe 5012 msedge.exe 5012 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
msedge.exepid process 2776 msedge.exe 2776 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Araneida.exedescription pid process Token: SeDebugPrivilege 1580 Araneida.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
msedge.exepid process 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe 2776 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
MiniSearchHost.exepid process 1316 MiniSearchHost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
Araneida.exemsedge.exedescription pid process target process PID 1580 wrote to memory of 2776 1580 Araneida.exe msedge.exe PID 1580 wrote to memory of 2776 1580 Araneida.exe msedge.exe PID 2776 wrote to memory of 2404 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 2404 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4280 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4148 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 4148 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 3452 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 3452 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 3452 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 3452 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 3452 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 3452 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 3452 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 3452 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 3452 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 3452 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 3452 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 3452 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 3452 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 3452 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 3452 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 3452 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 3452 2776 msedge.exe msedge.exe PID 2776 wrote to memory of 3452 2776 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Araneida.exe"C:\Users\Admin\AppData\Local\Temp\Araneida.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1580 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://araneida.co/download2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2776 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcbc083cb8,0x7ffcbc083cc8,0x7ffcbc083cd83⤵PID:2404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,10442378080231191147,12647584098212748751,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:23⤵PID:4280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,10442378080231191147,12647584098212748751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:4148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,10442378080231191147,12647584098212748751,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:83⤵PID:3452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10442378080231191147,12647584098212748751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:13⤵PID:4480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10442378080231191147,12647584098212748751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:13⤵PID:2716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,10442378080231191147,12647584098212748751,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4592 /prefetch:83⤵PID:1960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1900,10442378080231191147,12647584098212748751,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5104 /prefetch:83⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5012
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4036
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1316
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:860
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2020
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD512b71c4e45a845b5f29a54abb695e302
SHA18699ca2c717839c385f13fb26d111e57a9e61d6f
SHA256c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0
SHA51209f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241
-
Filesize
152B
MD5ce319bd3ed3c89069337a6292042bbe0
SHA17e058bce90e1940293044abffe993adf67d8d888
SHA25634070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3
SHA512d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize336B
MD5d49d33c9379ed2219b7fba211838a0d7
SHA15aa21ac9fd0d0b3f5d8c38f1d7d6c4c00b696667
SHA256d81fbed717cdc02909128e93a0c2ddc615fb4a1f5345d89e52498741429a0da0
SHA512a518d82d33bef3a854a0293e5023bcb012162cc76aedddaeb6108687d385fd6f29eaac35f18d5eb01b2aab6d0266b1b6ac11181bcd9380fb70e519ffb4bbd060
-
Filesize
580B
MD566be4c6f55e99ff1af1e9c234a7e911c
SHA1e06c0c59be863d56ea1594af8f98922916e137a2
SHA2563eec80fb43caa0ed227c98da96ba6fe817b664dfa123e1b50bb81dd96b8c9ae2
SHA512503e06677f85e49c8e2ba7cf622d9bb98da12e0054124b798429191877f7e8ecf5845c7946c600116fec5ef28c41d28df8207d33358217fa09db6bf3e73fb1d0
-
Filesize
5KB
MD543917b252e56695494cdbddb31bc587f
SHA18de20f90271741595a9150ca3388622a7d66732f
SHA256f51141b679d62802d716cab763f5c1c980635a209902a3bf358cee7ccec9758b
SHA51239bb34cd67f63b8d44c0b41b1e4735016c685f2bd423d45694db0b95f06545fa3438be275acff5ff0b4a5c155b7317ac82126cde62f667a51bfd497db5696801
-
Filesize
6KB
MD51626723716c57db22dcd84c0cf73e831
SHA1b2bd7e00c76f27a93ccd13de74bfe30cdc3f115e
SHA256c9126178ce8e3e1ecbf2000399823db4fc91b3c96d36e102ea08d9275bf8eaca
SHA5126c41f3315c85483ad7ef8dc7ae78c7928a78abae9e3d0b401812189c1f427888f1ce6d66ac1b21c033eb6b58f35c07380a4d73b68a72d5ec092415b01f1bfa3c
-
Filesize
11KB
MD5057d4c83569912e86c4ab3a064bf4318
SHA137bc25ad01d87167e8bee7db0169e057253b0a5f
SHA256a5c04526e976df1550416bedae8c55bf0b515e7861f162f29ddcf8a164f274b2
SHA512b20bbcc0640dc1e48ea91f06ed412e57d176e9ad2069f2e9b7c59ab4f79ee59a95a248eb4031a6b9e3f1238014f7e9bddc1783e4f872346747f372f0fd702eb3
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD577375d17a8241aa06af550428e413cee
SHA1ec13b23081e0a9cd92ae4d944deea5f5e0f036e6
SHA25645d3a9dec1354dbdaa71102c669564b4ed52f1981fd657550f6c1babc20982eb
SHA51264ba1637e51aa95f61c25c46fe20e597bbcae509cb0f1cd71bf26aa1841b2bb4e06e2941a25cf94addeff2f097d84feeb7fbfbb05729f3cc921dd076e95da56c
-
Filesize
1KB
MD5a14bfff0d9a58df81fced932ea122af8
SHA1e44b008e348c0ca79631548716a3c18a84a5b734
SHA256121b4c05501609241b7059b18ff412d7e83f215e9af492cf494584fb22957609
SHA512c633a22844f6177292fec5098210202e0efe8720eaa2084a3fb9b1ea6a99b3940c46f0077557300ef67e70471ce58cf52a3192ce9551147c0fac25e4558779a8
-
Filesize
1KB
MD59adc328239101235f8232b6ebb6a1d4d
SHA13ba838ea75ad852caf6d76b4354d70cd4bd27efc
SHA256e0d0cac9520b77ea931ca2b656893adc41c96acf7d52276fa9267e96813f3426
SHA51209a6cc36992bfd03abcba2430676ce511489754df854a4c1ef3ff734cdd4ecbf9cda19e844b9ff1eb21ae9d65395eaa549e36ff7fe8810c67a21b439b4b207ca
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e