Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
155s -
platform
windows11-21h2_x64 -
resource
win11-20240319-en -
resource tags
arch:x64arch:x86image:win11-20240319-enlocale:en-usos:windows11-21h2-x64system -
submitted
09/04/2024, 01:49
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://benefits-portal8826040525-session.u1011.net/login/las/mygov-login
Resource
win11-20240319-en
General
-
Target
https://benefits-portal8826040525-session.u1011.net/login/las/mygov-login
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 2060 msedge.exe 2060 msedge.exe 956 msedge.exe 956 msedge.exe 1484 identity_helper.exe 1484 identity_helper.exe 3948 msedge.exe 3948 msedge.exe 424 msedge.exe 424 msedge.exe 424 msedge.exe 424 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
pid Process 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 1348 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1348 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 956 wrote to memory of 3136 956 msedge.exe 80 PID 956 wrote to memory of 3136 956 msedge.exe 80 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2924 956 msedge.exe 81 PID 956 wrote to memory of 2060 956 msedge.exe 82 PID 956 wrote to memory of 2060 956 msedge.exe 82 PID 956 wrote to memory of 4940 956 msedge.exe 83 PID 956 wrote to memory of 4940 956 msedge.exe 83 PID 956 wrote to memory of 4940 956 msedge.exe 83 PID 956 wrote to memory of 4940 956 msedge.exe 83 PID 956 wrote to memory of 4940 956 msedge.exe 83 PID 956 wrote to memory of 4940 956 msedge.exe 83 PID 956 wrote to memory of 4940 956 msedge.exe 83 PID 956 wrote to memory of 4940 956 msedge.exe 83 PID 956 wrote to memory of 4940 956 msedge.exe 83 PID 956 wrote to memory of 4940 956 msedge.exe 83 PID 956 wrote to memory of 4940 956 msedge.exe 83 PID 956 wrote to memory of 4940 956 msedge.exe 83 PID 956 wrote to memory of 4940 956 msedge.exe 83 PID 956 wrote to memory of 4940 956 msedge.exe 83 PID 956 wrote to memory of 4940 956 msedge.exe 83 PID 956 wrote to memory of 4940 956 msedge.exe 83 PID 956 wrote to memory of 4940 956 msedge.exe 83 PID 956 wrote to memory of 4940 956 msedge.exe 83 PID 956 wrote to memory of 4940 956 msedge.exe 83 PID 956 wrote to memory of 4940 956 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://benefits-portal8826040525-session.u1011.net/login/las/mygov-login1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:956 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe093d3cb8,0x7ffe093d3cc8,0x7ffe093d3cd82⤵PID:3136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,17162277800593284872,6056514341942406020,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:22⤵PID:2924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,17162277800593284872,6056514341942406020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,17162277800593284872,6056514341942406020,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:82⤵PID:4940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17162277800593284872,6056514341942406020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:5040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17162277800593284872,6056514341942406020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:2096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17162277800593284872,6056514341942406020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:12⤵PID:3540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17162277800593284872,6056514341942406020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:3844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17162277800593284872,6056514341942406020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:12⤵PID:4704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,17162277800593284872,6056514341942406020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17162277800593284872,6056514341942406020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵PID:1576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17162277800593284872,6056514341942406020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:12⤵PID:3476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17162277800593284872,6056514341942406020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,17162277800593284872,6056514341942406020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17162277800593284872,6056514341942406020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:12⤵PID:1244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17162277800593284872,6056514341942406020,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵PID:1532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,17162277800593284872,6056514341942406020,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5696 /prefetch:82⤵PID:4028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17162277800593284872,6056514341942406020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,17162277800593284872,6056514341942406020,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:12⤵PID:3828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,17162277800593284872,6056514341942406020,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1020 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:424
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3404
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2860
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004E01⤵
- Suspicious use of AdjustPrivilegeToken
PID:1348
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54113e45804b7888f88ae2a78482d0951
SHA14c59bba45c65ba65aa920cbd4eb0d7ccf517a220
SHA256174195025b51f69ece21274cd7a97fff9f3d9a4bf57185ff3b1297bf2da6d1db
SHA51216355c4c575a162396cf2ca377f586b3659a70e8c1708cad66b74bb3ef66cbf9ed33d9376730325d95420e5f4f558b2bdb6b5b7595b8b822eb6d2449a83c3f95
-
Filesize
152B
MD5e521eb4a4c2bbe4898150cf066ee0cb0
SHA1c2b311b8b78c677b55a356b8274197fdcbae8ab5
SHA2561f947cf3be3f525e3039b9c363bb7d7bc0dd2b70da434149e0f0cbbc5d13dbe3
SHA51259e1b52a41dad2e7f36e0343e330b00bc33a7ba88f616928fd2b6cc526cac6effed76b006cb8a23ff45e85be27647114c7a8376ef3ba53d38ccb9ed4de9a5ea8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize312B
MD542340b1de6882749239b573e5c534ae8
SHA16b525a87ecfe66b4ca731f3488f1b6b572034448
SHA2569712f80179b7d5099923fb7d0d181b7cb57136249a4f3cb0f586e47dbff15fca
SHA51235a90a67520d2179a2519f62d8339e99a634e29a0a80dfd1a8e96f9020220c52bf65f452b94308bbc6fcf758d5dff68b714ea7fc6324ca3ce7cbc14660d62692
-
Filesize
1008B
MD5da4ac6378de84e99911b94557c0786ec
SHA15349267305a2e29afa871842c89c3202386da341
SHA2562612842b92c3a446cfeacf6383bbeda1b223d97349c960ca3fcefb838a88f86f
SHA512dc622d6eab56fdedf3b1514758a4b44e24145454659214575d5be5a4841084ef4c56d690c983e4b1bf7cc9e3b057b4a1da5e5cd4905ae9725efb28074b80e161
-
Filesize
5KB
MD51c134610bb5d9a59825dca369e65973c
SHA17ef7baff2cc77ccbe635bd735aa3ac4acfc03a78
SHA256dec5427ab541bb368f90271e2b323f8f7cb842353bba97f3e8841b12e17e1ef0
SHA5122bb20955a3c2f0130e1e4c3180c53fee579a6d723c4ed147e2fab97b70a9d8ae742e0516c39634685d5fc5d1035e9bafa77add1b7dcf44cf2f0269a9b62f7c76
-
Filesize
6KB
MD590d1a5adf24ac9083f2d663aeea3c1f2
SHA186ec04cace784b28980df800c706d31d6b0bcc65
SHA2567b5ea21bde5239366016f95914455419aca7b5fcb2c1419c52fdd65ec7314244
SHA51259a5bafc5eb0d7cd45c75f2a287da836c56369369ee92fb60135a3d9184cc3305c54c7f4473189c046091d7c2d75c4eb57a6066438c57217137047807351d4c4
-
Filesize
6KB
MD5d229c5f4091fdb8a83b13c4e204216d0
SHA1936e056ddadf678c27c0a546dcc3dacea12e8b5c
SHA2565de1d5704a8f2708dc4e87930e2b0ef2ed3ac0cd5bbe38a2d62e66839d3ea779
SHA5120e01ac43b6c5b40c99e62230d2490f4d6f150a5e99364f943129b4e1a6ff0eb79985531e63881b4b9d4b700892192abada6d310284ca397bcd057bf2d2c2972f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD523b2d9f1906f63ae218ca2eeb6fae55c
SHA107f3de0fb695fdf3a1ad01241b091d2d1e6ed303
SHA2561404999dfb6c8cc1acac4e3270ef94d351c48ad6795cdf7ccb8b43a6b903bb4f
SHA5128906122ff4b7fef5b3d7f1f05ee0120d21e0f1ab78b71b0d7552ef8d25264181b8623e646c412dc6d1dc7cb0a2725dd6dfa932136682a1a463553ebccd08481f