Analysis
-
max time kernel
149s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/04/2024, 20:14
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe
-
Size
29KB
-
MD5
255da0237ae0305036f8b9a6219d1450
-
SHA1
4c684f0bd0615af8f2a140273b4599cedeb24d85
-
SHA256
964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80
-
SHA512
54a952da097c4c891be14ac2b46afb22f3e9b7ea057e2f1de7dca29e6c41118d98fc1633653771e05ef1fd77a205fcdc62f010c921dbdfd44df0b3ed199ef0c5
-
SSDEEP
384:NbbU7HAR1Gt5M0zhIV/DZ3KZp7JcTO4yf9Knuf2MqlUV2V9wVfUnfRqOzGOnJh:p47+16GVRu1yK9fMnJG2V9dHS8
Score
6/10
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\P: 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened (read-only) \??\O: 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened (read-only) \??\M: 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened (read-only) \??\K: 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened (read-only) \??\Z: 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened (read-only) \??\Y: 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened (read-only) \??\X: 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened (read-only) \??\H: 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened (read-only) \??\E: 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened (read-only) \??\W: 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened (read-only) \??\Q: 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened (read-only) \??\N: 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened (read-only) \??\R: 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened (read-only) \??\L: 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened (read-only) \??\I: 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened (read-only) \??\V: 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened (read-only) \??\T: 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened (read-only) \??\S: 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened (read-only) \??\U: 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened (read-only) \??\J: 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened (read-only) \??\G: 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files (x86)\Common Files\Adobe\Help\en_US\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files\VideoLAN\VLC\locale\as_IN\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\css\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files (x86)\Internet Explorer\fr-FR\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\meta\reader\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files\Microsoft Games\Mahjong\en-US\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files\VideoLAN\VLC\locale\is\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files\Windows Photo Viewer\de-DE\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files\Windows Sidebar\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files\Microsoft Games\More Games\en-US\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Library\Analysis\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ro\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\uk\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ast\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files\VideoLAN\VLC\locale\gl\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\logger\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files\VideoLAN\VLC\locale\gu\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files\Microsoft Games\Chess\fr-FR\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\it\_desktop.ini 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\rundl132.exe 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe -
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2192 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe 2192 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe 2192 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe 2192 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe 2192 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe 2192 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe 2192 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe 2192 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe 2192 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe 2192 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe -
Suspicious use of WriteProcessMemory 10 IoCs
description pid Process procid_target PID 2192 wrote to memory of 2344 2192 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe 28 PID 2192 wrote to memory of 2344 2192 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe 28 PID 2192 wrote to memory of 2344 2192 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe 28 PID 2192 wrote to memory of 2344 2192 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe 28 PID 2344 wrote to memory of 2696 2344 net.exe 30 PID 2344 wrote to memory of 2696 2344 net.exe 30 PID 2344 wrote to memory of 2696 2344 net.exe 30 PID 2344 wrote to memory of 2696 2344 net.exe 30 PID 2192 wrote to memory of 1268 2192 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe 21 PID 2192 wrote to memory of 1268 2192 964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe 21
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1268
-
C:\Users\Admin\AppData\Local\Temp\964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe"C:\Users\Admin\AppData\Local\Temp\964d40ff98d1cc0db6c03f15c676749981466b174c3f9cc3137bd7674f6e4b80.exe"2⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2192 -
C:\Windows\SysWOW64\net.exenet stop "Kingsoft AntiVirus Service"3⤵
- Suspicious use of WriteProcessMemory
PID:2344 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"4⤵PID:2696
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
254KB
MD5a384103208a3f16d11a07818e23ad7b8
SHA17a731d3be497a563c24dbdfcd0b9f3fc44c66a9b
SHA256f66e605e209f213567702b1ecdf179372e8bc4e80d29f43d727a8982a66b4494
SHA51274e218537abdd9765ff8e7e9a060d8db1f6904641b4d503b54ea14edb4c6e35adc42e41bd67a077c9a9be17f4fe2bf332ed5ab6de50b2300b8b4c32c08198395
-
Filesize
959KB
MD50c1781a833bee50f8882e2149947cf31
SHA123b11e342c779b630cb1ac8070496580f0b16b08
SHA256ba111865b81475b67064e08a712e7f89a833161dd07d485fb28743fbc6448c40
SHA512d5ce103e5057a07c00945c23801a500c0a7b4882ce3bd7e98dd57041e210ad38a19c1d91aca9afc1217b2327d6aa2e2d3cb8a632ae92910bacf7e1546fe454ac
-
Filesize
474KB
MD593ab3e754c33d4a9ebf1dab2ec33b0c0
SHA1fa2411ab51331484dde6953ab0111dbd4419f410
SHA256ad54fdf460f9b136476420a8f1ff9b674ad5b133a10f57f5ba184979327eb342
SHA512643708118280f2c5ed2c131c17a999f78b698aad5eede0356fa769a4664cc3287392c0387a7f239b7902f3df5c73aa46918d841758819ff5698056126c1076aa
-
Filesize
9B
MD572b7e38c6ba037d117f32b55c07b1a9c
SHA135e2435e512e17ca2be885e17d75913f06b90361
SHA256e9719e3c653627668046bac84b77097bfb0cd018d68465c17130ed31d6d6eca6
SHA5122bebd814b81ad2dc547802d42891d833caaad81d004758ec4373f9c7af2971eb822f0a559d2d5d4fca499912fea95e25bab22e92cb0c149d6a4c692eee6ee46a