Analysis
-
max time kernel
259s -
max time network
289s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
20-04-2024 06:42
Static task
static1
Behavioral task
behavioral1
Sample
Essay on Resolution of Korean Forced Labor Claims.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Essay on Resolution of Korean Forced Labor Claims.vbs
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
Essay on Resolution of Korean Forced Labor Claims.vbs
Resource
win10v2004-20240412-en
Behavioral task
behavioral4
Sample
Essay on Resolution of Korean Forced Labor Claims.vbs
Resource
win11-20240412-en
General
-
Target
Essay on Resolution of Korean Forced Labor Claims.vbs
-
Size
27KB
-
MD5
75ec9f68a5b62705c115db5119a78134
-
SHA1
6209f948992fd18d4fc6fc6f89d9815369ac8931
-
SHA256
ec9cc1940fe395867f5bab06016920f7194d753ae8cfa331bea0a44ecc8ef7cf
-
SHA512
82a0d96640390b8ffdcecd34fc1ae1663c84a299448a5af02b24bf9b9e1fdd19954ceeeea555808a57fcdc452b2b6e598338f11bb0c7101b34934a8ec7bf1780
-
SSDEEP
384:mrquVS33hr8nIsbSQVwooRmB7+shi14PdSkNk0dRL3K2fJ+QIHBR:mugSBrwIBQVwoI8dSMdBa2fGj
Malware Config
Signatures
-
Blocklisted process makes network request 3 IoCs
Processes:
WScript.exeflow pid process 35 4320 WScript.exe 40 4320 WScript.exe 57 4320 WScript.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
WScript.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Control Panel\International\Geo\Nation WScript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4204 msedge.exe 4204 msedge.exe 3884 msedge.exe 3884 msedge.exe 2400 identity_helper.exe 2400 identity_helper.exe 700 msedge.exe 700 msedge.exe 700 msedge.exe 700 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
WScript.execmd.exeexplorer.exemsedge.exedescription pid process target process PID 4320 wrote to memory of 3376 4320 WScript.exe cmd.exe PID 4320 wrote to memory of 3376 4320 WScript.exe cmd.exe PID 3376 wrote to memory of 2400 3376 cmd.exe explorer.exe PID 3376 wrote to memory of 2400 3376 cmd.exe explorer.exe PID 3084 wrote to memory of 3884 3084 explorer.exe msedge.exe PID 3084 wrote to memory of 3884 3084 explorer.exe msedge.exe PID 3884 wrote to memory of 3920 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 3920 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 380 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 4204 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 4204 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 4012 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 4012 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 4012 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 4012 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 4012 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 4012 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 4012 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 4012 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 4012 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 4012 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 4012 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 4012 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 4012 3884 msedge.exe msedge.exe PID 3884 wrote to memory of 4012 3884 msedge.exe msedge.exe
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Essay on Resolution of Korean Forced Labor Claims.vbs"1⤵
- Blocklisted process makes network request
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c explorer "https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\explorer.exeexplorer "https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx"3⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd10d446f8,0x7ffd10d44708,0x7ffd10d447183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,2680705665382739579,17287230648230566958,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,2680705665382739579,17287230648230566958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,2680705665382739579,17287230648230566958,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2680705665382739579,17287230648230566958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2680705665382739579,17287230648230566958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,2680705665382739579,17287230648230566958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,2680705665382739579,17287230648230566958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2680705665382739579,17287230648230566958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2680705665382739579,17287230648230566958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2680705665382739579,17287230648230566958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2680705665382739579,17287230648230566958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,2680705665382739579,17287230648230566958,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD53d94406b964753cc5222ab1343f54bb1
SHA1a5e7de0781fa1fabb3cd89564f2e5693cb4dee16
SHA256fd9923a217cd8d2c44a63dbfe52ec262e7c80b1f1e50c6e0f21f8379c90e7762
SHA5121ad2c144e7bbd809f400f8782586d3768fc82bcef39db986f766897c344efec77ab2c0b6d9c5ee2019ef5cf9ad0c46bdd25392cbc9dbf9ea80e800577f0fc598
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD549dde89f025a1cce8848473379f7c28f
SHA1b405956b33146b2890530e818b6aa74bba3afb88
SHA256d6d125ba686b825bb22ab967a346051780cab1f55fc68a2f3efdf3fb5598f96b
SHA51253050344674d8886db66e25f42d97bf46b26229972631f857286c2a303897cda58d85ee8ca768bbfb1fc07e52567315ea85d57e39b5b382916700ec389946506
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
499B
MD5e95520708877b213ed99c2e08c1a9db1
SHA18948fe9ec9ecbe46b0e1856d125a59ad4bbfe640
SHA2567c527b497f9fb3e4db82462d5e7a1e495366e9f1183a708c9569ce42650fc691
SHA5125440c1f849ae1d5bfe2c83ff186928713a6ed040aebdf0405e4c7f981504705647c93a030ec44bc5a9d2755ae746a77c28661347fbf97a8c64dad32d3a775b08
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5fcb85e39a754275e9bf8106eeb88ac58
SHA1ce7ba308508a286f36c184de01917041c9e8b347
SHA2569391a2126133e9d177c4435056bb2884ba33f1530ee114a492658537beb1cf59
SHA5121638400d339f837f20ffb566026bb07a54f328ea3b3360dc0726893e558f32bc566ecce6b6373255635dca38dc48ea8cc48f7fe91f61b695e0df6a58c84050dd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD55e964781288614f24d4f3986ac1f2f63
SHA128b26b06b747678bd22d9199eea36dda3e058838
SHA256d69223524f274d22b263b28c2510efb6c2bd796df7e3befb7f085545d1d59ad4
SHA512d5cf315cbd0b549eb069f1d077bf895122ec200a55a2f59be074002b6a745f31978ac3569c09a41634338a8ca97da0f275cf43deee8f3d78914394975c1853d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD57c43199d1e5acf5a31e1cbef990fbc47
SHA1df7bd524b9b3175325c0aff3469ea7f2211d3061
SHA25652a6fd2a2fff53c738c77a6385e7e1677f8990781699f78c63d5a4b0fe566d22
SHA512aae886642b40ffb0676534fd85abe43ab588526b8e952b12a1bcafc73cb05103c76aee4fa32cc18c74af6c59aa1dc84bcda09ebccb7d11adc79fee3bfc93e2d1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5fa8f393f2823c003ed490927aead9096
SHA12f383373340e23408bab0a62cd0ae88b62fb6abf
SHA25658d6bdfa5e8130e44ff8217db783456296041c832f34f44ad83dfc8783aa1ff2
SHA51259995106fbafee26d9a46d7ff28c8c06a18862ea3e8886ce3505fdd7d6ade9938980dd9d4264876a41c6a7de673b9fd9bd80c1da56e3306753077726da262a06
-
\??\pipe\LOCAL\crashpad_3884_CTFDUIWKJRNLIFUDMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e