Analysis
-
max time kernel
115s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
21-04-2024 15:06
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://sc.link/SxVvB
Resource
win10v2004-20240412-en
General
-
Target
https://sc.link/SxVvB
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exepid process 4524 msedge.exe 4524 msedge.exe 4056 msedge.exe 4056 msedge.exe 216 identity_helper.exe 216 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe -
Suspicious use of FindShellTrayWindow 59 IoCs
Processes:
msedge.exepid process 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe -
Suspicious use of SendNotifyMessage 56 IoCs
Processes:
msedge.exepid process 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4056 wrote to memory of 3324 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 3324 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 1092 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 4524 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 4524 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 3736 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 3736 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 3736 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 3736 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 3736 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 3736 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 3736 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 3736 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 3736 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 3736 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 3736 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 3736 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 3736 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 3736 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 3736 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 3736 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 3736 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 3736 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 3736 4056 msedge.exe msedge.exe PID 4056 wrote to memory of 3736 4056 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sc.link/SxVvB1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97a1946f8,0x7ff97a194708,0x7ff97a1947182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8049976948916825298,8852394993432239540,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,8049976948916825298,8852394993432239540,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,8049976948916825298,8852394993432239540,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8049976948916825298,8852394993432239540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8049976948916825298,8852394993432239540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8049976948916825298,8852394993432239540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,8049976948916825298,8852394993432239540,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,8049976948916825298,8852394993432239540,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8049976948916825298,8852394993432239540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1884 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8049976948916825298,8852394993432239540,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1824 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8049976948916825298,8852394993432239540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8049976948916825298,8852394993432239540,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5e36b219dcae7d32ec82cec3245512f80
SHA16b2bd46e4f6628d66f7ec4b5c399b8c9115a9466
SHA25616bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b
SHA512fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5559ff144c30d6a7102ec298fb7c261c4
SHA1badecb08f9a6c849ce5b30c348156b45ac9120b9
SHA2565444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10
SHA5123a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
168B
MD50757e2f48f2c0ad0ba4b52e2c7d712c7
SHA18f6f1e698f788b8839e0c2d55cc41bac28d3b1c9
SHA25648f9950b65c664b4a76d9fc3e6e2edf5300098ea43c9fc85d12e428ccdb66112
SHA512f901bce2fb59b43246cef51912c0b7556f99e4e2d31232293944a7b2765eb8e52b2d1c4182bcf66d8db462f31a6aa5a40700b4c936a4df24ec586b5ff6718f4f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
626B
MD54a44e54e3645bb776a5291d50ef6dcee
SHA1a9ebdea282457162acdddf8d46ddad8ce94fe683
SHA2568ba4ee799cd4358317b639e28650a357e2b817a47dc5569e7a64f6d6d8c8f5c8
SHA51207aa206a909437cb15c4042669870a8ef8c6f816e1c5fa00712347c1dbf6da1a08e026766da2e07f04618ce64ddcab954a39b7fb8be875af6128d5c2bf8ee45c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
626B
MD567d011a0b25ce434e8a15e406ed32e17
SHA1d57168a15c60f4112da8ca4737cd2fc1989014f8
SHA2567265df038a5ad6115ef14a158e12362d0a938e4478fc8981779e9d6c1e0b4ae9
SHA51278230f156299dde3cc4f6dc70952f54cdd46da8e7bcb22b6f27c94144d18b4493b3ac78502e75961e06fa3d7c999945b07d1e0477765354888865c351753dc9b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5cb505afc2144b0177dda3e55a901d31b
SHA1ff257e7cdbbc927bf6eef8367a5feb434c565658
SHA256c1542f0baff954047129e152e446a8b116bb7340d53935b1ff14c63b5fb7952e
SHA51235f38c59c4d27954a400ce364893db88f155147a019638c144dedb1e77fb1d6368ca0766bea5fa015561766b441a926307c36619e6db7b65fbd7d8c04f098e73
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD52b1be14f6d760b06f88a5847258ecece
SHA15732c208be8eefef45bc9b5c81f7b2a23960b2af
SHA256bfe0e6eeb1ae832b75df8a3c00b4afcd18416a85180b1248ea1833f6db66a131
SHA512886853c2155f6dc79ad6814aecf03271e2b0b15fdb2c5814e3f7377cacdbbf88bec7d0d97b5ceb377ffa65a9c01503e6d7ad75c920d03bb9b106dae8c9eca4d8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5c2de7a6ec7acc0f09c465d5f644250fa
SHA15705ce52e91a42ac5e87e5c8b60ffa44048c8440
SHA2567b92b1622d3ef216474915698e65c01fe5f9b8f3b38a6cfa520b5a442b00c333
SHA5121c1e2dbbff57166aac29caf690a7981821db681e6ed37ff749baed5e5442af36b39ce34c02b2f105c1a615d81db51133e9c12be32ca5a05bbd1ad1d8c84d6416
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD53fa34856d425844ebc92704514bf8de5
SHA1d86320af1893db07aa5cd58e8662a5962075cb9e
SHA2565aad1c5a17924a0207e3e62df568584486b5b0d04d2805f4e36debb0cbd87a72
SHA5124f52e7455b5304e5f307670fb578b022440bbb8064eeb87d76fa70d39dfeae6cbb37f746aba1c76df7e88bfcb11a2793e7bb2c6f96e0d029bded8d85b8b8d13c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5a5e508d159de91e543f969a1b0239a40
SHA18bb2bfb151430e0d3d9114939d07589f07148978
SHA256c466d5c632d01413c58a21e36a35e7de5dc3ba65aee714b52be5076ae4e10826
SHA512b14647f54bd417f0e99e3189666ae5b69fd6c17affdea804915846d2da7d2c54901ced936c7e0174dd0ccde8298445369c7dc2f9a4f8b4f78b728b4fce8977c3
-
\??\pipe\LOCAL\crashpad_4056_BHHDVSQHAHWGHAVSMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e