Analysis
-
max time kernel
961s -
max time network
965s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
01-05-2024 16:21
Static task
static1
Behavioral task
behavioral1
Sample
1.bat
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1.bat
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
1.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral4
Sample
1.bat
Resource
win11-20240419-en
General
-
Target
1.bat
-
Size
42B
-
MD5
781f882af4fc7061ede473ee5d75e17c
-
SHA1
41b54f6c7bbb19327bbf88880ff3a3010e7af6a6
-
SHA256
268b9b8e07f7c0f7b895de751634cae25e5189aa33ec4da924b243adda41186c
-
SHA512
9471507eb329ea7050e2da756b8af58dbe3a63d7f0a707d24a6416565cb505d2967046faaeb7d45bce98e65468b95203725b09eebe3310ba589a6c38c9806697
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3726321484-1950364574-433157660-1000\{7D4BD526-3AD7-4950-AA20-CD7B4E501BA8} msedge.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1272 msedge.exe 1272 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 396 msedge.exe 396 msedge.exe 4944 identity_helper.exe 4944 identity_helper.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
cmd.exemsedge.exedescription pid process target process PID 4548 wrote to memory of 1488 4548 cmd.exe msedge.exe PID 4548 wrote to memory of 1488 4548 cmd.exe msedge.exe PID 1488 wrote to memory of 4040 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 4040 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2004 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 1272 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 1272 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2416 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2416 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2416 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2416 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2416 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2416 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2416 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2416 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2416 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2416 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2416 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2416 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2416 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2416 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2416 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2416 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2416 1488 msedge.exe msedge.exe PID 1488 wrote to memory of 2416 1488 msedge.exe msedge.exe
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\1.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:4548 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ufile.io/cqkymsa92⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1488 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7c9c46f8,0x7fff7c9c4708,0x7fff7c9c47183⤵PID:4040
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:23⤵PID:2004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:1272 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:83⤵PID:2416
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:13⤵PID:4472
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:13⤵PID:3184
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5428 /prefetch:83⤵PID:4956
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5420 /prefetch:83⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:396 -
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:83⤵PID:1340
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:4944 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:13⤵PID:4584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:13⤵PID:1712
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:13⤵PID:2976
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:13⤵PID:4864
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4270703109615576338,16063417687296554342,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:5108
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3560
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4820
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD52a70f1bd4da893a67660d6432970788d
SHA1ddf4047e0d468f56ea0c0d8ff078a86a0bb62873
SHA256c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561
SHA51226b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5fbe1ce4d182aaffb80de94263be1dd35
SHA1bc6c9827aa35a136a7d79be9e606ff359e2ac3ea
SHA2560021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51
SHA5123fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
336B
MD595660d241f22a0c958d896805097ec89
SHA11aeb551e01bd9292f8ecf1a45f1d653c72bb0910
SHA25611db97d03678d8c71342fa2a835748b038d6ada7b15040975a19d065b07c40fe
SHA51286182d58a2ceaba139004738ad54e633c838c1d79b57b86f968741de7d0567e69ff48448094219cb282fcd54722c92e52046b4e0dd282cc28c6f8a14b28e5458
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD50b7d0f727d644230eba4680ad74cceed
SHA1ec03ed730d0129f7138f8576c9b0c81be7d35015
SHA25658e41cad194597f9cb88ffaf2d009f14eadb429d9a19d99c5a635379cf88b58a
SHA51202b8ae57125a54b372342fccff6b8dea0dd3c7f0df267a36808fea4b8ce03b696158327e4b3f749a1e80afa94011c9ce0a20f21f6730febb0687eece5800958c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5fc54c8fa5f854ba3647d5e2d8cf45859
SHA15b6f17deeb4e7493c8746e76815165ed0b0311de
SHA256e8f18b0f0ad7228c94f8ed7163faa3ae5f1f81bcf495967096d589981b2075c0
SHA5124c4779bdcfb28424f47726a03f64acc79b0c39fcedc1f367eeac7ce4c7f6bd185e5ee2164d22b29d40326849a2fb07bba9a363d9d3fe13dcfee6865f3908b009
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD51433a793d7be8c0572f9ce4d39845de1
SHA185701f8ff93b7910d88b3a8f353da046a3897745
SHA256475e1499bec8b5a934ba2c9f549733a7f51f4b7f14450aa64130797d03105e49
SHA512a018cacc30d1cbdb2accab83242030ae8b73225b7215670470bfbedb50f93af6d6e2954133398e3c493a63a33d28fc29b8d14902b4fbf08f3bddc8f404939cb2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD53f4b814cad5a686c76a9e670a97bdb28
SHA15c02543c3d992ff15baf475f738dfa267a9c7d78
SHA2563a05559ab49f679aa5c683908ed7509aae4e1e1f51327b0a474bc540cd54ab2e
SHA5123e2270b351ac3ee292c7271b16700e504bb6ff46ff61664a1bf5b3d827efb534e8df112d023febb64de0e5e516bda9fad41069209507eff5e01fceca1cc101dc
-
\??\pipe\LOCAL\crashpad_1488_XGFGOFENHCBZAAZEMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e