Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
03-05-2024 19:19
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://r20.rs6.net/tn.jsp?f=001db6h5n_Bq0V8jtjXNDCWDgE4Pirx9qRrf01-wePMzNl3wPvKZV_j-mTdVLIivgetCDh6siKSseskx6DYYN8WDQf3rKJ4cuqcjyc9BymyRWzJihYKU588Vo2RAL3qrGes4z8ivBj63L5neeyunu_sYzONTvoLfoEE&c=&ch=&__=/YxksbELT7c4FvaFq8bjQNP6JDYYAzj/c2FsZXNAdGhlbGF1bmRyZXNzLmNvbQ==
Resource
win10v2004-20240419-en
General
-
Target
https://r20.rs6.net/tn.jsp?f=001db6h5n_Bq0V8jtjXNDCWDgE4Pirx9qRrf01-wePMzNl3wPvKZV_j-mTdVLIivgetCDh6siKSseskx6DYYN8WDQf3rKJ4cuqcjyc9BymyRWzJihYKU588Vo2RAL3qrGes4z8ivBj63L5neeyunu_sYzONTvoLfoEE&c=&ch=&__=/YxksbELT7c4FvaFq8bjQNP6JDYYAzj/c2FsZXNAdGhlbGF1bmRyZXNzLmNvbQ==
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 812 msedge.exe 812 msedge.exe 4800 msedge.exe 4800 msedge.exe 1168 identity_helper.exe 1168 identity_helper.exe 5384 msedge.exe 5384 msedge.exe 5384 msedge.exe 5384 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4800 wrote to memory of 4780 4800 msedge.exe 83 PID 4800 wrote to memory of 4780 4800 msedge.exe 83 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 4260 4800 msedge.exe 84 PID 4800 wrote to memory of 812 4800 msedge.exe 85 PID 4800 wrote to memory of 812 4800 msedge.exe 85 PID 4800 wrote to memory of 1600 4800 msedge.exe 86 PID 4800 wrote to memory of 1600 4800 msedge.exe 86 PID 4800 wrote to memory of 1600 4800 msedge.exe 86 PID 4800 wrote to memory of 1600 4800 msedge.exe 86 PID 4800 wrote to memory of 1600 4800 msedge.exe 86 PID 4800 wrote to memory of 1600 4800 msedge.exe 86 PID 4800 wrote to memory of 1600 4800 msedge.exe 86 PID 4800 wrote to memory of 1600 4800 msedge.exe 86 PID 4800 wrote to memory of 1600 4800 msedge.exe 86 PID 4800 wrote to memory of 1600 4800 msedge.exe 86 PID 4800 wrote to memory of 1600 4800 msedge.exe 86 PID 4800 wrote to memory of 1600 4800 msedge.exe 86 PID 4800 wrote to memory of 1600 4800 msedge.exe 86 PID 4800 wrote to memory of 1600 4800 msedge.exe 86 PID 4800 wrote to memory of 1600 4800 msedge.exe 86 PID 4800 wrote to memory of 1600 4800 msedge.exe 86 PID 4800 wrote to memory of 1600 4800 msedge.exe 86 PID 4800 wrote to memory of 1600 4800 msedge.exe 86 PID 4800 wrote to memory of 1600 4800 msedge.exe 86 PID 4800 wrote to memory of 1600 4800 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://r20.rs6.net/tn.jsp?f=001db6h5n_Bq0V8jtjXNDCWDgE4Pirx9qRrf01-wePMzNl3wPvKZV_j-mTdVLIivgetCDh6siKSseskx6DYYN8WDQf3rKJ4cuqcjyc9BymyRWzJihYKU588Vo2RAL3qrGes4z8ivBj63L5neeyunu_sYzONTvoLfoEE&c=&ch=&__=/YxksbELT7c4FvaFq8bjQNP6JDYYAzj/c2FsZXNAdGhlbGF1bmRyZXNzLmNvbQ==1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4800 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff453f46f8,0x7fff453f4708,0x7fff453f47182⤵PID:4780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,5278369488986619879,14642242074328972935,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:22⤵PID:4260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,5278369488986619879,14642242074328972935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,5278369488986619879,14642242074328972935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:82⤵PID:1600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5278369488986619879,14642242074328972935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:2180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5278369488986619879,14642242074328972935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5278369488986619879,14642242074328972935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:12⤵PID:3124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5278369488986619879,14642242074328972935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:12⤵PID:2360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,5278369488986619879,14642242074328972935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:82⤵PID:4372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,5278369488986619879,14642242074328972935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5278369488986619879,14642242074328972935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:12⤵PID:312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5278369488986619879,14642242074328972935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵PID:3580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5278369488986619879,14642242074328972935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:12⤵PID:3252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5278369488986619879,14642242074328972935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:12⤵PID:4920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,5278369488986619879,14642242074328972935,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2712 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5384
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4864
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2484
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5d20efda2b9a78a5c23d48097719f94d8
SHA1274b2d42a374ab5fb1d5785f6816c81ec2d1a82b
SHA2569d23f7a9ea81e62ae436189dcf5e36718da60d8e5223aa9f5b102d938c02eb45
SHA51269e9e781400ad30fe42184734adfa16fc5ad73a80574840c31826124794020c870aeb9760d5032fd6d70910321944fdd16a6fc617e8f590631a65f3fd5843e11
-
Filesize
152B
MD562c02dda2bf22d702a9b3a1c547c5f6a
SHA18f42966df96bd2e8c1f6b31b37c9a19beb6394d6
SHA256cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b
SHA512a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9
-
Filesize
152B
MD5850f27f857369bf7fe83c613d2ec35cb
SHA17677a061c6fd2a030b44841bfb32da0abc1dbefb
SHA256a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a
SHA5127b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5b9c9501654f12c458fa0fd0eb57557d2
SHA12a436d184479724616575fe616fff28858626501
SHA256144b0c093838b9f834e0a99cdab26b2b0c350dadb1d85bfa170a167687b77758
SHA5120649e63bdff0d4704f0be97ce623d54e1ffb974b3d895cdf454f39d4279cd8244dd4126f769ef55b7414b8d058344ee2a3ae76886dcfa0f2bc407e1abc18a72f
-
Filesize
751B
MD5f3632706dc0c8d895147c46f19470511
SHA17cd5e185dc1499c848a0ebc69a4dbaccd5d47fad
SHA256d5e855f4544316222df771ec40dc8eff598da7babac01b732abb2c6c72fee88f
SHA512ad4427a104d159131487fe30facc6a5f339932f402b1c53f5ef239e05a88096803fe4449451a2a8bc10469ee4ff54d3475a02ca03eb0d46fcba8d66b0a319da5
-
Filesize
6KB
MD5ab7ad519206fc39518e01d6ba9268c99
SHA181347046eeb9c00c7551e73ad5a6f6b41d4f21c2
SHA25673a54f849561c9dce53a18d7f23579a2c9925ce32a960bd6f0a9d31c7069d009
SHA512310df7923bb5344b920c3389fe4633df1764c01ea2c1ee1286f60be98cf16c0b12d66b02a9dfe2ca3ce0a86cacc19cdbbbadb23e22adfcaa5d409095b35389d5
-
Filesize
6KB
MD577a7999fa269ef23f22bf3a84a0cfe14
SHA16bb16ed2bf5b115a3f602d3cd4b1a00014434a42
SHA2566ed7d013f0b0b72f2cab8af8afa4541889659ec9ca8d5b366f9721ffd60236b3
SHA512cdb288f2adf2699a45db500993983e6b685d816a9dee0591c69c31cfffced48f92e100dfd868e243736528f2f99e490785d232bfc6141af617c6cad3cf922309
-
Filesize
5KB
MD537133c7f7f657926f1946b092f15e410
SHA131b536ea7460da941c63466850772ef7f7624084
SHA256dcb9dcc2e08950a59f4fc11b16704fbddaa33fbf008d774e64ed737621b6d1fe
SHA5125c77826027848a37a729b36a5850ccd67277cd1cf7cefca81ee11bdd750ba8f956f544502bf58729f7b6bef0ca52e74b53cae359f8dea5dd0114597a0ee60ad6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5754995fb909703d0b1304af8e6489bbc
SHA1e203664eb0cb5357a260be6b36680f9694f8000f
SHA256c2c384abc1368112b20917d2b51c2c98ddbea64fd7b55a7e88c3c3ba14c58cca
SHA5128977e5c9af4ec79273fd21b05c8adfb014d27973a3ff9367f32bb0108fc4b1110f7882af7d404613aa8a53d642d254ea1e119c98d74088feb1009967560db198
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84