Analysis
-
max time kernel
244s -
max time network
288s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
14-05-2024 05:00
Behavioral task
behavioral1
Sample
69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe
Resource
win10-20240404-en
General
-
Target
69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe
-
Size
550KB
-
MD5
e52aa8e50c0ccf883b7ab7f0c36bb878
-
SHA1
f0ae322f5067b20ee89d9826dc806abdd610fb60
-
SHA256
69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944
-
SHA512
65e6b735a88a3ab6e4dad015c5de020756d9e60c38e48f71f7fa72a66586b172dccae79e9470d2424639d4ae2307acb187f2c8ae72c782ac5acce02fd9442c78
-
SSDEEP
12288:lzymiDGnYdnieNfazSqBZg+30ki1+zB8NOUx:lBveNfazSshNi1UK
Malware Config
Extracted
C:\ProgramData\readme.txt
https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/
Signatures
-
Black Basta
A ransomware family targeting Windows and Linux ESXi first seen in February 2022.
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (10233) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\readme.txt 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s) 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Local\History\desktop.ini 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dlaksjdoiwq.jpg" 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\readme.txt 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\Added.txt 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ja-jp\readme.txt 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\readme.txt 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\cs-cz\PlayStore_icon.svg 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\faf_field_grabber.png 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ko-kr\readme.txt 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\new_icons_retina.png 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_da_135x40.svg 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\root\ui-strings.js 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File created C:\Program Files\Internet Explorer\readme.txt 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\readme.txt 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\resources.jar 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons_retina_thumb.png 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\cef\readme.txt 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RInt.16.msi 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\msvcr120.dll 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_WHATSNEW.XML 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ru-ru\readme.txt 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\faf_icons.png 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\sv-se\ui-strings.js 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\readme.txt 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_forward_18.svg 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\de-de\ui-strings.js 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\bun.png 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-pl.xrm-ms 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Excel.dll 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nl-nl\readme.txt 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\readme.txt 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_pitch_plugin.dll 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.DataSetExtensions.Resources.dll 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetIQ.ExcelAddin.Resources.dll 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ja-jp\readme.txt 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\en_CA.dic 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File created C:\Program Files\VideoLAN\VLC\locale\en_GB\readme.txt 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.png 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\readme.txt 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_GB\List.txt 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ui-strings.js 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filterselected-dark-disabled_32.svg 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_dummy_plugin.dll 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dll 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OSFPROXY.DLL 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\dd_arrow_small.png 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\css\main-selector.css 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sl-si\readme.txt 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ru-ru\readme.txt 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ko-kr\ui-strings.js 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sk-sk\ui-strings.js 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe -
Interacts with shadow copies 2 TTPs 2 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
pid Process 2924 vssadmin.exe 4800 vssadmin.exe -
Modifies registry class 3 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.basta\DefaultIcon 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.basta 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.basta\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fkdjsadasd.ico" 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeBackupPrivilege 3804 vssvc.exe Token: SeRestorePrivilege 3804 vssvc.exe Token: SeAuditPrivilege 3804 vssvc.exe -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 168 wrote to memory of 216 168 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe 75 PID 168 wrote to memory of 216 168 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe 75 PID 168 wrote to memory of 216 168 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe 75 PID 216 wrote to memory of 2924 216 cmd.exe 77 PID 216 wrote to memory of 2924 216 cmd.exe 77 PID 168 wrote to memory of 1032 168 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe 80 PID 168 wrote to memory of 1032 168 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe 80 PID 168 wrote to memory of 1032 168 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe 80 PID 1032 wrote to memory of 4800 1032 cmd.exe 82 PID 1032 wrote to memory of 4800 1032 cmd.exe 82 PID 1032 wrote to memory of 4800 1032 cmd.exe 82 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe"C:\Users\Admin\AppData\Local\Temp\69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944.exe"1⤵
- Drops startup file
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:168 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\SysNative\vssadmin.exe delete shadows /all /quiet2⤵
- Suspicious use of WriteProcessMemory
PID:216 -
C:\Windows\System32\vssadmin.exeC:\Windows\SysNative\vssadmin.exe delete shadows /all /quiet3⤵
- Interacts with shadow copies
PID:2924
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\vssadmin.exe delete shadows /all /quiet2⤵
- Suspicious use of WriteProcessMemory
PID:1032 -
C:\Windows\SysWOW64\vssadmin.exeC:\Windows\System32\vssadmin.exe delete shadows /all /quiet3⤵
- Interacts with shadow copies
PID:4800
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3804
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.basta
Filesize3.3MB
MD53cdf2f65fd0b6c073d940961943e253d
SHA19af351c5fef8cc3b91fa84529aeb1829185b59dc
SHA2562e92a8a7077111c2a6906efa00b2b8aba5f05f13df876562fb743fbb6210c29b
SHA512c1d2e6063aad9464e5a2de23cfdb9cc1d5ef32bcff5f0ff5631c0bd81aa69cd293f2b0375650bcd94447dc5e516e04a7cdadd0df1ccc6be22606cfdb5731fe4c
-
Filesize
402B
MD5c3f7fe775bc1b6c8c2236647c2e8ec60
SHA105429b9ce635465a0aec1e7186970002c9c29233
SHA2563e141631db263de8f740c0073853b0c4b181a09ec2ddef796859f3150aff4672
SHA51218b275a18b842c0f9c3c776f206b35a6c3927fff00c982dc7f7da27fdca5a5cd959cbb4608e3b2b98a8f5304e9a24211f8fd75c28e8ba7d9d97bb39fdd06b308