Analysis
-
max time kernel
71s -
max time network
71s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
21-05-2024 15:55
General
-
Target
https://cdn.discordapp.com/attachments/987780502226370570/1213946903226622032/rvz_kawasaki_ninja_h2_2020_0.90_fix2.rar?ex=664dad67&is=664c5be7&hm=3c24c6d6f1f8623bbe40dc7bb5fb712fdf9c6668cb03bab27c93c18f349a4971&
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 56 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/987780502226370570/1213946903226622032/rvz_kawasaki_ninja_h2_2020_0.90_fix2.rar?ex=664dad67&is=664c5be7&hm=3c24c6d6f1f8623bbe40dc7bb5fb712fdf9c6668cb03bab27c93c18f349a4971&1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff8daf946f8,0x7ff8daf94708,0x7ff8daf947182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5012 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6364 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6216 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6568 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6968 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2244,8694235446330017500,18375155530398560082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6696 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
Filesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
Filesize
204KB
MD541785febb3bce5997812ab812909e7db
SHA1c2dae6cfbf5e28bb34562db75601fadd1f67eacb
SHA256696a298fa617f26115168d70442c29f2d854f595497ea2034124a7e27b036483
SHA512b82cfd843b13487c79dc5c7f07c84a236cf2065d69c9e0a79d36ac1afc78fa04fba30c31903f48d1d2d44f17fb951002e90fb4e92b9eae7677dbb6f023e68919
-
Filesize
3KB
MD5a19c53f9069be8a511f9d9cc718308bc
SHA123dd889e8aa8a99504f98924cdbccef9c6237aae
SHA2560d5469bd671544d4612f07f3d461d875d8ca63d519816d12ee177cf2414e46f8
SHA5121997f1445c7174feeae26e69ce2e3d0597a0e857ed3a9e6753d7a9d203967810f5b493d556c05f5166283c86fea61074d725c61bf40e81b4ad311e169626ba97
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2KB
MD524078200c1c7ac6d0eb0d5fc637eafee
SHA17b46a846dfd3694b212aeeede65b926ea551a941
SHA256d53a00322265626de232f72ea5b41a78c8fdc398610e7d15b505b1e58a30931f
SHA512d4f9290db2581f8939ed085055c70e76ac9a8179f2d95d754070ddb8dbbf043e25fedf3f88854399be9ac55a2103f75307f376652c27ff7be7e7234865f48eed
-
Filesize
5KB
MD5f2f3fed7a669adb66b78ff86ea7c6cc3
SHA18a5045e1b1234c31b961bb99ca026eecacb69c92
SHA2569ff29846319303244337b90f557ece0af88c5aa425cd8bba91683df6adb09dfa
SHA5124a723517d1846e2135302df4cc6ea86e8695ca2e0fdd9cb89003703d93429babbdd92c8de8557169e6eda55b722e159263e4b580c3047b1477ec3b35387492c4
-
Filesize
6KB
MD582cf21971d4fa5ec8ddb5a37ba0d8350
SHA1e520b38387e487b7b73296ad730e7c423110e4db
SHA256b5e1d1b64bec783a8773aa6f4359d45f7a600b0f8627af6827e0b6a154e7eb4a
SHA512e74292aa8d7fce56cce268a16ce3ab066075427f1bc1fa3a4d2455949c089ea688af18f665d247743985c9f162ee17484ddd784011c43b9cb6486b8042181f67
-
Filesize
6KB
MD58f93eba58624b14b3f72782c37090429
SHA1bff33b213aeb9bf3a150b0c6cb1264693aa10d92
SHA2561271a3d61d1636264de393e56fab76dfae915798777f77a2b8321a2e53b45685
SHA51256a1029ce6e8b21103a9ae0b241cff0e33eeaca94f61a2bd724377d476058f9b8a4a0b271066623994d4984f02ab7da136458e9462693d16439c3fe9fefb1fb7
-
Filesize
8KB
MD55bc6a52bec82c41f43f0adb8d5eeb70d
SHA1a3aca72a1f66594685b78c57f1ebcee2b7a0bf6f
SHA256ac2eaa8840524860373d180f0297a8a716584b63c7a1188c70286d787573d334
SHA512f545dbf13ccaf1ff8b5b2048900eaba833a35320e8e5ad5a02346b695c4f359beb4359cb9dff6d3a9480431ea6385b9dd1e29492d70327b4f78e091d1052ba76
-
Filesize
8KB
MD5ef330b83a4ee9cad08fa6430450a958a
SHA115390bb00647a486bcc1c7280da95fff4d34997c
SHA256cfacfe74e01efc0c7762c09a58ae6920901b0746678a7f154941e2513e22176c
SHA512a1ccee7b30b9c82a4ee9f2dabc69ece1978d11840bbcd7003c337985395a9b7cac0d64dcb0f4eda8bc8318bf0c35b2605858b029033800c30b540a51a103376f
-
Filesize
72B
MD52e41bc8665225199f5c08282c186ebee
SHA172efc33d62c423137de1bc96b549676cbe5fb352
SHA256539b5cfa8c51fab3ddc8cd953131b8be4e8d1e7ab757a6e84637efea254ad6a5
SHA51208d0d7447ed8b311efed1d224eae80f0d9176120af2681cde5bee8603c9ae0f5433280db6d9b0743ef34aa9b38bda0c26d0ee29e09ac988a62d593de3c356261
-
Filesize
48B
MD5c39b6bd72c29fb574709b36b2d091a5b
SHA175e5e51e5465777811b6f614f8f36578ae40ef04
SHA256e5608432ca562b3d96763ed32622c0386c9740e32c879a0ad77eb36fcf04c49d
SHA51261c49568b159b01c7201161851f3c38d6226da365e521503b63a216927a520d2c13920f1a1391848b54357e961bdd52b01211c00b1a5daf79503bbfffbc58c5b
-
Filesize
538B
MD595127d98be75362f66919b9b52d9020a
SHA19f7f35aa45c0dd008cc57e0d19ae4a2117b1c88d
SHA256590c2c351bd41d6c430a0de68f2b38ac720fe9cc704794b94fd7970f3e23f87e
SHA5123315de4e7545a60afaaac5df659878287dfc5aaf421974e8724be278c7c994010544690b3e2a9032f873b12988022c4c29596808293436897ebc447adf885e23
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
1KB
MD5383490a9d76786eeaabcba1146fcb19e
SHA1977ae5457e16382f444dbe6ad27da6970c848787
SHA256fb5381e3dab1b931edab50bcb953fd53f23c8382fe14e3397cf6d2d3698c77f6
SHA5129ceefb521c0ea9c3135115e4ddee30ec5dc6fd34a8e01ec59a54afcc8929624a8e4039392e081e43f71b5d74ce50f94320ad5cf15f715a9fe48651da02324cf2
-
Filesize
11KB
MD5e0c24c7324da4c1d09e77c601744cef8
SHA17db89a439c39a89e8b47138a3d1704a577d32836
SHA2568f962af79cd8df796fb10ce3bf2a9ec7ae5eb859ef51c61cda094c6352f377f5
SHA512281a3a68f712b15b25fe9b136c1b1097b5fef6a146c00f493552d53d0a5e163d4b1d4c58e09b93e6bf0eb39183b8b914c900ff91a622e6d8daf94e4b56dba6f5
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e