Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 22:29
Static task
static1
Behavioral task
behavioral1
Sample
10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe
Resource
win7-20231129-en
General
-
Target
10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe
-
Size
491KB
-
MD5
5eabd48682e009f3956c6740cfd9e393
-
SHA1
54ad6044b7db8a7f43edbed592fe42ad60c694ce
-
SHA256
10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef
-
SHA512
6c14299744431ebe2573e10c2ca0117b063933e61a0f3c5d5102011d1ad0fe7fa8c0100f97700cfd4ed13a18868114c44f74662c6a18ba4ed91b157466fbf44a
-
SSDEEP
6144:k46tGdyPz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1fa2:k3Nb1gL5pRTcAkS/3hzN8qE43fm78V
Malware Config
Signatures
-
Drops file in Drivers directory 2 IoCs
description ioc Process File opened for modification C:\Windows\system32\drivers\etc\hosts 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe File opened for modification C:\Windows\system32\drivers\etc\hosts Logo1_.exe -
Deletes itself 1 IoCs
pid Process 1364 cmd.exe -
Executes dropped EXE 2 IoCs
pid Process 2804 Logo1_.exe 2600 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe -
Loads dropped DLL 1 IoCs
pid Process 1364 cmd.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\L: Logo1_.exe File opened (read-only) \??\Y: Logo1_.exe File opened (read-only) \??\V: Logo1_.exe File opened (read-only) \??\U: Logo1_.exe File opened (read-only) \??\R: Logo1_.exe File opened (read-only) \??\M: Logo1_.exe File opened (read-only) \??\G: Logo1_.exe File opened (read-only) \??\P: Logo1_.exe File opened (read-only) \??\O: Logo1_.exe File opened (read-only) \??\K: Logo1_.exe File opened (read-only) \??\J: Logo1_.exe File opened (read-only) \??\X: Logo1_.exe File opened (read-only) \??\T: Logo1_.exe File opened (read-only) \??\S: Logo1_.exe File opened (read-only) \??\Q: Logo1_.exe File opened (read-only) \??\H: Logo1_.exe File opened (read-only) \??\E: Logo1_.exe File opened (read-only) \??\Z: Logo1_.exe File opened (read-only) \??\W: Logo1_.exe File opened (read-only) \??\N: Logo1_.exe File opened (read-only) \??\I: Logo1_.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SKY\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\af\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\lg\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\locale\gd\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\locale\zu\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Microsoft Games\Minesweeper\it-IT\_desktop.ini Logo1_.exe File created C:\Program Files\Windows Photo Viewer\ja-JP\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Triedit\it-IT\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Windows Media Player\wmpshare.exe Logo1_.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\fr\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\locale\nn\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\db\_desktop.ini Logo1_.exe File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Microsoft SQL Server Compact Edition\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\es\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Windows NT\Accessories\en-US\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\locale\sk\_desktop.ini Logo1_.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe Logo1_.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\is\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\_desktop.ini Logo1_.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\js\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Common Files\SpeechEngines\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jre7\lib\zi\America\Kentucky\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\it\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\pl\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Mozilla Firefox\gmp-clearkey\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\locale\lt\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe Logo1_.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\_desktop.ini Logo1_.exe File created C:\Program Files\Mozilla Firefox\defaults\pref\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\lua\http\images\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\it\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\_desktop.ini Logo1_.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File created C:\Windows\Dll.dll Logo1_.exe File created C:\Windows\rundl132.exe 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe File created C:\Windows\Logo1_.exe 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe File opened for modification C:\Windows\rundl132.exe Logo1_.exe -
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 43 IoCs
pid Process 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe 2804 Logo1_.exe -
Suspicious use of WriteProcessMemory 38 IoCs
description pid Process procid_target PID 2180 wrote to memory of 1812 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 28 PID 2180 wrote to memory of 1812 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 28 PID 2180 wrote to memory of 1812 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 28 PID 2180 wrote to memory of 1812 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 28 PID 1812 wrote to memory of 2880 1812 net.exe 30 PID 1812 wrote to memory of 2880 1812 net.exe 30 PID 1812 wrote to memory of 2880 1812 net.exe 30 PID 1812 wrote to memory of 2880 1812 net.exe 30 PID 2180 wrote to memory of 1364 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 31 PID 2180 wrote to memory of 1364 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 31 PID 2180 wrote to memory of 1364 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 31 PID 2180 wrote to memory of 1364 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 31 PID 2180 wrote to memory of 2804 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 33 PID 2180 wrote to memory of 2804 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 33 PID 2180 wrote to memory of 2804 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 33 PID 2180 wrote to memory of 2804 2180 10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe 33 PID 2804 wrote to memory of 2692 2804 Logo1_.exe 34 PID 2804 wrote to memory of 2692 2804 Logo1_.exe 34 PID 2804 wrote to memory of 2692 2804 Logo1_.exe 34 PID 2804 wrote to memory of 2692 2804 Logo1_.exe 34 PID 1364 wrote to memory of 2600 1364 cmd.exe 36 PID 1364 wrote to memory of 2600 1364 cmd.exe 36 PID 1364 wrote to memory of 2600 1364 cmd.exe 36 PID 1364 wrote to memory of 2600 1364 cmd.exe 36 PID 2692 wrote to memory of 2588 2692 net.exe 37 PID 2692 wrote to memory of 2588 2692 net.exe 37 PID 2692 wrote to memory of 2588 2692 net.exe 37 PID 2692 wrote to memory of 2588 2692 net.exe 37 PID 2804 wrote to memory of 2640 2804 Logo1_.exe 38 PID 2804 wrote to memory of 2640 2804 Logo1_.exe 38 PID 2804 wrote to memory of 2640 2804 Logo1_.exe 38 PID 2804 wrote to memory of 2640 2804 Logo1_.exe 38 PID 2640 wrote to memory of 2716 2640 net.exe 40 PID 2640 wrote to memory of 2716 2640 net.exe 40 PID 2640 wrote to memory of 2716 2640 net.exe 40 PID 2640 wrote to memory of 2716 2640 net.exe 40 PID 2804 wrote to memory of 1256 2804 Logo1_.exe 21 PID 2804 wrote to memory of 1256 2804 Logo1_.exe 21
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1256
-
C:\Users\Admin\AppData\Local\Temp\10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe"C:\Users\Admin\AppData\Local\Temp\10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe"2⤵
- Drops file in Drivers directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2180 -
C:\Windows\SysWOW64\net.exenet stop "Kingsoft AntiVirus Service"3⤵
- Suspicious use of WriteProcessMemory
PID:1812 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"4⤵PID:2880
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\$$a81C.bat3⤵
- Deletes itself
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1364 -
C:\Users\Admin\AppData\Local\Temp\10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe"C:\Users\Admin\AppData\Local\Temp\10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe"4⤵
- Executes dropped EXE
PID:2600
-
-
-
C:\Windows\Logo1_.exeC:\Windows\Logo1_.exe3⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2804 -
C:\Windows\SysWOW64\net.exenet stop "Kingsoft AntiVirus Service"4⤵
- Suspicious use of WriteProcessMemory
PID:2692 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"5⤵PID:2588
-
-
-
C:\Windows\SysWOW64\net.exenet stop "Kingsoft AntiVirus Service"4⤵
- Suspicious use of WriteProcessMemory
PID:2640 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"5⤵PID:2716
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
258KB
MD5dabffb38234f007c501cf88551471dfe
SHA1ea9f4c4f46ffd3cb73b767b729c62cfcca6a065c
SHA256f4126de53afbb2a68dead67d01bae1d52b38ae711b06d94629f952099e691d32
SHA51202229668f14c8057849b6e0babac2a5369e904178d8ac2ae5ac5dcff2ea659f4765b1590a4fe482165a4b2de7da43cb80c040befdf0410b3837ef7dfc915b6cf
-
Filesize
478KB
MD5db30f5e16c744915af12c09f1ccf3e41
SHA1d5feb47e0ca1c47b0a4cfc90be501e97f613ce90
SHA256cfc87b2273f90e5125ca09d4fed15c56a82dabc54e418301f8ce23476201950e
SHA512ff466c60abd62f72cbe687d48fcc485855e0df65599da37112d3872324176bf68428c312d8fbfaf20deba2295b2c7fc51129436a73ba8bdc58836289f6a47f6b
-
Filesize
721B
MD507e791a90d03d8c98af4f75bf4cbf16c
SHA1a5cb255b5e7030a762961180cf9e4e682e7cc96b
SHA256666224e8072a5a5765f69c71b102bca37cb658ee7aeb44a8ba0b11a591989954
SHA5123d1bc1f65aff2f6bd561e9bb91df2a7f6854d05d5d900b7505f5873de45cf5b82979854480c0a4e114b02e86a50cd753af35de6a946cd29e99eb69bed1bd8baa
-
C:\Users\Admin\AppData\Local\Temp\10b71c1e29e505566b0c3894ebc30a9363a3fc5a6ffd875a4dff7f762155b3ef.exe.exe
Filesize458KB
MD5619f7135621b50fd1900ff24aade1524
SHA16c7ea8bbd435163ae3945cbef30ef6b9872a4591
SHA256344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2
SHA5122c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628
-
Filesize
33KB
MD57514021d14a754dd434e4b38cb87ae3d
SHA13ea156bdfea7751e851cf281b20783f3f9a4784d
SHA256cf2ba6f24373f440531b5ad69cf882e8ffa80a9c556124b944dad25a0d0e35bf
SHA51278ccfd339f3d905c1e8cb072951164f6b66407b1928fa2879b53c015a89c5027e2e10f81912bf21464b35d650750da811f0975084cf91b710dd6ead8a1d90308
-
Filesize
832B
MD57e3a0edd0c6cd8316f4b6c159d5167a1
SHA1753428b4736ffb2c9e3eb50f89255b212768c55a
SHA2561965854dfa54c72529c88c7d9f41fa31b4140cad04cf03d3f0f2e7601fcbdc6c
SHA5129c68f7f72dfa109fcfba6472a1cced85bc6c2a5481232c6d1d039c88b2f65fb86070aeb26ac23e420c6255daca02ea6e698892f7670298d2c4f741b9e9415c7f
-
Filesize
8B
MD5af485d3db9f82d3e5bdc8c6d87fb742e
SHA1f879c3dbd3d34e9789ff73896508bfbeabbf7468
SHA2567a7b688ede50bbaf08d4579fbd8c6b6c99d9dd1206d95ab24d8174eb9be98759
SHA512d5fe5155948320ef6d3f80c01c9a81f0d4f60bab381d921ab2e06b62475618b973b34346bd41b40af24f2b5aff64bba68710f405f7ff21a58f369acbaaee9360