Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 19:48
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://qptr.ru/Li8Z
Resource
win10v2004-20240426-en
General
-
Target
https://qptr.ru/Li8Z
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4844 msedge.exe 4844 msedge.exe 2712 msedge.exe 2712 msedge.exe 3740 identity_helper.exe 3740 identity_helper.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe 3060 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2712 wrote to memory of 1076 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 1076 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 3580 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4844 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4844 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2192 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2192 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2192 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2192 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2192 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2192 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2192 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2192 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2192 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2192 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2192 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2192 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2192 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2192 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2192 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2192 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2192 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2192 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2192 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2192 2712 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://qptr.ru/Li8Z1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2712 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa970046f8,0x7ffa97004708,0x7ffa970047182⤵PID:1076
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6208932466804290847,12165858122337790262,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:3580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,6208932466804290847,12165858122337790262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4844 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,6208932466804290847,12165858122337790262,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:82⤵PID:2192
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6208932466804290847,12165858122337790262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵PID:5012
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6208932466804290847,12165858122337790262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:12⤵PID:4952
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6208932466804290847,12165858122337790262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:82⤵PID:700
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6208932466804290847,12165858122337790262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3740 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6208932466804290847,12165858122337790262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵PID:2052
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6208932466804290847,12165858122337790262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:12⤵PID:2200
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6208932466804290847,12165858122337790262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:12⤵PID:2788
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6208932466804290847,12165858122337790262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:12⤵PID:780
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6208932466804290847,12165858122337790262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵PID:1424
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6208932466804290847,12165858122337790262,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3060
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2928
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3912
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
384B
MD5dc9e92070f6e04c8db166c27214d05ec
SHA1855f9899af9f13d525827bd34c643b34464fb5d9
SHA25646b26bda143bfe57d7fe0aff9cdd77a12d10ff217d01de936dbdd589ec0952fe
SHA512cbdd3f7a1bc97b3e737e3370fd591712f04787e026b98e9cdf1faaf293c066da2f364da3f8569d3c38d0e9d468d58da690604017e92d750a8367f383f5d0e81c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD51b9db172b053c339e5c4a482fb31dc72
SHA14858364fd6f7c3a94cd77a154682aeda69a52e3d
SHA256050e35891457c95e0291bb942007de7058aee92f32c272843be54efbba19ecf7
SHA512630ec0c542a923f4279fde3ab1c18128a5e3f82d577ccfa80cd31da22ee4a037249efcd8f280dc6f05159760e150c47e3276e85fabb8d918a9ead947216ffdf3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5774425e442f1fc6c414c818bde4959fa
SHA1f33006434d34ef8dbf042814de651947fbd2f5bc
SHA25679fb2a3eb0ea5aab108865a8c527fee8d46dec6d5a06d36eb122f2735ea7164c
SHA5123b867e62ca3e320ec56538f1476c23772c0f30b330c1243f9992fb38d133a019434282b729b79e0a393f73f74ac751c4e6a17e70aa7bc81dfa836688e2fcde10
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD55ef0c1788c445732a7b452433e10155d
SHA13a0e105d8aa9a5339f8f16f563e97bd8519ddb97
SHA2562f4fe1686073282c2c4c1a89696c6c953493e558ccb2e9efba8c994f6de9678c
SHA5128111dd746ed99dd77dd9abc2bf712246ec7230988a89a74087fe619f8404f14b3e607b340e28097bb184bc7a301a04c5db22b38e4da54b5fa4c976ae594eb627
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
707B
MD5485899f38abedfb3126d8b8b5c6555e3
SHA15464079cbf8bcae0a1477bc8561295f9ae26157a
SHA25614bfece4983b211052f106a2fcd92a857ef09a4e644333244871a34e4b7f7fce
SHA5127c3ed6190617211b5e840d4308ae6adb029d0ccbb341f7f114f8717c79fdecc60ef5b55e06f647e2f7f4bb78b2b46ece0bb566fec46210909eabf1026259f1d3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b304.TMPFilesize
539B
MD5aa90026f237817834a22af9d9749aafb
SHA13b11dd414d783ffba5c5fde587b8b968f7188838
SHA2567921690a29b44acde70531913b9fd67785bdaa37a593991bfa18462b72c66616
SHA512e7291d28ac27c1d3eba8b5f230e8ec75fd5275a939cd5b312a6eacd4a885bd12130a74f5335cae9065eb8170c0796280832c9aedcbf09f35f9ab75f4f96cc103
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5be2aeb38605fb02b15b5c7b1842db418
SHA10da917d20232d66ff6ed58628c6e5cfb7e89373c
SHA2565698fa7d9f9ada358478248dd37f971297eae391911079613e2631429b4058e5
SHA51277c7f8a840536139d2156c6cca17c93467eba4f9e21752f29c8005b7a26ecef7ee730932de6a1135af57197c9b65f2be76d24dfd4e673c1bf352c5947c862829
-
\??\pipe\LOCAL\crashpad_2712_UDBVPGZCYAJBQLQPMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e