Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
06-06-2024 11:41
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1196870826536996934/1239810400351162458/builder.exe?ex=6662996a&is=666147ea&hm=0b2eeea7d2a0dbc8b89bfef8bea89c5c44dadcbe9f28b1cf72e2d1851d9bede9&
Resource
win10v2004-20240426-en
General
-
Target
https://cdn.discordapp.com/attachments/1196870826536996934/1239810400351162458/builder.exe?ex=6662996a&is=666147ea&hm=0b2eeea7d2a0dbc8b89bfef8bea89c5c44dadcbe9f28b1cf72e2d1851d9bede9&
Malware Config
Signatures
-
Downloads MZ/PE file
-
Detects Pyinstaller 1 IoCs
Processes:
resource yara_rule C:\Users\Admin\Downloads\Unconfirmed 64982.crdownload pyinstaller -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
NTFS ADS 1 IoCs
Processes:
msedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 64982.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3396 msedge.exe 3396 msedge.exe 1096 msedge.exe 1096 msedge.exe 4980 identity_helper.exe 4980 identity_helper.exe 5100 msedge.exe 5100 msedge.exe 5100 msedge.exe 5100 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
Processes:
msedge.exepid process 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe 1096 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1096 wrote to memory of 4920 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4920 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 4132 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 3396 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 3396 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 5328 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 5328 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 5328 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 5328 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 5328 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 5328 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 5328 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 5328 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 5328 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 5328 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 5328 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 5328 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 5328 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 5328 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 5328 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 5328 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 5328 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 5328 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 5328 1096 msedge.exe msedge.exe PID 1096 wrote to memory of 5328 1096 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1196870826536996934/1239810400351162458/builder.exe?ex=6662996a&is=666147ea&hm=0b2eeea7d2a0dbc8b89bfef8bea89c5c44dadcbe9f28b1cf72e2d1851d9bede9&1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1096 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1ec946f8,0x7ffa1ec94708,0x7ffa1ec947182⤵PID:4920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9987169281180343856,1946046104311539228,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:4132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,9987169281180343856,1946046104311539228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,9987169281180343856,1946046104311539228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:82⤵PID:5328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9987169281180343856,1946046104311539228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9987169281180343856,1946046104311539228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,9987169281180343856,1946046104311539228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:82⤵PID:5720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,9987169281180343856,1946046104311539228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9987169281180343856,1946046104311539228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵PID:1756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9987169281180343856,1946046104311539228,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:12⤵PID:4708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,9987169281180343856,1946046104311539228,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3596 /prefetch:82⤵PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9987169281180343856,1946046104311539228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:12⤵PID:3256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,9987169281180343856,1946046104311539228,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6216 /prefetch:82⤵PID:1684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9987169281180343856,1946046104311539228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:12⤵PID:5780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9987169281180343856,1946046104311539228,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:12⤵PID:2304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9987169281180343856,1946046104311539228,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5100
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5604
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4696
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
Filesize
186B
MD5094ab275342c45551894b7940ae9ad0d
SHA12e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e
SHA256ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3
SHA51219d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d
-
Filesize
5KB
MD5c725d4caaf48cf8bfe5f70b5e0e52556
SHA16cb5e4f6e36238134f787f61cbcfdf33fd93dcdd
SHA256c59a9b67eaaaf232c556ccc340b84c1d982ac5ca1b90cac5159f75e80c47b07b
SHA512487fa261e7a325c5e4083f8b3ef94ced8647ba38864140653f16cbc4a422a36e30f4aa49ebfce72bfc3ba203178860182b05691dd44b4f677078f15752ff812e
-
Filesize
6KB
MD5b573c91a6f6ca2470acbf96f34edb840
SHA13d8ccac2ac6b945afa21cc4cf2bb877a7e3cc4fa
SHA256b924df0980d0c0c1120dc3c0b747d5f19a394b28d0ef815e05a4d0bf82163219
SHA51289422dc35cc6da2447ebac32a27724e6108c67ea28a977289ce0bf8cf1859d4c9012111bbe590a1a021a4e0ca1e75b237b1be9ada8fc55788ec105201b3ee465
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD59e6183cd9c5a2d41ca6886c5d791aab1
SHA1fe18de019f7df57ed59ea929b7bcee1ae5721bb0
SHA2566b7695ee52c1541773a5a98620872032be3b2395d824fa22ae0b04de38600463
SHA512592caff9250ceacee8fdc466188fe6ee3625370886e90353771da36a9314fb7d0a5f7c0e5ad48f97eb1a0139feb278ce6ae093c793c51264ac8387a68d8222bb
-
Filesize
4.4MB
MD57bbeeabf69b9ff8af1be089540ebc2c1
SHA10bfd648e454713cd0c12c2ae2d259540f63e0b95
SHA25600392c9cbb0caaa1bba4ab48922e53c0d8b637a21defc747f320fa92d5c646fe
SHA5123af3646d0ed39353f198d2546602586bca92a1736ce30b1e3ed0b7150fccf5fca9a0b4eadedbc818efa8d5117f2ba43436e91263d5dabb9ac677bcf7177ebb74
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e