Analysis
-
max time kernel
69s -
max time network
70s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 15:13
Static task
static1
Behavioral task
behavioral1
Sample
binary.xlsx
Resource
win10v2004-20240508-en
General
-
Target
binary.xlsx
-
Size
26KB
-
MD5
034a3c738db3c3c3f5e820fd6a94a122
-
SHA1
adbf9c038471587a644dfccb50921cbf2431cb1d
-
SHA256
3b2755a366aa6b9440d6edb1796fe19556615f8beb06ab639efeb667dd83e273
-
SHA512
bf8f2398d709debba10159a7a529e8b4b5cf13aa6c913ee74229cbab7b20a8f69a0fe0868c4c786e0a4905d81cd707d1659f93966e1f0c715f3d6ecc17026efa
-
SSDEEP
768:xMAY6NmXMXbG9CTnBRoemzT556GVKk3Sy:xMNO5CX9lH
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133626788416879676" chrome.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1816 EXCEL.EXE -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1800 chrome.exe 1800 chrome.exe -
Suspicious behavior: LoadsDriver 6 IoCs
pid Process 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 664 Process not Found -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe Token: SeShutdownPrivilege 1800 chrome.exe Token: SeCreatePagefilePrivilege 1800 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe 1800 chrome.exe -
Suspicious use of SetWindowsHookEx 19 IoCs
pid Process 1816 EXCEL.EXE 1816 EXCEL.EXE 1816 EXCEL.EXE 1816 EXCEL.EXE 1816 EXCEL.EXE 1816 EXCEL.EXE 1816 EXCEL.EXE 1816 EXCEL.EXE 1816 EXCEL.EXE 1816 EXCEL.EXE 1816 EXCEL.EXE 1816 EXCEL.EXE 1816 EXCEL.EXE 1816 EXCEL.EXE 1816 EXCEL.EXE 1816 EXCEL.EXE 1816 EXCEL.EXE 1816 EXCEL.EXE 1816 EXCEL.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1800 wrote to memory of 4112 1800 chrome.exe 91 PID 1800 wrote to memory of 4112 1800 chrome.exe 91 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 1980 1800 chrome.exe 92 PID 1800 wrote to memory of 2124 1800 chrome.exe 93 PID 1800 wrote to memory of 2124 1800 chrome.exe 93 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94 PID 1800 wrote to memory of 4680 1800 chrome.exe 94
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\binary.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1816
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1800 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee058ab58,0x7ffee058ab68,0x7ffee058ab782⤵PID:4112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:22⤵PID:1980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:82⤵PID:2124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2132 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:82⤵PID:4680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:12⤵PID:2756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:12⤵PID:3916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4400 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:12⤵PID:4524
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:82⤵PID:2948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:82⤵PID:1340
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:82⤵PID:228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:82⤵PID:2344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:82⤵PID:2692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4672 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:12⤵PID:1844
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3628
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
257KB
MD53f91bc56f18694fb028c43d6bfbb488b
SHA160a6a9549aa3946ef1fc67efb836e0458f9d555a
SHA256fbb2d585d224607f5019b2638421087cacadf384b2c58505258f442c564b245c
SHA512fc25441c5afeadc42a2fdabcfa49d7a72775c2f1b059cc05274c111156e413bc6d0aedc9e1cd92bbb1ee8006232e0ec719af5fb90034d407fa2cee68c4ce0d6d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD598eed1713b7661625bd4660b3c61e6e5
SHA187db92e52e36d563416c514994fcd4b960595322
SHA256ed4786130888b0aa26e3c9b1f00f4d329126213ca459296c630b1ffaacc81f25
SHA512b75d0847c7b5d64c636b4d318b29398aef910ce044d426ada79e04d11fa3ce02cc95fb2ed8a906a9b4ae45f2b03020c55825746b2117d2342ae2ead16ade440e
-
Filesize
257KB
MD5ea6b9b242e7d79f74cfb4816e07b954c
SHA1b5c0239a1304404b9ab428698e69caad85f2de0a
SHA256015b8fcad5f920eed7a50f51575771b17b0e59eefc64e5f4774d966bf998c6de
SHA512b3cfae2120df2e8b03eb1f1f64b76cc6fb1f896cf9b396e23e675e1694fe6ee2db4546f5f11d409b0b1309e088ac6e7f29d5949e1cdb121b276815556963ecd6
-
Filesize
257KB
MD512d95a99970d3621710eca91a704f7dc
SHA194b0f792e33fde1be78fe4cdf2341b92deb818d7
SHA2563c565f5e62edd8eb4143a9190cb32c4b5695d2c9a143f22170e86a4f58c5c753
SHA5122f802b27e1f6069ad26e89ab040f74bdb88fd7d3980edfe015fabe6dae99e0b6585093555ad954644baa70680b2ad07fef26d44ad5eed3ad7ba01c0f6f85674c
-
Filesize
90KB
MD5a4608ec5e1b09ffcbb5e98256f36fc1c
SHA1f4a5b0145dd683ff1355a35b59a86ab3280fb31d
SHA256486a2052a92257cb25869a3b75cdec771becd1248aed6ff80f2e194f9437a3ee
SHA5129126867483c24f82a78109d3e1e40c5007082a99c41991652b3bd17204a0733a0c4fd33902fb6f468c97879a665d1ee01693c5a07dde500ce7862d557c119390
-
Filesize
87KB
MD5b4053e3f6c71b54a9f0162d3bc7d1b33
SHA1b8acb38059db3e4dca5c988b11b8f070f1013441
SHA2569be2750e9882658a68cd2c8cb89ea3292b353c47256352b43bdefcb421a8248c
SHA512c257bed4b8458b25f985c815f9c8678187512f5e1b61224a3ccf138af9f3dc0fda2d03dd0d9096b5711808da6280614a7802c79fe57e71a60f72fc77c8798ce4