Analysis
-
max time kernel
150s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 15:31
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://betonrossi.atlassian.net/wiki/external/NzIwYTI1ZWQ5ODMxNDk4ZDljY2M5NmFkOGZhZjM3ZGQ
Resource
win10v2004-20240611-en
Behavioral task
behavioral2
Sample
https://betonrossi.atlassian.net/wiki/external/NzIwYTI1ZWQ5ODMxNDk4ZDljY2M5NmFkOGZhZjM3ZGQ
Resource
win11-20240611-en
General
-
Target
https://betonrossi.atlassian.net/wiki/external/NzIwYTI1ZWQ5ODMxNDk4ZDljY2M5NmFkOGZhZjM3ZGQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4988 chrome.exe 4988 chrome.exe 232 chrome.exe 232 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe Token: SeShutdownPrivilege 4988 chrome.exe Token: SeCreatePagefilePrivilege 4988 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe 4988 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4988 wrote to memory of 4576 4988 chrome.exe 91 PID 4988 wrote to memory of 4576 4988 chrome.exe 91 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 3092 4988 chrome.exe 92 PID 4988 wrote to memory of 2492 4988 chrome.exe 93 PID 4988 wrote to memory of 2492 4988 chrome.exe 93 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94 PID 4988 wrote to memory of 3636 4988 chrome.exe 94
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://betonrossi.atlassian.net/wiki/external/NzIwYTI1ZWQ5ODMxNDk4ZDljY2M5NmFkOGZhZjM3ZGQ1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4988 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e24aab58,0x7ff8e24aab68,0x7ff8e24aab782⤵PID:4576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1896,i,7630040378973608418,10559651925264594942,131072 /prefetch:22⤵PID:3092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1896,i,7630040378973608418,10559651925264594942,131072 /prefetch:82⤵PID:2492
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1896,i,7630040378973608418,10559651925264594942,131072 /prefetch:82⤵PID:3636
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1896,i,7630040378973608418,10559651925264594942,131072 /prefetch:12⤵PID:4064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1896,i,7630040378973608418,10559651925264594942,131072 /prefetch:12⤵PID:3948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=1896,i,7630040378973608418,10559651925264594942,131072 /prefetch:12⤵PID:4032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2140 --field-trial-handle=1896,i,7630040378973608418,10559651925264594942,131072 /prefetch:12⤵PID:4328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4536 --field-trial-handle=1896,i,7630040378973608418,10559651925264594942,131072 /prefetch:12⤵PID:2644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4108 --field-trial-handle=1896,i,7630040378973608418,10559651925264594942,131072 /prefetch:12⤵PID:4844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4360 --field-trial-handle=1896,i,7630040378973608418,10559651925264594942,131072 /prefetch:12⤵PID:4884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1896,i,7630040378973608418,10559651925264594942,131072 /prefetch:82⤵PID:4520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=1896,i,7630040378973608418,10559651925264594942,131072 /prefetch:82⤵PID:4472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3860 --field-trial-handle=1896,i,7630040378973608418,10559651925264594942,131072 /prefetch:12⤵PID:3088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2556 --field-trial-handle=1896,i,7630040378973608418,10559651925264594942,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:232
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4456
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4192,i,1305347165619645738,15927664461101562802,262144 --variations-seed-version --mojo-platform-channel-handle=4152 /prefetch:81⤵PID:2180
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5672e12f5c07601c8b14eaf73321cec4f
SHA13674b82d95c8c1c74de837118420c4568198e44e
SHA2565609ffa4817c8d5a3433e6d8b46c14b8aa579eb796febd1af1c94c560107b5e4
SHA5129c3e7b3cf98a5feb19ce43bbd912f79c6d516ea04929adc5635b11114e4d064686ef5fdeab412e3b964d86b0b522339a4537e2563fdfe0d95508668a07f3e795
-
Filesize
3KB
MD59f9642a06b9f3739b660e0908f276a9e
SHA141e315f983f9c8bf7ecb8fb272abc2805829dcc7
SHA256072d7f90c95c58d2d91003800b5f57aad9a98943b7edf7c2596db1e24306c422
SHA5120f99b8b3a5e99b0cb09e8b6db537f19b0a11ae88d852e6df8c09daec062b56725aa02cb7ac2fcb56a506e9eb48f4409e946a57f4381a82287216d3c5f369a5c9
-
Filesize
3KB
MD52165d3f2aa6bf84ab57ed53181ee800c
SHA133573b03733e2272b41ddfb7e6a7e9f941b663f8
SHA256feb1f528a0525860600f48481550c92c2105f4f71751618d9cca9dc8a6dee0e6
SHA5120ffda0f13b47a6890f3a6e2d2ee2a7af519d79e6c7405774e9d463f5f75ca5970e1004bcce911d834356f8bf4a07f38235388b6a7e2f04b48631e79e6be990a6
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD5b95198ae8125f26cbd1713601b11d737
SHA1ee88a9a763c43ecdfa74eb075f86289983ba61ea
SHA256f04c4972a403aad45de5f94de9e7c671946006bf22d1a6defa8c8af0a5e2980a
SHA512f0e2832ad09eeea902387ce1b21be23d3bb862afaf5657234af46808392be41c3d0c9702abc16f80816fdf6e223c7cf411bc620931399d59d711b8e2dd98679a
-
Filesize
7KB
MD5cf4a306053b2f9ea7556e0fe96d00f3a
SHA14f29a9ee8716630516dd8b85e9b25dae6dd0904f
SHA2565e5ec64048cea8dd68385fcc5aed97cbc74418f5895194aeee2f1dd26f62fc2b
SHA512b4891dcc89c53c8814291fe19d291cae9183ecd6d9a2b257dcfc3148d687340065352148706dfb124ff020233aeb1392a577ec030a3dbce3dec74d7aed3a5e8e
-
Filesize
138KB
MD507ad505975c615650b6b0bc699eef537
SHA17626c4c63a684613269d6c81fd499d0adb963300
SHA256ec959f0247f344a9edffe8ac81fdf00d47f6a6afd4f8841dab32a6ef56c2345a
SHA5125a7860f75162b34c522b9e1c4f63d5447ef80bbf8e4eafb19c9b34e47b76dfd56364b9e4bfad13ca38790fa2f26be43d4656913909d57e8bfcd6e4df216c2df5