Analysis
-
max time kernel
99s -
max time network
96s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
16-06-2024 14:21
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://email.ninosdeahora.tv/e3t/Ctc/RI+113/cZLF404/MX7jHllPfW6VjQpt35vtSFDW7nzmJr5gntchN5VHnTb3prCCW6N1vHY6lZ3pdW4_NY427bPm5-VFDNhX1Q7JMGW5_q7d-2dwky-W8z3G-Y8ZdHYsW2r52Vp7SyZflW84m_606jkhwrW6bPNq93pV86DW5j6KcL1d3SPTW34q_fp499VmKW95LCL84qdPr4W6Wm5tg41MfdjN2YbtZrJz2CjW4w7_s81wpT7kW5hgs2s6vldkmW18pY4K6bwW9WW3QypcK3TL3WBW70mVL38mR1VcW7TBRk_8MBX6QW2jCJzG1xbVb0W4TTvtb8lQygjW6JQgTt4DdQ7fW1JK07P8bY_ZHf4M141F04
Resource
win10-20240404-en
General
-
Target
https://email.ninosdeahora.tv/e3t/Ctc/RI+113/cZLF404/MX7jHllPfW6VjQpt35vtSFDW7nzmJr5gntchN5VHnTb3prCCW6N1vHY6lZ3pdW4_NY427bPm5-VFDNhX1Q7JMGW5_q7d-2dwky-W8z3G-Y8ZdHYsW2r52Vp7SyZflW84m_606jkhwrW6bPNq93pV86DW5j6KcL1d3SPTW34q_fp499VmKW95LCL84qdPr4W6Wm5tg41MfdjN2YbtZrJz2CjW4w7_s81wpT7kW5hgs2s6vldkmW18pY4K6bwW9WW3QypcK3TL3WBW70mVL38mR1VcW7TBRk_8MBX6QW2jCJzG1xbVb0W4TTvtb8lQygjW6JQgTt4DdQ7fW1JK07P8bY_ZHf4M141F04
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630213195538386" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4892 chrome.exe 4892 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4892 chrome.exe 4892 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe Token: SeShutdownPrivilege 4892 chrome.exe Token: SeCreatePagefilePrivilege 4892 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe 4892 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4892 wrote to memory of 4816 4892 chrome.exe 73 PID 4892 wrote to memory of 4816 4892 chrome.exe 73 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 2168 4892 chrome.exe 75 PID 4892 wrote to memory of 1816 4892 chrome.exe 76 PID 4892 wrote to memory of 1816 4892 chrome.exe 76 PID 4892 wrote to memory of 1344 4892 chrome.exe 77 PID 4892 wrote to memory of 1344 4892 chrome.exe 77 PID 4892 wrote to memory of 1344 4892 chrome.exe 77 PID 4892 wrote to memory of 1344 4892 chrome.exe 77 PID 4892 wrote to memory of 1344 4892 chrome.exe 77 PID 4892 wrote to memory of 1344 4892 chrome.exe 77 PID 4892 wrote to memory of 1344 4892 chrome.exe 77 PID 4892 wrote to memory of 1344 4892 chrome.exe 77 PID 4892 wrote to memory of 1344 4892 chrome.exe 77 PID 4892 wrote to memory of 1344 4892 chrome.exe 77 PID 4892 wrote to memory of 1344 4892 chrome.exe 77 PID 4892 wrote to memory of 1344 4892 chrome.exe 77 PID 4892 wrote to memory of 1344 4892 chrome.exe 77 PID 4892 wrote to memory of 1344 4892 chrome.exe 77 PID 4892 wrote to memory of 1344 4892 chrome.exe 77 PID 4892 wrote to memory of 1344 4892 chrome.exe 77 PID 4892 wrote to memory of 1344 4892 chrome.exe 77 PID 4892 wrote to memory of 1344 4892 chrome.exe 77 PID 4892 wrote to memory of 1344 4892 chrome.exe 77 PID 4892 wrote to memory of 1344 4892 chrome.exe 77 PID 4892 wrote to memory of 1344 4892 chrome.exe 77 PID 4892 wrote to memory of 1344 4892 chrome.exe 77
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://email.ninosdeahora.tv/e3t/Ctc/RI+113/cZLF404/MX7jHllPfW6VjQpt35vtSFDW7nzmJr5gntchN5VHnTb3prCCW6N1vHY6lZ3pdW4_NY427bPm5-VFDNhX1Q7JMGW5_q7d-2dwky-W8z3G-Y8ZdHYsW2r52Vp7SyZflW84m_606jkhwrW6bPNq93pV86DW5j6KcL1d3SPTW34q_fp499VmKW95LCL84qdPr4W6Wm5tg41MfdjN2YbtZrJz2CjW4w7_s81wpT7kW5hgs2s6vldkmW18pY4K6bwW9WW3QypcK3TL3WBW70mVL38mR1VcW7TBRk_8MBX6QW2jCJzG1xbVb0W4TTvtb8lQygjW6JQgTt4DdQ7fW1JK07P8bY_ZHf4M141F041⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4892 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffca65a9758,0x7ffca65a9768,0x7ffca65a97782⤵PID:4816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1808,i,18364723802602171123,14503560839830701405,131072 /prefetch:22⤵PID:2168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1808,i,18364723802602171123,14503560839830701405,131072 /prefetch:82⤵PID:1816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1808,i,18364723802602171123,14503560839830701405,131072 /prefetch:82⤵PID:1344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1808,i,18364723802602171123,14503560839830701405,131072 /prefetch:12⤵PID:1204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=1808,i,18364723802602171123,14503560839830701405,131072 /prefetch:12⤵PID:4684
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1808,i,18364723802602171123,14503560839830701405,131072 /prefetch:82⤵PID:1920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1808,i,18364723802602171123,14503560839830701405,131072 /prefetch:82⤵PID:1220
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:196
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
893B
MD5d4ae187b4574036c2d76b6df8a8c1a30
SHA1b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA5121f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Filesize252B
MD56b72dd795d656208332b88add1ebd71b
SHA1fe2a514496b31dd53803ad5f8508adcd77fbe4cd
SHA2560a03753efa361d22bf509ee1a7755783e2442f33fd290f8bddc2b10b80d3e1ed
SHA51252f43cf203b85ee6cc533b61faa80682518ca38577ed0c4e56b56ec43d06fd59aae3c4c1acd7d5ca5e67a79fa16e5eef91e62a8102aa423f3ec508052d224d00
-
Filesize
504B
MD5601d9ef5b48cfc01b1de8b8557694632
SHA1ea8c157508b455a541c6a315656dcb1561c100af
SHA25647f5a000c678be571371a519baaed14db806bc18ab1de58c8b30c7dab04a5968
SHA512f86380c7fce9e9964685a4c9f5b39b91f1b28b5ed50f7caa9984ddb5ad00ea520a774f25f1b5a5e3c75efd48d555ebe6c85033cebef6640c34f6c69d3fa56e71
-
Filesize
3KB
MD50f68cd2e86335d083c376c8d08c5ab88
SHA1dfacb47e07a3d622571462a209ae21f791445bb4
SHA25681e7d34730ab6b1f6c635a8068432add7a6d968098e179fd78dd21e8df31b640
SHA512edfee8a6458d618005f6df0a122031029c5ecd63b1cbc0109e0a422274479e405ba0d528a34a076cfc75dc11f2ec6e5f104ef11529ae68a38f29d9f504242f49
-
Filesize
3KB
MD59aac39cf722c3507f188c40f4f89ed70
SHA1cc283e63434a039a99f5a91899d717ed231dd499
SHA2566fddad253ce143b092db1c95af9e7c660f1b60f8e7ac4c373bd662f3662c6d4f
SHA512bc3253eb914d2ec52f696fe5a7a81a2a392ccbc3770bf320c781b8c1a190d38b6e52cfd818052a8410582d415655bc4e7cc5f9cc2e2265413e5b5ed66d17bb52
-
Filesize
6KB
MD5b0278f7961043c91a9ab22bfbb4af1a1
SHA107cc1ca3b9019aeed2fb73e35df845c6c78ce3f3
SHA2567e264f866f8af3ca4bfa0b5fce1ae5b3353c661d2e20c0115721ea8b6a1ce29a
SHA5122b0fd1244523fbbd6595b8bac39b384fbb358beacb0d649995821318e9806d592e12ae8df4adb0ea922b7a852db2dfdfce867dede53f181cbf1657f96c47dc3e
-
Filesize
6KB
MD5ef91f3675140e8fb933212b48af4c47a
SHA195f2c30614c98c4332e5a09cf37aa24885fe6aa9
SHA256b07acf8e61bff258b9dcfdef9cc253408105308450e93c0b2e5ceb8ec019d892
SHA51217a50d4c90f742ccc21928ace08cc53a9d4e9fe3210e2b1bfd77f7e0f6c433c07eb452ad58af199ca69fe6a594b2e2760d3fe95a59a28aaacb9e02f6e52835cf
-
Filesize
6KB
MD5e9cba564cf15b4895c93830f157c0ca7
SHA115a5c1daf5479f56771a9ffb7b148b6b34084b74
SHA2560d431591b64078b2d1a524a8d939ae5ed5f4d6202ed9c5b3fc7be0c7d38f3ef3
SHA512102bd2043ca6191e64de2ab71d59ae60c90c651d25338a29413e26f160f1ae9449c042db7b6df1db907027d35323a41a8a43ada0267a61bfdcd30683c2f0fa2d
-
Filesize
136KB
MD54a7594364771dbcbb1a384a4302992e8
SHA1b331cb50fb83336cd4ef783976a962dc28f8d43f
SHA256a8bf70ae7e58f4e5bea12eef132841e259b5e1daca137ccb416be7030b3f7549
SHA512cc0a2dce777c01153aeed4e63eed80e291164fb559d6fcc623b289971cae531ba070397ddf60065ec740087554509eca70d4bedbc68b8ed64d83e97208bf8072
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd