Malware Analysis Report

2024-07-28 09:12

Sample ID	240617-f1hbgawdmc
Target	https://paste.ee/d/PFErN
Tags

score

10^/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score

10^/10

Threat Level: Known bad

The file https://paste.ee/d/PFErN was found to be: Known bad.

Malicious Activity Summary

Checks processor information in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

MITRE ATT&CK Matrix V13

Privilege Escalation

Defense Evasion

Credential Access

System Information Discovery

Lateral Movement

Command and Control

Resource Development

Analysis: static1

Detonation Overview

Reported

2024-06-17 05:20

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 05:20

Reported

2024-06-17 05:23

Platform

win7-20240508-en

Max time kernel

32s

Max time network

33s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://paste.ee/d/PFErN"

Signatures

Checks processor information in registry

Description	Indicator	Process	Target
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	C:\Program Files\Mozilla Firefox\firefox.exe	N/A

Modifies registry class

Description	Indicator	Process	Target
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings	C:\Program Files\Mozilla Firefox\firefox.exe	N/A

Suspicious use of AdjustPrivilegeToken

Description	Indicator	Process	Target
Token: SeDebugPrivilege	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	N/A

Suspicious use of FindShellTrayWindow

Description	Indicator	Process	Target
N/A	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
N/A	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
N/A	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
N/A	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	N/A

Suspicious use of SendNotifyMessage

Description	Indicator	Process	Target
N/A	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
N/A	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
N/A	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	N/A

Suspicious use of WriteProcessMemory

Description	Indicator	Process	Target
PID 2108 wrote to memory of 1616	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 2108 wrote to memory of 1616	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 2108 wrote to memory of 1616	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 2108 wrote to memory of 1616	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 2108 wrote to memory of 1616	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 2108 wrote to memory of 1616	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 2108 wrote to memory of 1616	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 2108 wrote to memory of 1616	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 2108 wrote to memory of 1616	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 2108 wrote to memory of 1616	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 2108 wrote to memory of 1616	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 2108 wrote to memory of 1616	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2116	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2116	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2116	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2620	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2956	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2956	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2956	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2956	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 1616 wrote to memory of 2956	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://paste.ee/d/PFErN"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://paste.ee/d/PFErN

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1616.0.133653329\1444998453" -parentBuildID 20221007134813 -prefsHandle 1276 -prefMapHandle 1268 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9db75ef-36ca-44a3-a39c-7054ca574ef7} 1616 "\\.\pipe\gecko-crash-server-pipe.1616" 1340 110d1a58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1616.1.319570298\713563198" -parentBuildID 20221007134813 -prefsHandle 1544 -prefMapHandle 1540 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {473a3a5a-66f5-49c3-9f88-6a4bef64268f} 1616 "\\.\pipe\gecko-crash-server-pipe.1616" 1556 11003258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1616.2.597576622\390618526" -childID 1 -isForBrowser -prefsHandle 2072 -prefMapHandle 2068 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b97717d-3f1e-4cf4-9183-438f5f207867} 1616 "\\.\pipe\gecko-crash-server-pipe.1616" 2084 1105d458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1616.3.682193676\2061619652" -childID 2 -isForBrowser -prefsHandle 2900 -prefMapHandle 2896 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {713b53f6-7360-4cb9-b72f-4d1f54dde3a5} 1616 "\\.\pipe\gecko-crash-server-pipe.1616" 2912 d61c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1616.4.2049617872\326425803" -childID 3 -isForBrowser -prefsHandle 3660 -prefMapHandle 3656 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c11fa9d-9bb9-4ff8-af54-008cda992e1f} 1616 "\\.\pipe\gecko-crash-server-pipe.1616" 3676 1b90bf58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1616.5.349915349\882654309" -childID 4 -isForBrowser -prefsHandle 3676 -prefMapHandle 3680 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91977f0c-258c-485d-b411-fb36f713e64b} 1616 "\\.\pipe\gecko-crash-server-pipe.1616" 3796 1d437658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1616.6.1989124613\1894481993" -childID 5 -isForBrowser -prefsHandle 3952 -prefMapHandle 3956 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18abde53-911e-40a6-a2a3-bf05748248e1} 1616 "\\.\pipe\gecko-crash-server-pipe.1616" 3944 1ec1a758 tab

Network

Country	Destination	Domain	Proto
N/A	127.0.0.1:49190		tcp
US	8.8.8.8:53	paste.ee	udp
US	8.8.8.8:53	contile.services.mozilla.com	udp
US	8.8.8.8:53	spocs.getpocket.com	udp
US	8.8.8.8:53	getpocket.cdn.mozilla.net	udp
US	8.8.8.8:53	content-signature-2.cdn.mozilla.net	udp
US	8.8.8.8:53	shavar.services.mozilla.com	udp
US	8.8.8.8:53	push.services.mozilla.com	udp
US	8.8.8.8:53	firefox.settings.services.mozilla.com	udp
N/A	127.0.0.1:49196		tcp
US	8.8.8.8:53	spocs.getpocket.com	udp
US	8.8.8.8:53	contile.services.mozilla.com	udp
US	8.8.8.8:53	getpocket.cdn.mozilla.net	udp
US	8.8.8.8:53	content-signature-2.cdn.mozilla.net	udp
US	8.8.8.8:53	push.services.mozilla.com	udp
US	8.8.8.8:53	paste.ee	udp
US	8.8.8.8:53	aus5.mozilla.org	udp
US	8.8.8.8:53	spocs.getpocket.com	udp
US	8.8.8.8:53	www.paste.ee	udp
US	8.8.8.8:53	push.services.mozilla.com	udp
US	8.8.8.8:53	support.mozilla.org	udp
US	8.8.8.8:53	ciscobinary.openh264.org	udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\datareporting\glean\db\data.safe.bin

MD5	f06e15a668700b14d2eeb998b49ead3a
SHA1	4853a4ef3b08c4718cc7f04167d140ae8b20483c
SHA256	f39c6e5f6d94404c5908cfe5bc7cd9a1451ff220f494e05fc38f008504e525ef
SHA512	ab869622eede4f049ac26b906b22b26abf796264450e347b36dbef0a6a6f13aafb845571e3b5f6d21b31ff639a4be80da43bc35c990338bc8334b34dee93c22d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\datareporting\glean\pending_pings\f39ce4e1-4086-4154-be85-d0399e094857

MD5	1b95903055996edb4a5f1559212ffd00
SHA1	630c6327e079ebe78fc614096daed117b7741051
SHA256	a11ebbd11ec5bf7ca0d1d432c41ee54094c3fbd1e985f3a1a8cb26de4306ccae
SHA512	01468aa89a0622abf90c14c6721d14f0af2b582a5a48d5188283a583dc269d229ff36e61017c500daa99d71257329b18a13ca40eef69335597eed21ea2ba08e5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\datareporting\glean\pending_pings\5517db6b-8317-4cea-86f4-f9e0945fe84e

MD5	0028f48a702a1b181e0e7d104ead4917
SHA1	10a3ae27eb62279cd1c32b83b89117f39dc3c0ce
SHA256	23e9158da60061e445206fed6930a3614a180a408df51862d3b29c077d022da5
SHA512	e1b8b9f8cbe03a95ccd1ec4ab629744e70f06668bc58eaa1de8d3cacbecaf470ec797602325df386aa388761264011f5d76797635ae455a8fbf1d0c23173dd4a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\sessionstore-backups\recovery.jsonlz4

MD5	4826c447bb0468e934582f548da409e3
SHA1	bc45aa1e56471330c011afabd5148c47a809c066
SHA256	bedfcb3e7800429ec7c480b5672273dd487eba42b5d9e7def7059480bc0e077f
SHA512	91035e446b306ef5bad954be6fe8013d2f00bd5a0efae2878bf3bfba5af7b04fa7f5e01a777b9af84b983bfce62918291e4657dd4ff8237d263fa59d25e0c5e3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\prefs-1.js

MD5	c4679842ae837d25f202293846fee4ac
SHA1	7ab16c71d9ed914851c5b11aff3c94b888fd3211
SHA256	fc7fb4ed52e2bc240ceb36c8a67c9cd57f5a1af353ec2b09db5eb62c4dc3539b
SHA512	84396448bdd292cf53d4ac7567c2b2e7690c0aac3dc859375e8dd945717c4ac0a541cb31a2d99fa263a77226d098770f4b26628349836274f4ac507fb4255a1d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uu0g08su.default-release\prefs-1.js

MD5	7c71d6ed1a4ab519570e2ece6a70605f
SHA1	248d3d316ae604114837033a104df82a0b8e6133
SHA256	6a5a6d4992aebe0e4a916db21c2ffbaa20c6d58f38fd1468e2c7273d8df3192d
SHA512	a84e1a79653c00128c2f539ee91ba9184b2b87373a4cc930395cc0cf39e93212692004e2cfe7da1d4d6371cdabdb39919c1814eb09b094aa5224e449cb576acb