Analysis
-
max time kernel
1680s -
max time network
1685s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
18-06-2024 18:03
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://usxs.zstjut.top
Resource
win11-20240508-en
General
-
Target
https://usxs.zstjut.top
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 3704 msedge.exe 3704 msedge.exe 2888 msedge.exe 2888 msedge.exe 3880 identity_helper.exe 3880 identity_helper.exe 3360 msedge.exe 3360 msedge.exe 1176 msedge.exe 1176 msedge.exe 1176 msedge.exe 1176 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2888 wrote to memory of 2520 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 2520 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 4976 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 3704 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 3704 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 960 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 960 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 960 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 960 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 960 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 960 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 960 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 960 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 960 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 960 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 960 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 960 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 960 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 960 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 960 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 960 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 960 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 960 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 960 2888 msedge.exe msedge.exe PID 2888 wrote to memory of 960 2888 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://usxs.zstjut.top1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2888 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb39733cb8,0x7ffb39733cc8,0x7ffb39733cd82⤵PID:2520
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,4332876249147113958,15496110871878183975,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1836 /prefetch:22⤵PID:4976
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,4332876249147113958,15496110871878183975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3704 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,4332876249147113958,15496110871878183975,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:82⤵PID:960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,4332876249147113958,15496110871878183975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:4160
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,4332876249147113958,15496110871878183975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵PID:604
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,4332876249147113958,15496110871878183975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:4716
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,4332876249147113958,15496110871878183975,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵PID:4956
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,4332876249147113958,15496110871878183975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3880 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,4332876249147113958,15496110871878183975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:12⤵PID:484
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,4332876249147113958,15496110871878183975,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:12⤵PID:472
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,4332876249147113958,15496110871878183975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3360 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,4332876249147113958,15496110871878183975,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4732 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1176
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4624
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4256
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e4bf11ed97b6b312e938ca216cf30e
SHA1ff6b0b475e552dc08a2c81c9eb9230821d3c8290
SHA256296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad
SHA512ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76
-
Filesize
152B
MD523da8c216a7633c78c347cc80603cd99
SHA1a378873c9d3484e0c57c1cb6c6895f34fee0ea61
SHA25603dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3
SHA512d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize192B
MD50e4f7e4a761a3cde7cb504b031248dbe
SHA112fc7e4746e8f24b3b51c5f205ec0fd1e6fab8af
SHA256806cb1f7be648c1d3eae33e262dee76f9fb2781bf2f825aa1f78176dd8d1cdb0
SHA5128cc9719739518eda73e5ca43b1b41b5ca54266d2c4e6da8d21a6b8c29cd69b73859ffc5a78daf2d6b8e9ce156676685688fa1de185f50817f92764f91d94278f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize240B
MD556fbd83517e7b6ed079a4ec229bb89ab
SHA1a84f17b9d8f70a0dd42d8b1da553067d7fe0c32f
SHA256596dae1e8e56ef757f2f7d3a47a06a765de016443f79ab6191912569be53afe9
SHA5127e585f11a99b18cb4b8ca5e097e6aadc8714a9312a36545107a4473c0dfa851ab6fb8e01b29b9e38c27205554fd23c1c2d27f3ff6329c3f4e743fccb7c327395
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
545B
MD5cf9e4a575d34c40be6c0e528cf4d87fc
SHA12bf585a74cff0507e791f49d7af9fcb7d77b5ae9
SHA2564c006663cbe9156395d4c556757da12b1bf25c3ffbe6e055ef4416007257fd7a
SHA512c19775b204cecc86aecc5764ef9141ff8aab12d19488287791a205acb0b6504275a0f0284fffea5cd2671b5757f7e151676ea53eb880d7ca9320d8e6dae1a71a
-
Filesize
545B
MD51fbc88aa11c5e11e15f969b75e6a955c
SHA106da94b174e68674a7eafb6f81fc3c410c2142ef
SHA2569d9e7e66a298d54c96581492992cb5533225724cd132edca9228ff0a30e91ab6
SHA512c934f43bb5c106128a84f04f7ddc974646873e5c80dee509cd304e3983fd43def2d73cd977b34ba0e7a2aaffca0b487509bf17a391b9ae3676946f549c756770
-
Filesize
545B
MD5a445cd236a75f28bff8b26d53d903528
SHA14a5bc5aa444b2f5fc8f5e8005aac9bab3d149f31
SHA2562f2951deaa735555ba1ae206c6133a59f196d42670bcf547c003be310ad2ba84
SHA512e33d6eb49eedbcc0e8ded2620978743a586f74d21f23e7cb5b1a162151093ac86bfe5f26174cce0194960928c6ef338335ead0ace89b501f8b17638343b22a6d
-
Filesize
545B
MD5def8044b5a46880c8ca9742c27d09b73
SHA15f9322f06c3f7f321ff92e9cdc1ba662ffa1d909
SHA2565d0e14879340e8902c3d54539a1c4a3409791631037f3c3681e370816a250525
SHA51233f5bc64436b323a025662e92c0ff384807756c5338917259767714a1affcf4bcfd3ab5c61c7c5ce68c7fcef52dee9c1bcd25f6ae65610ffd5b4245f43aa5e1e
-
Filesize
5KB
MD556f3619229e29c83006dc250564ff0bc
SHA13775a6452d8babf24ad3d4736c4d72fd5e24c735
SHA2569fd63f62c9613eb2690a322dc45c693a14b457b5a1e2cb2464c2cb0729a228f5
SHA512fb0eed8fa73245cc523d112b606c827b0eb09750f369ffbfdacb4f4884056e590e1446b220df0ef1b5ba807afd90022dbc4de823ee88d9014f4b25f9ddc99fb7
-
Filesize
6KB
MD585400d471c35143d69e26752ebc0168f
SHA1ebc802c3ed07bed667dc3883c634cf645034f032
SHA256dda5d74fbc44dae1f5e5c0758c2292454415fcdc664c0f02ff60faa02f67fdcf
SHA512c83c648483caebcb42c710beea84ea22241dd267f94860d56c22849e0f01da7814ef08798e1aa316ed61a643c30dace1046ff10e5f78c4e5cb965d0b9436cb72
-
Filesize
6KB
MD58c39e32cfb59794c7260b5d970c4325e
SHA1b3d9c597b78323e8a478d989ca870ce55840cd07
SHA2568e18c891c3e5c414fe4afd0a973ac42c507b1462c06207cdd528502b40dfed8c
SHA512a939439b77d23773abf4989ab438a66b29f63f6ebf51c5afea54810d436db525719eb878ceeb9fabf7c50d4e4c9cb5db950daaaab86429219580849aa990862c
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD50dfa7227d60f65d2eb2f49de65233da2
SHA13e296fffa8e14545060b2793456d82cdf99b5fda
SHA256ff258648a5329d841f3b7072d21f2e5528643f00e2eb8d580c9b40485e1d7fba
SHA51230178b900151139d4836c3264e3f2f0dabb94316876a3e89ba16711d3fd9247bb5d5d1f17d9a7088d4091a3e0e7537f9219b337bcdf8002ca59b557e944e5007
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e