Analysis
-
max time kernel
31s -
max time network
35s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
20-06-2024 11:03
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exepid process 1936 msedge.exe 1936 msedge.exe 3860 msedge.exe 3860 msedge.exe 2564 identity_helper.exe 2564 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
msedge.exepid process 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3860 wrote to memory of 2816 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 2816 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 396 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 1936 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 1936 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 5052 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 5052 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 5052 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 5052 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 5052 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 5052 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 5052 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 5052 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 5052 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 5052 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 5052 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 5052 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 5052 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 5052 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 5052 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 5052 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 5052 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 5052 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 5052 3860 msedge.exe msedge.exe PID 3860 wrote to memory of 5052 3860 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://krs.microsoft.com/redirect?id=lxDNVZKK1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa025546f8,0x7ffa02554708,0x7ffa025547182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2072896521631373594,16862266937027750158,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,2072896521631373594,16862266937027750158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,2072896521631373594,16862266937027750158,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2072896521631373594,16862266937027750158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2072896521631373594,16862266937027750158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2072896521631373594,16862266937027750158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2072896521631373594,16862266937027750158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2072896521631373594,16862266937027750158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2072896521631373594,16862266937027750158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2072896521631373594,16862266937027750158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2072896521631373594,16862266937027750158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2072896521631373594,16862266937027750158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c5abc082d9d9307e797b7e89a2f755f4
SHA154c442690a8727f1d3453b6452198d3ec4ec13df
SHA256a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b4a74bc775caf3de7fc9cde3c30ce482
SHA1c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA51255578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015Filesize
204KB
MD5081c4aa5292d279891a28a6520fdc047
SHA1c3dbb6c15f3555487c7b327f4f62235ddb568b84
SHA25612cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f
SHA5129a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
480B
MD5dcb248c68bb723f2a064f5b1866a1c0a
SHA11fff653cbc9f34bacc9844f054b4220eb5c2efbf
SHA2567c82f31e3fe0b59ca4a46baa4ba4197b12e147e04e73e935a3a3fab4bda9f27f
SHA5128abad32d1ae96ece7ed030ea40fab8756d3db44cf0216b98bea79bce192d6170477c8525e1e2608de949cd6261f9277333ba6502eb75f4c50ef25a57a5e7b71d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD52b3f722e27ed38c3e7e45a034a47228a
SHA12c45b0d4d079d3fba39c16316bf981b7d55d4b63
SHA256ec602bd7e2d744659f01e2267b0fd97d7a4321ca3f57b03c4e64281b53eb5e1f
SHA512a72714a5a4df1bb677d8df6e11dbb83b9329595979b5ae58f8b3b9c6273e9857f8d2933bef9813c1c1b89cf505a5faf8d7c164d41ca30942c5346611d0957043
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD53e158886823d283f14d2801513ba91be
SHA1e827d140889d9d148a263287249e7771fa05db2b
SHA2566e40887f7663d318e8c20721c65303a707c18caa55384f0c3325e40a5e2e66b4
SHA51255abeea283481af697dcd60c5e27ac5c2d8cf26ddc9a12e8abe616d6652de00ece268dfe89d7f2427ed146145dfc9aa0f49c93bc59b597506485975175ab244f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD559fa5d6443eeade9b0ef8fd701c6f58b
SHA1da767aa020431c39d1a6c80fc204f9a7faf178c0
SHA2561f500e64dd0952c3351aad7eae2b75ef2c340d07eed7e212223ee1fd94843d62
SHA512c6a13110d8c0898f79da6b03e880421e128a64a667ec9cc827e4d1b9803d771b60f77b6cf8b7815cfc17da3e11fd6a8ef2f62fa28c5ece44644c362a3271affa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5520c4c23d8394e3bc26c1fecae411959
SHA171fcedc1f579862d1b908e993ad8176e933b2423
SHA256b685eede37961eb2e622a6a3462c35446554f5f1d5c7831a3ee93108958b30df
SHA5123aae67d437e8b9679c707ef1996331096dccff485cceafec36a699e5ff5c1b4e90b352f01eaff00920679e676bc3658b8d1a75892dce257ff01f2fff9afcff7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD52530cd93a893b7b1166a981761a18f33
SHA1db5ac8765d64e64fa027b8d52637a675db52a3a1
SHA256c80101aea40ee8b6d847f275d767c98b35abb37ff840dab97bf5e7c1f3c3b238
SHA512d35f75efc10161b363eb72fb1c2ffa6aad7889e05511838e9d50a63bf44a9ecbb77f22f2fe837cb0317df14ecf64b6a8d386d4ca66b95a563c683bea2e935072
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c94b.TMPFilesize
372B
MD5d2485511b28b4c65287464ec28983619
SHA1c9710acdf9f2a961a05b996474006fe01e16d7ec
SHA256bce9c559d34b2fa2c78df29b68d90a64c1898ef2329747072ab401886e347e44
SHA512f9a9483051e5a65135bb75731fb092af68708b19cc93613fe3dcaeb55bd9606c619677e4b53f5208a2e5ece8da86a6223c1b064817a56ace94c9a390e7e95729
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD59322c444107baf146c872b6bf9ba91cc
SHA1fb17e95009c89779021a85cd403ba9f6ebfe9f32
SHA256ebeb69ee04510ae78bb6f6da090d369c8398084c6bbedf965d83a913f4ffd6c0
SHA51240dba5fad43b9801df2a0164c4fa8d35dec1a45427b1c88785b8cf77ff5efed69bfe0e98b6d40f7a163f1cb68feebe24491255c221a8811fbc9228d73265c089
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD50b270df7e9fc726d00e3235d7a719c50
SHA1e7780934f51bbedf8745e3c24c7fbd192ce0b1cf
SHA2565ccc39396043e9e34d31808d11b433a173c73257ae52b7205380b7bec9779f09
SHA5128c852ce87572c5fd2fcb479cfacf094aeb4c32106e5d2edcf74c05591142846c7e6ebeffc607498a6642303d1e6073827b58f87018602201a16e25e60797ac6a
-
\??\pipe\LOCAL\crashpad_3860_XYBYQIFGTGHEGWROMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e