Overview
overview
4Static
static
1URLScan
urlscan
1https://hatching.io/...
windows7-x64
1https://hatching.io/...
windows10-1703-x64
1https://hatching.io/...
windows10-2004-x64
1https://hatching.io/...
windows11-21h2-x64
1https://hatching.io/...
android-10-x64
1https://hatching.io/...
android-11-x64
1https://hatching.io/...
android-13-x64
1https://hatching.io/...
android-9-x86
1https://hatching.io/...
macos-10.15-amd64
4https://hatching.io/...
debian-12-armhf
https://hatching.io/...
debian-12-mipsel
https://hatching.io/...
debian-9-armhf
https://hatching.io/...
debian-9-mips
https://hatching.io/...
debian-9-mipsel
https://hatching.io/...
ubuntu-18.04-amd64
3https://hatching.io/...
ubuntu-20.04-amd64
4https://hatching.io/...
ubuntu-22.04-amd64
1https://hatching.io/...
ubuntu-24.04-amd64
1Analysis
-
max time kernel
1799s -
max time network
1685s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
20-06-2024 18:30
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://hatching.io/blog/tt-2024-05-16/
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
https://hatching.io/blog/tt-2024-05-16/
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
https://hatching.io/blog/tt-2024-05-16/
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
https://hatching.io/blog/tt-2024-05-16/
Resource
win11-20240508-en
Behavioral task
behavioral5
Sample
https://hatching.io/blog/tt-2024-05-16/
Resource
android-x64-20240611.1-en
Behavioral task
behavioral6
Sample
https://hatching.io/blog/tt-2024-05-16/
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral7
Sample
https://hatching.io/blog/tt-2024-05-16/
Resource
android-33-x64-arm64-20240611.1-en
Behavioral task
behavioral8
Sample
https://hatching.io/blog/tt-2024-05-16/
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral9
Sample
https://hatching.io/blog/tt-2024-05-16/
Resource
macos-20240611-en
Behavioral task
behavioral10
Sample
https://hatching.io/blog/tt-2024-05-16/
Resource
debian12-armhf-20240418-en
Behavioral task
behavioral11
Sample
https://hatching.io/blog/tt-2024-05-16/
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral12
Sample
https://hatching.io/blog/tt-2024-05-16/
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral13
Sample
https://hatching.io/blog/tt-2024-05-16/
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral14
Sample
https://hatching.io/blog/tt-2024-05-16/
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral15
Sample
https://hatching.io/blog/tt-2024-05-16/
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral16
Sample
https://hatching.io/blog/tt-2024-05-16/
Resource
ubuntu2004-amd64-20240508-en
Behavioral task
behavioral17
Sample
https://hatching.io/blog/tt-2024-05-16/
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral18
Sample
https://hatching.io/blog/tt-2024-05-16/
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
https://hatching.io/blog/tt-2024-05-16/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633852079783850" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 2884 chrome.exe 2884 chrome.exe 2100 chrome.exe 2100 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exepid process 2884 chrome.exe 2884 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe Token: SeShutdownPrivilege 2884 chrome.exe Token: SeCreatePagefilePrivilege 2884 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
chrome.exepid process 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe 2884 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 2884 wrote to memory of 5000 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 5000 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 4976 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3896 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3896 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe PID 2884 wrote to memory of 3172 2884 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://hatching.io/blog/tt-2024-05-16/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2884 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd0602ab58,0x7ffd0602ab68,0x7ffd0602ab782⤵PID:5000
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1824,i,15833426203164319623,9055183735005957404,131072 /prefetch:22⤵PID:4976
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1824,i,15833426203164319623,9055183735005957404,131072 /prefetch:82⤵PID:3896
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2156 --field-trial-handle=1824,i,15833426203164319623,9055183735005957404,131072 /prefetch:82⤵PID:3172
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1824,i,15833426203164319623,9055183735005957404,131072 /prefetch:12⤵PID:4988
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1824,i,15833426203164319623,9055183735005957404,131072 /prefetch:12⤵PID:1016
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 --field-trial-handle=1824,i,15833426203164319623,9055183735005957404,131072 /prefetch:82⤵PID:4888
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4148 --field-trial-handle=1824,i,15833426203164319623,9055183735005957404,131072 /prefetch:82⤵PID:5080
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 --field-trial-handle=1824,i,15833426203164319623,9055183735005957404,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2100
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1816
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
144B
MD552a3f1fa0c64a0edeae4cbcb7a54fc70
SHA198e557c2366a77f94c9095c9834d26426d24b470
SHA25640dd4ffb9832ba304282cb6176e67cfe9f160ca2a11cbefbdc1ae2c9c744a856
SHA5124a6194742c91abdbcfeb7ad254ca248bf3dc910874fd489231774fbcea26b5f723e484e8e1d505757faf6e4255c29f5340c9004df31d98577b7accd0d53fbc86
-
Filesize
1KB
MD5075038e2dde6791534dac4af314ee6e8
SHA14cb9be879c75adb23a10e6c383e88ef81753e3fe
SHA256d66bc148ae8c9570a662a15e0a87d7547499c3a07236844e813879f106915d15
SHA512587d0512344db16cee3d30a739ebdc73db48de56de8076d38b6b4ceab1136fd6d0eeb093bcf82787f963c2b5662d01102305df9a86f1093f4dc214b0e9013374
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
858B
MD5b5ef1341e55577473145f7448325cebe
SHA1a438978ca7cb0c1824641d6cf81c0e91e2eff7a3
SHA25601427236de421a910d8283b0f9d073501a441194339cebb852f61ea47d47d3b5
SHA512594bbf76c4c40621b59f6dbd1b49a59e79a65b343c0c9920e199ed9e3084d51721459f9a0cdd5d5e581f02b9711dd8acd010ce83279a09239f41b0a5e20b9017
-
Filesize
7KB
MD5ce4c3e70c2c615068126f773d5f763d1
SHA14f108855ea5591c2f6a5afd8b6e9ced791d5b99e
SHA25610fac9ecf1755750297616dc7b5b91c0db499fa501076236003d9482afedf77b
SHA51237867003527e0e80249d0f84ee6286094f7bfeb67c0bcafe7b80b3791a8000a5002b174d42030ba02e0aa7722fb47dffe21c3bbbfe75b25b22e5c411eb23fca2
-
Filesize
129KB
MD5459b675e4d1f360c3710e6b986c06ac7
SHA1b6169af5c9e6128fbb82855b716bdd1090b3f419
SHA256350d54af0ee5e56df79b5f5225a03801c9a9c6cf12997adda0ee77ee3cb70ca0
SHA5122b1e8dbbdc29bd300bc0b10e88f199d7de7272824ed312258f9b10dda1808202d45f60eeda4a5c9ebd5329d1ac12397bbd59f5d234b012a38d431f482f1bcaa1
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e