Analysis
-
max time kernel
86s -
max time network
88s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
-
submitted
06/07/2024, 00:16
General
-
Target
https://drive.google.com/file/d/1f9eq-XL3R1GglTEuPkmeT8oTOsK3NU9m/view
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 31 IoCs
-
Suspicious use of SendNotifyMessage 17 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1f9eq-XL3R1GglTEuPkmeT8oTOsK3NU9m/view1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff5c833cb8,0x7fff5c833cc8,0x7fff5c833cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1960,15948143645352989442,2859658075738474195,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2468 /prefetch:82⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1628.0.1255703437\1676473241" -parentBuildID 20230214051806 -prefsHandle 1784 -prefMapHandle 1776 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09c57c53-e4e5-489e-8e5c-f40b896ecaf4} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" 1864 2383c30ce58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1628.1.1339876478\868668350" -parentBuildID 20230214051806 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b38edc99-438e-4839-a371-f2c24ac564e5} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" 2388 23827f86658 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1628.2.716274226\522242311" -childID 1 -isForBrowser -prefsHandle 2952 -prefMapHandle 2948 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b6b6338-f008-4d5d-ad6a-35bb7ffaece7} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" 2960 2383ebf4558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1628.3.1169524442\484082244" -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 3616 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e210c0ab-9fc9-4de9-ab34-a99a98f379da} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" 3632 23841c3ab58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1628.4.2104493764\2134550145" -childID 3 -isForBrowser -prefsHandle 4892 -prefMapHandle 4880 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {821bdd0b-b4cc-4cb7-9f64-883d7a1d8be7} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" 4912 23844069058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1628.5.2024052019\712281763" -childID 4 -isForBrowser -prefsHandle 5068 -prefMapHandle 5072 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad8585b0-ece0-4033-a874-099457ad2cf3} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" 5056 2384406a858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1628.6.444961174\588030797" -childID 5 -isForBrowser -prefsHandle 5312 -prefMapHandle 5316 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcc8e182-c2f6-4310-af64-e1f51aae3631} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" 5304 2384412db58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1628.7.311519560\154355370" -childID 6 -isForBrowser -prefsHandle 3988 -prefMapHandle 3984 -prefsLen 27769 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e011ded-b222-4eff-bd5b-7a3af5784bfb} 1628 "\\.\pipe\gecko-crash-server-pipe.1628" 2696 23841c3cc58 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d56e8f308a28ac4183257a7950ab5c89
SHA1044969c58cef041a073c2d132fa66ccc1ee553fe
SHA2560bc24451c65457abc1e4e340be2f8faceae6b6ec7768a21d44bcd14636543bae
SHA512fd5798559f4025ec3408f5550b8671d394b1ec83b85fdac8c005b0cc3e183272bdd07db15a156a572c9c5e5798badf235dc10aae62a052efa8dd9dfdbdca8189
-
Filesize
152B
MD58f2eb94e31cadfb6eb07e6bbe61ef7ae
SHA13f42b0d5a90408689e7f7941f8db72a67d5a2eab
SHA256d222c8e3b19cda2657629a486faf32962e016fc66561ce0d17010afdb283c9de
SHA5129f7f84149885b851e0bf7173c540e466a2b2eb9907d8b608f60360933328cc75d9d1b63640ea4ecc1e64ecc5dd7ee74d82903f96a8b4418ca56296641a8c0703
-
Filesize
5KB
MD5104731a5f9c9cb6acb4396dbaf4579a9
SHA1ec11fdbd4dc54acaf3bbe81f123fd03ce4035956
SHA256a9155164c303c6b11c134a628ce6ecc776593809afd3c06ece918daf793ea0b5
SHA5125d1287695b84b1a43a57ffcbb37297d4927071b6a069fbd1003bd7928a8361cdde0b7b2c6cb5a995af8abde40de6b9ee490dd801f019a7a6758c457cb8b45790
-
Filesize
5KB
MD5627ebdaa4158dd8661b6774db5c5363b
SHA1198aacf6169a32a4a1a623b38d5fb365fbc12d94
SHA256f146b41030e6275cd937a2a0e51c0da6b94c0aa5ff4cf2142ccd77850b14147c
SHA512b54257438912cbd0e8fcd2c6e3bc9da7c3da8b4ddb8d77ed0947b5141813eafbb74e9fa2e15aa72d5d423de1282c2bf4588294bf6818a7c9278f2455634c7780
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
8KB
MD59c3f4907b4f8672f8a1cb876bf1e4614
SHA135d9192f0dafd3bf4676ff3d25f05566a51dfb56
SHA25663ca73efdb7fba4223f40f57333aea31817c2a5547347066fcc934c0bcbe4c04
SHA512d0bb90499abc39d1473c3265b86b80b63b3c29ed4370a5b9b0e95630a2ff878f9d427d06c5ba0f42bacfa96262c39258f3e0bd9b2162cc52af74b8507e809e88
-
Filesize
8KB
MD58122073aaae65097eb2387f705fa85a2
SHA130ca941e762fcea6382bb76ad9035ed31bbc885d
SHA256a9dafb3aa78336294dca95111c0fbdf148ef90c8e349308e5bb37688d483e461
SHA5127e91680b6d03f9de75971ad818655753e9589e3da1c64572b6b53146159e94e8972205ad9ed744409b4732db88cf99cdadf741775b10ea65a78eaef2b56d5ae8
-
Filesize
8KB
MD552546f731f7cb2f2811edae0c9f03618
SHA1e37bd44eb3487c4da4a3a1357d1b970ccae7c45c
SHA256d1c24fd21b023f4321ae86f0f14a8c9cdfdbdf3dfbd2482675adb1ff34c5734a
SHA5120933f44496c2711a4115e165818af2f788f79dc6152e8464f52b7c583af72da57648bd2b794a0fc19172fe3ab6b9525bf480fc5a089c09dc48916c8f4c552d74
-
Filesize
26KB
MD5ec7f12f05f8c1344cdb344c32e48cfa4
SHA1da37a1da62feb108410401b3de644f8f40fd75aa
SHA2569e23c348b605e8e9ca46906bf9df5103bb165f2240f70c4a9230a98ff6cd1530
SHA5121e3474a97570c3001e3c3751378a50121d31b2f2d1d48b305ba6ca22c1271f915ea56b2e64a99bf3fcf4d1ffe2321cf44d5fd867a1accf75be7edf8b81ef721d
-
Filesize
7KB
MD55fceda6340f56d064df197f86e9a4143
SHA12944a7c36050049279acb67c7b0f72099255b58f
SHA2562d2eec083cca4037d3b87d9edbdbbd7e1bef5efbc3749d698719da52268bb005
SHA512ad97ef993f7d846363ded667b41db459217d4b6b59bae6c0e4844de1616b42fb8100b1411d7d6dfbcbd8cb5cb3e8720b438d5e3d355985e093c5bcbe3d80e120
-
Filesize
7KB
MD52415b835dc0d8456823f84cb62bcad08
SHA1140b6362562b67bc1a15faf397487bcfeb0b94cf
SHA2569b8030d756e909276fb9fe84bca2779afc858912b352107b82b79ceab82824b5
SHA512064efdaad699cbb9e62fff37dc6d33c64c8ffe15b8c95a0a5f6e86094a888275cd4febe9abf1bd79766d92d3420bdb6c6a781d0cf80cd9dbd8e2a5faac265584
-
Filesize
1KB
MD54fa7d56eefbcd11b78480c07e1d65b18
SHA182acb6d04d734ab80be89873155452be94f22a1b
SHA256fac4e4d81db9ac4d28c2be9718abbd8a508182ebfea26b9349b2e8696d1fa526
SHA5126b58b017f9b3143aa7879586cb64491f938d3336ff8604671429b1b1df0f67155b599ac6d776648021478d9c991b64ba58cc8478d1ce6fc826f98465833d85d6
-
Filesize
1KB
MD5741a01b3808682603cbaddf5b9184afe
SHA1508756a6c63c7e027f70c0ec63b79253732c0595
SHA25632c8a394d0a5159e0a4af4d2d09489d187105b8187047005b694196e4da8750c
SHA51293bd4ebe2c32fb02d0a3a388658d84d2ce50fdd5654f910c11c5a197b442509bf094fb3eb1101109ef62de5c0889da15370b13adfec72d4fabe6ed2d832c500c