Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
23/07/2024, 13:49 UTC
Static task
static1
Behavioral task
behavioral1
Sample
c3de679d46d7af04fb19fec872658950N.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
c3de679d46d7af04fb19fec872658950N.exe
Resource
win10v2004-20240709-en
General
-
Target
c3de679d46d7af04fb19fec872658950N.exe
-
Size
60KB
-
MD5
c3de679d46d7af04fb19fec872658950
-
SHA1
715a2062a806ad6ac2c1bd8915b4175cbd9432b5
-
SHA256
033a9bdf81cd99f3aac4ccd914b91de59ec3c7ab0aa825511487675f3017816d
-
SHA512
cae8bdf84fbd586d32c21386e16fa9f6ea459fbbce3f02d32fc6061763ab603307d9184ae2e19f261840a3fa185a358eaee28b77219d25dc8e0aecf5abb7b766
-
SSDEEP
768:ETgAcnILz6H4PwVjHovQ/o/THkbAqs3OfKDHGlHRJ6Wd:ETCy0CQjH2oQ+RJ6Wd
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" puoiw.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation c3de679d46d7af04fb19fec872658950N.exe -
Executes dropped EXE 1 IoCs
pid Process 3408 puoiw.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\puoiw = "C:\\Users\\Admin\\puoiw.exe" puoiw.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe 3408 puoiw.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3428 c3de679d46d7af04fb19fec872658950N.exe 3408 puoiw.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3428 wrote to memory of 3408 3428 c3de679d46d7af04fb19fec872658950N.exe 89 PID 3428 wrote to memory of 3408 3428 c3de679d46d7af04fb19fec872658950N.exe 89 PID 3428 wrote to memory of 3408 3428 c3de679d46d7af04fb19fec872658950N.exe 89 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83 PID 3408 wrote to memory of 3428 3408 puoiw.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\c3de679d46d7af04fb19fec872658950N.exe"C:\Users\Admin\AppData\Local\Temp\c3de679d46d7af04fb19fec872658950N.exe"1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3428 -
C:\Users\Admin\puoiw.exe"C:\Users\Admin\puoiw.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3408
-
Network
-
Remote address:8.8.8.8:53Request97.17.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request81.144.22.2.in-addr.arpaIN PTRResponse81.144.22.2.in-addr.arpaIN PTRa2-22-144-81deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request22.160.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request45.19.74.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestns3.theimageparlour.netIN AResponsens3.theimageparlour.netIN A206.189.185.75
-
Remote address:8.8.8.8:53Request228.249.119.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.165.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request71.190.18.2.in-addr.arpaIN PTRResponse71.190.18.2.in-addr.arpaIN PTRa2-18-190-71deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request73.144.22.2.in-addr.arpaIN PTRResponse73.144.22.2.in-addr.arpaIN PTRa2-22-144-73deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request13.227.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.28.10ax-0001.ax-msedge.netIN A150.171.27.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301551_1UO3JMUZBU5945BZN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317301551_1UO3JMUZBU5945BZN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 739548
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 578D59E0072B40088A49B37980EA757F Ref B: LON04EDGE0608 Ref C: 2024-07-23T13:50:46Z
date: Tue, 23 Jul 2024 13:50:46 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388123_1CIQUMLI21YOY2LAG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239339388123_1CIQUMLI21YOY2LAG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 509035
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 178923E0AA274328873B4CDD7E910B67 Ref B: LON04EDGE0608 Ref C: 2024-07-23T13:50:46Z
date: Tue, 23 Jul 2024 13:50:46 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388124_1DG07ET8O30638FP3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239339388124_1DG07ET8O30638FP3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 570135
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BCEC48C9FB644074BDA1372EE90BBE0C Ref B: LON04EDGE0608 Ref C: 2024-07-23T13:50:46Z
date: Tue, 23 Jul 2024 13:50:46 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360422982_1TJDRH7G9FF9FQQY2&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239360422982_1TJDRH7G9FF9FQQY2&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 837003
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A3E90D96FC34493FB0485F38EFA77AF9 Ref B: LON04EDGE0608 Ref C: 2024-07-23T13:50:46Z
date: Tue, 23 Jul 2024 13:50:46 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360422984_1O5I4N56JBATVHLO0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239360422984_1O5I4N56JBATVHLO0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 944899
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9DE538E29A244E448733DD4587CC6D3B Ref B: LON04EDGE0608 Ref C: 2024-07-23T13:50:46Z
date: Tue, 23 Jul 2024 13:50:46 GMT
-
Remote address:8.8.8.8:53Request57.169.31.20.in-addr.arpaIN PTRResponse
-
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
150.171.28.10:443https://tse1.mm.bing.net/th?id=OADD2.10239360422984_1O5I4N56JBATVHLO0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90tls, http2130.4kB 3.7MB 2705 2699
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301551_1UO3JMUZBU5945BZN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388123_1CIQUMLI21YOY2LAG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388124_1DG07ET8O30638FP3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360422982_1TJDRH7G9FF9FQQY2&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360422984_1O5I4N56JBATVHLO0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200
-
71 B 145 B 1 1
DNS Request
97.17.167.52.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
81.144.22.2.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
22.160.190.20.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
45.19.74.20.in-addr.arpa
-
69 B 85 B 1 1
DNS Request
ns3.theimageparlour.net
DNS Response
206.189.185.75
-
73 B 159 B 1 1
DNS Request
228.249.119.40.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
26.165.165.52.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
71.190.18.2.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
73.144.22.2.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
13.227.111.52.in-addr.arpa
-
62 B 170 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
150.171.28.10150.171.27.10
-
71 B 157 B 1 1
DNS Request
57.169.31.20.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60KB
MD5f5cbef808981b1824e4c1c657e6e046c
SHA1cd982b04d3bf27b2170f10092fea9dda46b47479
SHA256c3c50d0427c8e413346b4f71c75b38e161b022090f461ce0b462334e74806cdd
SHA51207c81df19457bb6a461bb7461913bf749f8fa83cf866f069e4657d23838d596c55d77baa3840b4cc01626afd20e4257ed5adcd494857f43ca24724ed7ee0e4cd