Resubmissions
13-08-2024 12:55
240813-p5s37svarb 903-08-2024 05:56
240803-gng1lsvfnn 929-07-2024 17:59
240729-wkpzdawhlc 929-07-2024 13:14
240729-qg3heazdpj 9Analysis
-
max time kernel
134s -
max time network
148s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
29-07-2024 17:59
Static task
static1
Behavioral task
behavioral1
Sample
eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe
Resource
win10v2004-20240729-en
Behavioral task
behavioral4
Sample
eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe
Resource
win11-20240709-en
General
-
Target
eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe
-
Size
162KB
-
MD5
7e851829ee37bc0cf65a268d1d1baa7a
-
SHA1
672553c79db2a3859a8ea216804d4ff8d2ded538
-
SHA256
eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc
-
SHA512
856c6d27669b3123064d85adbc119414f5418f80bbbc9f85f4575df97cf34d1f4ab96fab5442a337ac6a90c076ba5af835f5286cb403acfb3a1e4fc5d0834ebd
-
SSDEEP
3072:rjvNTtA6pzarOLgSua/iw6kzg3qe1PTjrnFFMVUT6tSTC6D1vtPR1DO66ddJpW3h:r72qe1PTjrnf/KMR1j6df01fiuAP3xFm
Malware Config
Signatures
-
Renames multiple (1119) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\E: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File opened (read-only) \??\I: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File opened (read-only) \??\J: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File opened (read-only) \??\P: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File opened (read-only) \??\Q: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File opened (read-only) \??\U: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File opened (read-only) \??\B: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File opened (read-only) \??\K: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File opened (read-only) \??\Z: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File opened (read-only) \??\H: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File opened (read-only) \??\L: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File opened (read-only) \??\M: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File opened (read-only) \??\N: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File opened (read-only) \??\O: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File opened (read-only) \??\S: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File opened (read-only) \??\W: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File opened (read-only) \??\Y: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File opened (read-only) \??\A: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File opened (read-only) \??\G: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File opened (read-only) \??\R: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File opened (read-only) \??\T: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File opened (read-only) \??\V: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File opened (read-only) \??\X: eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe -
Drops file in System32 directory 3 IoCs
description ioc Process File created C:\Windows\system32\spool\PRINTERS\00002.SPL eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File created C:\Windows\system32\spool\PRINTERS\00003.SPL eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe File created C:\Windows\system32\spool\PRINTERS\PPjxmsxis0w0r76x1ni2s09v43.TMP printfilterpipelinesvc.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\\\background-image.jpg" eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 ONENOTE.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz ONENOTE.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString ONENOTE.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS ONENOTE.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily ONENOTE.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU ONENOTE.EXE -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 8424 ONENOTE.EXE 8424 ONENOTE.EXE -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe Token: SeTakeOwnershipPrivilege 1012 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 8424 ONENOTE.EXE 8424 ONENOTE.EXE 8424 ONENOTE.EXE 8424 ONENOTE.EXE 8424 ONENOTE.EXE 8424 ONENOTE.EXE 8424 ONENOTE.EXE 8424 ONENOTE.EXE 8424 ONENOTE.EXE 8424 ONENOTE.EXE 8424 ONENOTE.EXE 8424 ONENOTE.EXE 8424 ONENOTE.EXE -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 8228 wrote to memory of 8424 8228 printfilterpipelinesvc.exe 76 PID 8228 wrote to memory of 8424 8228 printfilterpipelinesvc.exe 76
Processes
-
C:\Users\Admin\AppData\Local\Temp\eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe"C:\Users\Admin\AppData\Local\Temp\eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc.exe"1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1012
-
C:\Windows\system32\printfilterpipelinesvc.exeC:\Windows\system32\printfilterpipelinesvc.exe -Embedding1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:8228 -
C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE/insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{7ECE8FFB-AA5E-4A89-9133-80748F551754}.xps" 1336674960445700002⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:8424
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
423B
MD57ff94943cdf15452a094e7a8587755b6
SHA1663d82d423fd075b4c87e6428e9c2556c474b88e
SHA2566497c4ac3c3c1dc3fa0405571007a21ae4cecb7cc7cc170c4ad17f683a6118a5
SHA512da91f22c6c9fd4f25a5bc6be74c2dbf1b4d886af97d6dba49de12bef6f9d511b7cd834bae1851a5b4057b665353b2d6b802c5c45076ca5af94827db2ef2028ef
-
Filesize
387B
MD50a6645d2b49d41bbe572387ed7bc2b79
SHA11bb3cce8fa7938fc6e4282ba327ce21045e62fc9
SHA2565d4490da345ed58ebdedd9d97b8cb8b37db4e5e52d426e214053a6d2f7577dd6
SHA512c78c9b19f3b71a416e27b00ac82ef325faade36bbcbf2e92d28ffa432a700819274391fbdc940aad6b92f56d3437fde7948e1178de9800dbfdaa0e7f3e0d5a22
-
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\188__Cellular_PerSimSettings_$(__ICCID)_AppID.provxml
Filesize596B
MD538de9baf4b834682d955ab28e9adbd7a
SHA1ca9465666c6c2ee084d23c605e824f643aad1095
SHA256828f20b66aa83e8de36d9d052830ba5b81c7cdf6414b6cd08af11fb981c4171b
SHA5121df9bb0e2011c82882731c206a56863c8ee6c8854871ddcb4e1b7367f23bc81e65caa10d318844d0cfe59b4ebb19d57cb81d764fd3dac98773b6549900c5b751
-
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\623__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml
Filesize459B
MD57d3cea937f70e905bd40a3f403ef7d3e
SHA10231624a58e078e99a7148c94ee13b75896efd70
SHA256eaa4c9f587e5b29894fbfecd197936c10a7aa5189614b581a33a79d66ad797d5
SHA5125d1d58b5f017a78b334feae183fb8e1b62751270cfb635e025c8eb3545bbaf0482d013f5da986cbf43b09485c438892ad1fa0328e8e0f557d414b18edbea832f
-
Filesize
4KB
MD506e69b3390eec0e2555bf5e6b2f6a40b
SHA1b588ad1e786636e09f03e9661aa22bb574a3d5d1
SHA256312c259f8b8af11985ea45346549b13f77ff90c89852055058dd282ef9f7e95f
SHA5123b8821ee8948ab8bb0b2257ba5a1a303c056fc4ceae181faaef1e3742ad5461b7571fc0d3fb16992448370f208f06504807a5bfe4285ef36181bd39eb3164938
-
Filesize
4KB
MD511a72dcb3484d0a77b3a67c38c59f616
SHA1e63a6891459668e41d1a8fa2e41f49b04f939951
SHA2561c1befe8b2f18c45921abc38a2e6ba5e97be2d7eb31f66bcf06cd78296d458c2
SHA51202fd59298d5ba35fd2e5576cf37a108f240a19548458966c78f933fb5eec6b6b208890cee4cdf72f35df58882f6654fc3f4ba2c3b32e170ffd5b933880967c3b