Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
9Static
static
3Snake_IT_Project.exe
windows11-21h2-x64
9$PLUGINSDI...er.dll
windows11-21h2-x64
3$PLUGINSDI...ls.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDI...ll.dll
windows11-21h2-x64
3LICENSES.c...m.html
windows11-21h2-x64
3Snake_IT_Project.exe
windows11-21h2-x64
9d3dcompiler_47.dll
windows11-21h2-x64
1ffmpeg.dll
windows11-21h2-x64
1libEGL.dll
windows11-21h2-x64
1libGLESv2.dll
windows11-21h2-x64
1locales/af.ps1
windows11-21h2-x64
3locales/uk.ps1
windows11-21h2-x64
3resources/elevate.exe
windows11-21h2-x64
3vk_swiftshader.dll
windows11-21h2-x64
1vulkan-1.dll
windows11-21h2-x64
1$PLUGINSDI...ec.dll
windows11-21h2-x64
3$PLUGINSDI...7z.dll
windows11-21h2-x64
3$R0/Uninst...ct.exe
windows11-21h2-x64
7$PLUGINSDI...ls.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDI...ll.dll
windows11-21h2-x64
3$PLUGINSDI...ec.dll
windows11-21h2-x64
3Analysis
-
max time kernel
146s -
max time network
138s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
02/08/2024, 19:19
Static task
static1
Behavioral task
behavioral1
Sample
Snake_IT_Project.exe
Resource
win11-20240802-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win11-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win11-20240802-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/WinShell.dll
Resource
win11-20240802-en
Behavioral task
behavioral6
Sample
LICENSES.chromium.html
Resource
win11-20240802-en
Behavioral task
behavioral7
Sample
Snake_IT_Project.exe
Resource
win11-20240802-en
Behavioral task
behavioral8
Sample
d3dcompiler_47.dll
Resource
win11-20240802-en
Behavioral task
behavioral9
Sample
ffmpeg.dll
Resource
win11-20240802-en
Behavioral task
behavioral10
Sample
libEGL.dll
Resource
win11-20240802-en
Behavioral task
behavioral11
Sample
libGLESv2.dll
Resource
win11-20240802-en
Behavioral task
behavioral12
Sample
locales/af.ps1
Resource
win11-20240802-en
Behavioral task
behavioral13
Sample
locales/uk.ps1
Resource
win11-20240802-en
Behavioral task
behavioral14
Sample
resources/elevate.exe
Resource
win11-20240802-en
Behavioral task
behavioral15
Sample
vk_swiftshader.dll
Resource
win11-20240802-en
Behavioral task
behavioral16
Sample
vulkan-1.dll
Resource
win11-20240802-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/nsExec.dll
Resource
win11-20240802-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win11-20240802-en
Behavioral task
behavioral19
Sample
$R0/Uninstall Snake_IT_Project.exe
Resource
win11-20240802-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win11-20240802-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240802-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/WinShell.dll
Resource
win11-20240802-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/nsExec.dll
Resource
win11-20240802-en
General
-
Target
LICENSES.chromium.html
-
Size
7.9MB
-
MD5
8303b3a19888f41062a614cd95b2e2d2
-
SHA1
a112ee5559c27b01e3114cf10050531cab3d98a6
-
SHA256
9c088caac76cf5be69e0397d76fe9397017585cffdba327692ff1b3a6c00d68f
-
SHA512
281b2ecc99502a050ee69e31256dec135e8cb877d1a6ba9f1c975fcfb11c062980ee6061d2368b62f91e392953ae6235dd726a9d98e6efc1302f7ed713099179
-
SSDEEP
24576:dbTq6T06T5kJWSIRWnBIl70mfT76y6E65606F/HXpErpem:t4scj
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 4192 msedge.exe 4192 msedge.exe 1624 msedge.exe 1624 msedge.exe 2712 identity_helper.exe 2712 identity_helper.exe 3044 msedge.exe 3044 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe 1624 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1624 wrote to memory of 4212 1624 msedge.exe 80 PID 1624 wrote to memory of 4212 1624 msedge.exe 80 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 2912 1624 msedge.exe 81 PID 1624 wrote to memory of 4192 1624 msedge.exe 82 PID 1624 wrote to memory of 4192 1624 msedge.exe 82 PID 1624 wrote to memory of 4784 1624 msedge.exe 83 PID 1624 wrote to memory of 4784 1624 msedge.exe 83 PID 1624 wrote to memory of 4784 1624 msedge.exe 83 PID 1624 wrote to memory of 4784 1624 msedge.exe 83 PID 1624 wrote to memory of 4784 1624 msedge.exe 83 PID 1624 wrote to memory of 4784 1624 msedge.exe 83 PID 1624 wrote to memory of 4784 1624 msedge.exe 83 PID 1624 wrote to memory of 4784 1624 msedge.exe 83 PID 1624 wrote to memory of 4784 1624 msedge.exe 83 PID 1624 wrote to memory of 4784 1624 msedge.exe 83 PID 1624 wrote to memory of 4784 1624 msedge.exe 83 PID 1624 wrote to memory of 4784 1624 msedge.exe 83 PID 1624 wrote to memory of 4784 1624 msedge.exe 83 PID 1624 wrote to memory of 4784 1624 msedge.exe 83 PID 1624 wrote to memory of 4784 1624 msedge.exe 83 PID 1624 wrote to memory of 4784 1624 msedge.exe 83 PID 1624 wrote to memory of 4784 1624 msedge.exe 83 PID 1624 wrote to memory of 4784 1624 msedge.exe 83 PID 1624 wrote to memory of 4784 1624 msedge.exe 83 PID 1624 wrote to memory of 4784 1624 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1624 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdfde83cb8,0x7ffdfde83cc8,0x7ffdfde83cd82⤵PID:4212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,11891486826147293639,11533850373588742679,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:22⤵PID:2912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,11891486826147293639,11533850373588742679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,11891486826147293639,11533850373588742679,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:82⤵PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11891486826147293639,11533850373588742679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:5088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11891486826147293639,11533850373588742679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11891486826147293639,11533850373588742679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:12⤵PID:4516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11891486826147293639,11533850373588742679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:12⤵PID:1140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,11891486826147293639,11533850373588742679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11891486826147293639,11533850373588742679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:12⤵PID:1188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11891486826147293639,11533850373588742679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,11891486826147293639,11533850373588742679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,11891486826147293639,11533850373588742679,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2648 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1056
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3724
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:912
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD531ba3f2b3473c02eabf9782ac0b8aec2
SHA107f17e2906e0dd61a49639dd0d8df8fd58c084eb
SHA25667646c14cc64e2996fd58fa04ac6a4ce7dab3ff8f77c49074cea912b5c716708
SHA512305383c6e270ee5793ee61a4c0471b7d6aee67a2342c100b5ada31a81f77d16cdf7db02ca380a31ff883ae1f980242217fabefc7ca42ae5d2f65997ec91963ac
-
Filesize
152B
MD5302c3de891ef3a75b81a269db4e1cf22
SHA15401eb5166da78256771e8e0281ca2d1f471c76f
SHA2561d1640e5755779c90676290853d2e3ca948f57cf5fb1df4b786e277a97757f58
SHA512da18e7d40376fd13255f3f67a004c3a7f408466bd7ce92e36a4d0c20441279fe4b1b6e0874ab74c494663fb97bd7992b5e7c264b3fc434c1e981326595263d33
-
Filesize
152B
MD5c9efc5ba989271670c86d3d3dd581b39
SHA13ad714bcf6bac85e368b8ba379540698d038084f
SHA256c2e16990b0f6f23efdcecd99044993a4c2b8ba87bd542dd8f6256d69e24b93b3
SHA512c1bc0dc70ab827b54feb64ad069d21e1c3c28d57d126b08314a9670437881d77dba02b5cca57ef0f2aa7f8e7d4d163fbd2c6f246ea2d51ce201d61a89015e8b7
-
Filesize
5KB
MD5e7c6c1a6de79e25dfd9129b0c946b20a
SHA14933c48a03bfc086352950f01c97d5262bc5bda7
SHA256b7491836b0c691eeb87b922b4c3b4821c84e87318971c81a51155ac39ac3bcda
SHA5121f3b61f2c3af3cd5ca63d31561d489c54c42fc74f0738b7bc78a0dea11fa050d62b99db048bff6b763ac86b9334d0309ea82113115cbcad62df678f6a6c8664f
-
Filesize
5KB
MD5ed90ddf9d40e685ec8399ee9f0775293
SHA1abae925ceb6c4ae975a10743a27cf0e14a380cba
SHA2561051e7497fab5509f5113db3c9981afb0a6c58b4fbc118e48ca4c2f836272b63
SHA51250b75e3c07947a5be5bc57b0f055a1267be169ef262b86d83e5ac0adc04e62c93a0969e213d6e19e2f3d187a0e4bc880735fd432ea030d596eabdcc227bb0961
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
8KB
MD51e39e851ad4dc87f56292718eaea52de
SHA1bb20c9a0fd1d9d14715ee7a24a0dfc1aa984c954
SHA256680752ad3fb15891a27a4318481a96de7e8a49705f913a5ddd039764dc269a4f
SHA51293e1af64c9384c990cd776428f2fabfdac867629e928bd5eb3fab912fa9d6ca61871b747dd407e093556ceb47f6ae2e138a1ca3833b4191cc958d46f1d2bf695