Analysis
-
max time kernel
1764s -
max time network
1684s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
30-08-2024 15:44
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://roblox.com.py/games/142823291/Murder-Mystery-2?privateServerLinkCode=03817793597581185928002601817556
Resource
win10v2004-20240802-en
General
-
Target
https://roblox.com.py/games/142823291/Murder-Mystery-2?privateServerLinkCode=03817793597581185928002601817556
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2824 msedge.exe 2824 msedge.exe 2184 msedge.exe 2184 msedge.exe 2564 identity_helper.exe 2564 identity_helper.exe 1128 msedge.exe 1128 msedge.exe 1128 msedge.exe 1128 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2184 wrote to memory of 4656 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 4656 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 3060 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 2824 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 2824 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 1204 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 1204 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 1204 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 1204 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 1204 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 1204 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 1204 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 1204 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 1204 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 1204 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 1204 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 1204 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 1204 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 1204 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 1204 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 1204 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 1204 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 1204 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 1204 2184 msedge.exe msedge.exe PID 2184 wrote to memory of 1204 2184 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://roblox.com.py/games/142823291/Murder-Mystery-2?privateServerLinkCode=038177935975811859280026018175561⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9779046f8,0x7ff977904708,0x7ff9779047182⤵PID:4656
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,226046044999669538,14487058545570106939,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:22⤵PID:3060
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,226046044999669538,14487058545570106939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2824 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,226046044999669538,14487058545570106939,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:82⤵PID:1204
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,226046044999669538,14487058545570106939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:4664
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,226046044999669538,14487058545570106939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:2620
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,226046044999669538,14487058545570106939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:12⤵PID:3224
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,226046044999669538,14487058545570106939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:12⤵PID:3584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,226046044999669538,14487058545570106939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:4720
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,226046044999669538,14487058545570106939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:82⤵PID:556
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,226046044999669538,14487058545570106939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2564 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,226046044999669538,14487058545570106939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:12⤵PID:1460
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,226046044999669538,14487058545570106939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:12⤵PID:2968
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,226046044999669538,14487058545570106939,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1128
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3284
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4488
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD553bc70ecb115bdbabe67620c416fe9b3
SHA1af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921
-
Filesize
152B
MD5e765f3d75e6b0e4a7119c8b14d47d8da
SHA1cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5d7ddb51ac75a765cfc86359cac2c8709
SHA12fec09fc5d4c3426c21d94d983f6fc31c6a9197a
SHA2561456702c066c0163bcaad55682d05e2dca8c33d2d90d10667c2ffa91f90952f8
SHA5129ac642dbf11390dae4d7bfa290a3f3e55f58581aded983ec3494c85ccb05f12302b06c3d0dc704440650618f2898b0025a59c29fda3b6e817371b85ad00c6a53
-
Filesize
1KB
MD536a1b99b7f4e9d362634254500bd47a2
SHA15995937620d6a0489ddfaa4bac76b4a1c5b7e79d
SHA256b379c58b8768d4cacc62de8f9776eebf37018c5b9e0804e128e79eb3d88f379f
SHA5121069ac459578d8cfd4b8d6b17c8f66559c4eac0037fc5a0757c7efbf1286a08984eeb3028f55a1f275f04be02614d647484ccfab4e60f3c9aeb2c675be1a1f6c
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD50adf7a03cf50aa26870caa8b2713ecf2
SHA115befa76cb64342fd7130696a9549779ba1f3756
SHA256a76096aac8bdcce1e37baed6534c0e59080b125f5de12a49bdadae2483d822a8
SHA512bcbca7a2c9afae9d333202c565f43a9f907b0bba9fe1b6b35761c418fa0f8a3f61c8b0013d74c12975305f8ae3d19f0a920deabd6edcbd10d55a8b88ce39dd60
-
Filesize
6KB
MD5201a193136e12e0b4f5bbdaeb4a806a7
SHA1386ff88bcbfb633848b5f69d8f2e7367af5fa723
SHA2569a2cfefcd2f4571417e770fdd97e10f282bfa59fe0a7ecbfa15a511353a48068
SHA51246684fe4a6c636f003e21a1a67ee0f085c198927484404aaf96d61e5fd3b720c4e2971ef5edb062ec6eb5cbccc34223997a5ad23379f19f8f84f483b76b882ac
-
Filesize
1KB
MD518b50e7d23648c3816bc808e7cd697d9
SHA10a9681df76b2e2170c84f8b249759aeffceed916
SHA256f76b03fbac1f3b19278c1891816899bc0ce4d7d6b6c2fe42fe2bded2503920f1
SHA512204b235e93a6d7823ec78ee9a047fd47e215b9c3826d4f4c480860e1059b541a9938acb9709541251ceda9457f39d8b3b65a866a269b089d7fa71859660189b5
-
Filesize
1KB
MD55c9d871bfb608443dde2017eb29dc2a1
SHA1d884a66653a39fb22a43614e3c92cea360336a15
SHA256e10bfb7a37f6a3af5f064338e553112962e57afb1c91b47f5e2117a38c8ef59e
SHA51282e13334e620304be328ba6f3fc35e3db7f5a9ebe8a27f3f87b41281cb87e90079a9cc0517f87c591013c93cec3dbcc25c5377dc907d9c65bf29dc3f44841c09
-
Filesize
1KB
MD504e5082a657efe2410ad35609cdbacae
SHA1e7cf843f338799dad08fe5f631320669d0df9c8a
SHA256b70aa8d3260395632bdc08585b2eb053beeb5742d6e3319810f9861dc29069a6
SHA51201159774d043ab474b8e26c9d4bded1c4b4fb4d2b63dd121e5585d68d34009eb45fd95b83b74d0483244d66963ca9d50cc382e736fba8884712ccda22d2666e9
-
Filesize
1KB
MD5064567820b171553d2f85fa627ce8ba6
SHA12252e3806fb31903e16541dd06da938a8ebf121d
SHA256df710728281877f9b46f5c5558311925cb1eca71834e5327f5b6c6e16ecee17d
SHA512fd762a691a1db0a3f3da4d1082de6d8861b284ecfa7e586cd8ebd2ee2aa39f284c34fc2d88e50433de290a2fd8888773bb09d882aed3a628b9f139ce795173e6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5bdd2b0618be82e97626eaaa48af6cf75
SHA17036fc36654f8a353ecd42f55a54f5fe2ab4dfdf
SHA2565cd62b1fa23635f2b0e6feac7ef4c6648695efd63231ca076079415464b6fcbc
SHA512d146c04509892ec8f1d0da16636203803c54105cfa914c564f35d7a8df9e96c791f639e7088c8d0966279e760eccb964b7da344740edface6d4f7efabd853a71
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e