Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
09-09-2024 11:59
General
-
Target
https://u.to/KZvcIA
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 12 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 56 IoCs
-
Suspicious use of SendNotifyMessage 54 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://u.to/KZvcIA1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8931346f8,0x7ff893134708,0x7ff8931347182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,11717478517826622712,15852583190687722082,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,11717478517826622712,15852583190687722082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,11717478517826622712,15852583190687722082,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11717478517826622712,15852583190687722082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11717478517826622712,15852583190687722082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11717478517826622712,15852583190687722082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,11717478517826622712,15852583190687722082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,11717478517826622712,15852583190687722082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11717478517826622712,15852583190687722082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11717478517826622712,15852583190687722082,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11717478517826622712,15852583190687722082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11717478517826622712,15852583190687722082,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11717478517826622712,15852583190687722082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11717478517826622712,15852583190687722082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11717478517826622712,15852583190687722082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11717478517826622712,15852583190687722082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,11717478517826622712,15852583190687722082,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 23602 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {93f4d0d4-55f9-41db-a0ff-a92347709b10} 4940 "\\.\pipe\gecko-crash-server-pipe.4940" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 23638 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17db008f-a0bc-4faf-bf28-4c0889adb3f0} 4940 "\\.\pipe\gecko-crash-server-pipe.4940" socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3100 -childID 1 -isForBrowser -prefsHandle 2928 -prefMapHandle 3044 -prefsLen 23779 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0606abf5-cd8a-44a5-868f-ed85d234fb16} 4940 "\\.\pipe\gecko-crash-server-pipe.4940" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4048 -childID 2 -isForBrowser -prefsHandle 2556 -prefMapHandle 1268 -prefsLen 29012 -prefMapSize 244628 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2b61ec2-74f9-4ac8-a5ff-9c5436259546} 4940 "\\.\pipe\gecko-crash-server-pipe.4940" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4588 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4612 -prefMapHandle 4652 -prefsLen 29012 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {816604c8-d93e-4f44-acb1-7791fe87f56b} 4940 "\\.\pipe\gecko-crash-server-pipe.4940" utility3⤵
- Checks processor information in registry
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ff63763eedb406987ced076e36ec9acf
SHA116365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA2568f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f
-
Filesize
152B
MD52783c40400a8912a79cfd383da731086
SHA1001a131fe399c30973089e18358818090ca81789
SHA256331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685
-
Filesize
190B
MD5bf4072f178d5242c5781510b22dfcff0
SHA156b4f1b44945c22ebe874fedde4d3080546b5dee
SHA256ae2a8c83f22cab93043de13c954e5e1ff30915fe8139fc07f66c7958b6efa207
SHA512b2aa160bdd65089d7c3f2a68d94b36b529eb90b1da79bd0fd32198c93f9290be5b078ce0ea2341a7729983ac66a190596d200a16030d0d486bb8dd955a301ce9
-
Filesize
9KB
MD55e030edcfc7f62c502d2eac93d1131a9
SHA1c40d4487247a5837a94c2c71d2a60066ad248c41
SHA256977c803afc25002f0192fc76100b06599d69d83ad0be7f609737164e75eb97aa
SHA512776043b4f45523b97938eaa6d8265db8136cb7a5ee0c02447957094e3f9cfa0377f56bc8655d2fce9397e81c83493c77fef4d36af3f76e39003bcf4e42a9f429
-
Filesize
9KB
MD5d0e03493326896c1b7477beff782afad
SHA1a72dd14a0045a2dfcb324d533f0c378292782ea1
SHA2568d24d30170bb0bcd1578b68beddeab0d61e3f1ea1b6aaf0b656908e7bf534a9f
SHA5129219c1cc2005ebfc86fd6668c2df593825aaddaed959b15b7badf797d3a4a0f360a0304addf9f4cf82def22c94483eb2bcf7cfce1fbc69e96bfed9eacce1c148
-
Filesize
6KB
MD5d5b686fad25ec989d3d9bd3a0942185e
SHA19131a6c5d98bfcb14ccc2e9170952137ec703108
SHA2563e52f9e1bea53fa274ca5c5a5ab40d7bc7f6abf3fb80a75c6e8e18afb2bab113
SHA512bd8e07ef68997504e75234902b61ee31459b3ccfe81ad36978cc187a533ef7a0bde853a010618fc1efe0bc0d34900aed384955d8742e9da7bcb217cc5b607595
-
Filesize
5KB
MD523625d0719c8c7c13a47bb1775100ef2
SHA1b556bde4a30ccf51a62e8435a661554f359406d4
SHA256fe971439ca52cdbe35e6ed373643abf10c57032b44ba05a859646383c9fbdd2b
SHA512c925db983e55a9b858199636da0fd4341661b70c03904969748dc39d04b65041f130dabe4fe6ecafd2aae6235a926ad5baf3b1a5ca76d89dddaf5c6e3c72568a
-
Filesize
8KB
MD5f8b1dbf6631b4d427d778c993f74de17
SHA16ab86ceb3f83574c13c3c715390e0b07a221fb88
SHA256177697a099f3444cc0afc37566ae400c609976e24be43f78f17c8b8a11bb24fe
SHA512c34af9b7e794f18d1a55e5c8439847f9bd1c1f47bdec97669e44009c48b3fbad4d3d359b733f89c4b59a8b12f07292b536e4b993a814e0167559210532582f15
-
Filesize
9KB
MD5a3d3eb5faccdf88bbbda544964dbe5fe
SHA16fd9935e27b099098924b4300045ba00d5c3d0c6
SHA256eca10e6dd8d98ca205e01d16fc603e9f6411ae76b8b56d874b908c82becc1240
SHA512726fb42cb441c1286d2d1d0d237a611161d9862c7e5ee42914b4890f18a4abe3716d93dba2821a36ebd1db9dc8e66562a50a94fd83a268e3654d96b466288cbb
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a996bac03a8e9af41a3672c82b15ba9e
SHA101040d516f51effc7c66d62f3af1df8e9b0558b0
SHA2566f10d1d726415507bc63ec4fe6d8adaaa70b1718ecdf5405ea78675d7eb9b315
SHA5120d7c5b575543abd4efea0910d929d19c63a7b7f483f24ae82baa8ad710f9e1d49c6648475a0a8e8c9472576137163c2b4c0229b4d577c625cb9bc4cceff57c22
-
Filesize
10KB
MD557f90e25e87d873865fc5856ffd3cf05
SHA167d5f744b4edeb9f0cdaa78dac86fa120d6c224e
SHA256ce6701eea28c2c0cba54f54f93a58314fa3b3c319d32c31f3895bd56f885026f
SHA51207326ec06b12d5ef79c950a250694f2d4f2630ab7d3454c802061d53ee4c96286cf11c042806b269c4d8d0dd6945570f1c62488869320821289e385919557a49
-
Filesize
29KB
MD51067bb5e1dc6fef12ffa4761ae825844
SHA11ba85db58da54eb678d780255a9124ec1f2dac8b
SHA256e187082fc7f19429942bea509cdabbf45676c7b73d83485e6bde629373a2abcb
SHA512b0dc48696b8c51085f5f27cc1162098a2e5756aa1378d47416497ce37722a3359632889ee2a3ba85b2a9daba166c56b8ba63b53a72a74f157dc924c63c91b31b
-
Filesize
5KB
MD5da0232dc28dfc99585d1832f2bc5f86f
SHA10191a2a7010675988a604b8e82240943560d84fa
SHA25676eaf5976e7568f683783c6a179f28cacf0d73811af776ee30de2c1a97530a99
SHA5126c8271a05a4c6713e97e06128615bf7552ebd4987398193d7072b29a19d1e30ee80adbb4d907c94434e6faf7ec0f1b6a9328dbfa94da4d13bdcdf20544f74b35
-
Filesize
26KB
MD56268c2574013ad889530a22427a3ff28
SHA13a26832882cbaa324499f703a03ff2fc8cb3ba6a
SHA256a4d57407192c3cab2815597cc16cf7c75c29e4a10a5cd42b2dadff9996059aa1
SHA512a5013c4cb433ca7a55db2aff1fc0807fe0affb54075078136c3de467bb2e83fd7031da77b94849dc819f31d87e04f451975ddad3c05e821e6cf0e9149c1e8caa
-
Filesize
982B
MD59a24a27cd3f85579851158d27bed5a36
SHA177f6e033ede740d201999badf5ee3318ee05d203
SHA2569c25c736e5956a965cdb3aed9465d0e9f795e1955909d0e649a4a4bd36bd769b
SHA512f6d88707a5d8291f13bff881ae8293a17f52a40c4b4193ebad552a98ab82f44a7a6358da2018e4c34e94e61e3306b52931c00c4d4a0bc31fa6d5a9c951c076e8
-
Filesize
671B
MD52db131f115afc7c78989acb380f8d2f6
SHA1ed96970578edd44efc53a97b62cc0b7a152faeaa
SHA2567135d1eb097e6096fd79857e38356757ca5f636defeb383791c9638e637eee47
SHA5121488e0a7cc939c5ba52db4aa75eaf7c533a4a21955e833fa51bd4a5b1a512256f8d76f72c8d1b136a4073d3bae95cfe856f2147d5650401bf6ee7cc2739fb3d3
-
Filesize
10KB
MD5827c510a87b7693843b711fcf7b32dc4
SHA17a56de85c1aae547052eb037d69832544b8c5579
SHA2568c55c348e42f7fc3e7467ecee8d3f894738aa6007223334746bc56d0259c8dff
SHA5122ffcce088766380409a68ae6c4350a298172984d58d1d79249f7ace1584223d28ede9f743dc29680df9913705a5516690204ac9f460dab1fee2dab05a3a361b9