Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
31-10-2024 08:23
Static task
static1
Behavioral task
behavioral1
Sample
90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a.exe
Resource
win10v2004-20241007-en
General
-
Target
90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a.exe
-
Size
98KB
-
MD5
68eef72f6e7db681bd6ecde8e66284df
-
SHA1
f53438226cee27773bfdd953a6c615c7abf34401
-
SHA256
90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a
-
SHA512
75e7742724c1d650b3300e12e0763bff527e7d8bc721bb755cb77cae9d2b2695f865503adf6e47d3f8c6c3052137c875cd5b7e12ba393b49f4fd6eb6ef190a88
-
SSDEEP
3072:pjkuJVLlBJu2A88ElzYyNhZk1EJZf++pufg5s:GuJlzYw5Kq5s
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
Processes:
Logo1_.exe90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a.exepid Process 3728 Logo1_.exe 392 90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a.exe -
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
Logo1_.exedescription ioc Process File opened (read-only) \??\N: Logo1_.exe File opened (read-only) \??\L: Logo1_.exe File opened (read-only) \??\E: Logo1_.exe File opened (read-only) \??\V: Logo1_.exe File opened (read-only) \??\S: Logo1_.exe File opened (read-only) \??\R: Logo1_.exe File opened (read-only) \??\O: Logo1_.exe File opened (read-only) \??\I: Logo1_.exe File opened (read-only) \??\W: Logo1_.exe File opened (read-only) \??\U: Logo1_.exe File opened (read-only) \??\Q: Logo1_.exe File opened (read-only) \??\P: Logo1_.exe File opened (read-only) \??\M: Logo1_.exe File opened (read-only) \??\K: Logo1_.exe File opened (read-only) \??\G: Logo1_.exe File opened (read-only) \??\Z: Logo1_.exe File opened (read-only) \??\X: Logo1_.exe File opened (read-only) \??\J: Logo1_.exe File opened (read-only) \??\H: Logo1_.exe File opened (read-only) \??\Y: Logo1_.exe File opened (read-only) \??\T: Logo1_.exe -
Drops file in Program Files directory 64 IoCs
Processes:
Logo1_.exedescription ioc Process File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\nb-no\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\jjs.exe Logo1_.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\rmid.exe Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\node_modules\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\firstrun\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-gb\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\da-dk\_desktop.ini Logo1_.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\tr-tr\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\en-IN\en-IN_female_TTS\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\is-IS\View3d\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\FileAssociation\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\WindowsPowerShell\Modules\PSReadline\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\pl-pl\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\zh-cn\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Windows Defender\es-ES\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-ae\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\css\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateOnDemand.exe Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-200_8wekyb3d8bbwe\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Tented\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-ae\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\tr-tr\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\themes\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\ja-JP\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\de-DE\View3d\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\km-KH\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\AppCore\Location\Shifter\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\fr-fr\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\en-il\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\WindowsPowerShell\Configuration\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\locale\es_MX\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nb-no\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\sk-sk\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-tw\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\fr-ma\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\it-IT\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ca-ES\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\he-il\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Windows Media Player\es-ES\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\th-TH\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-black\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-ma\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\dc-annotations\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\sv-se\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\css\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ca-es\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini Logo1_.exe -
Drops file in Windows directory 4 IoCs
Processes:
90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a.exeLogo1_.exedescription ioc Process File created C:\Windows\rundl132.exe 90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a.exe File created C:\Windows\Logo1_.exe 90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a.exe File opened for modification C:\Windows\rundl132.exe Logo1_.exe File created C:\Windows\vDll.dll Logo1_.exe -
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
net1.execmd.exe90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a.exeLogo1_.exenet.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net1.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Logo1_.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net.exe -
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
Processes:
Logo1_.exepid Process 3728 Logo1_.exe 3728 Logo1_.exe 3728 Logo1_.exe 3728 Logo1_.exe 3728 Logo1_.exe 3728 Logo1_.exe 3728 Logo1_.exe 3728 Logo1_.exe 3728 Logo1_.exe 3728 Logo1_.exe 3728 Logo1_.exe 3728 Logo1_.exe 3728 Logo1_.exe 3728 Logo1_.exe 3728 Logo1_.exe 3728 Logo1_.exe 3728 Logo1_.exe 3728 Logo1_.exe 3728 Logo1_.exe 3728 Logo1_.exe -
Suspicious use of WriteProcessMemory 17 IoCs
Processes:
90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a.exeLogo1_.exenet.execmd.exedescription pid Process procid_target PID 1484 wrote to memory of 2424 1484 90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a.exe 84 PID 1484 wrote to memory of 2424 1484 90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a.exe 84 PID 1484 wrote to memory of 2424 1484 90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a.exe 84 PID 1484 wrote to memory of 3728 1484 90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a.exe 85 PID 1484 wrote to memory of 3728 1484 90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a.exe 85 PID 1484 wrote to memory of 3728 1484 90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a.exe 85 PID 3728 wrote to memory of 1508 3728 Logo1_.exe 86 PID 3728 wrote to memory of 1508 3728 Logo1_.exe 86 PID 3728 wrote to memory of 1508 3728 Logo1_.exe 86 PID 1508 wrote to memory of 880 1508 net.exe 89 PID 1508 wrote to memory of 880 1508 net.exe 89 PID 1508 wrote to memory of 880 1508 net.exe 89 PID 2424 wrote to memory of 392 2424 cmd.exe 90 PID 2424 wrote to memory of 392 2424 cmd.exe 90 PID 2424 wrote to memory of 392 2424 cmd.exe 90 PID 3728 wrote to memory of 3376 3728 Logo1_.exe 56 PID 3728 wrote to memory of 3376 3728 Logo1_.exe 56
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3376
-
C:\Users\Admin\AppData\Local\Temp\90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a.exe"C:\Users\Admin\AppData\Local\Temp\90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a.exe"2⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1484 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9124.bat3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2424 -
C:\Users\Admin\AppData\Local\Temp\90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a.exe"C:\Users\Admin\AppData\Local\Temp\90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a.exe"4⤵
- Executes dropped EXE
PID:392
-
-
-
C:\Windows\Logo1_.exeC:\Windows\Logo1_.exe3⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3728 -
C:\Windows\SysWOW64\net.exenet stop "Kingsoft AntiVirus Service"4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1508 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"5⤵
- System Location Discovery: System Language Discovery
PID:880
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
247KB
MD5bf3b90acfdfe9e8f51fd793d465287a9
SHA1c59e88929d9f26f7d22f11f46e428b249cba743a
SHA256e9155d4ac3d176b54cc581cf7a5f849462d48e54aaaccd2222b4b4c5fe1c1dff
SHA5128b9f4068acc6f531fb1bf432e619224d10ff949af4525e3f5e46e1002bf02bb2cd8dd45c7f4ff9a518677185f266a6a6dd38e461f0e61db7d408d3f9f3c83f69
-
Filesize
573KB
MD5ff31998409b4a449997af6ee56213207
SHA1178f19670dd326eb9e5a754d0a45b5b1193fd7a0
SHA2562b5b05eb00ceb57aac9c39f5fed172530a5c1f110996609e1d7dceb7cc95ddaf
SHA51237216c4c34cfeb00d59ab14b231f7e34a90e8e15a7436a04640b4d0bc3902e4d80f092748d37d70883c71cac1e8bff4e619d3973969034d4b760008bff5322c4
-
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
Filesize639KB
MD5f2dd3625350094e9f92f96bd0211a47a
SHA14b54b7f337ebdde42b179120d3141b974e604859
SHA25693ebf0f160833b337c35ca68d4e30e5805148c8cb318d842006fb867d44867ba
SHA512110aab7585b4bc8b710e7180c9e19420ad8c2aac1483db8b5245e507864f8994d8ec3670950e00ebc199c19b14bc17253ca854e4e524887e10e99f650fc23f9c
-
Filesize
722B
MD5be305637c0583c995168527841dadc08
SHA19f152444767b97273fef5074c97eae28796d772c
SHA256ce26f22caa2c5c57389023b2217726f78d4483dd9e8e62bda4b4353d968109d6
SHA512a5280cd9a74e07fdab16a10098d399c0af6294120e62303854ee6892b44e7bcfda0f4651cfe77a3a8d29fb686ed278cd4a03e5977f13f7d32212132061996b16
-
C:\Users\Admin\AppData\Local\Temp\90647d1e5bc5abef414d1b4ae8ef3cc4855a1456202229b621cc554bd8b7b02a.exe.exe
Filesize68KB
MD50cafef40fa8905f2001dd019140d6440
SHA13ef1a11c803c0b0e1d4c9ee1f049a98ca538524a
SHA2567b9fcf4d30c5dd337bb7b46b077e400bea0caae56d69899b1441ac6cac6155f3
SHA51206486241c46be7e0f83716cb944d2281d8e0856bf818aaa5e98cc3a04917e20dc247b03076d5a2f51d3d102d0aac3611860b77483ef1cecede99401395e59f05
-
Filesize
29KB
MD57a40ca98824decf9cd5833327cc00541
SHA12d499bbdb969dfd75795a24250d530bb70220106
SHA2562177d280001b67dbf89342b11a421028050b90e50b7cee96186d258c66a62115
SHA512bf9fc1fad0ffddc4561378cfcf777ddba9e736a796db590d3c7578800041afc08ab18c0698fd9816df8411b5b3c02bd914e6afcb37aeaf01f466acafcefe03d4
-
Filesize
10B
MD5688d58fa5756a393f9472937ef284c25
SHA118ee07a5ee8de4fbd046763cd4a55ef2e6c3f808
SHA256e21f27bdf2d90c77d75658b5217d5af4519a6c1bfc326a109eb4a085a2b83302
SHA512c84930eb323c71ffc1edac543a2f60e366de40b39a88b18dba09c1272fae0b12262f4fae496bc9546598507fc37729d829f93b101bbec4739a05be33e0010a3f