Overview
overview
7Static
static
3bf388f9182...7N.exe
windows7-x64
7bf388f9182...7N.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Uninstall.exe
windows7-x64
7Uninstall.exe
windows10-2004-x64
7ast.dll
windows7-x64
3ast.dll
windows10-2004-x64
3home.url
windows7-x64
6home.url
windows10-2004-x64
3popr.chm
windows7-x64
1popr.chm
windows10-2004-x64
1popr.exe
windows7-x64
6popr.exe
windows10-2004-x64
3Analysis
-
max time kernel
112s -
max time network
106s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
10-11-2024 00:25
Static task
static1
Behavioral task
behavioral1
Sample
bf388f9182f816e19fb683e7f719fac66f294028c24e2b536273d7d355e51277N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
bf388f9182f816e19fb683e7f719fac66f294028c24e2b536273d7d355e51277N.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Uninstall.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Uninstall.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
ast.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
ast.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
home.url
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
home.url
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
popr.chm
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
popr.chm
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
popr.exe
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
popr.exe
Resource
win10v2004-20241007-en
General
-
Target
home.url
-
Size
141B
-
MD5
c333d8c4443b1abb0e89daa9282ab230
-
SHA1
8cded0caab06fe4409e0683413ff651bfdde5e84
-
SHA256
b7e4bc038a5f9e50d9ef8dcc985d399c55d9dd097f25f6cda1211dfc0fa4b0a2
-
SHA512
34a55aa15ddbb0a65e063f45b75ea3db72b4030503f50c3771412b3548bc5ba8f58376f5cd78575189e3d4cf0875a1eb6865f9b335285ae6ae6e1920814f17b7
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exepid process 3924 msedge.exe 3924 msedge.exe 1896 msedge.exe 1896 msedge.exe 5056 identity_helper.exe 5056 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
rundll32.exemsedge.exedescription pid process target process PID 4428 wrote to memory of 1896 4428 rundll32.exe msedge.exe PID 4428 wrote to memory of 1896 4428 rundll32.exe msedge.exe PID 1896 wrote to memory of 4440 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 4440 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 2892 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 3924 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 3924 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 3972 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 3972 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 3972 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 3972 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 3972 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 3972 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 3972 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 3972 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 3972 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 3972 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 3972 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 3972 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 3972 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 3972 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 3972 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 3972 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 3972 1896 msedge.exe msedge.exe PID 1896 wrote to memory of 3972 1896 msedge.exe msedge.exe
Processes
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\home.url1⤵
- Suspicious use of WriteProcessMemory
PID:4428 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.passcape.com/2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1896 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6db846f8,0x7ffe6db84708,0x7ffe6db847183⤵PID:4440
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,10250112627528035086,904168376335093075,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:23⤵PID:2892
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,10250112627528035086,904168376335093075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:3924 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,10250112627528035086,904168376335093075,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:83⤵PID:3972
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10250112627528035086,904168376335093075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:13⤵PID:3328
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10250112627528035086,904168376335093075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:13⤵PID:3952
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10250112627528035086,904168376335093075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:13⤵PID:456
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,10250112627528035086,904168376335093075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:83⤵PID:500
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,10250112627528035086,904168376335093075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:5056 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10250112627528035086,904168376335093075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:13⤵PID:4844
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10250112627528035086,904168376335093075,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:13⤵PID:2516
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10250112627528035086,904168376335093075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:13⤵PID:2368
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10250112627528035086,904168376335093075,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:13⤵PID:4012
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4884
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1408
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD599afa4934d1e3c56bbce114b356e8a99
SHA13f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA25608e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA51276686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da
-
Filesize
152B
MD5443a627d539ca4eab732bad0cbe7332b
SHA186b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA2561e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD513b26dfed782934eea385a3a83226ee5
SHA19c0504a0cbaeee4aa62e0f9ffe521721d3ab5f42
SHA256e39136d7132664ae62eec286fb674fa8204bfc700827048c1e4f04f2a20b2b20
SHA512d6b9b8e160b194567d071cd77fd3186d328a77d010952acbfaae6dcc673445090503c5007f9ccdb7423f887c7f78da81afb97aa4a0f87e061478e0704b80d78a
-
Filesize
184B
MD5eca489a2ed001141d7018b7865f91cb8
SHA1dc916c5e34663413e6ad643c06cab82cc5e7718e
SHA25624ca81f022c5a7ca5f5eacb4f4a4ce481c358e2bd9b20571273e6d76f88f895b
SHA512d45cfb3dfd149c5c793c75ba35b9ca4ab48780a1dad4c0002f0199eecb280f04118098a32c1a503ab63c505a8fc44d55501c62b539cce0f18b29e62dcfb91556
-
Filesize
5KB
MD56b4b97e2237c16860b8f04ba19a6d5ae
SHA1fe5e688a8f4dff9b6f0e3068eb33eb6351ecf930
SHA256a576037c1db963b41074aea500d6113d94828b9c065fa00dd93f586b7acc1d5e
SHA51230996ca1c60fef5f20082140fa581e7a2c23273d150cb3f20b7959a0001c047870a9ea32d50e12ae16070632317206a60df62b3d121aa7c44e9b11b179c1e8ae
-
Filesize
6KB
MD5747af6448246c00eab095f0c82441e97
SHA15e800f31273952ee22e9594c99ac3a2b70a5fc69
SHA256601e70e253ab8fd1fdd020a16d933f1a4c59bebe48f525dd9b733b420803a295
SHA5127e8319475ca01e6609bae6a1b9f01013784946084b405023a17bc522b5040994069c83a79758b4245da42faba2db00fcb6a92c5f56dde891160e69adeb8be4e5
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD51939ee652ae949d7e25b04aa7e13bfdb
SHA13789b8469c4e2e05a47278b3db4f63a5f9e1eceb
SHA2564c6c40b1b529312fd1e10db62075a3c670fc7c8999ca683c302cca1788b3a77d
SHA512a3388c4004bfd43238f51197ab929c610df9c46d8f2ac2d7a4c11e42536fb435d6a986379965ef8abfc084418a2ca8ff82c023a41c32a72c384d8453129f638a
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e