Analysis
-
max time kernel
28s -
max time network
33s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
15-12-2024 16:28
Static task
static1
General
-
Target
Panel Ejecutador MTA 3.14.zip
-
Size
1.1MB
-
MD5
d345c2eb24b0d3806865fda604ad1cc8
-
SHA1
6b813317f6108f2c242babda58097070503df242
-
SHA256
9261f3eefa0aef107e865784d8b8b62d4e7213056dfe535893920a344fa0d908
-
SHA512
76c941b833ffcef6da121c2e2735952ed81cbf7c6a6260a227040d37abf0adaa41461045c69710331345d52d95aac89ddf0a256ebc85fbdb2ed703106999ab74
-
SSDEEP
24576:ioRau4l48JTUIlfSsqFDxCs3+UgQYuX370FBZa:ioRUv5UIYsqOs3+UPY234m
Malware Config
Extracted
quasar
1.4.1
Office04
azxq0ap.localto.net:3425
e51e2b65-e963-4051-9736-67d57ed46798
-
encryption_key
AEA258EF65BF1786F0F767C0BE2497ECC304C46F
-
install_name
WindowsUpdate.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
WindowsUpdate
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 2 IoCs
resource yara_rule behavioral1/files/0x002800000004610b-2.dat family_quasar behavioral1/memory/728-5-0x0000000000780000-0x0000000000AD6000-memory.dmp family_quasar -
Executes dropped EXE 2 IoCs
pid Process 728 Panel Ejecutador MTA 3.14.exe 3652 WindowsUpdate.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File opened for modification C:\Windows\SystemTemp chrome.exe File opened for modification C:\Windows\SystemTemp setup.exe File opened for modification C:\Windows\SystemTemp\Crashpad\metadata setup.exe File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat setup.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133787537613731821" chrome.exe -
Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 4400 schtasks.exe 3948 schtasks.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4508 chrome.exe 4508 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe -
Suspicious use of AdjustPrivilegeToken 37 IoCs
description pid Process Token: SeRestorePrivilege 3724 7zFM.exe Token: 35 3724 7zFM.exe Token: SeSecurityPrivilege 3724 7zFM.exe Token: SeDebugPrivilege 728 Panel Ejecutador MTA 3.14.exe Token: SeDebugPrivilege 3652 WindowsUpdate.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe Token: SeShutdownPrivilege 4508 chrome.exe Token: SeCreatePagefilePrivilege 4508 chrome.exe -
Suspicious use of FindShellTrayWindow 28 IoCs
pid Process 3724 7zFM.exe 3724 7zFM.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe 4508 chrome.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3652 WindowsUpdate.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 728 wrote to memory of 4400 728 Panel Ejecutador MTA 3.14.exe 85 PID 728 wrote to memory of 4400 728 Panel Ejecutador MTA 3.14.exe 85 PID 728 wrote to memory of 3652 728 Panel Ejecutador MTA 3.14.exe 87 PID 728 wrote to memory of 3652 728 Panel Ejecutador MTA 3.14.exe 87 PID 3652 wrote to memory of 3948 3652 WindowsUpdate.exe 88 PID 3652 wrote to memory of 3948 3652 WindowsUpdate.exe 88 PID 4508 wrote to memory of 4316 4508 chrome.exe 91 PID 4508 wrote to memory of 4316 4508 chrome.exe 91 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 2208 4508 chrome.exe 92 PID 4508 wrote to memory of 3812 4508 chrome.exe 93 PID 4508 wrote to memory of 3812 4508 chrome.exe 93 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 PID 4508 wrote to memory of 2072 4508 chrome.exe 94 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Panel Ejecutador MTA 3.14.zip"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3724
-
C:\Users\Admin\Desktop\Panel Ejecutador MTA 3.14.exe"C:\Users\Admin\Desktop\Panel Ejecutador MTA 3.14.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:728 -
C:\Windows\SYSTEM32\schtasks.exe"schtasks" /create /tn "WindowsUpdate" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe" /rl HIGHEST /f2⤵
- Scheduled Task/Job: Scheduled Task
PID:4400
-
-
C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe"C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3652 -
C:\Windows\SYSTEM32\schtasks.exe"schtasks" /create /tn "WindowsUpdate" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe" /rl HIGHEST /f3⤵
- Scheduled Task/Job: Scheduled Task
PID:3948
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4508 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffc05b0cc40,0x7ffc05b0cc4c,0x7ffc05b0cc582⤵PID:4316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2032,i,15488973921766851979,11018467518071966244,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2024 /prefetch:22⤵PID:2208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2060,i,15488973921766851979,11018467518071966244,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2072 /prefetch:32⤵PID:3812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,15488973921766851979,11018467518071966244,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2284 /prefetch:82⤵PID:2072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,15488973921766851979,11018467518071966244,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:1300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,15488973921766851979,11018467518071966244,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4500,i,15488973921766851979,11018467518071966244,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4528 /prefetch:12⤵PID:4576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4676,i,15488973921766851979,11018467518071966244,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4668 /prefetch:82⤵PID:1100
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level2⤵
- Drops file in Windows directory
PID:392 -
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x7ff7c0254698,0x7ff7c02546a4,0x7ff7c02546b03⤵
- Drops file in Windows directory
PID:4512
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4648,i,15488973921766851979,11018467518071966244,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4868 /prefetch:12⤵PID:764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,15488973921766851979,11018467518071966244,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4468 /prefetch:82⤵PID:1064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3732,i,15488973921766851979,11018467518071966244,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5160 /prefetch:12⤵PID:3288
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:2468
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:2968
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
233KB
MD505521b5a80df7442b8164f4a3db6dec2
SHA1c5a4c10c857c3c3407784be0575345f9ecec3130
SHA2561859024d542670623ee7ca3b9053f58442ddb9c5cb9f2677becf3ab3daac09d4
SHA5125ac05f3b351e9829d0d9a0c021bb5e1186e0a09446132bba859c7671eddc4d42bc31de6af7d4b34299d065ec440e4a703bfdf174bd470ecad1fe0b9088a67c2d
-
Filesize
1KB
MD53422eaa91e9e308745d85b89d7862c83
SHA1f65c81fd6a138cf769cbc4ff8c3e2d3a1d3a4925
SHA256f4a083d3f05cc70b2c408623389c24e1f0ca17a1670986bc138b460e93bf7715
SHA512075a233f69578a26d9bc9d45273eb9b6794cf1b55a5e13cb89905e7b1475f797ab20c252b225fe8b9aecfd4074fbbc16c020d345645e058a52428a1651a05543
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD59d15b49f3c2c190615050c6b01942a09
SHA10f96d456938d12c86673ad8221974709033fd8fe
SHA2566f86e5b20a2c606bd72994d79ed2f708c58485509fc13b8b27acec78112a1df8
SHA5121a80c2f1ba2b1cade8828351f0902724a13b6bb4f29c67b82ed708021aaff3f04fa20763f028456c3bd0eca91e76670abcf24fb9fa51ce3520cc764356ef7107
-
Filesize
8KB
MD5fd46026960eb30b34a1732509403f6e9
SHA11a47d40fcb3ea9e374df151a8ff802cd45a09537
SHA256fcc65737de39826a3662114b1fd675a23ace50af970ba44f3b4390784dd2149b
SHA512df253b694bb2bd9c6249ca0f3bd6574d22f28c4b47fa23278616cc937dcb9cbadc0ad62482d653d7dee79cef8d26b95bf051d95a035ca01bc3eafe22bb41eca3
-
Filesize
3.3MB
MD55791d405ca0a97a89eeaeb4f2be628be
SHA1a012d40aaaa01db12a83b0e4408d012fd383dd0b
SHA2566c67a1bf1d558b31a790e4bdcef062c9b49f00a1b3d7361dfc8308d55b87bc5d
SHA5123971447d6a5f1ffe51bb1acc0d2525aa5bca521358c67828e6bd983d68e8c22dfa83ab49109575bc113e13de861682af563a3ed21e5ef48cce1bfcdb8f1f2afd