Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
23-12-2024 07:30
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://shanghaidaily4d.com/RET/TRG/SOR/
Resource
win10v2004-20241007-en
General
-
Target
https://shanghaidaily4d.com/RET/TRG/SOR/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133794126419984584" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2060 chrome.exe 2060 chrome.exe 4392 chrome.exe 4392 chrome.exe 4392 chrome.exe 4392 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe Token: SeShutdownPrivilege 2060 chrome.exe Token: SeCreatePagefilePrivilege 2060 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe 2060 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2060 wrote to memory of 3444 2060 chrome.exe 82 PID 2060 wrote to memory of 3444 2060 chrome.exe 82 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 4740 2060 chrome.exe 83 PID 2060 wrote to memory of 2716 2060 chrome.exe 84 PID 2060 wrote to memory of 2716 2060 chrome.exe 84 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85 PID 2060 wrote to memory of 4088 2060 chrome.exe 85
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shanghaidaily4d.com/RET/TRG/SOR/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2060 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffec9a1cc40,0x7ffec9a1cc4c,0x7ffec9a1cc582⤵PID:3444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,4446541917138462325,6254638359121424680,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1912 /prefetch:22⤵PID:4740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,4446541917138462325,6254638359121424680,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2184 /prefetch:32⤵PID:2716
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,4446541917138462325,6254638359121424680,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2424 /prefetch:82⤵PID:4088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,4446541917138462325,6254638359121424680,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3120 /prefetch:12⤵PID:5108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,4446541917138462325,6254638359121424680,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:12⤵PID:4880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4492,i,4446541917138462325,6254638359121424680,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:82⤵PID:820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4776,i,4446541917138462325,6254638359121424680,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:12⤵PID:2880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5056,i,4446541917138462325,6254638359121424680,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4392
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:4136
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4744
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD57cdd328a808300bf3c079974bc13a2e6
SHA1c258c5ab4dc1a31fd1b4ff6178584e03657535ef
SHA25638e207402a37395599eb633e8bfccb6d9bc468f94cb7e220e0bae376db521624
SHA5124291f87d39b92eee4c64c55214564a06e3a21746c6d6773f892416dc008e742ae871f9f32cdcfb037b6cc7d9f645f2f389b9bb4426f582b052f73fd4da91b90d
-
Filesize
120B
MD58b0dd27e26b55bc7cf2be9d4de464a1b
SHA1c2de8c5c9a14d11c3de696b320e42eb761c89cb2
SHA2565ef853e2812636c5c2070d76c3d5ca6f1e12aa9ee8aece5be3fef2880d2fa072
SHA5124492ec6025eb7b7c50630a32265205ca480316c22013ae0dfd2c78c41536b1cd1472eb1bd0b79e5677204b8c6076153916322cbb5f644755f84508585da2d39a
-
Filesize
2KB
MD5a8138a734d5358e559c243df606f8682
SHA1098b5b1edfdf46da80a8450b210e02818302be2e
SHA256b2c685ef0a499d040dea15395b0a7ba85b02d631a6947999018007f8cdef34ff
SHA5124ae6800dd05e4680a3229c7c381825998ec25c8dfa562c8cb3e6565fd813fee9aa6c6d397d70b5cf84338aaef26ab2187c0eb70c3d672604e85ccdb576b5b62b
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD5b4e33b2ecadafeadb4afa128af5b500b
SHA1d4c37cd461e8ddcf857f2e4f8de5071bacdbd48c
SHA256fc9d8c3ea59267c7015ced4426f2b16ea12c8267056f7f72f8ea8842d6780b28
SHA5128133468fc81ef5867a5496a3c4227faf1bf712b639ee92736a21a6d6bc2fb6cd50be27dc701dd7d3bada931f93251123094669ba01ca5354c7fdf2c5db228d85
-
Filesize
9KB
MD587168367241a6207a7dc96bcabb8ad1f
SHA1e129faacd9eca4b177752ba6bd7532054741de56
SHA2562c65c9464a6ca761935a8b41056f22aa707439f8ea29da9bbe0deddcc144bc88
SHA5122cc6c727ecd19c8f2a4a9e3fca91b895d14a4ec87cfdf9f2a4211e5b61023eed8bfc0d6c7c6c3f2ba34750c8811cae617cb3134c7490e77942d1c1ad6f3ab632
-
Filesize
9KB
MD59eff4faea5a4a76caaac2e1365957a19
SHA12416a0b9e041e04edfe7d28a76b757e54d8f7bbe
SHA25682c2d29191a2e11d4a0a7dee4263f1003b31e4d8b8f8aedea5a41b892cd099bf
SHA512ce28c0e25f574400950feda817ee1e2e6121962e21b78adb33cbe238a7438e448d6ed88bcf47423ca32b44a631ce4e649db7455221bbd87baa796698add36f8e
-
Filesize
9KB
MD55c3049cff07f542671db352ed85f3e95
SHA1221436b30ea8e1dcadb7039d6fe94f2158941d72
SHA2569df389d17d9fbc230d3166611c97ac1413e0a34e573194d68d25c900203da6e8
SHA512d208d6bae036eee7b3a8944db04a239a8aa15832c470bc3bb5691a6cae5743171ef28f485ba0fc27e1ddc1c1ff02a53819b76ef2ed9257c9ec737899b184a07a
-
Filesize
9KB
MD570abf88c1fcae7eaa656e4c5b2888424
SHA1cadc851b1e0cf988197c52c5615a93d958de9d5a
SHA25665c59df94ee039c04ef0b0baf2d251517c95a4b96bd70cb511f78c63c6647fd0
SHA51247699d1fe722b587d54ac60a779a3ba3288a86ae3957932bd2a0066282ae2e5eef356ad552075d602f89ff50ae7aded79608fc40d51a08b951ebe67047d46336
-
Filesize
9KB
MD56942cd244276a869c78c318a733e5c64
SHA129c5b8f555612bfcb82b8d60b4d2bfa33f0e7130
SHA256a1b0e47b6ee8ec905464ec27da415157d26a24a43c15468128e9e1c1afb2a5d2
SHA5125b6e717911a3a232e1550dd1fb18b3bd186d0a5c0adae311a50f2f29e75421d0456c59e4f1a951ad19b1968ec3e88e19e41e6682ac78e3781088e9907684b66e
-
Filesize
9KB
MD5ee86db2ee270fc58abf63dc7290d683b
SHA1b3673a0b0f96daf94e224d016dc00bb4033450d3
SHA2568d33eb33ef7b378661b4fec25aeb76aea8f6dc0093123de8e5e27663a7f717f7
SHA512de8f84488685a8aae2a7ce38f473271e30aae6d01ed30f8cf007d4b91589dcecf28ad68e24fddf571635a9f5a4713266178cbfcbf832a21ed43409e81e187989
-
Filesize
116KB
MD5a08a4ddc7cca5ea5b52e33963d11eb12
SHA109959e710815b2f7f4f925da6addbf4e39c31024
SHA2566ade0a9493a6409ed94bd3507e23952e8830e53a7de2e4c5c0acfe79c6fb2e80
SHA51274da5f5010f81ac59868809d74a965185fabfab8e7772a55cee56d21bb70ca99d970e0355c5a9202b3c258477626a0fb4e8a8d8334dabb23389dd9ee722d492c
-
Filesize
116KB
MD5cfb124f76d470c5f1ec9b5015520b9df
SHA1a55e0733245126412ce4e99c19fa203b779e91f2
SHA256b821717dacecc737447d9f202efec6dd395a4dc01493cf42fe0886f001a8296b
SHA51256ff4a1aed75c2383ec93e27fbaf1fcb8749f2b2806c8928dfaef2126af6dfb4a27ffe17e47d530c5bdcf879875014574e2c13614c3b58567bc2a2818dd45ac4