Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
16/05/2023, 20:56
230516-zq4aqsce86 116/05/2023, 20:55
230516-zqq1eabf7z 116/05/2023, 20:51
230516-znevcsbf61 1Analysis
-
max time kernel
442s -
max time network
1769s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
16/05/2023, 20:56
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://lol.zip/
Resource
win10-20230220-en
windows10-1703-x64
Behavioral task
behavioral2
Sample
https://lol.zip/
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral3
Sample
https://lol.zip/
Resource
win10v2004-20230220-en
windows10-2004-x64
General
-
Target
https://lol.zip/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe Token: SeShutdownPrivilege 820 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe 820 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 820 wrote to memory of 1300 820 chrome.exe 27 PID 820 wrote to memory of 1300 820 chrome.exe 27 PID 820 wrote to memory of 1300 820 chrome.exe 27 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1896 820 chrome.exe 29 PID 820 wrote to memory of 1124 820 chrome.exe 30 PID 820 wrote to memory of 1124 820 chrome.exe 30 PID 820 wrote to memory of 1124 820 chrome.exe 30 PID 820 wrote to memory of 864 820 chrome.exe 31 PID 820 wrote to memory of 864 820 chrome.exe 31 PID 820 wrote to memory of 864 820 chrome.exe 31 PID 820 wrote to memory of 864 820 chrome.exe 31 PID 820 wrote to memory of 864 820 chrome.exe 31 PID 820 wrote to memory of 864 820 chrome.exe 31 PID 820 wrote to memory of 864 820 chrome.exe 31 PID 820 wrote to memory of 864 820 chrome.exe 31 PID 820 wrote to memory of 864 820 chrome.exe 31 PID 820 wrote to memory of 864 820 chrome.exe 31 PID 820 wrote to memory of 864 820 chrome.exe 31 PID 820 wrote to memory of 864 820 chrome.exe 31 PID 820 wrote to memory of 864 820 chrome.exe 31 PID 820 wrote to memory of 864 820 chrome.exe 31 PID 820 wrote to memory of 864 820 chrome.exe 31 PID 820 wrote to memory of 864 820 chrome.exe 31 PID 820 wrote to memory of 864 820 chrome.exe 31 PID 820 wrote to memory of 864 820 chrome.exe 31 PID 820 wrote to memory of 864 820 chrome.exe 31
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://lol.zip/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:820 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefab29758,0x7fefab29768,0x7fefab297782⤵PID:1300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=972 --field-trial-handle=1264,i,1817020027325421338,1554022027479348251,131072 /prefetch:22⤵PID:1896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 --field-trial-handle=1264,i,1817020027325421338,1554022027479348251,131072 /prefetch:82⤵PID:1124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1264,i,1817020027325421338,1554022027479348251,131072 /prefetch:82⤵PID:864
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2124 --field-trial-handle=1264,i,1817020027325421338,1554022027479348251,131072 /prefetch:12⤵PID:1712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2244 --field-trial-handle=1264,i,1817020027325421338,1554022027479348251,131072 /prefetch:12⤵PID:1656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3316 --field-trial-handle=1264,i,1817020027325421338,1554022027479348251,131072 /prefetch:12⤵PID:1548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1296 --field-trial-handle=1264,i,1817020027325421338,1554022027479348251,131072 /prefetch:22⤵PID:2140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3816 --field-trial-handle=1264,i,1817020027325421338,1554022027479348251,131072 /prefetch:12⤵PID:2252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3420 --field-trial-handle=1264,i,1817020027325421338,1554022027479348251,131072 /prefetch:12⤵PID:2392
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1264,i,1817020027325421338,1554022027479348251,131072 /prefetch:82⤵PID:2860
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1360
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
62KB
MD53ac860860707baaf32469fa7cc7c0192
SHA1c33c2acdaba0e6fa41fd2f00f186804722477639
SHA256d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904
SHA512d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\86c698ec-5d99-4fee-a0e6-9c57e2e69946.tmp
Filesize5KB
MD5269825448b59e0db8c4a914214111ff6
SHA1febee650e2e3c05842fc1c9bc293774dae5c2494
SHA2568d8f36e3b605709cd3ea075aa0995ef3e602959b3ebc212852c222914433cebe
SHA512d0b0706bbbf25d3a6d346ea4769e607f2f7a330fa2d698496bb7396d9da68f9b02efc0cdd8b454ffe9073dbcc4ca173002b873a21743ba23e9dd25fb31c009f5
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT~RF6fd422.TMP
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
4KB
MD5617f8ffe55603e889e5533c7b40835fc
SHA18484c7569bb96a3d28565b5f972a8e5b48340349
SHA256667a888535107eb36dddb7c2e527a0585a69e693c8b3c9f00efa6f1a3555a3f5
SHA512b200667f211ea0e84165fe65464f3bb61c9552f5d5cdc34828dcd3cc39b74f52eabe64ff930efa4a9c87e91e6dfd3d71ae8960084e13086a3f62eb86454d577b
-
Filesize
4KB
MD5270aa80204ff7ff5d02b8dd8306d2b6f
SHA1df0808f5f1cecaafbf4f068d2f294f33f1de69bb
SHA256b20fcb15b94b9071e54469959be6980fa8d4f318c5126edec6c4ac0f2e68f6a3
SHA512ac500fa58cc60fb880681408bdbae96ac4031ecb4e389d4199db637d8ab767cbf56c6dbe7eb075ea6a48bda15a7c7851096cfa50cedba119854c925ad99cebb9
-
Filesize
4KB
MD5f24c015bdab7bded39dc01148e8e455f
SHA16f2fb04f1be1a7e2a7a0b3f805f30e6ebf9e87b6
SHA256b3476383ccccbc8815a51405e5da8cf9a0e7a17098e0e9ecce971748237e9d3e
SHA51228f44a25a2533d0fbe1f9617c812922a4a713304e587dcb79f82d8aeb76f38c757e1cba3e3c9e76d47a002370a712763db235edd93d59194349e326a117fe181
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp
Filesize16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
150KB
MD547312029f3b932e9f22790f0efd40463
SHA1815e5eb64208d7d91b2f4c18d96d32c5700e52bb
SHA25615f4affcbe6046fad5b27e98f7f5226c508ee46044a7fd967805a72f1cd68139
SHA5121e8a9c0531cdb5639cd00fbe9fe6921948b140acb3cfb465bc4ab607213c05306f6ad77a169340d867a25b445fddf3ee57d96a704b8cfa98e1563422ae2a2bc5
-
Filesize
150KB
MD5ddf24f1156113d78edc37d58fe3b828d
SHA102ccf0a58703c8ec4470a9b443e506d82774451e
SHA25649bc46a81680b24d93e29f8f1d288215446c8b8645cbcfffb0287c8b7d7a0f6b
SHA5126399f85846e06e6b4b0cedc50c4db11683afab83e181b402441340194efdf3184d000aed5e92bc0cf56803b9ce5965c4e2d653e3aa741fe0b0e590a8a3d9a1e7
-
Filesize
150KB
MD5c85efe7ae1f6e01dcda860a41b68a1c9
SHA1bc1dee97c17febfb7f801627191f71c418db0293
SHA256a831a8c916a2f66423a227703ea4ef413a3d05b616e8f7365d475e9d1a277b1c
SHA5122663effa91fad596355fef313444df91c923d897f9e58f0d684ac30cf611bcdcb30c1c065a6a9ced3b73d15cffbbac31f06d0bc7828d8c7f0d31c0bca795d15d
-
Filesize
164KB
MD54ff65ad929cd9a367680e0e5b1c08166
SHA1c0af0d4396bd1f15c45f39d3b849ba444233b3a2
SHA256c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6
SHA512f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27