Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
-
submitted
02/07/2023, 13:21
General
-
Target
1408-83-0x0000000000270000-0x00000000002A0000-memory.exe
-
Size
192KB
-
MD5
eb7e28ef6df1d692d44193bca34616c5
-
SHA1
06e3456d0719f9d222166d0238a2702336e4ada4
-
SHA256
d541b50a40f1af1f1713db2de52fdf7d12427f82e37fada53582160e845eb3e0
-
SHA512
e03e72f3d86531e5602158d575df3564b84f11ed157a443892a17a8a486a09937b8cd3628b1719a5cc74d3d4a13dc9f753a0d77ac02dcc700b16dcd34f1f098e
-
SSDEEP
1536:OhbEey6y36sv0W7TDGOIrHuyk7xk2W5/uGxNFVYQffbuclGHQ4N0GkRe8e8h3:OlEebE6Cyk9i5/uGxNMS3azNJ8e8h3
Malware Config
Signatures
-
Detected potential entity reuse from brand microsoft.
-
Drops file in Program Files directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1408-83-0x0000000000270000-0x00000000002A0000-memory.exe"C:\Users\Admin\AppData\Local\Temp\1408-83-0x0000000000270000-0x00000000002A0000-memory.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1408-83-0x0000000000270000-0x00000000002A0000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd4,0x108,0x7ff918bf46f8,0x7ff918bf4708,0x7ff918bf47183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4876160682019384237,13151562480467999103,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,4876160682019384237,13151562480467999103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,4876160682019384237,13151562480467999103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4876160682019384237,13151562480467999103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4876160682019384237,13151562480467999103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4876160682019384237,13151562480467999103,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4876160682019384237,13151562480467999103,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4876160682019384237,13151562480467999103,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4876160682019384237,13151562480467999103,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4876160682019384237,13151562480467999103,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4876160682019384237,13151562480467999103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff737f55460,0x7ff737f55470,0x7ff737f554804⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4876160682019384237,13151562480467999103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4876160682019384237,13151562480467999103,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4876160682019384237,13151562480467999103,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4876160682019384237,13151562480467999103,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2776 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1408-83-0x0000000000270000-0x00000000002A0000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff918bf46f8,0x7ff918bf4708,0x7ff918bf47183⤵
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c032c944f0c68db2f9bc2541ba822212
SHA1a829f6cf1e7f3f796eeb68ef3525d7f3d177a38a
SHA2561b4b0d7b255a79089375c9c200df8f48c8536ec99752f877e9090af9dd8e4127
SHA512cc22cf70c068f1b5c518a8d3302cbb5a79a66929488cd34939f7743aaa999cba091f182701cdda5872b6b93cf89d396b809b0b7f6f2d5f6e7ad1b5102623cf7e
-
Filesize
152B
MD519035f32e1057ba8c2b9a37d2ca89f19
SHA1267fbb4905d2fe51028289ae64f45e4c80d94aa6
SHA256321fc36d8297dc7b074f3d884cf4cf156ceae78f8f03febedc3ab952e7524678
SHA51227be728b0395c5d13a876a4ff6a68ff6a5344a007e768eada65fb2d530c27d409b75b927877084c869d56ea4bfe88c82e51f5cf98f8eadccfe26995c6af40a5b
-
Filesize
48B
MD52b31166c7dbcb4274deaccee8a71cadb
SHA13386963889849ce7fff13066f8bbee0fdb071341
SHA2562e39877c78af33acd9ae6caa0f7cfea17967df1ef64a46182fc0b999c1a54abe
SHA5124bf855a5a2ae3dc9ef8265b221f41b083b1fce887069590bb2c6716172a28d133481788402c557a8eaf9d8e4c45b13fe9f0bb848d2b837666f73ee290cb23d33
-
Filesize
312B
MD5b1480befb91c1a54a22999f5578ce847
SHA16bad83d83cf0d3e12c05f6a2c84a31632ac6fed8
SHA256d56ab5a69ea115711c58b760ab51d71d6e415b8c48cb248ed6734e90777e3128
SHA512337489efce10804cba04958f12a2439f8ff61383d96e6a97d4504d46302032ac8b7b7204d3dacfbd0adebd7daca4efa47d0e0f975cf88e627833bcbe1303c8b0
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
2KB
MD5082d4742968f077ccf01be556a80d2e3
SHA180889b31a785bd6ebcea02b4fcedfdbdb220a1c6
SHA2560de427b6a78df03a0b6e9b20b3e8d5548c7c4edfb0f3e11443bb46932ec59804
SHA512f043827fc25860f935983706fffa771de380e5dfb3f4d0da20415f868768087c0587ae3c841ebced7362bf2ac8518f9cece5996b9d76187b5bcc133304cc15bc
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
346B
MD5172a03f1e073cbc347cb5102d038fa13
SHA183a95a02491a4b046ea79fd04ccf6c5c24b29d60
SHA256b8193a8bbd8d5c6b71977d040537ea555fc414cb3f7c2d4166e9bd3ac1ef4e89
SHA5122a47a09a51fbf77f8b2bcc2d3e46db628d45ebabb9bb4033965b3409810e9a6c55c1008a62bfab5d3ca2a64d8b67f5c726f3682da0132738065c14ff77c1f5bc
-
Filesize
4KB
MD5de1c7085668ae4fbe0ad9d8915ad9bfc
SHA11b6a15e6d6b76d2b7dd0ec1d3d1a9ca10143dcd9
SHA2566f7b53908cd1ae923f047de1a8ee0db399b20de54ab65c9ebb6f20880c5a0abc
SHA512da87a6248a7c182c633e1c9c21de089a673aa0dedaecc354ec52c6c4f2bb58264a440e289f8decc81978c52c9939cbc87488dc5f00f7cce46cd4aa7edbc344e8
-
Filesize
5KB
MD5994044438c1f0df4979bdf3e5b724ec7
SHA1c4ffa6f2b59708a76908540519ba6e68ebf488b6
SHA2561bf8b1955c67771e99c6b150d02bbaf68f1163e46637480325fb87b973337232
SHA5120a490b0de96fc96841515190c85d80cf2fd7496645900261ef8fe9122006804cfa5b0702427976b4c6f5844a8b06cef9dab44fb058a7bb063d5b08ba1b5b1652
-
Filesize
5KB
MD5c7b38bec4aba0ff2745034059b380853
SHA17244842120ad961e03073435c33f857f79acf7e9
SHA2565a964f858e8fd4a63cd44d97e0dc93706f89073a1f3e66be6739d2fe653e869c
SHA512a8c1cce7ef996ffb1ecf6c95bf9812027041b7684730f2e64d7a413ccae12cee8001cb921e3c909b28048676907e64d18125fc7e57059369821928edc74cc64d
-
Filesize
24KB
MD5d5f6e43b9bb30966d0bc507edaa766af
SHA1f55430cdf8aac488b7e726277ff47551de8f6b3c
SHA25626c3c700f69edb0a1ef22ad9cabc4c126967093a008638d4b9e91aea558f7053
SHA512580548318c413a964558422b0cbd1b05cc46f9cba53b59e2818f768f8ee9f8e3838981d686b2e82f24b3b62145cb7f1240c7602adddfabef6356730413310713
-
Filesize
24KB
MD508ec5969be8e3995de1976a77b350ccc
SHA1938c9a5df356d118c9e435ced818d217d55f70ee
SHA2563eba1c53e369cbeee335d13b78116c4a74b4d4ca79531e89f6250324ca253b0b
SHA51234c17b46774153ee3e5d0598d5300f2b336afb1d5ebd472b8da831f6dde0efd2137bd0a95a034c98e11953bbc9b06f076a8e25239f516bd5a46b06be37a90f53
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
9KB
MD5e41f759648f58b751a6a8da0878537b1
SHA1c24a0d628a17c116a735340f3ca1e91aaa9f673d
SHA256283c16fa1716141f54778a725b98b91c3a85512c6a3e18893a19152941d32635
SHA51290bd0bb032033b39657507a370b4eb9d39ef6d00b231ed8b9fc08f8f5f1364aeb080877c77e0e3fd6812c627e4f2a725931786d51d536f1289fbfa17a2fee9f0
-
Filesize
13KB
MD547c3b58c1229d6bc29c973f2fabc3d9e
SHA1e4f0c3447875763c9ac705f93fba57f14c4d385e
SHA2560446de0d6cac69b2e3bd2468f786b15e72f9c632274330ce292ab2f8914fc90c
SHA512ae22affb2d8665c21fe95f8e1e882bc8509630a28bfdcd01dc8f3141869e784c712e6ef2932f480fc35bae2295aefa7b1507a495e6ef68c19562ef10ebf15115
-
Filesize
3KB
MD570a58387e1b614640b2a3ccfc79cc8e7
SHA110818fa768b7646ed3dbf5bd5e681b164b7a05ff
SHA25620d4e4bbd25abb8292d6b48467f1c140e81035850dac7fb80976b6fd3ad0ce43
SHA5120052aa3932d3322d72203dc9b3588c17a3835403a66cf994a4d226f56d0d075132624249fa2ea112d185e0a6061aa439ab52e90153926c8faf3261d952e3ba47