Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
156s -
max time network
190s -
platform
windows11-21h2_x64 -
resource
win11-20231215-en -
resource tags
arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system -
submitted
30/12/2023, 08:53
Static task
static1
Behavioral task
behavioral1
Sample
m.bat
Resource
win11-20231215-en
General
-
Target
m.bat
-
Size
3KB
-
MD5
b206a5fc587c4b693d663a0a29dcde32
-
SHA1
5037fd2e3e2ea80d82250a20a21ec49ad036d0cb
-
SHA256
e879fb4a661e86f55c26d528961ffc8d19757094d1eab2d470156ceadd346b20
-
SHA512
7b8d32aedcc137cadd71aae5ad49f6e9d1b4011ddf06bee9f14bc5cd8f4cffac38d196ff668d45bd52f94f5f89b1254f48b41aec81df4ee03765d567b5146db8
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.
pid Process 4228 ipconfig.exe -
Opens file in notepad (likely ransom note) 4 IoCs
pid Process 2164 NOTEPAD.EXE 4068 NOTEPAD.EXE 2716 NOTEPAD.EXE 4428 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4276 msedge.exe 4276 msedge.exe 4216 msedge.exe 4216 msedge.exe 1164 identity_helper.exe 1164 identity_helper.exe 3508 msedge.exe 3508 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4216 msedge.exe 4216 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe 4216 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3424 MiniSearchHost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4168 wrote to memory of 4216 4168 cmd.exe 81 PID 4168 wrote to memory of 4216 4168 cmd.exe 81 PID 4216 wrote to memory of 2100 4216 msedge.exe 84 PID 4216 wrote to memory of 2100 4216 msedge.exe 84 PID 4168 wrote to memory of 4228 4168 cmd.exe 85 PID 4168 wrote to memory of 4228 4168 cmd.exe 85 PID 4168 wrote to memory of 2424 4168 cmd.exe 86 PID 4168 wrote to memory of 2424 4168 cmd.exe 86 PID 4168 wrote to memory of 1396 4168 cmd.exe 87 PID 4168 wrote to memory of 1396 4168 cmd.exe 87 PID 4168 wrote to memory of 4192 4168 cmd.exe 88 PID 4168 wrote to memory of 4192 4168 cmd.exe 88 PID 4168 wrote to memory of 1508 4168 cmd.exe 89 PID 4168 wrote to memory of 1508 4168 cmd.exe 89 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 2788 4216 msedge.exe 91 PID 4216 wrote to memory of 4276 4216 msedge.exe 90 PID 4216 wrote to memory of 4276 4216 msedge.exe 90 PID 4216 wrote to memory of 2732 4216 msedge.exe 93 PID 4216 wrote to memory of 2732 4216 msedge.exe 93 PID 4216 wrote to memory of 2732 4216 msedge.exe 93 PID 4216 wrote to memory of 2732 4216 msedge.exe 93 PID 4216 wrote to memory of 2732 4216 msedge.exe 93 PID 4216 wrote to memory of 2732 4216 msedge.exe 93 PID 4216 wrote to memory of 2732 4216 msedge.exe 93 PID 4216 wrote to memory of 2732 4216 msedge.exe 93 -
Views/modifies file attributes 1 TTPs 7 IoCs
pid Process 1396 attrib.exe 1508 attrib.exe 5088 attrib.exe 1028 attrib.exe 4044 attrib.exe 1660 attrib.exe 2424 attrib.exe
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\m.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:4168 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://media.discordapp.net/attachments/1171199057348263996/1171261368717037700/Jq9XNeo.jpg?ex=659ca2a7&is=658a2da7&hm=e584359e6d8774a5d4d4f23f6b5f2b20a2715bdcc056d11f5fe0c641e0d9fc15&2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4216 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff8ac643cb8,0x7ff8ac643cc8,0x7ff8ac643cd83⤵PID:2100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,10850718625094624875,17937247441675633478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:4276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,10850718625094624875,17937247441675633478,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:23⤵PID:2788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,10850718625094624875,17937247441675633478,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:83⤵PID:2732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,10850718625094624875,17937247441675633478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:13⤵PID:1460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,10850718625094624875,17937247441675633478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:13⤵PID:1616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,10850718625094624875,17937247441675633478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:1164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1968,10850718625094624875,17937247441675633478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4064 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:3508
-
-
-
C:\Windows\system32\ipconfig.exeipconfig /release2⤵
- Gathers network information
PID:4228
-
-
C:\Windows\system32\attrib.exeattrib +h C:\Users\Admin\AppData\Local\Temp\m.bat2⤵
- Views/modifies file attributes
PID:2424
-
-
C:\Windows\system32\attrib.exeattrib +h /s /d2⤵
- Views/modifies file attributes
PID:1396
-
-
C:\Windows\system32\cipher.execipher /e /s /a2⤵PID:4192
-
-
C:\Windows\system32\attrib.exeattrib +h /s /d2⤵
- Views/modifies file attributes
PID:1508
-
-
C:\Windows\system32\cipher.execipher /e /s /a2⤵PID:576
-
-
C:\Windows\system32\attrib.exeattrib +h /s /d2⤵
- Views/modifies file attributes
PID:5088
-
-
C:\Windows\system32\cipher.execipher /e /s /a2⤵PID:3152
-
-
C:\Windows\system32\attrib.exeattrib +h /s /d2⤵
- Views/modifies file attributes
PID:1028
-
-
C:\Windows\system32\cipher.execipher /e /s /a2⤵PID:2228
-
-
C:\Windows\system32\attrib.exeattrib +h /s /d2⤵
- Views/modifies file attributes
PID:4044
-
-
C:\Windows\system32\cipher.execipher /e /s /a2⤵PID:3228
-
-
C:\Windows\system32\attrib.exeattrib +h /s /d2⤵
- Views/modifies file attributes
PID:1660
-
-
C:\Windows\system32\cipher.execipher /e /s /a2⤵PID:3744
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2776
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1452
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LLC.txt1⤵
- Opens file in notepad (likely ransom note)
PID:2164
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:3424
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LLC.txt1⤵
- Opens file in notepad (likely ransom note)
PID:4068
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\how_to_decrypt.txt1⤵
- Opens file in notepad (likely ransom note)
PID:2716
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\how_to_avoid_these_attacks_in_the_future.txt1⤵
- Opens file in notepad (likely ransom note)
PID:4428
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD5a49be4507f75620ebce0c9c7e92e8086
SHA12ec8ea5ca61d760aca4400d60e87a32174d01242
SHA256311dc0cca111446d46f677774c8fa85d1fc99588794f4c4bb181f903316ba930
SHA5120989b17d71a698ea74dbc99585fda4d1d41f0f13849ef364aa26bb9fb19c4de11efef7d2d31205d49ff8d98aba2426a06815eb644d27c46c382b3442c88b9f0a
-
Filesize
152B
MD592e040d7c1eeb7646714b53e4a95eb91
SHA14eaae5706d13b5f0ca9f2e4c994cfca63890dd7d
SHA2565342d5a6f08451e0f1c54f8e3658dd91eeba2be804f3582ddf8d6a4e2d0c6468
SHA512e5b4c0ee79b7536679bf2e54f865f91b4957d4f66e498a026b88a6c14a13163f897f54baa9da747c1523eaf20d29cca960b8949a08a7b0ab9b0bbe92478a34f8
-
Filesize
477B
MD5453840742492637c9c66ecca0ad64448
SHA108b86c48b09947fd675321ec0405adc2c7989ffc
SHA256af1caa86a388796704053428b781de08c69099b3fb70e8ff3d34733dbc1d98cd
SHA5128eee201973bfd0ee2de1ecc81d47b6e526bdf23b22ab65fd22ea7963af27fd09c26be68953787d3328e65008abb74b06ccbefcd7cb4018f1519dda6a7e6b3e84
-
Filesize
4KB
MD560a62b49cc67932149133c701f1852bb
SHA1ea1cda8afd6ac0aba54af85e8a0a72ef15fb04ec
SHA256f13d12f306c98cf8b432f36685bf366a1a11338e3d2d37ddebf1a859b119e256
SHA512557b2a62c9edd88d611196a182ace619ca5c1b1ba6dca1b60297e6deb53f3ca06a879e13e8561c6ef66d5d9c1f39420471881ba6b3d99b1563af79ccd13964dd
-
Filesize
5KB
MD5c30f92f9ee9eb07ad864b2c35599c8c6
SHA1719bbba7c20505380e258eac490b3a97b747e5f3
SHA256c28864cca32483ccee649bb2345dcd4884b9e07b60f62dbee86a527fbc514787
SHA512d265209436061cfeb7b1c4c377be531d6bebfbd6f8047eff0a54f361a24f26c880897515a084567fda46ca96250a96f7025b91b3b9ebf95021acc672592dd5e3
-
Filesize
5KB
MD522cb763dc4cc8e48f1e48797c2648a54
SHA1d0d6ea5f78cdadc36eede6cd306dbce5db55b6f9
SHA2565c5b34d18c942c28949539568ac07afe481a30d8d7ba4346984b2a7919afa753
SHA512c0184b6fa4db87c6791c1f51dfeb5d71a6de6b7581afdae42776a2175eac70e341eaf0ca79e796005bfd909e691f8789fdd39cb14f5ce733854de9676b9e0a01
-
Filesize
6KB
MD5efd8cfc1da63ea5de5ce4df40e424be1
SHA1905116fe865c12315a83554b26088874454a368c
SHA256ab58069110db7056db90da56127f32beb42b89c7add5d5d8ed2b677bb647f89f
SHA512d6647e9712cc00e4f830a0e1ad0b7cb27d4e67e475f7a0f0e8e85b9c5b7ed07512d0cbca12673b241a82256e6253a511bebeefb9c24df97897455899f72ddb02
-
Filesize
25KB
MD558e2b179dbb10d049fe23616966bfb2a
SHA1b4f722b7e798fb6347837b51b05a4314a8219d84
SHA256cb934e662ce5441a1fec40f63ddb8b828d7cf0f4a532712907064b377d2777c4
SHA512ef3fbdd259151b0695369fae632106d190d2b9ac20b9854c5d2c23359ffde9469ea1736e7079264fd739ef3a214ac6ac8dbb9ab6c49184e5b5ebf9b8341c0c9b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d476092b4e8c18e9cd8f7ced293ff25f
SHA1cec881b134140933fd9a538c8c832982c4e3d7e3
SHA256c856e5d4f406ea2f90bf7efbd453cad3b44b28b09550038e62c1367cb34bf624
SHA512b962adc1435b2e0f0ef9abbb3f6769094b26f7c8a9678a8491fb1e6ed85f5ecb68b5e5530fa89c9038fc76e24f2cb5cba999bf19f37728863696fa3b8c65f51a
-
Filesize
142B
MD52d4496d89c273c317a6cbe9d56c08550
SHA16b7e4abc4a50d72f437985a856ee13d10e729746
SHA256c1a4e82f1981b6efc1efd055a3ad16bd16a7487181039cbefb65a9345348a97c
SHA51269e78574356a5a37baeba9452d30d58a05386a59320dc0e2e9343ab03bf472f1ad0e30253069120a827ca1878e4ddb18dc6a049866c17141f3ad897d7fcdb801
-
Filesize
55B
MD5953099767889ac17f2ecc00fe97f667e
SHA1b11b8f5cd36acfd3b2223ef9ac3ffce3c9a6ea66
SHA2565d481979be790f7678c0fb7f737c91fe0c698b23f6c74e2abe71bce59bacafd1
SHA512bb7454e29d3d72fc60e5d6d84def8ae7116eab8b021e9c60df21f1030aedd0be34f3afb6d5e064ecfdfd29565ec57aa8be6a361316d05ece4b9bfbabae0e522c
-
Filesize
76B
MD584e276ec3fc1ee98759e044c117a64c9
SHA1a53d3662afbbb60aa777f3f44d718d6ae2a8a5bc
SHA2561ebd32c76e1ff5b9d6d56b1475e651799f5011c7ae387b92b67407a06115b35d
SHA5122c08179c16921eae2695f342c471d9a60b5db6f6b25f48ac6fb718c054c1bc9c5362d63138b685ddf2a1d24eecd52ab0739c76a11d7604dc12a6c1cc05d88e4d
-
Filesize
192B
MD53f2f995c59e304139076ba8c14e7409b
SHA1c14bb35672be17fed793cf93095974099ced10b3
SHA256fc932254d557b8ef81005715879ac3136cc2222f334f0e7353d76d38c6ee69f4
SHA51238a3ebb0fba43fe8ba75ca4232426d701efc86f3c4ccaf0a5db0838cea70a67ceb3071dcce4dc8cd354095d3d17bbb797edbf71478cb515e4fe34d3d16ae7eff
-
Filesize
132B
MD5460791485d870c39dc5273ea2ddfc119
SHA1a247fb46e29831ebea2c4984061a1c80ed67295f
SHA256257ea28c54cdb0fea4cb56dd97067978cde53585872fe22eb6f152d20bff1251
SHA512e64ef367731ba22232fb1112aeafc0f2098a05321098f481d45e6e10b74ff645ed644c8c511e5cfafcf16e0da9c91c2641ed5aa8f6fbb36a43445d013f0e3e52