Overview
overview
7Static
static
3GDLauncher...up.exe
windows7-x64
7GDLauncher...up.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
1$PLUGINSDI...er.dll
windows10-2004-x64
1$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3$PLUGINSDIR/app-64.7z
windows7-x64
3$PLUGINSDIR/app-64.7z
windows10-2004-x64
77za.exe
windows7-x64
17za.exe
windows10-2004-x64
1GDLauncher.exe
windows7-x64
7GDLauncher.exe
windows10-2004-x64
7LICENSES.c...m.html
windows7-x64
1LICENSES.c...m.html
windows10-2004-x64
1chrome_100...nt.pak
windows7-x64
3chrome_100...nt.pak
windows10-2004-x64
3chrome_200...nt.pak
windows7-x64
3chrome_200...nt.pak
windows10-2004-x64
3concrt140.dll
windows7-x64
1concrt140.dll
windows10-2004-x64
1d3dcompiler_47.dll
windows10-2004-x64
1ffmpeg.dll
windows7-x64
1ffmpeg.dll
windows10-2004-x64
1icudtl.dat
windows7-x64
3icudtl.dat
windows10-2004-x64
3libEGL.dll
windows7-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows7-x64
1Analysis
-
max time kernel
147s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
22/02/2024, 17:44
Static task
static1
Behavioral task
behavioral1
Sample
GDLauncher-win-setup.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
GDLauncher-win-setup.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/app-64.7z
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/app-64.7z
Resource
win10v2004-20240221-en
Behavioral task
behavioral13
Sample
7za.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
7za.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral15
Sample
GDLauncher.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
GDLauncher.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral17
Sample
LICENSES.chromium.html
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
LICENSES.chromium.html
Resource
win10v2004-20240221-en
Behavioral task
behavioral19
Sample
chrome_100_percent.pak
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
chrome_100_percent.pak
Resource
win10v2004-20240221-en
Behavioral task
behavioral21
Sample
chrome_200_percent.pak
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
chrome_200_percent.pak
Resource
win10v2004-20240221-en
Behavioral task
behavioral23
Sample
concrt140.dll
Resource
win7-20240215-en
Behavioral task
behavioral24
Sample
concrt140.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral25
Sample
d3dcompiler_47.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral26
Sample
ffmpeg.dll
Resource
win7-20240221-en
Behavioral task
behavioral27
Sample
ffmpeg.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral28
Sample
icudtl.dat
Resource
win7-20240221-en
Behavioral task
behavioral29
Sample
icudtl.dat
Resource
win10v2004-20240221-en
Behavioral task
behavioral30
Sample
libEGL.dll
Resource
win7-20240221-en
Behavioral task
behavioral31
Sample
libEGL.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral32
Sample
libGLESv2.dll
Resource
win7-20240220-en
General
-
Target
LICENSES.chromium.html
-
Size
5.1MB
-
MD5
f0882b4f2a11c1f0c524388c3307aad7
-
SHA1
c8952b4076167de1374d0c1f62b1fde8fe69f4ae
-
SHA256
1b8b8e268755376e95aaddd0a6881f6f4a4b96787af1b2db158e51958410da5f
-
SHA512
1e5cd07637e213d3f77f8a6204b5bb9a6e16c343790dda4ed677b081e8600de912165bb3436dacf56ea2e5145e888f5964deda4ee4b7dd3516ae2cab42e2fa0f
-
SSDEEP
12288:FetnJnVncnJnkncnpWQtnwn7n9nJnCnZnGn3eQSnqnBnununFn/nwnJnqnvnOnqP:nPDt5WXWSNkbfwVR8mfjF4HyCohp1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2248 msedge.exe 2248 msedge.exe 944 msedge.exe 944 msedge.exe 452 identity_helper.exe 452 identity_helper.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe 944 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 944 wrote to memory of 3888 944 msedge.exe 39 PID 944 wrote to memory of 3888 944 msedge.exe 39 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 4980 944 msedge.exe 91 PID 944 wrote to memory of 2248 944 msedge.exe 90 PID 944 wrote to memory of 2248 944 msedge.exe 90 PID 944 wrote to memory of 2604 944 msedge.exe 92 PID 944 wrote to memory of 2604 944 msedge.exe 92 PID 944 wrote to memory of 2604 944 msedge.exe 92 PID 944 wrote to memory of 2604 944 msedge.exe 92 PID 944 wrote to memory of 2604 944 msedge.exe 92 PID 944 wrote to memory of 2604 944 msedge.exe 92 PID 944 wrote to memory of 2604 944 msedge.exe 92 PID 944 wrote to memory of 2604 944 msedge.exe 92 PID 944 wrote to memory of 2604 944 msedge.exe 92 PID 944 wrote to memory of 2604 944 msedge.exe 92 PID 944 wrote to memory of 2604 944 msedge.exe 92 PID 944 wrote to memory of 2604 944 msedge.exe 92 PID 944 wrote to memory of 2604 944 msedge.exe 92 PID 944 wrote to memory of 2604 944 msedge.exe 92 PID 944 wrote to memory of 2604 944 msedge.exe 92 PID 944 wrote to memory of 2604 944 msedge.exe 92 PID 944 wrote to memory of 2604 944 msedge.exe 92 PID 944 wrote to memory of 2604 944 msedge.exe 92 PID 944 wrote to memory of 2604 944 msedge.exe 92 PID 944 wrote to memory of 2604 944 msedge.exe 92
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:944 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef4bc46f8,0x7ffef4bc4708,0x7ffef4bc47182⤵PID:3888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵PID:4980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:82⤵PID:2604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:1920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:1528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:82⤵PID:4008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:12⤵PID:1524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:12⤵PID:3996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:4240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:12⤵PID:4164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2386822499861519219,5987417292853931264,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3380
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2508
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1932
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD565a51c92c2d26dd2285bfd6ed6d4d196
SHA18b795f63db5306246cc7ae3441c7058a86e4d211
SHA256bb69ea4c761c6299b0abbc78f3728f19b37454a0b4eb607680ed202f29b4bb01
SHA5126156dd7cec9fee04971c9a4c2a5826ba1bb3ef8b6511f1cdf17968c8e5a18bc0135510c2bd05cc26f3e7ae71f6e50400cf7bec536b78d9fa37ede6547cfa17e0
-
Filesize
152B
MD5ce1273b7d5888e76f37ce0c65671804c
SHA1e11b606e9109b3ec15b42cf5ac1a6b9345973818
SHA256eb1ba494db2fa795a4c59a63441bd4306bdb362998f555cadfe6abec5fd18b8c
SHA512899d6735ff5e29a3a9ee7af471a9167967174e022b8b76745ce39d2235f1b59f3aa277cc52af446c16144cce1f6c24f86b039e2ca678a9adac224e4232e23086
-
Filesize
6KB
MD5c1a8e3fa1cdf060bd7b1a8aadfc33b96
SHA18bb63678cbddb2d1c12ab667038f54f684b6db0f
SHA25623f67dafcc79ce959ab0574372f0924112e110cfc3c730c1fea27c531be0f3cd
SHA51242e4a8d131b7f9cb5c9cf9e851ba38840d8ea5b4d4c1baad08f6f2b1db66964c6345c05121c31f69829bbcfd89ecf3fca703a0cdfbeff8419c136c6277875b14
-
Filesize
6KB
MD5e9df47862f834bb373e0cd09ff75b08e
SHA1ce2f800a4c6ca33f2acbd895832f97554d4ac42d
SHA256fb248421ec62cbcb73f15ca560ab8af85a3b36c8afd3d9cc1c823786d70cf21c
SHA51274c7c7e3d6636c0efd3368f52024123806e90d989a16aa25825429adf43481b1a71c4c22c70889d380e9751923451746f983d1c6cc32ca446c3656c8c25f74f8
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5af302610cfa817772c8c37196d564dd9
SHA15d335f6c25d6db4ee7849dda35ae2c917e5d4e24
SHA256f83d4bdb066c79ce3e0ba8c7110c12c4eb000d438efb489f4c27bb6e4126a28d
SHA512ef42b020ee5142ee44cf001022702b35126d1d507fee22a3c07a8647f5f6ca94eabc841c5a2152010f0a0e8a6eefa97a4dcc6740a6553e78d267358b8adc7e7d