Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3arctic-workspace.exe
windows7-x64
7arctic-workspace.exe
windows10-2004-x64
7$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3LICENSES.c...m.html
windows7-x64
1LICENSES.c...m.html
windows10-2004-x64
1arctic-workspace.exe
windows7-x64
7arctic-workspace.exe
windows10-2004-x64
7d3dcompiler_47.dll
windows10-2004-x64
1ffmpeg.dll
windows7-x64
1ffmpeg.dll
windows10-2004-x64
1libEGL.dll
windows7-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows7-x64
1libGLESv2.dll
windows10-2004-x64
1resources/elevate.exe
windows7-x64
1resources/elevate.exe
windows10-2004-x64
1swiftshade...GL.dll
windows7-x64
1swiftshade...GL.dll
windows10-2004-x64
1swiftshade...v2.dll
windows7-x64
1swiftshade...v2.dll
windows10-2004-x64
1vk_swiftshader.dll
windows7-x64
1vk_swiftshader.dll
windows10-2004-x64
1vulkan-1.dll
windows7-x64
1vulkan-1.dll
windows10-2004-x64
1$PLUGINSDI...7z.dll
windows7-x64
3$PLUGINSDI...7z.dll
windows10-2004-x64
3Analysis
-
max time kernel
146s -
max time network
165s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
08/04/2024, 17:47
Static task
static1
Behavioral task
behavioral1
Sample
arctic-workspace.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
arctic-workspace.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
LICENSES.chromium.html
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
LICENSES.chromium.html
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
arctic-workspace.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
arctic-workspace.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
d3dcompiler_47.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral12
Sample
ffmpeg.dll
Resource
win7-20240221-en
Behavioral task
behavioral13
Sample
ffmpeg.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral14
Sample
libEGL.dll
Resource
win7-20240220-en
Behavioral task
behavioral15
Sample
libEGL.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral16
Sample
libGLESv2.dll
Resource
win7-20240221-en
Behavioral task
behavioral17
Sample
libGLESv2.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral18
Sample
resources/elevate.exe
Resource
win7-20240221-en
Behavioral task
behavioral19
Sample
resources/elevate.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral20
Sample
swiftshader/libEGL.dll
Resource
win7-20240221-en
Behavioral task
behavioral21
Sample
swiftshader/libEGL.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral22
Sample
swiftshader/libGLESv2.dll
Resource
win7-20240220-en
Behavioral task
behavioral23
Sample
swiftshader/libGLESv2.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral24
Sample
vk_swiftshader.dll
Resource
win7-20240221-en
Behavioral task
behavioral25
Sample
vk_swiftshader.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral26
Sample
vulkan-1.dll
Resource
win7-20240221-en
Behavioral task
behavioral27
Sample
vulkan-1.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win7-20240221-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win10v2004-20240226-en
General
-
Target
LICENSES.chromium.html
-
Size
5.2MB
-
MD5
df37c89638c65db9a4518b88e79350be
-
SHA1
6b9ba9fba54fb3aa1b938de218f549078924ac50
-
SHA256
dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463
-
SHA512
93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67
-
SSDEEP
12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZb:sPM95FCWStQj6ERs/mfMl6H0skDpS
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3348 msedge.exe 3348 msedge.exe 4800 msedge.exe 4800 msedge.exe 400 identity_helper.exe 400 identity_helper.exe 3056 msedge.exe 3056 msedge.exe 3056 msedge.exe 3056 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe 4800 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4800 wrote to memory of 1304 4800 msedge.exe 86 PID 4800 wrote to memory of 1304 4800 msedge.exe 86 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3712 4800 msedge.exe 87 PID 4800 wrote to memory of 3348 4800 msedge.exe 88 PID 4800 wrote to memory of 3348 4800 msedge.exe 88 PID 4800 wrote to memory of 1612 4800 msedge.exe 89 PID 4800 wrote to memory of 1612 4800 msedge.exe 89 PID 4800 wrote to memory of 1612 4800 msedge.exe 89 PID 4800 wrote to memory of 1612 4800 msedge.exe 89 PID 4800 wrote to memory of 1612 4800 msedge.exe 89 PID 4800 wrote to memory of 1612 4800 msedge.exe 89 PID 4800 wrote to memory of 1612 4800 msedge.exe 89 PID 4800 wrote to memory of 1612 4800 msedge.exe 89 PID 4800 wrote to memory of 1612 4800 msedge.exe 89 PID 4800 wrote to memory of 1612 4800 msedge.exe 89 PID 4800 wrote to memory of 1612 4800 msedge.exe 89 PID 4800 wrote to memory of 1612 4800 msedge.exe 89 PID 4800 wrote to memory of 1612 4800 msedge.exe 89 PID 4800 wrote to memory of 1612 4800 msedge.exe 89 PID 4800 wrote to memory of 1612 4800 msedge.exe 89 PID 4800 wrote to memory of 1612 4800 msedge.exe 89 PID 4800 wrote to memory of 1612 4800 msedge.exe 89 PID 4800 wrote to memory of 1612 4800 msedge.exe 89 PID 4800 wrote to memory of 1612 4800 msedge.exe 89 PID 4800 wrote to memory of 1612 4800 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4800 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9faea46f8,0x7ff9faea4708,0x7ff9faea47182⤵PID:1304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,10521799632183804664,10667364842709901526,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:3712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,10521799632183804664,10667364842709901526,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,10521799632183804664,10667364842709901526,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:82⤵PID:1612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10521799632183804664,10667364842709901526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:4232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10521799632183804664,10667364842709901526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:5084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,10521799632183804664,10667364842709901526,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:82⤵PID:4240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,10521799632183804664,10667364842709901526,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10521799632183804664,10667364842709901526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:12⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10521799632183804664,10667364842709901526,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:3204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10521799632183804664,10667364842709901526,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:12⤵PID:752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10521799632183804664,10667364842709901526,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:5104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,10521799632183804664,10667364842709901526,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4888 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3056
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3264
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3332
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57740a919423ddc469647f8fdd981324d
SHA1c1bc3f834507e4940a0b7594e34c4b83bbea7cda
SHA256bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221
SHA5127ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7
-
Filesize
152B
MD59f44d6f922f830d04d7463189045a5a3
SHA12e9ae7188ab8f88078e83ba7f42a11a2c421cb1c
SHA2560ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a
SHA5127c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d
-
Filesize
6KB
MD54ce43be67ad03f701e11c3da8d256b05
SHA1814561500db23ea7c8c105229fcd6dc982e31dc7
SHA256dbb06fa46914c2544aef0f80985d0b20dbc20112e8a011da23144de61783c695
SHA51200797cb8938e69dbca5085c2c2fc2c09819ea6191221717579fb91243f2734628f0d535e68f29ecf31119efad7fa0b04158c29e5a0209ed53b13d35eaf313604
-
Filesize
6KB
MD5f7996bb2ea565f689cfdea0b67654e6f
SHA1c2cca481ca9cef5f94d9cb5bfbfaab01807e8294
SHA2565694b0f3ddbc40675b87d15073a4ba40a9c9519b8d094e5c1616e0431a6aaf86
SHA512120dfb0bf84eb986da6cd212939df264bb60a1b7f7a284ac52fed20ccff83c2b4bc166d0b09ad1f6ec8a87e55ef4672f567b4bdf93bf3e795d13d96552b95651
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD55e5f160a987de0fd427a8df9a6c5224c
SHA1f99c4704518cb617b513129cfafaa5cd868ea608
SHA256b7a69e22651a94f510e1efe526e1ccd73194355b091bf593a996dafc9ce31cef
SHA512d7873fbc2809aa4d8ebc9ab3da58d78d859f36da5c079637dac99e9741ff9039d44835382360e0b74a452ea4da83233f10b7c9b56f59676924f877817c936e5f