Analysis Overview
Threat Level: Shows suspicious behavior
The file https://disk.yandex.ru/d/7gd7nkrbQw6sQQ was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks computer location settings
Executes dropped EXE
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-30 23:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-30 23:56
Reported
2024-05-30 23:57
Platform
win10v2004-20240508-en
Max time kernel
34s
Max time network
38s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\SavesMonitor\Blockcontainerproviderdhcp.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\SavesMonitor\Blockcontainerproviderdhcp.exe | N/A |
| N/A | N/A | C:\SavesMonitor\Blockcontainerproviderdhcp.exe | N/A |
| N/A | N/A | C:\Recovery\WindowsRE\conhost.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Windows NT\TableTextService\en-US\SppExtComObj.exe | C:\SavesMonitor\Blockcontainerproviderdhcp.exe | N/A |
| File created | C:\Program Files (x86)\Windows NT\TableTextService\en-US\e1ef82546f0b02 | C:\SavesMonitor\Blockcontainerproviderdhcp.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\L2Schemas\Idle.exe | C:\SavesMonitor\Blockcontainerproviderdhcp.exe | N/A |
| File opened for modification | C:\Windows\L2Schemas\Idle.exe | C:\SavesMonitor\Blockcontainerproviderdhcp.exe | N/A |
| File created | C:\Windows\L2Schemas\6ccacd8608530f | C:\SavesMonitor\Blockcontainerproviderdhcp.exe | N/A |
| File created | C:\Windows\Cursors\RuntimeBroker.exe | C:\SavesMonitor\Blockcontainerproviderdhcp.exe | N/A |
| File created | C:\Windows\Cursors\9e8d7a4ca61bd9 | C:\SavesMonitor\Blockcontainerproviderdhcp.exe | N/A |
| File created | C:\Windows\ja-JP\RuntimeBroker.exe | C:\SavesMonitor\Blockcontainerproviderdhcp.exe | N/A |
| File created | C:\Windows\ja-JP\9e8d7a4ca61bd9 | C:\SavesMonitor\Blockcontainerproviderdhcp.exe | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings | C:\Users\Admin\Downloads\NEVERLOSE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings | C:\Users\Admin\Downloads\NEVERLOSE.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings | C:\SavesMonitor\Blockcontainerproviderdhcp.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\SavesMonitor\Blockcontainerproviderdhcp.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\SavesMonitor\Blockcontainerproviderdhcp.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Recovery\WindowsRE\conhost.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: 35 | N/A | C:\Windows\system32\svchost.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://disk.yandex.ru/d/7gd7nkrbQw6sQQ
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3776,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=3960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4880,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5256,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5248,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5772,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5776 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5692,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --field-trial-handle=6132,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5704,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=6196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6616,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=6612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6924,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=6972 /prefetch:8
C:\Users\Admin\Downloads\NEVERLOSE.exe
"C:\Users\Admin\Downloads\NEVERLOSE.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\SavesMonitor\RmK92.vbe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\NEVERLOSE.exe
"C:\Users\Admin\Downloads\NEVERLOSE.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\SavesMonitor\RmK92.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\SavesMonitor\CXb1cErhNTIpSAGADF.bat" "
C:\SavesMonitor\Blockcontainerproviderdhcp.exe
"C:\SavesMonitor/Blockcontainerproviderdhcp.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Bza2MO65mN.bat"
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\w32tm.exe
w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\SavesMonitor\CXb1cErhNTIpSAGADF.bat" "
C:\SavesMonitor\Blockcontainerproviderdhcp.exe
"C:\SavesMonitor/Blockcontainerproviderdhcp.exe"
C:\Recovery\WindowsRE\conhost.exe
"C:\Recovery\WindowsRE\conhost.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | disk.yandex.ru | udp |
| US | 8.8.8.8:53 | disk.yandex.ru | udp |
| US | 8.8.8.8:53 | disk.yandex.ru | udp |
| RU | 87.250.250.50:443 | disk.yandex.ru | tcp |
| RU | 87.250.250.50:443 | disk.yandex.ru | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.40:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 87.250.250.119:443 | mc.yandex.ru | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | disk.yandex.ru | udp |
| US | 8.8.8.8:53 | disk.yandex.ru | udp |
| US | 8.8.8.8:53 | disk.yandex.ru | udp |
| US | 8.8.8.8:53 | disk.yandex.ru | udp |
| BE | 2.17.107.105:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| RU | 77.88.55.88:443 | yandex.ru | tcp |
| RU | 77.88.55.88:443 | yandex.ru | tcp |
| US | 8.8.8.8:53 | 119.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.55.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.131.154.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.mds.yandex.net | udp |
| US | 8.8.8.8:53 | avatars.mds.yandex.net | udp |
| US | 8.8.8.8:53 | ads.adfox.ru | udp |
| US | 8.8.8.8:53 | ads.adfox.ru | udp |
| RU | 87.250.247.181:443 | avatars.mds.yandex.net | tcp |
| RU | 77.88.21.179:443 | ads.adfox.ru | tcp |
| US | 8.8.8.8:53 | an.yandex.ru | udp |
| US | 8.8.8.8:53 | an.yandex.ru | udp |
| RU | 213.180.193.90:443 | an.yandex.ru | tcp |
| RU | 213.180.193.90:443 | an.yandex.ru | tcp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | disk.yandex.ru | udp |
| US | 8.8.8.8:53 | storage.mds.yandex.net | udp |
| US | 8.8.8.8:53 | storage.mds.yandex.net | udp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 213.180.204.158:443 | storage.mds.yandex.net | tcp |
| RU | 213.180.193.90:443 | an.yandex.ru | tcp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 8.8.8.8:53 | ysa-static.passport.yandex.ru | udp |
| US | 8.8.8.8:53 | ysa-static.passport.yandex.ru | udp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| US | 8.8.8.8:53 | ysa-static.passport.yandex.ru | udp |
| RU | 213.180.193.90:443 | an.yandex.ru | tcp |
| US | 8.8.8.8:53 | ysa-static.passport.yandex.ru | udp |
| US | 8.8.8.8:53 | ysa-static.passport.yandex.ru | udp |
| US | 8.8.8.8:53 | favicon.yandex.net | udp |
| US | 8.8.8.8:53 | favicon.yandex.net | udp |
| RU | 93.158.134.36:443 | favicon.yandex.net | tcp |
| US | 8.8.8.8:53 | downloader.disk.yandex.ru | udp |
| US | 8.8.8.8:53 | downloader.disk.yandex.ru | udp |
| US | 8.8.8.8:53 | downloader.disk.yandex.ru | udp |
| US | 8.8.8.8:53 | disk.yandex.ru | udp |
| RU | 77.88.21.127:443 | downloader.disk.yandex.ru | tcp |
| US | 8.8.8.8:53 | 179.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.247.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.193.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.204.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.255.255.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s356sas.storage.yandex.net | udp |
| US | 8.8.8.8:53 | s356sas.storage.yandex.net | udp |
| US | 8.8.8.8:53 | s356sas.storage.yandex.net | udp |
| RU | 37.9.68.79:443 | s356sas.storage.yandex.net | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | dl-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 127.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.68.9.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | app-edge.smartscreen.microsoft.com | tcp |
| BE | 88.221.83.187:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 187.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.134.158.93.in-addr.arpa | udp |
| BE | 2.17.107.105:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 690000cm.n9shteam3.top | udp |
| US | 104.21.79.128:80 | 690000cm.n9shteam3.top | tcp |
| US | 8.8.8.8:53 | 128.79.21.104.in-addr.arpa | udp |
| US | 104.21.79.128:80 | 690000cm.n9shteam3.top | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
Files
C:\SavesMonitor\RmK92.vbe
| MD5 | 252c8a936c61108036239630f110d0b9 |
| SHA1 | 765fa5076b12b640ab968cc5279b540e9f161341 |
| SHA256 | d16aa2383787258cc998e0f6a1d48f62ceb3c11068355c2eed26cdd74dc97b34 |
| SHA512 | d333fa3186c904c52b5685bb3e9197f25a0a4980955d973e1e99a84433821ebf5dcdb1faad21e5554eea940bd219fb92cf92e77e6be72d187692ae22e3856de5 |
C:\SavesMonitor\CXb1cErhNTIpSAGADF.bat
| MD5 | a65e78a870380ac9c4ba083569959d4a |
| SHA1 | 8d6c9d55106b4ac275b873db16c069a27b79609f |
| SHA256 | d82e913f336059d8b7e9adf0832357d82b746230c75a997613b00714e86ddf30 |
| SHA512 | 9021e5dc54bff72ccb2b62d6c13f44dbb90c04f4b88513bbee04b559290bf93f149cdfb574cc8ce6d645237e9f7effb0b5e267d33db1d0ecafe2da7a159e2b44 |
C:\SavesMonitor\Blockcontainerproviderdhcp.exe
| MD5 | 6c43270f19233761545141a2175d00bc |
| SHA1 | 2af739400dd238badc0b7e9ce3d45e1eb0023e48 |
| SHA256 | 27b5ff20a635463564a1b19868af62916c29453654d703aee7482b391b554de4 |
| SHA512 | b43a8964c58fb933a80bcdd8b688d8ffda33a832e831ae8c2b54323908c5fe7c87953f24836ee987802d9429f1cd313947d3df988a90817f651edcf89c6586d6 |
memory/5360-12-0x0000000000610000-0x00000000007EA000-memory.dmp
memory/5360-14-0x000000001B3A0000-0x000000001B3AE000-memory.dmp
memory/5360-16-0x000000001B420000-0x000000001B43C000-memory.dmp
memory/5360-17-0x000000001B490000-0x000000001B4E0000-memory.dmp
memory/5360-19-0x000000001B440000-0x000000001B458000-memory.dmp
memory/5360-21-0x000000001B400000-0x000000001B40C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Bza2MO65mN.bat
| MD5 | 572e5b8ad26a8182890e47673d0b5654 |
| SHA1 | 61165e46d11316ac42010ca9fe9a6fa782872f32 |
| SHA256 | 3dc183225d21b68ead3d658bb1d2f20920ff32ef25d70e1463de199691a9f793 |
| SHA512 | a872d2731acb541877ef1ecb1f9ea62ecb71b22647fdd4a3b4aff40e348a25ff02d3311c8e59d3e615931393519724d7baa956951e353cb512f8f1515312fd53 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Blockcontainerproviderdhcp.exe.log
| MD5 | 1eff74e45bb1f7104e691358cb209546 |
| SHA1 | 253b13ffad516cc34704f5b882c6fa36953a953f |
| SHA256 | 7ad96be486e6058b19446b95bb734acdaf4addc557b2d059a66ee1acfe19b3fc |
| SHA512 | 44163ed001baf697ce66d3b386e13bf5cb94bc24ce6b1ae98665d766d5fcdf0ca28b41ecc26c5f11bbea117ac17099e87f204f9d5469bb102a769548edeead7e |