Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
04/06/2024, 04:23
Static task
static1
Behavioral task
behavioral1
Sample
2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe
Resource
win7-20240508-en
General
-
Target
2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe
-
Size
447KB
-
MD5
2ce35c36903ad6e372ab53011e3b8820
-
SHA1
b804f66019f09df78eb7e02af03244911e3d1a3f
-
SHA256
eb7e28ae2e5f7628fa2838fa3424952ba50e76e8f003b36115a035d19b22662b
-
SHA512
986d80c52febb709076f200ebafcd2b336f7c962b85ae58d0fc6564da8c4353a53c2fa62ce1b6a1251c27ca3785299e74f881de9873b23e7cf42b796fa0ffcc8
-
SSDEEP
12288:hPnA65XwlYgrHy6V17kr8+m73q+pgkxzdxRlabQYtCAZ5cIkKix:hPJwlBrygOW3q49ldx7XIa
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2680 cmd.exe -
Executes dropped EXE 2 IoCs
pid Process 2712 Logo1_.exe 2828 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe -
Loads dropped DLL 1 IoCs
pid Process 2680 cmd.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral1/files/0x0037000000015406-21.dat upx behavioral1/memory/2828-25-0x0000000000400000-0x00000000004F4000-memory.dmp upx behavioral1/memory/2828-32-0x0000000000400000-0x00000000004F4000-memory.dmp upx -
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\P: Logo1_.exe File opened (read-only) \??\L: Logo1_.exe File opened (read-only) \??\J: Logo1_.exe File opened (read-only) \??\H: Logo1_.exe File opened (read-only) \??\G: Logo1_.exe File opened (read-only) \??\Y: Logo1_.exe File opened (read-only) \??\U: Logo1_.exe File opened (read-only) \??\S: Logo1_.exe File opened (read-only) \??\O: Logo1_.exe File opened (read-only) \??\I: Logo1_.exe File opened (read-only) \??\K: Logo1_.exe File opened (read-only) \??\Z: Logo1_.exe File opened (read-only) \??\W: Logo1_.exe File opened (read-only) \??\V: Logo1_.exe File opened (read-only) \??\R: Logo1_.exe File opened (read-only) \??\Q: Logo1_.exe File opened (read-only) \??\X: Logo1_.exe File opened (read-only) \??\T: Logo1_.exe File opened (read-only) \??\N: Logo1_.exe File opened (read-only) \??\M: Logo1_.exe File opened (read-only) \??\E: Logo1_.exe -
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule behavioral1/memory/2828-32-0x0000000000400000-0x00000000004F4000-memory.dmp autoit_exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\_desktop.ini Logo1_.exe File created C:\Program Files\Google\Chrome\Application\_desktop.ini Logo1_.exe File created C:\Program Files\Windows Sidebar\it-IT\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Common Files\DESIGNER\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\_desktop.ini Logo1_.exe File created C:\Program Files\Microsoft Games\Hearts\es-ES\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\locale\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Common Files\microsoft shared\TextConv\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ICE\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\_desktop.ini Logo1_.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Microsoft Games\Purble Place\fr-FR\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\bs\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\locale\mk\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\locale\pa\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\css\_desktop.ini Logo1_.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe Logo1_.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.data\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jre7\bin\ssvagent.exe Logo1_.exe File opened for modification C:\Program Files\Windows Sidebar\fr-FR\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\_desktop.ini Logo1_.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\DAO\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\MSBuild\Microsoft\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Windows NT\Accessories\en-US\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jre7\bin\rmiregistry.exe Logo1_.exe File created C:\Program Files\Microsoft Games\More Games\it-IT\_desktop.ini Logo1_.exe File created C:\Program Files\Microsoft Games\Multiplayer\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Stationery\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Triedit\fr-FR\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Windows Mail\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\locale\he\_desktop.ini Logo1_.exe File created C:\Program Files\Windows Defender\es-ES\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe Logo1_.exe File created C:\Program Files\VideoLAN\VLC\plugins\spu\_desktop.ini Logo1_.exe File created C:\Program Files\Windows Photo Viewer\fr-FR\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\en-US\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Microsoft Office\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Reference Assemblies\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jre7\bin\pack200.exe Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\lua\sd\_desktop.ini Logo1_.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\it-IT\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Internet Explorer\SIGNUP\_desktop.ini Logo1_.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File created C:\Windows\rundl132.exe 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe File created C:\Windows\Logo1_.exe 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe File opened for modification C:\Windows\rundl132.exe Logo1_.exe File created C:\Windows\Dll.dll Logo1_.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 43 IoCs
pid Process 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe 2712 Logo1_.exe -
Suspicious use of FindShellTrayWindow 10 IoCs
pid Process 2828 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 2828 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 2828 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 2828 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 2828 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 2828 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 2828 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 2828 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 2828 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 2828 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe -
Suspicious use of SendNotifyMessage 10 IoCs
pid Process 2828 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 2828 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 2828 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 2828 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 2828 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 2828 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 2828 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 2828 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 2828 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 2828 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 38 IoCs
description pid Process procid_target PID 1580 wrote to memory of 3004 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 28 PID 1580 wrote to memory of 3004 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 28 PID 1580 wrote to memory of 3004 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 28 PID 1580 wrote to memory of 3004 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 28 PID 3004 wrote to memory of 3000 3004 net.exe 30 PID 3004 wrote to memory of 3000 3004 net.exe 30 PID 3004 wrote to memory of 3000 3004 net.exe 30 PID 3004 wrote to memory of 3000 3004 net.exe 30 PID 1580 wrote to memory of 2680 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 31 PID 1580 wrote to memory of 2680 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 31 PID 1580 wrote to memory of 2680 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 31 PID 1580 wrote to memory of 2680 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 31 PID 1580 wrote to memory of 2712 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 33 PID 1580 wrote to memory of 2712 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 33 PID 1580 wrote to memory of 2712 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 33 PID 1580 wrote to memory of 2712 1580 2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe 33 PID 2712 wrote to memory of 2632 2712 Logo1_.exe 34 PID 2712 wrote to memory of 2632 2712 Logo1_.exe 34 PID 2712 wrote to memory of 2632 2712 Logo1_.exe 34 PID 2712 wrote to memory of 2632 2712 Logo1_.exe 34 PID 2680 wrote to memory of 2828 2680 cmd.exe 36 PID 2680 wrote to memory of 2828 2680 cmd.exe 36 PID 2680 wrote to memory of 2828 2680 cmd.exe 36 PID 2680 wrote to memory of 2828 2680 cmd.exe 36 PID 2632 wrote to memory of 2636 2632 net.exe 37 PID 2632 wrote to memory of 2636 2632 net.exe 37 PID 2632 wrote to memory of 2636 2632 net.exe 37 PID 2632 wrote to memory of 2636 2632 net.exe 37 PID 2712 wrote to memory of 2488 2712 Logo1_.exe 38 PID 2712 wrote to memory of 2488 2712 Logo1_.exe 38 PID 2712 wrote to memory of 2488 2712 Logo1_.exe 38 PID 2712 wrote to memory of 2488 2712 Logo1_.exe 38 PID 2488 wrote to memory of 2592 2488 net.exe 40 PID 2488 wrote to memory of 2592 2488 net.exe 40 PID 2488 wrote to memory of 2592 2488 net.exe 40 PID 2488 wrote to memory of 2592 2488 net.exe 40 PID 2712 wrote to memory of 1192 2712 Logo1_.exe 21 PID 2712 wrote to memory of 1192 2712 Logo1_.exe 21
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1192
-
C:\Users\Admin\AppData\Local\Temp\2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe"2⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1580 -
C:\Windows\SysWOW64\net.exenet stop "Kingsoft AntiVirus Service"3⤵
- Suspicious use of WriteProcessMemory
PID:3004 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"4⤵PID:3000
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\$$a18ED.bat3⤵
- Deletes itself
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2680 -
C:\Users\Admin\AppData\Local\Temp\2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2ce35c36903ad6e372ab53011e3b8820_NeikiAnalytics.exe"4⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2828
-
-
-
C:\Windows\Logo1_.exeC:\Windows\Logo1_.exe3⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2712 -
C:\Windows\SysWOW64\net.exenet stop "Kingsoft AntiVirus Service"4⤵
- Suspicious use of WriteProcessMemory
PID:2632 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"5⤵PID:2636
-
-
-
C:\Windows\SysWOW64\net.exenet stop "Kingsoft AntiVirus Service"4⤵
- Suspicious use of WriteProcessMemory
PID:2488 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"5⤵PID:2592
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
258KB
MD5a4c8106e6b09119bbdf16d697e5562fc
SHA1ca9fc6811703e29f7752f3a13e114fe904d0ebaa
SHA256184bfec75adf37374d96cb6ae5ea764fbeff8618090ad0618eb99cd4d620a606
SHA5128ea21582fc055e1e90fbfc92778c62f6aefa2681504b8c5a7d63e6e27f8064f9dffc4251765d3e3f15737cbc136cfa5c1c1e864246b8808659e56addc75e976d
-
Filesize
478KB
MD55264aab343fc1f53c29d1065346d0010
SHA1db43bc0b28b4ada0c5635db50fd0b64410ab76ad
SHA256d33d56847b353c8207a43aa01cc75527328ebf4bba669e90e29266d1b6fb57dd
SHA512bb4ba1f7c5cae56cef564dd99f1a1fd3e2c656f8004f689a22ea641d886cbb3a19dde3dce5be4cf8cee4ce190170fd8c5390cb9c7c40ae54109559685119a958
-
Filesize
620B
MD5407087bb1fbd8d25f455179c88d22b31
SHA17bcd43ffdd44e648d56b43179dccbc9a733b9628
SHA2569103ad22305055e3fa672c6f6d2b01d9dbfba06a7c5ec1c46ddf594fd84e9d81
SHA5120012104aadc4e3dac7f16cfb9bf43f647cc3ebab29cb575b2471dfe70862c9a0cff7ae2ccb033ae6bfd62281d701f15075ca0e0d4618b8e70ff8886ef1ae0c86
-
Filesize
413KB
MD561f00cd504821ba3727f40ba91c0aa38
SHA11923a6331cf73dde5af1cb5573f35d9cce3a86b6
SHA2567d317c9d43001251d8ba8ad9c81d2959e8a8030927ff3b7ed6a3b91840409552
SHA512f1efd9094f5a6a14e19b2e418605c65be4fc0505e231072503786caefb42651ff9df2d3504c7bb84373097cc25651e495be85003ae45e81bd5e0ce22bb489935
-
Filesize
33KB
MD5a20cdac89a48ae7a0f01bd4686d6cd5f
SHA1df10d5972a5960f8f318e76140a3a2797a62fd3e
SHA2565fc2bdd002b6e88ab0ad4cd67d58daa3c9e2a58df0ad9579d540f6e2320f8c89
SHA5120c2227986fc0fab88c8dcd796f8cc235f8c155c99af38c5210448657d4dfafa387eb4747e118d89baa7cbaa0eb74ad30bebcb1e04fafbe64ef11920358691797
-
Filesize
8B
MD5378d822ce12583d0d584184af22d1d77
SHA1c062ac770b028df6db676099e02f09fc2f77b171
SHA2561ad01f8e46c86dfa34468e306eabe54b58d56134130b53ea7677961e3baaf6c7
SHA51223cf7b916de734c6bb6fd3b2beee21f3e82bc95e93d8662dca818d7cf13602706f22671dce61388b2a7e0b613c07c70512331c4132759b16cf438cb1750bc397