Analysis Overview
SHA256
9a697d8f7158b3e91f0a01f9196590114c443bb5acdbc17cc3822046283b2a5d
Threat Level: Known bad
The file Feather Nowy.exe was found to be: Known bad.
Malicious Activity Summary
Detect Xworm Payload
Xworm family
Xworm
Command and Scripting Interpreter: PowerShell
Drops startup file
Executes dropped EXE
Looks up external IP address via web service
Adds Run key to start application
Unsigned PE
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-20 20:36
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-20 20:36
Reported
2024-06-20 22:03
Platform
win10-20240404-en
Max time kernel
1799s
Max time network
1794s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Feather Patch Nowy.lnk | C:\Users\Admin\AppData\Local\Temp\Feather Nowy.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Feather Patch Nowy.lnk | C:\Users\Admin\AppData\Local\Temp\Feather Nowy.exe | N/A |
Executes dropped EXE
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Windows\CurrentVersion\Run\Feather Patch Nowy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Feather Patch Nowy.exe" | C:\Users\Admin\AppData\Local\Temp\Feather Nowy.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Enumerates physical storage devices
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Feather Nowy.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Feather Nowy.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Feather Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Nowy.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Feather Nowy.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Feather Nowy.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Feather Patch Nowy.exe'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Feather Patch Nowy" /tr "C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
"C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| N/A | 127.0.0.1:33694 | tcp | |
| US | 8.8.8.8:53 | lake-french.gl.at.ply.gg | udp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:33694 | tcp | |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:33694 | tcp | |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| N/A | 127.0.0.1:33694 | tcp | |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | lake-french.gl.at.ply.gg | udp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:33694 | tcp | |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:33694 | tcp | |
| N/A | 127.0.0.1:33694 | tcp | |
| US | 8.8.8.8:53 | lake-french.gl.at.ply.gg | udp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:33694 | tcp | |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:33694 | tcp | |
| N/A | 127.0.0.1:33694 | tcp | |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:33694 | tcp | |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:33694 | tcp | |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:33694 | tcp | |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:33694 | tcp | |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:33694 | tcp | |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | lake-french.gl.at.ply.gg | udp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:33694 | tcp | |
| N/A | 127.0.0.1:33694 | tcp | |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:33694 | tcp | |
| N/A | 127.0.0.1:33694 | tcp | |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:33694 | tcp | |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:33694 | tcp | |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | lake-french.gl.at.ply.gg | udp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:33694 | tcp | |
| N/A | 127.0.0.1:33694 | tcp | |
| N/A | 127.0.0.1:33694 | tcp | |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | lake-french.gl.at.ply.gg | udp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:33694 | tcp | |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
| N/A | 127.0.0.1:33694 | tcp | |
| US | 147.185.221.20:33694 | lake-french.gl.at.ply.gg | tcp |
Files
memory/2584-0-0x00007FFD204C3000-0x00007FFD204C4000-memory.dmp
memory/2584-1-0x0000000000100000-0x000000000012E000-memory.dmp
memory/2584-2-0x00007FFD204C0000-0x00007FFD20EAC000-memory.dmp
memory/5004-7-0x00007FFD204C0000-0x00007FFD20EAC000-memory.dmp
memory/5004-8-0x00007FFD204C0000-0x00007FFD20EAC000-memory.dmp
memory/5004-9-0x00007FFD204C0000-0x00007FFD20EAC000-memory.dmp
memory/5004-10-0x00000220200F0000-0x0000022020112000-memory.dmp
memory/5004-13-0x0000022020410000-0x0000022020486000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cm4iazdb.qjq.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/5004-51-0x00007FFD204C0000-0x00007FFD20EAC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | ad5cd538ca58cb28ede39c108acb5785 |
| SHA1 | 1ae910026f3dbe90ed025e9e96ead2b5399be877 |
| SHA256 | c9e6cb04d6c893458d5a7e12eb575cf97c3172f5e312b1f63a667cbbc5f0c033 |
| SHA512 | c066c5d9b276a68fa636647bb29aea05bfa2292217bc77f5324d9c1d93117772ee8277e1f7cff91ec8d6b7c05ca078f929cecfdbb09582522a9067f54740af13 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | bdbad6a86e04bae65118b6531109bd00 |
| SHA1 | d50d8630f46e4f2b637b0f8838aae910ca167c38 |
| SHA256 | 5aa7a12a20f540c82178a46608085ccb9848b6d5ec5823b03ee11ff4aa6d3e0a |
| SHA512 | 71bd1dbb7e9cabeccd1a2be6e85c7a618741605d9e648db6d2d8a34565fb4b0b4e3ef460f2f7dc7cd8101fe27433858d32ad006dc6d79a969a7ad875181571f0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 420d555c1f8df0f2f14ec9e3943af798 |
| SHA1 | 9523a5d061a168db09fe06d4684d134db22e6294 |
| SHA256 | 1a7faa0a8940bf40096f4d67545f0dbdece799fa44ab13c4da81e32b250093c2 |
| SHA512 | 97081bffb96fdcf31fe50445f2bf008024422f7726f84a16b09f49390dccfa3b22f0a566c0b45776658a285ead54d1cec54de8b8092eac115607328afcc07c8a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 2e79945ce140664d3b2387c54dc1be1c |
| SHA1 | b6644078746ee136660a13dd07278f7380fdb201 |
| SHA256 | 21de5acffd74d2de9db81d3bb3fc1dd9e0c85f6f56c18c76769e362a898b5003 |
| SHA512 | a80bb6ff7673b7a062ded5b7e39e491199fcdba8f17220f602e4a56a8f9d928a62bc176f20c1cc2300b507adc11be142d5255f5f77f1a43824e1a62ff404d081 |
memory/2584-186-0x00007FFD204C3000-0x00007FFD204C4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Feather Patch Nowy.exe
| MD5 | dbf36667c73c5e1bd6dcf2005c84aa29 |
| SHA1 | 1db961a84cc78184868aecc362067162bef19397 |
| SHA256 | 9a697d8f7158b3e91f0a01f9196590114c443bb5acdbc17cc3822046283b2a5d |
| SHA512 | 0798159097fc143b03573b8129af4b34a7304ae515723819dd818a63c2dcdf434c98c4d5cddd8c9e648c0d36e133ad3f95edbf175b32cce1d7fd31a191b7eeab |
memory/2584-189-0x00007FFD204C0000-0x00007FFD20EAC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Feather Patch Nowy.exe.log
| MD5 | 16c5fce5f7230eea11598ec11ed42862 |
| SHA1 | 75392d4824706090f5e8907eee1059349c927600 |
| SHA256 | 87ba77c13905298acbac72be90949c4fe0755b6eff9777615aa37f252515f151 |
| SHA512 | 153edd6da59beea6cc411ed7383c32916425d6ebb65f04c65aab7c1d6b25443d143aa8449aa92149de0ad8a975f6ecaa60f9f7574536eec6b38fe5fd3a6c6adc |