Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
18/10/2024, 12:34
Static task
static1
Behavioral task
behavioral1
Sample
8934b0d98f8c56d6f1dc2f1b94d0b4ecffaac5e14bd5e45c453b82a04426e041.msi
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
8934b0d98f8c56d6f1dc2f1b94d0b4ecffaac5e14bd5e45c453b82a04426e041.msi
Resource
win10v2004-20241007-en
General
-
Target
8934b0d98f8c56d6f1dc2f1b94d0b4ecffaac5e14bd5e45c453b82a04426e041.msi
-
Size
2.5MB
-
MD5
144b437195e16049c93dca1738fa35fa
-
SHA1
0f7fa6a6c85e95a1a7d5a495752635f5ca102634
-
SHA256
8934b0d98f8c56d6f1dc2f1b94d0b4ecffaac5e14bd5e45c453b82a04426e041
-
SHA512
58da9569a681bda05c0c1585e432ee06b2cafa88f800a70ebb32ff678d178f61c79d9bc41c787f4dbab23b206fba8d341285cf0b7f90fceec9038191c0779430
-
SSDEEP
49152:45hFc/f9r84jEHYDgE5e7vmP5Ferq7I5RJK5k1Qkd6JSHxO:sVHYDgpCxFeVSOxO
Malware Config
Signatures
-
Blocklisted process makes network request 3 IoCs
flow pid Process 4 3032 msiexec.exe 7 3032 msiexec.exe 9 3032 msiexec.exe -
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\O: msiexec.exe -
Drops file in Windows directory 11 IoCs
description ioc Process File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File created C:\Windows\Installer\SourceHash{912F7AB9-CAAE-4260-9629-40CD874BA8A5} msiexec.exe File opened for modification C:\Windows\Installer\MSID9AA.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIDA66.tmp msiexec.exe File created C:\Windows\Installer\e57d726.msi msiexec.exe File opened for modification C:\Windows\Installer\e57d726.msi msiexec.exe File opened for modification C:\Windows\Installer\MSID8CE.tmp msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File opened for modification C:\Windows\Installer\MSID7F1.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSID87F.tmp msiexec.exe -
Executes dropped EXE 2 IoCs
pid Process 3712 MSIDA66.tmp 2028 GUP.exe -
Loads dropped DLL 13 IoCs
pid Process 2176 MsiExec.exe 2176 MsiExec.exe 2176 MsiExec.exe 2176 MsiExec.exe 2176 MsiExec.exe 2176 MsiExec.exe 2176 MsiExec.exe 2176 MsiExec.exe 2176 MsiExec.exe 5016 MsiExec.exe 5016 MsiExec.exe 5016 MsiExec.exe 2028 GUP.exe -
Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
pid Process 3032 msiexec.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 2104 2028 WerFault.exe 112 -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MSIDA66.tmp Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language GUP.exe -
Checks SCSI registry key(s) 3 TTPs 5 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr vssvc.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000001a73a27760024bf60000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800001a73a2770000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809001a73a277000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d1a73a277000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000001a73a27700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters vssvc.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters vssvc.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4356 msiexec.exe 4356 msiexec.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3032 msiexec.exe Token: SeIncreaseQuotaPrivilege 3032 msiexec.exe Token: SeSecurityPrivilege 4356 msiexec.exe Token: SeCreateTokenPrivilege 3032 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 3032 msiexec.exe Token: SeLockMemoryPrivilege 3032 msiexec.exe Token: SeIncreaseQuotaPrivilege 3032 msiexec.exe Token: SeMachineAccountPrivilege 3032 msiexec.exe Token: SeTcbPrivilege 3032 msiexec.exe Token: SeSecurityPrivilege 3032 msiexec.exe Token: SeTakeOwnershipPrivilege 3032 msiexec.exe Token: SeLoadDriverPrivilege 3032 msiexec.exe Token: SeSystemProfilePrivilege 3032 msiexec.exe Token: SeSystemtimePrivilege 3032 msiexec.exe Token: SeProfSingleProcessPrivilege 3032 msiexec.exe Token: SeIncBasePriorityPrivilege 3032 msiexec.exe Token: SeCreatePagefilePrivilege 3032 msiexec.exe Token: SeCreatePermanentPrivilege 3032 msiexec.exe Token: SeBackupPrivilege 3032 msiexec.exe Token: SeRestorePrivilege 3032 msiexec.exe Token: SeShutdownPrivilege 3032 msiexec.exe Token: SeDebugPrivilege 3032 msiexec.exe Token: SeAuditPrivilege 3032 msiexec.exe Token: SeSystemEnvironmentPrivilege 3032 msiexec.exe Token: SeChangeNotifyPrivilege 3032 msiexec.exe Token: SeRemoteShutdownPrivilege 3032 msiexec.exe Token: SeUndockPrivilege 3032 msiexec.exe Token: SeSyncAgentPrivilege 3032 msiexec.exe Token: SeEnableDelegationPrivilege 3032 msiexec.exe Token: SeManageVolumePrivilege 3032 msiexec.exe Token: SeImpersonatePrivilege 3032 msiexec.exe Token: SeCreateGlobalPrivilege 3032 msiexec.exe Token: SeCreateTokenPrivilege 3032 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 3032 msiexec.exe Token: SeLockMemoryPrivilege 3032 msiexec.exe Token: SeIncreaseQuotaPrivilege 3032 msiexec.exe Token: SeMachineAccountPrivilege 3032 msiexec.exe Token: SeTcbPrivilege 3032 msiexec.exe Token: SeSecurityPrivilege 3032 msiexec.exe Token: SeTakeOwnershipPrivilege 3032 msiexec.exe Token: SeLoadDriverPrivilege 3032 msiexec.exe Token: SeSystemProfilePrivilege 3032 msiexec.exe Token: SeSystemtimePrivilege 3032 msiexec.exe Token: SeProfSingleProcessPrivilege 3032 msiexec.exe Token: SeIncBasePriorityPrivilege 3032 msiexec.exe Token: SeCreatePagefilePrivilege 3032 msiexec.exe Token: SeCreatePermanentPrivilege 3032 msiexec.exe Token: SeBackupPrivilege 3032 msiexec.exe Token: SeRestorePrivilege 3032 msiexec.exe Token: SeShutdownPrivilege 3032 msiexec.exe Token: SeDebugPrivilege 3032 msiexec.exe Token: SeAuditPrivilege 3032 msiexec.exe Token: SeSystemEnvironmentPrivilege 3032 msiexec.exe Token: SeChangeNotifyPrivilege 3032 msiexec.exe Token: SeRemoteShutdownPrivilege 3032 msiexec.exe Token: SeUndockPrivilege 3032 msiexec.exe Token: SeSyncAgentPrivilege 3032 msiexec.exe Token: SeEnableDelegationPrivilege 3032 msiexec.exe Token: SeManageVolumePrivilege 3032 msiexec.exe Token: SeImpersonatePrivilege 3032 msiexec.exe Token: SeCreateGlobalPrivilege 3032 msiexec.exe Token: SeCreateTokenPrivilege 3032 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 3032 msiexec.exe Token: SeLockMemoryPrivilege 3032 msiexec.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 3032 msiexec.exe 3032 msiexec.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2028 GUP.exe -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 4356 wrote to memory of 2176 4356 msiexec.exe 89 PID 4356 wrote to memory of 2176 4356 msiexec.exe 89 PID 4356 wrote to memory of 2176 4356 msiexec.exe 89 PID 4356 wrote to memory of 4060 4356 msiexec.exe 108 PID 4356 wrote to memory of 4060 4356 msiexec.exe 108 PID 4356 wrote to memory of 5016 4356 msiexec.exe 110 PID 4356 wrote to memory of 5016 4356 msiexec.exe 110 PID 4356 wrote to memory of 5016 4356 msiexec.exe 110 PID 4356 wrote to memory of 3712 4356 msiexec.exe 111 PID 4356 wrote to memory of 3712 4356 msiexec.exe 111 PID 4356 wrote to memory of 3712 4356 msiexec.exe 111 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\8934b0d98f8c56d6f1dc2f1b94d0b4ecffaac5e14bd5e45c453b82a04426e041.msi1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3032
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4356 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 4FE9D65A9E38B28F9555E13B2BF0954C C2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2176
-
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:22⤵PID:4060
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 7D33B3F39650A9EEB0650A1D86F7551F2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5016
-
-
C:\Windows\Installer\MSIDA66.tmp"C:\Windows\Installer\MSIDA66.tmp" /DontWait "C:\Users\Admin\AppData\Roaming\op\\GUP.EXE"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3712
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
PID:1736
-
C:\Users\Admin\AppData\Roaming\op\GUP.exe"C:\Users\Admin\AppData\Roaming\op\GUP.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2028 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 3762⤵
- Program crash
PID:2104
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2028 -ip 20281⤵PID:2392
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5a44178b207dc260ceb958dda550fb7f2
SHA1ca9a289c0d2f4a29a6df9bf7d2a45d4e33a4d098
SHA256891c81ef68299d46f772f71dab3b7490e3db54df81d991a39d8aa5eea4cb4e37
SHA512d7c57a9ccb6be6a958be5b0e860aad513d27cf9f849431590b0255532ca12c4768d173a709a7cf0c97bcd06e4568ed6d354ed7e4df2c6c372f4a91cbd9cfbe69
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_1F8F5C0F188BC014D5B60763F6F6FCF1
Filesize1KB
MD5df7981274a9968d5da53315ece2e643a
SHA1c27f13c4db69bbae29842c70ba9d8a2d6a1c7ffb
SHA256fbc4005a2b0253a8e58b2b8a705b6b9db68f74e21a179820b9d2ef0882a1bf56
SHA5121d5a92545aaba6e7155ac6c5dd7a3f75ce7f2e7aea45e3b6a5db609d91a9ca4ca59f9fe76205f7812a90302c4c59386577bc8a1a0151de2b0128276680c02cc1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
Filesize1KB
MD556fba59d9c1836bc558083b27840258f
SHA1bcb73316886479bf39f94ab2394c84484b33d81f
SHA256ecaaccf2b8a7eb9312ff73f15d8adffa5389c5c6e81a91b407d16ba27c468f3e
SHA5120e30e83bc1cac24fd0e150fef06c43ad0b55c6875b1b2ed84595c77059cd062ff1d1cd9f9297f3240bf9fe1f2ce31c46d9b37b0dcf429641e9dddbd8fcb55d19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_1F8F5C0F188BC014D5B60763F6F6FCF1
Filesize536B
MD5240188dbfe4ae3d6b0245676a4db76cb
SHA1d120e49613183cda0cf325fc750a3f3cad638089
SHA256cba81d5cf2a19dfd013ed731e7655d673ce426905d71caa36c97039f001d9e57
SHA5125473ad4bbc574929d2e7beef613ecf1768ad1c5c8a029c6b65ea1c709416e1faa2a6e5eab1f8f00a4e5af1fee26f257a57c9366db4c55019606b5f0ea768a870
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
Filesize536B
MD5fcd882d60931e22cf48b27f6f29c230f
SHA1a3e80f86dc11b01a7ea0f09feb2b73552eadbb15
SHA256796d78fc1cc5e0db18bc7d209a3ed2cd47439f771170957f4206913d3ffd7f22
SHA5126e3be6b0d4764e1eb0605210166bf5056b951c3cca4c672b7d62f30a466590a0399e9208717eeb93bdf3b73b02092dbb3237a1dcef6a997db0d8db313186b4a6
-
Filesize
376B
MD53497fbaa936b2c866ee9f90ccbbcddac
SHA12bbb035b7aa1f17257474a2d68686c59baf8e4e0
SHA256be34e18ab1a8f734a82ec4b60999935b70aaf4317f485b418c709ff7dcdd6bdb
SHA5124efc3efe287d0863082f2cdd50d98deb558f67abe6f793906b71138b1baad25d1471f11f807e977cb2ae7946fa06c19156f4af67a18c230e29d111f10cae4061
-
Filesize
904KB
MD5421643ee7bb89e6df092bc4b18a40ff8
SHA1e801582a6dd358060a699c9c5cde31cd07ee49ab
SHA256d6b89fd5a95071e7b144d8bedcb09b694e9cd14bfbfafb782b17cf8413eac6da
SHA512d59c4ec7690e535da84f94bef2be7f94d6bfd0b2908fa9a67d0897abe8a2825fd52354c495ea1a7f133f727c2ee356869cc80bacf5557864d535a72d8c396023
-
Filesize
617KB
MD57be4b26502bb2a8ed4982805b590dec5
SHA1afa1ee71fe23c4e7f8fc0195f5fb4a3d968500b6
SHA25697e196b8aa0694ecf37bddab2ade90ffba78251af7e49f6a24adea0a6ee704b3
SHA512013ce05ca4982b8bbafa33b4011b1a2731c605f581223557ef66cf75df96307d5b2444a9ccb28b3ff39e34ad989e2d5b931ab9bfcccd7dd5f63eabdb726ab749
-
Filesize
4KB
MD530823e98edc86ac1c1b71ba49366bb86
SHA11fbaedf0850c6bb298d81843a174fe2ed0d09388
SHA256f26e3a06fc46eefb24d2d412c5e5ed1bc97ec14e2b7d8670aea0736ce7fb15dd
SHA5126a907ec6e57d4a7ee0eac473df439db48d4c3457d440417a0a1908e1e8fbc7a15955166dc5d4b2c2dc42e92caa73c74c12b7f9b477c9991ee677a93cd3aa45f5
-
Filesize
840KB
MD59b73c82d8f0e6cae3bce7b2fc98b3383
SHA124dd9872261cfb6931b2b400fffc9b9bdd4d5455
SHA256795778587d86ee3aa3d2f628e8d3994b8735c5528413b4298afac8b6a683aefb
SHA5125e1aa7783c7bed7b821065cc6a775b98114ea54c840499dc896de27c331375f4b5e5cd1c6550c160b05b6bc64dd4669dcfdcec861de9376d745bc9a3d5e80909
-
Filesize
406KB
MD5d2f8c062aba50ca096cbd5387a2d0b8b
SHA104f07790822954d02458d93fba83208ca5223a1a
SHA256ea6094300c250528ffae4e7972d84eb5b45cfbd018133516c166e40e89ed65bf
SHA512f51bf12be51832cd7190c255234c558094c0135e8bf05ffd67c2f4a8b0233161fa71c44e86b107956e4b75f5e2a28da58736da61a71f0c600ec1cf1b4e9e86fa
-
Filesize
24.1MB
MD5c6c90c06b53b62a715102d976b693f0a
SHA1dc68c68ac42022b0b14403d1dac296daa17f1a64
SHA2567797912598f54c85df0a56fa0257ccadf9e1e0db2e9c0d8040bf49c859ab07be
SHA5120c7bf3a77d16c67e9e4bf5cd5a3468277819c24069b9b2a7c13af8d7f22b49145fd4394c7568394b19a041a42d8943f8d7697687bd119165b3b6e0584a5256f7
-
\??\Volume{77a2731a-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{4370a97d-0950-4db2-86a9-46e8a579f44a}_OnDiskSnapshotProp
Filesize6KB
MD56940652ed4e5f32d616ff735f5887b1b
SHA145907a0a599c98e54245182f89a68280ed09d347
SHA2562625fe099132c31354824155c7bf0e8f4f45b061a6a16601679637eb1b0c77d6
SHA512f45705515c323cfc653187a8f6e464937f8dd727fc8b7bc7b812052de7b0c480ad87371562755c0cdb3d560f02d032768d18e7c3104b54f8d4b094b33d21b5a4