Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
20/11/2024, 21:57
Static task
static1
Behavioral task
behavioral1
Sample
3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe
Resource
win10v2004-20241007-en
General
-
Target
3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe
-
Size
767KB
-
MD5
27cd44d454364f2d822eaace466fed38
-
SHA1
3019af2f3dd3d2de1c101be8d92c27fd25c40e5b
-
SHA256
3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d
-
SHA512
2ff8c1e56e3dc0f2e576af34b0ebb1041563b5f12d19a38c112f107090d6051deed5d35f42189858cae4d5140cf062e99c9ce3defc0997a9ff71afff140446d2
-
SSDEEP
12288:uFUNDat1JSgyPzsB7kmIFZUUvHqnuFT+wUV5/ZhReTr6dARuYKpQZ8gZ5NOij:uFOa/0BG9gGUvH+uwwsqtOij
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" svchost.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe -
Executes dropped EXE 7 IoCs
pid Process 836 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 1956 icsys.icn.exe 1828 explorer.exe 1344 spoolsv.exe 4212 svchost.exe 3896 Activator.exe 5084 spoolsv.exe -
Adds Run key to start application 2 TTPs 4 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" svchost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" svchost.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\explorer.exe explorer.exe File opened for modification C:\Windows\SysWOW64\explorer.exe svchost.exe -
Drops file in Windows directory 5 IoCs
description ioc Process File opened for modification C:\Windows\Resources\Themes\icsys.icn.exe 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe File opened for modification \??\c:\windows\resources\themes\explorer.exe icsys.icn.exe File opened for modification \??\c:\windows\resources\spoolsv.exe explorer.exe File opened for modification \??\c:\windows\resources\svchost.exe spoolsv.exe File opened for modification C:\Windows\Resources\tjud.exe explorer.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language spoolsv.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language spoolsv.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language icsys.icn.exe -
Modifies registry class 20 IoCs
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 Activator.exe Set value (int) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" Activator.exe Set value (data) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff Activator.exe Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell Activator.exe Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags Activator.exe Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 Activator.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ Activator.exe Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell Activator.exe Set value (data) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff Activator.exe Set value (data) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000 Activator.exe Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 Activator.exe Set value (data) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots Activator.exe Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 Activator.exe Set value (data) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff Activator.exe Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" Activator.exe Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ Activator.exe Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings Activator.exe Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU Activator.exe Set value (data) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 Activator.exe Set value (data) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff Activator.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1956 icsys.icn.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 4212 svchost.exe 1828 explorer.exe -
Suspicious use of SetWindowsHookEx 24 IoCs
pid Process 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 1956 icsys.icn.exe 1956 icsys.icn.exe 1828 explorer.exe 1828 explorer.exe 1344 spoolsv.exe 1344 spoolsv.exe 4212 svchost.exe 4212 svchost.exe 5084 spoolsv.exe 5084 spoolsv.exe 3896 Activator.exe 3896 Activator.exe 3896 Activator.exe 3896 Activator.exe 3896 Activator.exe 3896 Activator.exe 3896 Activator.exe 3896 Activator.exe 3896 Activator.exe 3896 Activator.exe 3896 Activator.exe 3896 Activator.exe -
Suspicious use of WriteProcessMemory 20 IoCs
description pid Process procid_target PID 628 wrote to memory of 836 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 84 PID 628 wrote to memory of 836 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 84 PID 628 wrote to memory of 836 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 84 PID 628 wrote to memory of 1956 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 85 PID 628 wrote to memory of 1956 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 85 PID 628 wrote to memory of 1956 628 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 85 PID 1956 wrote to memory of 1828 1956 icsys.icn.exe 86 PID 1956 wrote to memory of 1828 1956 icsys.icn.exe 86 PID 1956 wrote to memory of 1828 1956 icsys.icn.exe 86 PID 1828 wrote to memory of 1344 1828 explorer.exe 87 PID 1828 wrote to memory of 1344 1828 explorer.exe 87 PID 1828 wrote to memory of 1344 1828 explorer.exe 87 PID 836 wrote to memory of 3896 836 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 88 PID 836 wrote to memory of 3896 836 3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe 88 PID 1344 wrote to memory of 4212 1344 spoolsv.exe 90 PID 1344 wrote to memory of 4212 1344 spoolsv.exe 90 PID 1344 wrote to memory of 4212 1344 spoolsv.exe 90 PID 4212 wrote to memory of 5084 4212 svchost.exe 91 PID 4212 wrote to memory of 5084 4212 svchost.exe 91 PID 4212 wrote to memory of 5084 4212 svchost.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe"C:\Users\Admin\AppData\Local\Temp\3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:628 -
\??\c:\users\admin\appdata\local\temp\3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exec:\users\admin\appdata\local\temp\3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:836 -
C:\Users\Admin\AppData\Local\Temp\ckz_NDRP\Activator.exe"C:\Users\Admin\AppData\Local\Temp\ckz_NDRP\Activator.exe"3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3896
-
-
-
C:\Windows\Resources\Themes\icsys.icn.exeC:\Windows\Resources\Themes\icsys.icn.exe2⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1956 -
\??\c:\windows\resources\themes\explorer.exec:\windows\resources\themes\explorer.exe3⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1828 -
\??\c:\windows\resources\spoolsv.exec:\windows\resources\spoolsv.exe SE4⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1344 -
\??\c:\windows\resources\svchost.exec:\windows\resources\svchost.exe5⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4212 -
\??\c:\windows\resources\spoolsv.exec:\windows\resources\spoolsv.exe PR6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5084
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\3a9837b6435b62d0caeac4c051bfd5f640fc8cfefb0d6090743b6290f4b3648d.exe
Filesize646KB
MD55dcf8b61cb54552f12ef76a8e9051049
SHA1c4ad616c976e77d3ab7debc86983442d30fca158
SHA256be77b0bcd4a4ca799b9dd768e931a747be97f9770edc87b5dd6bd5c0558a5af5
SHA5124555a0a937f7f40fdc03a9d0ed680065ef10849d87ec64d4b2fc5061ff8d7745031502e702fc5a396090658a925f7e13ff775cf7c337ec61b2a635cf4c523f03
-
Filesize
262KB
MD54b54c2c5ac3d82da68c2acf328dd1d24
SHA1632ffbdf3a0257b83b009508c69a5ee4fe4b9781
SHA256e35748b6ecd496f4c2aa26db894e1e7b61fbe44501aa2ee5d44103f87bf68420
SHA5122ffc781347c468b11b18c91fcd49b48998f589bbb0add0939b448ba1dd5010fa24b299218dd09f5f00ae68a29782c9cbefa17a543453c8bf3272b233021e9e37
-
Filesize
130KB
MD5a88529705c2f6a371c8372ee612464a1
SHA136259fa5cc1bdd23af409bb88845542d7536582e
SHA256a5ca198d2cd5e6b7bbd37d1fd2453ffa609019afba654ff8ca29b0751ee2ba63
SHA512aff932852c95eb269e92f36545add30135802266bc76867e8f4be5d57649707f276e95bc6ce6352d8d168f1db45027d2d6d41c0bbf1471009cd39f026adc0a3b
-
Filesize
121KB
MD5c8481b583be0bdd69350f9e5a22eb22a
SHA147295aedb88e000cfb3048be15b7194fb69c8bfd
SHA2566a502ed8a7760463483209d536ab740d0beff9b6c3c57dc0a62cb7be4ab8eaf9
SHA5128bfcf2f8c01f12fed0f4848f05ae8cf71b68520fd5afe34c0626866f6b28c0c56069be0fb616df84b614ca48082e2cc58871933b64163da355479ec942ab7dfe
-
Filesize
130KB
MD5faa0080c99c5d321bd3320653ac62ebc
SHA15c190bd720806dca3196a6399e605b6908895394
SHA25658eb9114c41bed6d31c0d0598ab38e3aea908183a4e49cfc812b55b98a7a72fb
SHA512df537b717a715326dbe51267acd32a9a31c5bcc3dbe18808e5457ff27c1a4317e6832effe83f7121b1423c3f8fee51e525a60a5024b5a16dccf60d61e9d721c8
-
Filesize
130KB
MD5613552a2171b3facd3191eba470381b8
SHA14eff1dcf67345f2fdc1df905cc5fcf9e4e68a49d
SHA256b884cd031b577e180166c2b784e1951831803d5f19e82f8fce79af57c4d6fcaa
SHA5120a6f4fb324675c6997da703357526dc006e4b9c0e921bb54ab57086346b698e8ae372a146750c285c405f850beba53709eefccd39460e871379d8abbe74fb039