Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
30s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
28/02/2025, 18:15
Static task
static1
Behavioral task
behavioral1
Sample
Selfbot-Nuker-main.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Selfbot-Nuker-main.exe
Resource
win10v2004-20250217-en
General
-
Target
Selfbot-Nuker-main.exe
-
Size
17.7MB
-
MD5
3e4117a34bb9bc2fcf82f8bc87d0982c
-
SHA1
d2db9067dd2e90f2087b04b21c457aa63893f44d
-
SHA256
bd93f5ec14947b02c0ad9bc3c707c36f00f5c1ae5634cd1c646f366b46b67df8
-
SHA512
50701149e5ab6a8bbf4dbd8d3d6b6a67974d8a337395683b32b17cf40bb0db3dd9627503a7cd0b69913b845a738a7d2f33c8d2268bbb36fe62ad6d2ddbc92361
-
SSDEEP
393216:tuaKWm5FedYT2r13CUqPlnPWVAjIp/G5Z5Usu8xDutyxn7i7eRavID:tuVzjedY6rpCDv3FUT8xDutyxZRavID
Malware Config
Extracted
xworm
3.0
girl-resulted.gl.at.ply.gg:38526
D76sOUoFUfoFRQ3c
-
Install_directory
%AppData%
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 2 IoCs
resource yara_rule behavioral1/files/0x0031000000015d5c-29.dat family_xworm behavioral1/memory/1976-40-0x0000000000BA0000-0x0000000000BB2000-memory.dmp family_xworm -
Xworm family
-
Adds policy Run key to start application 2 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "c:\\directory\\CyberGate\\install\\server.exe" server.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run server.exe Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "c:\\directory\\CyberGate\\install\\server.exe" server.exe -
Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
description ioc Process Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{CG08B0E5JF-4FCB-11CF-AAA5-00401C6XX500} server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CG08B0E5JF-4FCB-11CF-AAA5-00401C6XX500}\StubPath = "c:\\directory\\CyberGate\\install\\server.exe Restart" server.exe -
Executes dropped EXE 8 IoCs
pid Process 2400 Built.exe 1976 windows.exe 3044 Built.exe 264 server.exe 864 Hackz Nuker.exe 2028 Hackz Nuker.exe 2328 server.exe 1192 Explorer.EXE -
Loads dropped DLL 10 IoCs
pid Process 2720 Selfbot-Nuker-main.exe 2400 Built.exe 3044 Built.exe 2720 Selfbot-Nuker-main.exe 1652 Process not Found 864 Hackz Nuker.exe 2028 Hackz Nuker.exe 264 server.exe 264 server.exe 1192 Explorer.EXE -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 4 ip-api.com -
resource yara_rule behavioral1/files/0x000500000001932a-38.dat upx behavioral1/memory/3044-48-0x000007FEF1920000-0x000007FEF1F09000-memory.dmp upx behavioral1/memory/264-110-0x0000000010410000-0x0000000010480000-memory.dmp upx behavioral1/memory/264-109-0x0000000010410000-0x0000000010480000-memory.dmp upx behavioral1/memory/264-113-0x0000000010480000-0x00000000104F0000-memory.dmp upx behavioral1/memory/3044-1337-0x000007FEF1920000-0x000007FEF1F09000-memory.dmp upx -
Detects Pyinstaller 1 IoCs
resource yara_rule behavioral1/files/0x00050000000193f8-54.dat pyinstaller -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language server.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 264 server.exe 2328 server.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 1976 windows.exe Token: SeDebugPrivilege 2692 explorer.exe Token: SeDebugPrivilege 2692 explorer.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 264 server.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2720 wrote to memory of 2400 2720 Selfbot-Nuker-main.exe 30 PID 2720 wrote to memory of 2400 2720 Selfbot-Nuker-main.exe 30 PID 2720 wrote to memory of 2400 2720 Selfbot-Nuker-main.exe 30 PID 2720 wrote to memory of 1976 2720 Selfbot-Nuker-main.exe 31 PID 2720 wrote to memory of 1976 2720 Selfbot-Nuker-main.exe 31 PID 2720 wrote to memory of 1976 2720 Selfbot-Nuker-main.exe 31 PID 2400 wrote to memory of 3044 2400 Built.exe 32 PID 2400 wrote to memory of 3044 2400 Built.exe 32 PID 2400 wrote to memory of 3044 2400 Built.exe 32 PID 2720 wrote to memory of 264 2720 Selfbot-Nuker-main.exe 33 PID 2720 wrote to memory of 264 2720 Selfbot-Nuker-main.exe 33 PID 2720 wrote to memory of 264 2720 Selfbot-Nuker-main.exe 33 PID 2720 wrote to memory of 264 2720 Selfbot-Nuker-main.exe 33 PID 2720 wrote to memory of 864 2720 Selfbot-Nuker-main.exe 34 PID 2720 wrote to memory of 864 2720 Selfbot-Nuker-main.exe 34 PID 2720 wrote to memory of 864 2720 Selfbot-Nuker-main.exe 34 PID 864 wrote to memory of 2028 864 Hackz Nuker.exe 36 PID 864 wrote to memory of 2028 864 Hackz Nuker.exe 36 PID 864 wrote to memory of 2028 864 Hackz Nuker.exe 36 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37 PID 264 wrote to memory of 2640 264 server.exe 37
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1192 -
C:\Users\Admin\AppData\Local\Temp\Selfbot-Nuker-main.exe"C:\Users\Admin\AppData\Local\Temp\Selfbot-Nuker-main.exe"2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2720 -
C:\Users\Admin\AppData\Local\Temp\Built.exe"C:\Users\Admin\AppData\Local\Temp\Built.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2400 -
C:\Users\Admin\AppData\Local\Temp\Built.exe"C:\Users\Admin\AppData\Local\Temp\Built.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3044
-
-
-
C:\Users\Admin\AppData\Local\Temp\windows.exe"C:\Users\Admin\AppData\Local\Temp\windows.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1976
-
-
C:\Users\Admin\AppData\Local\Temp\server.exe"C:\Users\Admin\AppData\Local\Temp\server.exe"3⤵
- Adds policy Run key to start application
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:264 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵PID:2640
-
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2692
-
-
C:\directory\CyberGate\install\server.exe"C:\directory\CyberGate\install\server.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2328
-
-
-
C:\Users\Admin\AppData\Local\Temp\Hackz Nuker.exe"C:\Users\Admin\AppData\Local\Temp\Hackz Nuker.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:864 -
C:\Users\Admin\AppData\Local\Temp\Hackz Nuker.exe"C:\Users\Admin\AppData\Local\Temp\Hackz Nuker.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2028
-
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
385KB
MD51acf57ea74e051d38243c42e21891073
SHA1bd2a1f0d9a8bb6393672ee9c797d379c33d82710
SHA2568b5fd4ee97d2ec52689a3ef25f01c64f2f681663c924bdf54233d7f3a859d354
SHA51223ab1cceba2a251d7807eb340f2f2a83cff2ced49cdb5d772220877757224bbb6e7887de080a694d4bb454138a0ee14a70fef9c1927f0d73add79eee08eadb10
-
Filesize
8B
MD59eb299eb7b9e4e14ffbc35a49155f7c6
SHA160da335f9f40ab30bcaf80bb23865a81f0bb41aa
SHA256afb2cbb41a22105dc7490b1fe340fd9dbdab6050faca825cb7ce1da92ac893a4
SHA512c4a233f04c540398989b93cd4680fccf6e8f5f35f2f4b138f528ec2e3ad6978add4555bcca41e6caa2bca478975b2a43ffa1ce544559ddfb99731896ac642c1b
-
Filesize
8B
MD5e0b8ce71d1210b89ada5e4ae292ec3bd
SHA1e52568344a0d213ce59cbe9fc5d6eed35a9eb43e
SHA25623a108b7e92c358841b7e50dd83a1be35bd14142f17b660f22cf9280b90bbaba
SHA512f6e38f66e8e4bb479b637b021589d44bf7f76fbcf251eb3f38702172cf3d0e4c8d4a45d2a4ee18e2b70d087bdd49bb06fcb0e07886c1c4cfc464f0bb83ca46e6
-
Filesize
8B
MD5a61ff0d43a5c3dff94fdd97d7614da32
SHA1336b6d5d516f8e7976dd007df1f538de0c84470b
SHA256fa6b2deb1a7a4eaaa5ed30f4e576f1ed72660c297027d671e1a2fa939227acd1
SHA5128939782400f4cb2cf1dcd390c97db0a558578fcbe9c986ed22d7c6488cd2a6fec6067f96336e1e2c68be1bdd53b923e3fcd38a5d9a3fa53a8b7eb3a77c846027
-
Filesize
8B
MD5cf0cd22300514798045e82a56259d5da
SHA1f38918cfcb4343f984d98491e70b9385be090f35
SHA256af833405bb42a3c23eb5f189837c9f2ab78f52f1d17af0e65b0ce868ef11e85b
SHA51208e3c16bf3843e86d0aa77f79b7da8629ad5bf1740c25c487a1dc975dad0cc9815f0c89c2df32f702d7d3e8e7e520e994b0aaf875a791e6c68039ac885208369
-
Filesize
8B
MD51ef718979cb491e4204d022892da45b9
SHA1e8c541ff4f8debce03dc39cdc3cb2dc939ec9bac
SHA256ebc9c10c94f122056ea2f8acec18e95a0aedcf3da62954d9ac04d15c265635a7
SHA51232ff4210ea8ea96f803c2c835bb69c83fb8805532308c308615effa776ebbd7a3d1cc4959a77f7219971d2f05dd2bd705ae87670bad65141e487dac05b982b5b
-
Filesize
8B
MD5330a77a802eeab88ea45a558bdac213a
SHA141caefeda162b36f8aa08f9666590dcc1fa6679b
SHA256c4eedd1e6c712df0e73a579de03a1eab20edafe21148b1bd860dcc22b2aff9f3
SHA51285a9e079dee8d532396983abcc1e106e32e37d4f693d1a7e802c3208605fb3da24bd855b94356078534c207e2e86d2270e2055d912a75f244d3fd3f41ca94240
-
Filesize
8B
MD56c2ee4b3c5046a8464fee31b3d1f0254
SHA1ff70d5a181ccf1f5c677b12babf9dd08741e9d2e
SHA2565e0232c876a1dd0f4ebf0ed8e9eef727ecaa2ca261fc7e74f8eeaa7df8e8f3ba
SHA51274a13043aeda452f480a72d1168dcec5f016a9b2ac4d6445e5c4ced7b41a3a57af69e6006e09b15b340fb5b34a594768cd65056cf0abf966877dbca76dd6c43f
-
Filesize
8B
MD5643a0c279057dae0c1d87e7ad6414e2d
SHA19165025c684a10e63bd90bb265ca80ee57bb9481
SHA25616189f2256f0055c0bb762ef0f46ac262ec54b9d6d45b310c0f30c1e9f1502cd
SHA512dd102b36d90458682f9ef608c9ecf95a45ed113cf236f9ec7853fd6e54119fd9a54530288a3f4f86fc64c502025771748572adf14834a21de48327fad22f8302
-
Filesize
8B
MD58a736c0229c3fca607318751d46fe80b
SHA1ebe1a1f2abcf4948f7a76f825164fa38dc894654
SHA2561d4cba2eb28dd8edb26ebabfbdd7c0b53bbf3ff50bd93bf428d588ed7296963a
SHA51297b0259d51aa5e1d31aca29357f59f4dd69f16f999720d73c0c837b5eb99346b37848d172c3cb20d4de3fcd36ba7b89b5fc907f61cd3ab60f1b15c5b1d3147f9
-
Filesize
8B
MD5db61fa548a997f685db444eeef53c25b
SHA176d759415176aeca3efd72b17a080ecfce6a6a40
SHA256ce832814d950e5a173c7b176b2921eb4ec79d364f8b26cf8ed111a79195a0a95
SHA512d2b6129542febafa4c3ff538e02d2158e08e41ea1d1e95865bd89e45d272e6f53c69248282bfdb8bd1e2f8711f37907fd945bf9e295929ded0c1f01bb97b5ee8
-
Filesize
8B
MD53a3550e4d44704056e4f236581e02df7
SHA1378862084aa689495b76391bbdc4d46c0d85d4c0
SHA25654cf87572ee19736bc88ed3db2535867ed0312fa868b3b93847385e4be32530d
SHA5127899a2c8880197141eaaae4d1f2a1ed5c170f37acc8a7ad78dafef74574649e962ad26981c806d0f67f8e4577b94d01339d752e48684bc328366169680c867c2
-
Filesize
8B
MD59dcd3984e1e7e7a1362fc2a27f3c483a
SHA1fe89fad2eaedf8ec92eb20b6d08d202e959de9df
SHA25605ca11e6de3123f2cc56d7dee5a7280ae84571e37b10befe7695ab131303a715
SHA51235ae85dc6952a2329e51a3707d278510ec692595c1dd1e6fccd730ba35fe3069babadc7239d29a275bf00abb2fd269f830c8f1ce6276cd326367415a171dc47b
-
Filesize
8B
MD563b453adaff02b7a9b3ee71ce52bf3a4
SHA11470ef1d4463e1810de7d021694d11d73d84cc88
SHA25659658515d8075bca6f6cc4b950e0687cee71d40d575d71e1079187cf50742715
SHA5122ee93d2f9f1f7dd4021b6c01a795dbdfebdf852f50d74ffa56906fe40b7a51291f5649880516662295d6e1304a3a3f145de5c5fc48c42fd17a6abeb86e686029
-
Filesize
8B
MD5929db3ef5719f5b90fc5d2b488909ecd
SHA1e07cdd434dc0ea3eaf02057655695f0ca6f58329
SHA2566ffd77211ecf4e9bc038a3c4f8ec24bd72894fee377954cc34200f562dbdaf60
SHA5125b1829f4e670129045d2b7a4def3c1ff4679838b766d05a45e2d0e7260bb8cf1ea70c6bfc2f79816afbda1e02a88b249cc100ad669a66c92d6b42a9cb932a3fd
-
Filesize
8B
MD5287650271bf3b91790d728fa19edaa7d
SHA1952d531bd281957240af04214f750ddaf3001ae1
SHA25684b155664a0695a0d2c21df84e66ba0922d5685e6cef9f2ecd32f8fa53d8f108
SHA5120eb40c1fb464d3a4257df8d30508241a23af85f9bad611ecbf55f39db6c6ac0d2c3e7b2a37699294878935ca998b2c7f262f612a96f4e81fb3bb11583fb0238e
-
Filesize
8B
MD55f14bf68c6f22a908a7906ba7f068bb8
SHA11f92452b6281fa09a3add1f793731447cd7e59b2
SHA256b1135bcb719f858301e7ff1bc399aea05ee6156abc93aef903cedb806f1068fe
SHA512cc81312c7137fb52525fe152f13ff916ffe5177841757e1fb3393d6024e45421035fd0b8e5b85cd03cc356542b275b05744bcf17d60bcfecb2d86c7103c8c446
-
Filesize
8B
MD5586943f7cce452fa9b10eddda75d95d8
SHA1923ceb659eb9c311cb2642bfc9d5984bab859212
SHA256cda4c4d840e64929c69006bbd8b096738726945f0fd823d76fce684ef0916b03
SHA5120cf75d40c555f9520d380d004211c972fe734b022ccc70f3c4adc85129c2f66868475c990c89f7593a182bf7f1284839817e5d62665f09d062f199941d51b490
-
Filesize
7.4MB
MD59217741c2a3ee406dfc46451f43d7e24
SHA145b80871044183ec9ba9e8d5272beccf866cdc20
SHA2569505346d4aeb3460451fac39959435b96d2f55a3191c8a56be7a381efcad423c
SHA5123f5aa5b9ccaf00f76608f6f736a3f88c29d7e68a2843b251aa53c60604e107a15f28d26946a814de70ad8f059bb3df60cb29dec5620b54cd3d7807163cdf28a1
-
Filesize
1.6MB
MD50b66c50e563d74188a1e96d6617261e8
SHA1cfd778b3794b4938e584078cbfac0747a8916d9e
SHA25602c665f77db6b255fc62f978aedbe2092b7ef1926836290da68fd838dbf2a9f2
SHA51237d710cb5c0ceb5957d11b61684cfbc65951c1d40ab560f3f3cb8feca42f9d43bd981a0ff44c3cb7562779264f18116723457e79e0e23852d7638b1a954a258f
-
Filesize
4.3MB
MD55cd203d356a77646856341a0c9135fc6
SHA1a1f4ac5cc2f5ecb075b3d0129e620784814a48f7
SHA256a56afcf5f3a72769c77c3bc43c9b84197180a8b3380b6258073223bfd72ed47a
SHA512390008d57fa711d7c88b77937bf16fdb230e7c1e7182faea6d7c206e9f65ced6f2e835f9da9befb941e80624abe45875602e0e7ad485d9a009d2450a2a0e0f1f
-
Filesize
428KB
MD515fc49728a0c0751bb86cd5feb3504b7
SHA13c76f53967e67abbe5ea0ab57ef0818a88c7a4c9
SHA2566f20d88b0fca845de6f031af4f5ddc13e35eee5456987465631dcd0429b6a0cc
SHA512fe172fd4b3809c666dc630fe07c054a9879d161173cdcb1f815b160af04454e9433d9ad6fa4e0553526a9d0687b7513b35dfc1a2fd20e9ef563e7ef76a4dc267
-
Filesize
43KB
MD5e46d5073430a074170fc59c062040193
SHA1d4e9005e77265365fd057de264da04f3e1245285
SHA256cbfb39adad10a5c440bc220db9b81cbe3405fa87cb328843e2360e6de93a1447
SHA51281b6ccd4e2f34c1f90ba70e2bf72b3e1b79972e2723f3e07ad87276511e2644954713a4fe65a9ae5fe8515223db55802dab9cc443963e5b2e07219611ba33583
-
Filesize
10.2MB
MD59c4946a5517669a8c2c1831abfafcec0
SHA1e5fd6691b6df0dbc99078afe907a23690667c9c1
SHA25622a6eb0862594b96fd3b3f9345f40d9e51e0514ca79729e01454e0f4586961ca
SHA512e4a26051ee6515c4bc8528dde5906c307aac5dcf2312344b3bffbbac0c02a6be9aee8953cd33e4ac0f1d43a58c69e14e7957b162d0c10b424639c5e2dac41010