Analysis Overview
SHA256
7131d78da58eb6b54db8466e0c09d7173da6f05c5615841a73dc6a032648a217
Threat Level: Known bad
The file SecuriteInfo.com.BackDoor.Rat.281.18292.12946 was found to be: Known bad.
Malicious Activity Summary
Osiris
Nirsoft
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Looks up external IP address via web service
Uses Tor communications
Drops file in Windows directory
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Gathers network information
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2021-06-15 12:53
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2021-06-15 12:53
Reported
2021-06-15 12:55
Platform
win7v20210410
Max time kernel
150s
Max time network
132s
Command Line
Signatures
Osiris
Nirsoft
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\{4CDEEA8A-4AE5-42DE-AB09-BD4527C1808D}\1991806312.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\ipconfig.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
Reads user/profile data of web browsers
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Uses Tor communications
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\lvp.job | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\ipconfig.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\ipconfig.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BackDoor.Rat.281.18292.12946.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BackDoor.Rat.281.18292.12946.exe"
C:\Windows\SysWOW64\ipconfig.exe
"C:\Windows\system32\ipconfig.exe"
C:\Users\Admin\AppData\Local\Temp\cmd.exe
"C:\Users\Admin\AppData\Local\Temp\cmd.exe"
C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe
"C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe"
C:\Users\Admin\AppData\Local\Temp\{4CDEEA8A-4AE5-42DE-AB09-BD4527C1808D}\1991806312.exe
C:\Users\Admin\AppData\Local\Temp\{4CDEEA8A-4AE5-42DE-AB09-BD4527C1808D}\1991806312.exe /sjson C:\Users\Admin\AppData\Local\Temp\{4CDEEA8A-4AE5-42DE-AB09-BD4527C1808D}\book.json
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | i.imgur.com | udp |
| N/A | 151.101.36.193:443 | i.imgur.com | tcp |
| N/A | 151.101.36.193:443 | i.imgur.com | tcp |
| N/A | 204.13.164.118:80 | 204.13.164.118 | tcp |
| N/A | 194.109.206.212:80 | 194.109.206.212 | tcp |
| N/A | 8.8.8.8:53 | api.ipify.org | udp |
| N/A | 54.225.210.209:443 | api.ipify.org | tcp |
| N/A | 193.218.118.100:80 | 193.218.118.100 | tcp |
| N/A | 185.108.129.78:443 | tcp | |
| N/A | 8.8.8.8:53 | time-a.nist.gov | udp |
| N/A | 129.6.15.28:13 | time-a.nist.gov | tcp |
| N/A | 195.189.96.148:80 | 195.189.96.148 | tcp |
| N/A | 37.157.195.87:443 | tcp | |
| N/A | 95.141.83.155:80 | 95.141.83.155 | tcp |
| N/A | 193.218.118.156:80 | 193.218.118.156 | tcp |
| N/A | 140.238.68.92:80 | 140.238.68.92 | tcp |
| N/A | 74.91.21.2:80 | 74.91.21.2 | tcp |
| N/A | 162.247.74.27:80 | 162.247.74.27 | tcp |
| N/A | 200.98.136.76:443 | tcp | |
| N/A | 199.249.230.74:80 | 199.249.230.74 | tcp |
| N/A | 141.20.33.69:80 | 141.20.33.69 | tcp |
| N/A | 62.113.227.124:80 | 62.113.227.124 | tcp |
| N/A | 51.159.158.157:443 | tcp | |
| N/A | 185.177.151.33:80 | 185.177.151.33 | tcp |
| N/A | 46.166.139.111:80 | 46.166.139.111 | tcp |
| N/A | 127.0.0.1:32767 | tcp | |
| N/A | 109.70.100.15:80 | 109.70.100.15 | tcp |
| N/A | 195.154.241.145:443 | tcp | |
| N/A | 199.249.230.80:80 | 199.249.230.80 | tcp |
| N/A | 95.217.16.212:443 | tcp |
Files
memory/2016-59-0x0000000000000000-mapping.dmp
memory/2016-60-0x0000000075561000-0x0000000075563000-memory.dmp
memory/2016-63-0x0000000000090000-0x0000000000092000-memory.dmp
memory/1208-62-0x00000000002F0000-0x00000000002F9000-memory.dmp
memory/1208-61-0x0000000000220000-0x0000000000221000-memory.dmp
memory/2016-64-0x00000000005D0000-0x0000000000605000-memory.dmp
memory/2016-65-0x0000000077000000-0x00000000771A9000-memory.dmp
\Users\Admin\AppData\Local\Temp\cmd.exe
| MD5 | ad7b9c14083b52bc532fba5948342b98 |
| SHA1 | ee8cbf12d87c4d388f09b4f69bed2e91682920b5 |
| SHA256 | 17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae |
| SHA512 | e12aad20c824187b39edb3c7943709290b5ddbf1b4032988db46f2e86da3cf7e7783f78c82e4dc5da232f666b8f9799a260a1f8e2694eb4d0cdaf78da710fde1 |
memory/748-67-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\cmd.exe
| MD5 | ad7b9c14083b52bc532fba5948342b98 |
| SHA1 | ee8cbf12d87c4d388f09b4f69bed2e91682920b5 |
| SHA256 | 17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae |
| SHA512 | e12aad20c824187b39edb3c7943709290b5ddbf1b4032988db46f2e86da3cf7e7783f78c82e4dc5da232f666b8f9799a260a1f8e2694eb4d0cdaf78da710fde1 |
memory/748-70-0x0000000077000000-0x00000000771A9000-memory.dmp
memory/748-71-0x0000000000090000-0x0000000000097000-memory.dmp
memory/748-72-0x0000000077001000-0x000000007710127A-memory.dmp
memory/748-76-0x0000000000400000-0x000000000049F000-memory.dmp
\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe
| MD5 | b4cd27f2b37665f51eb9fe685ec1d373 |
| SHA1 | 7f08febf0fdb7fc9f8bf35a10fb11e7de431abe0 |
| SHA256 | 91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581 |
| SHA512 | e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e |
memory/1600-78-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe
| MD5 | b4cd27f2b37665f51eb9fe685ec1d373 |
| SHA1 | 7f08febf0fdb7fc9f8bf35a10fb11e7de431abe0 |
| SHA256 | 91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581 |
| SHA512 | e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e |
C:\Users\Admin\AppData\Local\Temp\x64btit.txt
| MD5 | 92d10117b36a02cd37bf926cbfd2cb21 |
| SHA1 | 508c0d9f675fd6923c71de8844febae45d257e34 |
| SHA256 | 859cc85cd2af5f2cdab1415cdbf7f1d7bcd01bb94cd34188cf00e3b62cc438be |
| SHA512 | 1ac24c7d7333cbfb4d45b3f1bfff16fb9813ddfa1519be6186c7d95d9827fa60c1b3d8c63a6cefefa3133b36539a1d8c098821e72c651ec3bd86fa31b593cf58 |
\Users\Admin\AppData\Local\Temp\{4CDEEA8A-4AE5-42DE-AB09-BD4527C1808D}\1991806312.exe
| MD5 | b94350c5a57401721ce013c1a76c2727 |
| SHA1 | f0e946cf41e3c11d7f84736a365ec3d0b173fef4 |
| SHA256 | e6f88219fde1d526253de53f06fdb95ad08704c4dedbcdcf062d09db69754a58 |
| SHA512 | 0b3622a799f46bf3023a7ff0afde855261f2cc1a42b19c625f17333b480bd90eddb20f61a436724065c9b5372c4beee66366bfd6f3dd5aacfb5bbaa73a022193 |
\Users\Admin\AppData\Local\Temp\{4CDEEA8A-4AE5-42DE-AB09-BD4527C1808D}\1991806312.exe
| MD5 | b94350c5a57401721ce013c1a76c2727 |
| SHA1 | f0e946cf41e3c11d7f84736a365ec3d0b173fef4 |
| SHA256 | e6f88219fde1d526253de53f06fdb95ad08704c4dedbcdcf062d09db69754a58 |
| SHA512 | 0b3622a799f46bf3023a7ff0afde855261f2cc1a42b19c625f17333b480bd90eddb20f61a436724065c9b5372c4beee66366bfd6f3dd5aacfb5bbaa73a022193 |
memory/1244-83-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\{4CDEEA8A-4AE5-42DE-AB09-BD4527C1808D}\1991806312.exe
| MD5 | b94350c5a57401721ce013c1a76c2727 |
| SHA1 | f0e946cf41e3c11d7f84736a365ec3d0b173fef4 |
| SHA256 | e6f88219fde1d526253de53f06fdb95ad08704c4dedbcdcf062d09db69754a58 |
| SHA512 | 0b3622a799f46bf3023a7ff0afde855261f2cc1a42b19c625f17333b480bd90eddb20f61a436724065c9b5372c4beee66366bfd6f3dd5aacfb5bbaa73a022193 |
memory/1244-86-0x0000000072421000-0x0000000072423000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{4CDEEA8A-4AE5-42DE-AB09-BD4527C1808D}\book.json
| MD5 | f3a55ae79aa1a18000ccac4d16761dcd |
| SHA1 | 7e2cf5c2a7147b4b172bd9347bbf45aca6beb0f3 |
| SHA256 | a77561badbf13eef0e2b0d278d81d7847bfa26c8f3765c2fb798ab4187675575 |
| SHA512 | 5184cb5cc3278cccf387e7e576587fa33c87d62df1249d20542257443fb36ca67a71f63775c241dcb982542abfcb0918d29edc333addb234b0a46db29fd5c168 |
Analysis: behavioral2
Detonation Overview
Submitted
2021-06-15 12:53
Reported
2021-06-15 12:55
Platform
win10v20210408
Max time kernel
150s
Max time network
142s
Command Line
Signatures
Osiris
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\{AEDEC3D3-6110-41C9-BC67-E9768EA9622E}\510444970.exe | N/A |
Reads user/profile data of web browsers
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Uses Tor communications
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\lvp.job | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\ipconfig.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\ipconfig.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cmd.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BackDoor.Rat.281.18292.12946.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BackDoor.Rat.281.18292.12946.exe"
C:\Windows\SysWOW64\ipconfig.exe
"C:\Windows\system32\ipconfig.exe"
C:\Users\Admin\AppData\Local\Temp\cmd.exe
"C:\Users\Admin\AppData\Local\Temp\cmd.exe"
C:\Users\Admin\AppData\Local\Temp\cmd.exe
"C:\Users\Admin\AppData\Local\Temp\cmd.exe"
C:\Users\Admin\AppData\Local\Temp\cmd.exe
"C:\Users\Admin\AppData\Local\Temp\cmd.exe"
C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe
"C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe"
C:\Users\Admin\AppData\Local\Temp\{AEDEC3D3-6110-41C9-BC67-E9768EA9622E}\510444970.exe
"510444970.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | i.imgur.com | udp |
| N/A | 151.101.36.193:443 | i.imgur.com | tcp |
| N/A | 151.101.36.193:443 | i.imgur.com | tcp |
| N/A | 131.188.40.189:80 | 131.188.40.189 | tcp |
| N/A | 8.8.8.8:53 | api.ipify.org | udp |
| N/A | 54.225.165.85:443 | api.ipify.org | tcp |
| N/A | 199.249.230.179:80 | 199.249.230.179 | tcp |
| N/A | 165.22.45.180:443 | tcp | |
| N/A | 8.8.8.8:53 | time-a.nist.gov | udp |
| N/A | 129.6.15.28:13 | time-a.nist.gov | tcp |
| N/A | 51.15.36.183:80 | 51.15.36.183 | tcp |
| N/A | 23.81.66.90:80 | 23.81.66.90 | tcp |
| N/A | 94.155.49.47:80 | 94.155.49.47 | tcp |
| N/A | 208.113.129.84:80 | 208.113.129.84 | tcp |
| N/A | 193.218.118.125:80 | 193.218.118.125 | tcp |
| N/A | 185.86.151.168:443 | tcp | |
| N/A | 95.85.8.226:80 | 95.85.8.226 | tcp |
| N/A | 83.212.96.120:80 | 83.212.96.120 | tcp |
| N/A | 139.99.238.17:80 | 139.99.238.17 | tcp |
| N/A | 46.20.35.116:80 | 46.20.35.116 | tcp |
| N/A | 54.38.22.61:443 | tcp | |
| N/A | 199.249.230.176:80 | 199.249.230.176 | tcp |
| N/A | 85.92.108.76:80 | 85.92.108.76 | tcp |
| N/A | 127.0.0.1:32767 | tcp | |
| N/A | 50.31.252.28:80 | 50.31.252.28 | tcp |
| N/A | 51.255.106.85:443 | tcp | |
| N/A | 5.9.98.43:80 | 5.9.98.43 | tcp |
| N/A | 51.15.106.25:80 | 51.15.106.25 | tcp |
Files
memory/4656-114-0x0000000000800000-0x0000000000801000-memory.dmp
memory/3672-115-0x0000000000000000-mapping.dmp
memory/3672-116-0x0000000077639000-0x0000000077639005-memory.dmp
memory/3672-121-0x00000000029C0000-0x00000000029C2000-memory.dmp
memory/4656-120-0x00000000024D0000-0x00000000024D9000-memory.dmp
memory/3672-138-0x0000000004E10000-0x0000000004E18000-memory.dmp
memory/3672-139-0x00007FFA78470000-0x00007FFA7864B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cmd.exe
| MD5 | 50b930137463b14f73186c7c6767a2aa |
| SHA1 | 574f512a44097275658f9c304ef0b74029e9ea46 |
| SHA256 | eb51a0c96f7de6ce8bb0386429fff83bf95cb23fa61efe499b416f1cb0fc71c9 |
| SHA512 | 7f09ca777189d95d7ca0665a29c800a5228a93437b1067d7276e05d6da07bc6adc9644f545dc35ea0267dd8e7e312b414c9a613001e4f1d600bb481d4cbff872 |
C:\Users\Admin\AppData\Local\Temp\cmd.exe
| MD5 | 50b930137463b14f73186c7c6767a2aa |
| SHA1 | 574f512a44097275658f9c304ef0b74029e9ea46 |
| SHA256 | eb51a0c96f7de6ce8bb0386429fff83bf95cb23fa61efe499b416f1cb0fc71c9 |
| SHA512 | 7f09ca777189d95d7ca0665a29c800a5228a93437b1067d7276e05d6da07bc6adc9644f545dc35ea0267dd8e7e312b414c9a613001e4f1d600bb481d4cbff872 |
memory/1212-154-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\cmd.exe
| MD5 | 50b930137463b14f73186c7c6767a2aa |
| SHA1 | 574f512a44097275658f9c304ef0b74029e9ea46 |
| SHA256 | eb51a0c96f7de6ce8bb0386429fff83bf95cb23fa61efe499b416f1cb0fc71c9 |
| SHA512 | 7f09ca777189d95d7ca0665a29c800a5228a93437b1067d7276e05d6da07bc6adc9644f545dc35ea0267dd8e7e312b414c9a613001e4f1d600bb481d4cbff872 |
memory/1212-162-0x0000000003010000-0x0000000003017000-memory.dmp
memory/1212-163-0x00007FFA78470000-0x00007FFA7864B000-memory.dmp
memory/1212-168-0x00007FFA78471000-0x00007FFA7857E7A3-memory.dmp
memory/2616-188-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe
| MD5 | b4cd27f2b37665f51eb9fe685ec1d373 |
| SHA1 | 7f08febf0fdb7fc9f8bf35a10fb11e7de431abe0 |
| SHA256 | 91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581 |
| SHA512 | e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e |
C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe
| MD5 | b4cd27f2b37665f51eb9fe685ec1d373 |
| SHA1 | 7f08febf0fdb7fc9f8bf35a10fb11e7de431abe0 |
| SHA256 | 91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581 |
| SHA512 | e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e |
memory/1212-191-0x0000000000400000-0x000000000049F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\x64btit.txt
| MD5 | ec888cad8982b6a4631d994b9354f0bd |
| SHA1 | a130cf9aa722b0bf9d05b338ee9d6846d002d90c |
| SHA256 | d74ef394fc4aac12da6ef40aff47cad70de69fb593cb289beaca6e29604c1851 |
| SHA512 | af625d6cab61714c8340307e85f64c1c2af85389158c0ad95aec14997416b8e0255b52930414deb6b2287cb08845e51924b5ec3f56a64382f21eada9c08d2ccd |
memory/2816-193-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\{AEDEC3D3-6110-41C9-BC67-E9768EA9622E}\510444970.exe
| MD5 | 9f385a9a69a4d9e18055743f0694976b |
| SHA1 | 2c2385ea964a33f803e96e364d4a05771c733921 |
| SHA256 | 45f175bc165a3f8d9a05da48bdc4c1f234386588e0d003df094f72d019ae6216 |
| SHA512 | e9e78eb02bad22815648723138a7443da527779644ad9f9e776f91ba796b255c7556c5fe82ea526825c23ea376ed90d4dd5f31b026d2ff00605d8db9b0729c3c |
C:\Users\Admin\AppData\Local\Temp\{AEDEC3D3-6110-41C9-BC67-E9768EA9622E}\510444970.exe
| MD5 | 9f385a9a69a4d9e18055743f0694976b |
| SHA1 | 2c2385ea964a33f803e96e364d4a05771c733921 |
| SHA256 | 45f175bc165a3f8d9a05da48bdc4c1f234386588e0d003df094f72d019ae6216 |
| SHA512 | e9e78eb02bad22815648723138a7443da527779644ad9f9e776f91ba796b255c7556c5fe82ea526825c23ea376ed90d4dd5f31b026d2ff00605d8db9b0729c3c |