Analysis Overview
SHA256
e1d8b37184257e9de8ffce7963397a77dcd47bc695410f038f00b224c367496a
Threat Level: Known bad
The file e1d8b37184257e9de8ffce7963397a77dcd47bc695410f038f00b224c367496a was found to be: Known bad.
Malicious Activity Summary
MassLogger Main Payload
MassLogger
AgentTesla
Masslogger family
AgentTesla Payload
Executes dropped EXE
Reads data files stored by FTP clients
Checks computer location settings
Reads user/profile data of web browsers
Reads user/profile data of local email clients
Loads dropped DLL
Adds Run key to start application
Accesses Microsoft Outlook profiles
Enumerates physical storage devices
Program crash
outlook_win_path
outlook_office_path
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-05-21 01:59
Signatures
MassLogger Main Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Masslogger family
Analysis: behavioral1
Detonation Overview
Submitted
2022-05-21 01:59
Reported
2022-05-21 03:05
Platform
win7-20220414-en
Max time kernel
130s
Max time network
47s
Command Line
Signatures
AgentTesla
MassLogger
MassLogger Main Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
AgentTesla Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\wiseman.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8100OJ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8100OJ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8100OJ.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Desktop\wiseman.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Desktop\wiseman.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Desktop\wiseman.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Windows\CurrentVersion\Run\Administrator = "C:\\Windows\\system32\\pcalua.exe -a C:\\Users\\Admin\\Desktop\\.exe" | C:\Windows\SysWOW64\reg.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\.exe |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8100OJ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8100OJ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\wiseman.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\wiseman.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\8100OJ.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\wiseman.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\wiseman.exe | N/A |
Suspicious use of WriteProcessMemory
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Desktop\wiseman.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Desktop\wiseman.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\8100OJ.exe
"C:\Users\Admin\AppData\Local\Temp\8100OJ.exe"
C:\Users\Admin\Desktop\wiseman.exe
"C:\Users\Admin\Desktop\wiseman.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Administrator /t REG_SZ /d C:\Windows\system32\pcalua.exe" -a C:\Users\Admin\Desktop\.exe"
C:\Windows\SysWOW64\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Administrator /t REG_SZ /d C:\Windows\system32\pcalua.exe" -a C:\Users\Admin\Desktop\.exe"
C:\Users\Admin\Desktop\.exe
"C:\Users\Admin\Desktop\.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 736
Network
Files
memory/1748-54-0x0000000000150000-0x0000000000302000-memory.dmp
memory/1748-55-0x0000000075761000-0x0000000075763000-memory.dmp
memory/1748-56-0x0000000000400000-0x000000000040A000-memory.dmp
\Users\Admin\Desktop\wiseman.exe
| MD5 | 0922444ce8a37462f57e07a420acf1a7 |
| SHA1 | a6442229acbd46d3a4cf5f45630ca98a74f18d0f |
| SHA256 | bab0b51695e2e35875154c4aba680fd1800dbbba36ef1f48cd437616eac8cdc5 |
| SHA512 | 24cfd983469e0f6926969a9ee9201df6eed891c895ec7db328944feda2ebcbac20c11bffdd15e831aae64dd4d1bf45f442f2be4306d837f045ced245597a6a2c |
memory/948-59-0x0000000000000000-mapping.dmp
\Users\Admin\Desktop\wiseman.exe
| MD5 | 0922444ce8a37462f57e07a420acf1a7 |
| SHA1 | a6442229acbd46d3a4cf5f45630ca98a74f18d0f |
| SHA256 | bab0b51695e2e35875154c4aba680fd1800dbbba36ef1f48cd437616eac8cdc5 |
| SHA512 | 24cfd983469e0f6926969a9ee9201df6eed891c895ec7db328944feda2ebcbac20c11bffdd15e831aae64dd4d1bf45f442f2be4306d837f045ced245597a6a2c |
C:\Users\Admin\Desktop\wiseman.exe
| MD5 | 0922444ce8a37462f57e07a420acf1a7 |
| SHA1 | a6442229acbd46d3a4cf5f45630ca98a74f18d0f |
| SHA256 | bab0b51695e2e35875154c4aba680fd1800dbbba36ef1f48cd437616eac8cdc5 |
| SHA512 | 24cfd983469e0f6926969a9ee9201df6eed891c895ec7db328944feda2ebcbac20c11bffdd15e831aae64dd4d1bf45f442f2be4306d837f045ced245597a6a2c |
C:\Users\Admin\Desktop\wiseman.exe
| MD5 | 0922444ce8a37462f57e07a420acf1a7 |
| SHA1 | a6442229acbd46d3a4cf5f45630ca98a74f18d0f |
| SHA256 | bab0b51695e2e35875154c4aba680fd1800dbbba36ef1f48cd437616eac8cdc5 |
| SHA512 | 24cfd983469e0f6926969a9ee9201df6eed891c895ec7db328944feda2ebcbac20c11bffdd15e831aae64dd4d1bf45f442f2be4306d837f045ced245597a6a2c |
memory/1104-63-0x0000000000000000-mapping.dmp
memory/696-64-0x0000000000000000-mapping.dmp
memory/948-65-0x000000006DC30000-0x000000006E1DB000-memory.dmp
\Users\Admin\Desktop\.exe
| MD5 | bfbdaa4f58a5fb04b5ebd07df65d794c |
| SHA1 | 626c24e885bca21d7da4f74aabb55e1e6b737a76 |
| SHA256 | 04c7c046518196b6b88e6b3860d870e1ad21728353d8e73f23a9276a1a5e211f |
| SHA512 | 5793ce56e85b502d20ab43e7d30b5188063cf743b160c385fe85290522a925ad745e10691513ab7014204d93729c22e275bce76313a33c9d19fcdbad4b1f2847 |
memory/860-67-0x0000000000000000-mapping.dmp
C:\Users\Admin\Desktop\.exe
| MD5 | bfbdaa4f58a5fb04b5ebd07df65d794c |
| SHA1 | 626c24e885bca21d7da4f74aabb55e1e6b737a76 |
| SHA256 | 04c7c046518196b6b88e6b3860d870e1ad21728353d8e73f23a9276a1a5e211f |
| SHA512 | 5793ce56e85b502d20ab43e7d30b5188063cf743b160c385fe85290522a925ad745e10691513ab7014204d93729c22e275bce76313a33c9d19fcdbad4b1f2847 |
C:\Users\Admin\Desktop\.exe
| MD5 | bfbdaa4f58a5fb04b5ebd07df65d794c |
| SHA1 | 626c24e885bca21d7da4f74aabb55e1e6b737a76 |
| SHA256 | 04c7c046518196b6b88e6b3860d870e1ad21728353d8e73f23a9276a1a5e211f |
| SHA512 | 5793ce56e85b502d20ab43e7d30b5188063cf743b160c385fe85290522a925ad745e10691513ab7014204d93729c22e275bce76313a33c9d19fcdbad4b1f2847 |
memory/860-70-0x0000000001140000-0x00000000012F2000-memory.dmp
memory/1184-72-0x0000000000000000-mapping.dmp
\Users\Admin\Desktop\.exe
| MD5 | bfbdaa4f58a5fb04b5ebd07df65d794c |
| SHA1 | 626c24e885bca21d7da4f74aabb55e1e6b737a76 |
| SHA256 | 04c7c046518196b6b88e6b3860d870e1ad21728353d8e73f23a9276a1a5e211f |
| SHA512 | 5793ce56e85b502d20ab43e7d30b5188063cf743b160c385fe85290522a925ad745e10691513ab7014204d93729c22e275bce76313a33c9d19fcdbad4b1f2847 |
\Users\Admin\Desktop\.exe
| MD5 | bfbdaa4f58a5fb04b5ebd07df65d794c |
| SHA1 | 626c24e885bca21d7da4f74aabb55e1e6b737a76 |
| SHA256 | 04c7c046518196b6b88e6b3860d870e1ad21728353d8e73f23a9276a1a5e211f |
| SHA512 | 5793ce56e85b502d20ab43e7d30b5188063cf743b160c385fe85290522a925ad745e10691513ab7014204d93729c22e275bce76313a33c9d19fcdbad4b1f2847 |
\Users\Admin\Desktop\.exe
| MD5 | bfbdaa4f58a5fb04b5ebd07df65d794c |
| SHA1 | 626c24e885bca21d7da4f74aabb55e1e6b737a76 |
| SHA256 | 04c7c046518196b6b88e6b3860d870e1ad21728353d8e73f23a9276a1a5e211f |
| SHA512 | 5793ce56e85b502d20ab43e7d30b5188063cf743b160c385fe85290522a925ad745e10691513ab7014204d93729c22e275bce76313a33c9d19fcdbad4b1f2847 |
\Users\Admin\Desktop\.exe
| MD5 | bfbdaa4f58a5fb04b5ebd07df65d794c |
| SHA1 | 626c24e885bca21d7da4f74aabb55e1e6b737a76 |
| SHA256 | 04c7c046518196b6b88e6b3860d870e1ad21728353d8e73f23a9276a1a5e211f |
| SHA512 | 5793ce56e85b502d20ab43e7d30b5188063cf743b160c385fe85290522a925ad745e10691513ab7014204d93729c22e275bce76313a33c9d19fcdbad4b1f2847 |
\Users\Admin\Desktop\.exe
| MD5 | bfbdaa4f58a5fb04b5ebd07df65d794c |
| SHA1 | 626c24e885bca21d7da4f74aabb55e1e6b737a76 |
| SHA256 | 04c7c046518196b6b88e6b3860d870e1ad21728353d8e73f23a9276a1a5e211f |
| SHA512 | 5793ce56e85b502d20ab43e7d30b5188063cf743b160c385fe85290522a925ad745e10691513ab7014204d93729c22e275bce76313a33c9d19fcdbad4b1f2847 |
memory/948-78-0x0000000005840000-0x0000000005D76000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-05-21 01:59
Reported
2022-05-21 03:05
Platform
win10v2004-20220414-en
Max time kernel
151s
Max time network
148s
Command Line
Signatures
AgentTesla
MassLogger
MassLogger Main Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
AgentTesla Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\wiseman.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\8100OJ.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Desktop\wiseman.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Desktop\wiseman.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Desktop\wiseman.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Administrator = "C:\\Windows\\system32\\pcalua.exe -a C:\\Users\\Admin\\Desktop\\.exe" | C:\Windows\SysWOW64\reg.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\.exe |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\8100OJ.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\wiseman.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\wiseman.exe | N/A |
Suspicious use of WriteProcessMemory
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Desktop\wiseman.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Desktop\wiseman.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\8100OJ.exe
"C:\Users\Admin\AppData\Local\Temp\8100OJ.exe"
C:\Users\Admin\Desktop\wiseman.exe
"C:\Users\Admin\Desktop\wiseman.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Administrator /t REG_SZ /d C:\Windows\system32\pcalua.exe" -a C:\Users\Admin\Desktop\.exe"
C:\Windows\SysWOW64\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Administrator /t REG_SZ /d C:\Windows\system32\pcalua.exe" -a C:\Users\Admin\Desktop\.exe"
C:\Users\Admin\Desktop\.exe
"C:\Users\Admin\Desktop\.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5064 -ip 5064
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 1268
Network
| Country | Destination | Domain | Proto |
| US | 20.189.173.7:443 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | 106.89.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.0.0.0.0.2.0.1.3.0.6.2.ip6.arpa | udp |
| US | 8.8.8.8:53 | mail.ashpraskills.com | udp |
| IN | 103.53.43.45:587 | mail.ashpraskills.com | tcp |
Files
memory/752-130-0x00000000005F0000-0x00000000007A2000-memory.dmp
memory/752-131-0x0000000005EE0000-0x0000000006484000-memory.dmp
memory/752-132-0x00000000059D0000-0x0000000005A62000-memory.dmp
memory/752-133-0x0000000005CC0000-0x0000000005D04000-memory.dmp
memory/776-134-0x0000000000000000-mapping.dmp
C:\Users\Admin\Desktop\wiseman.exe
| MD5 | 0922444ce8a37462f57e07a420acf1a7 |
| SHA1 | a6442229acbd46d3a4cf5f45630ca98a74f18d0f |
| SHA256 | bab0b51695e2e35875154c4aba680fd1800dbbba36ef1f48cd437616eac8cdc5 |
| SHA512 | 24cfd983469e0f6926969a9ee9201df6eed891c895ec7db328944feda2ebcbac20c11bffdd15e831aae64dd4d1bf45f442f2be4306d837f045ced245597a6a2c |
C:\Users\Admin\Desktop\wiseman.exe
| MD5 | 0922444ce8a37462f57e07a420acf1a7 |
| SHA1 | a6442229acbd46d3a4cf5f45630ca98a74f18d0f |
| SHA256 | bab0b51695e2e35875154c4aba680fd1800dbbba36ef1f48cd437616eac8cdc5 |
| SHA512 | 24cfd983469e0f6926969a9ee9201df6eed891c895ec7db328944feda2ebcbac20c11bffdd15e831aae64dd4d1bf45f442f2be4306d837f045ced245597a6a2c |
memory/4528-137-0x0000000000000000-mapping.dmp
memory/1988-138-0x0000000000000000-mapping.dmp
memory/776-139-0x000000006E190000-0x000000006E741000-memory.dmp
memory/5064-140-0x0000000000000000-mapping.dmp
C:\Users\Admin\Desktop\.exe
| MD5 | bfbdaa4f58a5fb04b5ebd07df65d794c |
| SHA1 | 626c24e885bca21d7da4f74aabb55e1e6b737a76 |
| SHA256 | 04c7c046518196b6b88e6b3860d870e1ad21728353d8e73f23a9276a1a5e211f |
| SHA512 | 5793ce56e85b502d20ab43e7d30b5188063cf743b160c385fe85290522a925ad745e10691513ab7014204d93729c22e275bce76313a33c9d19fcdbad4b1f2847 |
C:\Users\Admin\Desktop\.exe
| MD5 | bfbdaa4f58a5fb04b5ebd07df65d794c |
| SHA1 | 626c24e885bca21d7da4f74aabb55e1e6b737a76 |
| SHA256 | 04c7c046518196b6b88e6b3860d870e1ad21728353d8e73f23a9276a1a5e211f |
| SHA512 | 5793ce56e85b502d20ab43e7d30b5188063cf743b160c385fe85290522a925ad745e10691513ab7014204d93729c22e275bce76313a33c9d19fcdbad4b1f2847 |