Analysis Overview
SHA256
3f03a1ba7c95be04ee555c6277ba4f70609f6f75e81c4ed7e0e630bc2e33c081
Threat Level: Known bad
The file 71a9d91cfbd2cfa97dba3bcf47af4a4f was found to be: Known bad.
Malicious Activity Summary
CryptBot
CryptBot payload
Reads user/profile data of web browsers
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Unsigned PE
Enumerates physical storage devices
Program crash
Checks processor information in registry
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-24 07:43
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-24 07:43
Reported
2024-01-24 07:46
Platform
win7-20231129-en
Max time kernel
145s
Max time network
147s
Command Line
Signatures
CryptBot
CryptBot payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\71a9d91cfbd2cfa97dba3bcf47af4a4f.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\71a9d91cfbd2cfa97dba3bcf47af4a4f.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\71a9d91cfbd2cfa97dba3bcf47af4a4f.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\71a9d91cfbd2cfa97dba3bcf47af4a4f.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\71a9d91cfbd2cfa97dba3bcf47af4a4f.exe
"C:\Users\Admin\AppData\Local\Temp\71a9d91cfbd2cfa97dba3bcf47af4a4f.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | knuxua32.top | udp |
| US | 8.8.8.8:53 | mornui03.top | udp |
Files
memory/2956-2-0x0000000000330000-0x00000000003D0000-memory.dmp
memory/2956-1-0x0000000002E20000-0x0000000002F20000-memory.dmp
memory/2956-3-0x0000000000400000-0x0000000002D13000-memory.dmp
memory/2956-4-0x0000000004660000-0x0000000004661000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\o6jaflcUo2\_Files\_Information.txt
| MD5 | 03c5695e6c9d4b5d68168a74da93cb99 |
| SHA1 | 910a21edf2a12bbc2655f5d9bc7e0ac28512ea9c |
| SHA256 | 769cb5b1cc0d56593082dd6cc07707a0d06fe97f5a143edc125b2af96e5f597c |
| SHA512 | 8e9bd175404cfaf1b495023f61623822bef097a1243991ccf184839d9728105112c72eeb21e00cc6b75f42cc5daf502c0759a2d6fb4b6da7849586aa4e7f74e0 |
C:\Users\Admin\AppData\Local\Temp\o6jaflcUo2\_Files\_Information.txt
| MD5 | 74f3ae4ea4ea068676a3b4a202ba3690 |
| SHA1 | b58a071603e1230c67139eb8bf118c816a33ca80 |
| SHA256 | 2f313c91e0c2a5deed882676ee419df79ae3765842509076a646646aeb9aaced |
| SHA512 | a52fdddd56f92f35958c8d2d2a22b7966b38b3bf58afd8502b44d7f172eaf059e8455e516c29f18ad4cd573d3424558ab57a428ba40de70783cdad8dc9afee63 |
C:\Users\Admin\AppData\Local\Temp\o6jaflcUo2\_Files\_Information.txt
| MD5 | 0d9ba3c8f2fa598bc6b3ec560aba52e9 |
| SHA1 | 7dd9dc12a90035f8ccdd549ea55bb883c0ce1c48 |
| SHA256 | b22e438adc5b0f45c5cfda71986486480fb157de441d76508c31381c96687641 |
| SHA512 | 419ce121932fd1ec85fa4d61fb06f65e5ab0d94fdca5518039e48d838b2dbc7a8e44e5eb82962f5a2b1c24be1359e9ff1e59124b35398db91ff126e0a14df970 |
C:\Users\Admin\AppData\Local\Temp\o6jaflcUo2\files_\system_info.txt
| MD5 | 2419e46f8772a0f8b93a22f48cfec291 |
| SHA1 | 027c34242103afce998ded6d998e32d05f169b70 |
| SHA256 | 18099607e14ed644d7766efd71fc17779d30f44173883a98187d6f36564d605c |
| SHA512 | 30351a16c6d03d171cdccd0ec0260aea0a2d5cfb1e5b74f8804b4af649b2a65d1357d55f2238ba3ebbd6c4a1820c03572b9c4d6879d3835fd4adb93bd374b593 |
C:\Users\Admin\AppData\Local\Temp\o6jaflcUo2\files_\system_info.txt
| MD5 | 44d67999dfdc5e9e38d0fd5ae4b22f1f |
| SHA1 | 3d1126455be9f119f2d02f4a286f6620e18906ca |
| SHA256 | 6e2442c3d87e73fc2ae63489f6e87003ae8761d69489bac781d40a64c9f1eb5e |
| SHA512 | 0b0fc2863e591d4788f4f266fabb63793e83382ef22c8e9a06a1175ad21ac9e9faf6c3c37b7e5db1cb0bd67180390b14e0697219f623113230e0a75728ffbd20 |
C:\Users\Admin\AppData\Local\Temp\o6jaflcUo2\files_\system_info.txt
| MD5 | ed9bb8585a3011a606467eb080c8fea0 |
| SHA1 | c1a1cd1d52b6d1597b946ef71eb74b82eaf2c15a |
| SHA256 | 8d179f3c0fe457f4ca7418fd9b8406d302efc97e9de9973de3475cb9eb8968d0 |
| SHA512 | ba7f025cd3fca6ef087771ffad9c9ec75b9ac8d1f2c3a7908e466011ccff072d421ce49e81117bf2938622df9c6b2d165b1254eabea3c5bf6de1efb5f45a32d5 |
C:\Users\Admin\AppData\Local\Temp\o6jaflcUo2\_Files\_Files\EditPush.txt
| MD5 | e7361b7db20d01ba23108e7221a68afd |
| SHA1 | 25d6f99e878d9a4266bf952239e5ea6804892d3c |
| SHA256 | 7f7fca70056aa02b4f9e6b1a26ca02751bea988b8a7f0ae238856942e2ef492b |
| SHA512 | aa361d48a39d51c5e74b65159445e0a9cb70470a6a4b61b6c7611ecbf648452e3398a42b0021462f1d7aaf51b10c37b0e3ece96babf3deeac41961d9c75fe66c |
C:\Users\Admin\AppData\Local\Temp\o6jaflcUo2\_Files\_Screen_Desktop.jpeg
| MD5 | 6cc7d9802d376aa0d2ec7c9fdf02a3b0 |
| SHA1 | 17a2aa1514a6c86a94e014d0349287d8b6679f73 |
| SHA256 | 1566381a63327ee6c744e76886c27115547c67db52c57732b8d03008afaf1889 |
| SHA512 | c697164b70cf14b18b37e456081c1f9c0a238b4c00e2895f08c64249203a437a0ad466f2a8a633c81e9b52ea30d0706b5cbb135d9d9876e790a9c999eaa91b43 |
memory/2956-227-0x0000000000400000-0x0000000002D13000-memory.dmp
memory/2956-228-0x0000000002E20000-0x0000000002F20000-memory.dmp
memory/2956-230-0x0000000000330000-0x00000000003D0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\o6jaflcUo2\YEb3ySSKtgl.zip
| MD5 | 3d49640c2d7c38e2e141b90528e62671 |
| SHA1 | 50c7748e55e501e9b6e698891cac2cfd35d7778c |
| SHA256 | 546a6d28271643b9693c091fdb7a9e83160f07648b48d21fe6d5e3c2a4311672 |
| SHA512 | 7c010924a191b993bbb301c895bcfaf645a34713ed1cd7ad4c6edf139aa8a320c989090e79b040d0279d0ebca004d401043b7e0fdc1a76a4bfceb8c782d76108 |
memory/2956-233-0x0000000004660000-0x0000000004661000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-24 07:43
Reported
2024-01-24 07:46
Platform
win10v2004-20231215-en
Max time kernel
144s
Max time network
151s
Command Line
Signatures
CryptBot
CryptBot payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Enumerates physical storage devices
Program crash
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\71a9d91cfbd2cfa97dba3bcf47af4a4f.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\71a9d91cfbd2cfa97dba3bcf47af4a4f.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\71a9d91cfbd2cfa97dba3bcf47af4a4f.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\71a9d91cfbd2cfa97dba3bcf47af4a4f.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\71a9d91cfbd2cfa97dba3bcf47af4a4f.exe
"C:\Users\Admin\AppData\Local\Temp\71a9d91cfbd2cfa97dba3bcf47af4a4f.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5004 -ip 5004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 604
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5004 -ip 5004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 688
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5004 -ip 5004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 5004 -ip 5004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 876
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5004 -ip 5004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 876
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 876
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5004 -ip 5004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5004 -ip 5004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 1144
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5004 -ip 5004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 1168
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 5004 -ip 5004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 1040
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5004 -ip 5004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 692
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5004 -ip 5004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 1304
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5004 -ip 5004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 796
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5004 -ip 5004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 756
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 5004 -ip 5004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 972
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5004 -ip 5004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 980
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5004 -ip 5004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 1336
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5004 -ip 5004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 1336
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5004 -ip 5004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 984
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5004 -ip 5004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 808
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 1408
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5004 -ip 5004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5004 -ip 5004
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 784
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | knuxua32.top | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | knuxua32.top | udp |
| US | 8.8.8.8:53 | knuxua32.top | udp |
| US | 8.8.8.8:53 | knuxua32.top | udp |
| US | 8.8.8.8:53 | knuxua32.top | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | knuxua32.top | udp |
| US | 8.8.8.8:53 | knuxua32.top | udp |
| US | 8.8.8.8:53 | knuxua32.top | udp |
| US | 8.8.8.8:53 | knuxua32.top | udp |
| US | 8.8.8.8:53 | knuxua32.top | udp |
| US | 8.8.8.8:53 | 209.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | knuxua32.top | udp |
| US | 8.8.8.8:53 | knuxua32.top | udp |
| US | 8.8.8.8:53 | knuxua32.top | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | knuxua32.top | udp |
| US | 8.8.8.8:53 | knuxua32.top | udp |
| US | 8.8.8.8:53 | knuxua32.top | udp |
| US | 8.8.8.8:53 | knuxua32.top | udp |
| US | 8.8.8.8:53 | mornui03.top | udp |
| US | 8.8.8.8:53 | mornui03.top | udp |
| US | 8.8.8.8:53 | mornui03.top | udp |
| US | 8.8.8.8:53 | mornui03.top | udp |
Files
memory/5004-1-0x0000000002E30000-0x0000000002F30000-memory.dmp
memory/5004-2-0x0000000004AF0000-0x0000000004B90000-memory.dmp
memory/5004-3-0x0000000000400000-0x0000000002D13000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cU7n4Cv5\_Files\_Information.txt
| MD5 | 98ebf81d2ca411a73a9831a5aec7cb87 |
| SHA1 | 235d30f35d554296fdf1a610f3a5f986faebe3c2 |
| SHA256 | d972e6976a258b16a828b60f4009fd89dae340e975ce8baa7ed2a3fb15356c7b |
| SHA512 | 5eb45bb2b8b01b8b554a45f5c48713d1dec7d58ff487b96c25f30143079c625a86de7fdfd7cef0e9400efe7919f088a945265100fc8d1d65b014ba89f72b899d |
C:\Users\Admin\AppData\Local\Temp\cU7n4Cv5\_Files\_Information.txt
| MD5 | 9246cce0f801b0596efe1c8ca4c5ebbe |
| SHA1 | 61007a952402d05c4ab731a02fcedc9947159536 |
| SHA256 | 3adec67e002095705b0a84634636cd6a0915945ba6ca26266ac2ed9f73dc0d9e |
| SHA512 | 52d561720bba3c176ee0a110e866d684a647dcb9970d96f2edf39332aaa250d7b704516841247df458d99b187344d6a77d5056ab204fde227dd73de1d1bb130d |
C:\Users\Admin\AppData\Local\Temp\cU7n4Cv5\_Files\_Screen_Desktop.jpeg
| MD5 | aae2bffbd650aa1cdda4950badd5c242 |
| SHA1 | c73497738df267e04b1884cd16190bf838629f38 |
| SHA256 | 6c695409ef065d17e4fd61fcbc665f7dabd14878704e755d50d7ba7fb02b2b70 |
| SHA512 | 55bbfddf2fb329ea6a7bef51f2193e8a52fd6b1e8ef9dfcdb496068549cc027fabb5b530a62c47a5c14f87116ad4d6fe356dd7fc3ec848445b3e8901d61c5225 |
C:\Users\Admin\AppData\Local\Temp\cU7n4Cv5\files_\system_info.txt
| MD5 | 06d1bafb983175a5ca6218d3ca54848d |
| SHA1 | c68542fc4fc90256b5fc48756c01e94e604dc2d0 |
| SHA256 | 408520ecebc4202bfad6f07f4f671c27b82f3a995291251df5519333dc543a18 |
| SHA512 | 5c0a98f7b404d5fb231fb0ac8bfe018c21182a814d5dcabe40719cb2dc29e403988636f8c3580f84dc6d17c8cd27573613ec5bfb3f6caecb16ec5aecad469b4d |
C:\Users\Admin\AppData\Local\Temp\cU7n4Cv5\files_\system_info.txt
| MD5 | 47709dc216d97810d13d74a2208336d1 |
| SHA1 | 3bf4d51562c31cd63814ac1e20b56ac3fbd62fa1 |
| SHA256 | b77ed176423241558a0761bdd8ad8c8a421175101ba5a3d2cf15cb6d3317879b |
| SHA512 | 5ed8a4e237fe01b5010208ef78d2bb8a22fbc0f33a561d1b3987d74dc8a8f27f9c66a89193ce7dcd3ffd6798a46aa67cc33f82b2c3e40410ae881340ec2d2e2f |
C:\Users\Admin\AppData\Local\Temp\cU7n4Cv5\files_\system_info.txt
| MD5 | dda8a010550de3b0e37c882a44220d5a |
| SHA1 | b918166afcbf1e54088b3276efa580c5d31782e1 |
| SHA256 | 9ee00b05ec5123f360d6fca11191e8998232d2933694b7cb99df0a4d4b381c6b |
| SHA512 | 0006c8c645c0ed911b0b96f88b1cdf7a7ae5ad07b413e337015d04d18c6e9a1e5a94749c9715ed841af87293999ee5fc4a8678d5269cf0c51c7a09d583cdf9d3 |
memory/5004-207-0x0000000000400000-0x0000000002D13000-memory.dmp
memory/5004-211-0x0000000002E30000-0x0000000002F30000-memory.dmp
memory/5004-212-0x0000000004AF0000-0x0000000004B90000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cU7n4Cv5\jmryL1pY1MfI.zip
| MD5 | 7d54b705cb10dfa1c24c929de9abfbc7 |
| SHA1 | 7aa03b819b5f955f8e7d84171da9c07f7427a5d9 |
| SHA256 | 0ecf4f2beead22780402f5b4743172188e8df8c84641c2db35380ec763cc3423 |
| SHA512 | dc8588ed8df878797386381ad8ac9ab3428f066284e937f92c00b8b5d6dfce6d8ff6ecdaab439b6f125aa19301915f9f548b760b399dfcf9affad2a8af3c3f62 |
C:\Users\Admin\AppData\Local\Temp\cU7n4Cv5\UbWkfjJo.zip
| MD5 | 5941adf247ea051fb93b594e2e953948 |
| SHA1 | 72ef3fac98b95427692fe9b7bcf7d9d2336172f0 |
| SHA256 | 996b1bbda43ee7050226a895befaf23745536995a7bcf1fd7efad9580563f385 |
| SHA512 | 104e6f6efc0e31704f6f081b1ae797f922c75b33891c5772cf7ac8959ab295cf3a02bf7386335299be8c5a634a08c89b9a6d0befc3eca74b61da5db6a18d78a7 |