Analysis
-
max time kernel
117s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
21-03-2024 13:41
Static task
static1
Behavioral task
behavioral1
Sample
dbc3b7443f9fc4dc0b51b186f9feee29.exe
Resource
win7-20240221-en
General
-
Target
dbc3b7443f9fc4dc0b51b186f9feee29.exe
-
Size
255KB
-
MD5
dbc3b7443f9fc4dc0b51b186f9feee29
-
SHA1
6553b73710f1c5dbf60ca64c0d7e7a535b8ce803
-
SHA256
51ef5b112e89b59d2a8c7921af0dc5272d059b9c5a1ddbd1bfe4f9a5fcff8e46
-
SHA512
64472f4d8c31909f5e9eb049778c339fddbfe41f6090bb725d0864056d4d2650663164d03e43e96e528d490d55d78efe826060438a7e077d1a7cac3341e3300c
-
SSDEEP
6144:91OgDPdkBAFZWjadD4sqFuZ1DfjNBjV2SK2lz+Bul1:91OgLdaZuH5BjV2QSBE
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1640 setup.exe -
Loads dropped DLL 6 IoCs
pid Process 2304 dbc3b7443f9fc4dc0b51b186f9feee29.exe 1640 setup.exe 1640 setup.exe 1640 setup.exe 1640 setup.exe 1640 setup.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object 2 TTPs 4 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
description ioc Process Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DB0D3E57-5D58-0D3D-30D6-EECD957467B9} setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DB0D3E57-5D58-0D3D-30D6-EECD957467B9} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DB0D3E57-5D58-0D3D-30D6-EECD957467B9}\ = "wxDfast" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DB0D3E57-5D58-0D3D-30D6-EECD957467B9}\NoExplorer = "1" setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NSIS installer 4 IoCs
resource yara_rule behavioral1/files/0x0007000000015c16-22.dat nsis_installer_1 behavioral1/files/0x0007000000015c16-22.dat nsis_installer_2 behavioral1/files/0x00060000000162cb-79.dat nsis_installer_1 behavioral1/files/0x00060000000162cb-79.dat nsis_installer_2 -
Modifies registry class 63 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DB0D3E57-5D58-0D3D-30D6-EECD957467B9}\ProgID setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DB0D3E57-5D58-0D3D-30D6-EECD957467B9}\VersionIndependentProgID setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32 setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F} setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0 setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0 setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\ = "Injector 1.0 Type Library" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" setup.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DB0D3E57-5D58-0D3D-30D6-EECD957467B9}\InprocServer32 setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DB0D3E57-5D58-0D3D-30D6-EECD957467B9}\ = "wxDfast Class" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DB0D3E57-5D58-0D3D-30D6-EECD957467B9}\InprocServer32\ = "C:\\ProgramData\\wxDfast\\bhoclass.dll" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0 setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR\ = "C:\\ProgramData\\wxDfast" setup.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DB0D3E57-5D58-0D3D-30D6-EECD957467B9}\Programmable setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ = "IInjectorBHO" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32 setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\ProxyStubClsid32 setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DB0D3E57-5D58-0D3D-30D6-EECD957467B9}\InprocServer32 setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DB0D3E57-5D58-0D3D-30D6-EECD957467B9}\InprocServer32\ThreadingModel = "Apartment" setup.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DB0D3E57-5D58-0D3D-30D6-EECD957467B9} setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\HELPDIR setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32 setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DB0D3E57-5D58-0D3D-30D6-EECD957467B9}\Programmable setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer\ = "bhoclass.bho.1.0" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DB0D3E57-5D58-0D3D-30D6-EECD957467B9} setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\ = "wxDfast" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\Version = "1.0" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\FLAGS\ = "0" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib\ = "{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ = "ILocalStorage" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DB0D3E57-5D58-0D3D-30D6-EECD957467B9}\ProgID\ = "bhoclass.bho.1.0" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CLSID\ = "{DB0D3E57-5D58-0D3D-30D6-EECD957467B9}" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}\TypeLib setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\TypeLib\Version = "1.0" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DB0D3E57-5D58-0D3D-30D6-EECD957467B9}\VersionIndependentProgID\ = "bhoclass.bho" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0\CLSID\ = "{DB0D3E57-5D58-0D3D-30D6-EECD957467B9}" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\CurVer setup.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DB0D3E57-5D58-0D3D-30D6-EECD957467B9}\ProgID setup.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DB0D3E57-5D58-0D3D-30D6-EECD957467B9}\VersionIndependentProgID setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\ = "C:\\ProgramData\\wxDfast\\bhoclass.dll" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}\ProxyStubClsid32 setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho\ = "wxDfast" setup.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2304 wrote to memory of 1640 2304 dbc3b7443f9fc4dc0b51b186f9feee29.exe 28 PID 2304 wrote to memory of 1640 2304 dbc3b7443f9fc4dc0b51b186f9feee29.exe 28 PID 2304 wrote to memory of 1640 2304 dbc3b7443f9fc4dc0b51b186f9feee29.exe 28 PID 2304 wrote to memory of 1640 2304 dbc3b7443f9fc4dc0b51b186f9feee29.exe 28 PID 2304 wrote to memory of 1640 2304 dbc3b7443f9fc4dc0b51b186f9feee29.exe 28 PID 2304 wrote to memory of 1640 2304 dbc3b7443f9fc4dc0b51b186f9feee29.exe 28 PID 2304 wrote to memory of 1640 2304 dbc3b7443f9fc4dc0b51b186f9feee29.exe 28 -
System policy modification 1 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{DB0D3E57-5D58-0D3D-30D6-EECD957467B9} = "1" setup.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\dbc3b7443f9fc4dc0b51b186f9feee29.exe"C:\Users\Admin\AppData\Local\Temp\dbc3b7443f9fc4dc0b51b186f9feee29.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2304 -
C:\Users\Admin\AppData\Local\Temp\7zS45E6.tmp\setup.exe.\setup.exe /s2⤵
- Executes dropped EXE
- Loads dropped DLL
- Installs/modifies Browser Helper Object
- Modifies registry class
- System policy modification
PID:1640
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46KB
MD58be20144dbd200c6de0c9430ed9280cf
SHA1b81e3aacaaedd66ef0896acabc6983c94758e2b4
SHA256634557ab79a29fe800721bc5f146a9b86799b72eb6755e821492f85ca66818a6
SHA512fd7db954002be6332c8c6f4500fc38c1d5286022bb56f21b97567e837ee3d5a3c6db08cabcd2ffe405e7180918d6bb0b57b330703a9d045851901d01115ff94e
-
C:\Users\Admin\AppData\Local\Temp\7zS45E6.tmp\[email protected]\bootstrap.js
Filesize2KB
MD5b9165e81934c746e3a33afc6bde86143
SHA1ce38f37d26d5fa6309f4d42cbf470bc4a884b100
SHA2563edbe3448cc74e7862db06fb08a8250c044a6aadbbea35a365560080eaaa3624
SHA512fab8731e561554bf3ac4a32950a4111d3bca7d9223727ed6eccca598777bd697606a11f658eae3d28f6dae16faf40fda7387d0e25cd8f3cb750c871f77178bc8
-
C:\Users\Admin\AppData\Local\Temp\7zS45E6.tmp\[email protected]\chrome.manifest
Filesize116B
MD5e7e543d1c04192314d3b4f8c38181380
SHA1521b4a98932279d4233dcabbf69b6cf8f77f4254
SHA25663abb8024a686073dff842d91e89232db01254f97b6eb91056789f213a2430cf
SHA51227ed73a9ef90265b6e4f9077a7d37845d32ac856324b208c85eae55a7e34bbfbc4e9378fa757c483ae4ce62dbc9093402a07ed5c09405bb1e8f021e0bbd94327
-
C:\Users\Admin\AppData\Local\Temp\7zS45E6.tmp\[email protected]\content\bg.js
Filesize8KB
MD5242f79795d732646b17bc0dc54475b67
SHA1d7e3204ecaa652e622a4fdc1f1032be6fbbc1391
SHA256c968eb81998b8c327edad4ef2719d2127c3f8cb297e7810d2ab285306b136160
SHA5126e91cf06da1d121544b3832eb47ca2684c1a74312ab2115084f8aedc550ba1f92fedf12bd0227402a4bfa6c9f47f7b3973440c35031964deba125e0468c65dac
-
C:\Users\Admin\AppData\Local\Temp\7zS45E6.tmp\[email protected]\content\zy.xul
Filesize225B
MD5a1264ce9ffc47c7442ac3cd92549dbfe
SHA10a59a196c47015375fe36eaa1459f9eb4776f211
SHA25652f69d71c567894d045311d275ae6f003f3da8e04d63118b0ae9fe1397cf5d45
SHA51283a6c0ef4ef2bb50183fd12bbbfef0df3857e86028690940ee5427f868faa522f042ea449f31f9ae22c432442516e369b602ed17e567826baef4e40fe2927799
-
C:\Users\Admin\AppData\Local\Temp\7zS45E6.tmp\[email protected]\install.rdf
Filesize714B
MD5d403b95f264fc09ca718ed8c28fc551c
SHA1a5cc7c33761d47d7e5d8d163c2328e65371259a6
SHA256e14455c835deb2535b3cf9b0d96d49d338ef9814c0e29777acea417299f00394
SHA5120651574c5bc47115dbfb79812ffeb4dcca14c9f5aa8284d9ea8b7e453ad828579e17fd7e21141e1518f641b2288231ee25c9e08160f98df3507141500a2c6f25
-
Filesize
4KB
MD5f99e3ce2a4b055651f1d6cae063d6177
SHA1a0c8a2c6ba88062edac44a9989d55e6d8ffe6661
SHA256e8aeae359dab85ff8a66886bfe7484c0831392ffceb281c4b6bde4d4a2ca8cc2
SHA51229cfcdd30d518ee66b8ef42727e5049b039ae5060717dfc2793614c7c5bb31aed811a73871baaeafd671a33ebe0af4146a96d3077d19bee025f4a8d91188fed3
-
Filesize
164KB
MD50fba1e50c5ca7a4cfeac6ab8f1fcfda9
SHA1532b7ba678f2de4b4493c89ac13624622058c54a
SHA256160a3d5b09df4d7e764ad8173ba44aba43aace29df364d788fd069b2530a977f
SHA512339f6ffc41b70fe312fe6b517e8c5931c24a7a4bcd2d84db2923d089aa29ecdfa3e78944f9c0f9580dd92eb26daa45ee4c1453634ad36a5057a12a3088cb34bf
-
Filesize
386B
MD5653e783c90f0ddfeca78491dd1a64b54
SHA1219d72d86277224f55359e37c4b991bad57d52d3
SHA256d6826548fdb82fa48f0a0513d85b72c7c50f917a4301977bd29bfc2703f58366
SHA512656e47b1e0c1b365d5591ee9f43a19d099c25e330342e9d11cdb3d4f916c50446cbdb7c90dfe8c43c63ad070846a8ba99ba44fa25ea460cad202ddd0f78b0c6f
-
Filesize
3KB
MD53b5e21cdaec9856f48e2b59de562dd95
SHA1f4988e726d52c7075a91e49e8c0f45086a88ced1
SHA256d78ffe892929237d69d6a159333e8ea8ddb3fda0f88e8ebcdcb69536f80ea3f3
SHA512980c786073995b2fda073440ffe2f9b8f8e26a843a8b1e6899498c13967c5faa135accb4066cf6ab5b658258efddbb8771e6eb0ce67eec9f159cb92c1d4391bd
-
Filesize
662B
MD5a780c9e02de08a2eb5ffbbe8cf1288d5
SHA1ae9db3390008dc61f843e907d1c0d760112f361d
SHA256c2976606e230c9bf32266781b66f3cf5e43b766342db3c97b44b49e574c12e88
SHA512ea8aca3bdb2dbedb7da9fd6b28b25148cb302e3e337624ebd579c37adc82e12653c3e0b9f7985d716ce36d8a4dc2e953c8699603efae38e5fafb6db1e81a7de3
-
Filesize
61KB
MD516ef6e914973925977cdc5ef6b8b2565
SHA14815da2815975b33f5dc94d482e6dbc02588afa6
SHA2566b9a2b64b90799f1d50458dc38fb4e9e13a8abb37210c8f5d9eeedae84c6912f
SHA512c74f0e17878c4598b626edb5e75e7ee098b71c0c26454ba709e2ea438517670ce11abf7d909470e6c935a21d0413c0d14b29960af9bd6a423e3261789a35b059