Analysis
-
max time kernel
149s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
22-04-2024 17:46
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip
Resource
win10v2004-20240412-en
General
-
Target
https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip
Malware Config
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Executes dropped EXE 2 IoCs
pid Process 736 Client-built.exe 5944 Client-built.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 3048 msedge.exe 3048 msedge.exe 1056 msedge.exe 1056 msedge.exe 4924 identity_helper.exe 4924 identity_helper.exe 2280 msedge.exe 2280 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe 2300 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 736 Client-built.exe Token: SeDebugPrivilege 5944 Client-built.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1056 wrote to memory of 4720 1056 msedge.exe 86 PID 1056 wrote to memory of 4720 1056 msedge.exe 86 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3204 1056 msedge.exe 87 PID 1056 wrote to memory of 3048 1056 msedge.exe 88 PID 1056 wrote to memory of 3048 1056 msedge.exe 88 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89 PID 1056 wrote to memory of 3932 1056 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1056 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd718c46f8,0x7ffd718c4708,0x7ffd718c47182⤵PID:4720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:3204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵PID:3932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:3052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:1620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:82⤵PID:3660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5500 /prefetch:82⤵PID:4232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:12⤵PID:1808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵PID:528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵PID:2680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:5388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:5396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10411323653494114896,4967584266960265124,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2860 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2300
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3276
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4296
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5612
-
C:\Users\Admin\Downloads\release\builder.exe"C:\Users\Admin\Downloads\release\builder.exe"1⤵PID:1804
-
C:\Users\Admin\Downloads\release\Client-built.exe"C:\Users\Admin\Downloads\release\Client-built.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:736
-
C:\Users\Admin\Downloads\release\Client-built.exe"C:\Users\Admin\Downloads\release\Client-built.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5944
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57b56675b54840d86d49bde5a1ff8af6a
SHA1fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811
SHA25686af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929
SHA51211fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9
-
Filesize
152B
MD548cff1baabb24706967de3b0d6869906
SHA1b0cd54f587cd4c88e60556347930cb76991e6734
SHA256f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775
SHA512fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6
-
Filesize
265B
MD5f5cd008cf465804d0e6f39a8d81f9a2d
SHA16b2907356472ed4a719e5675cc08969f30adc855
SHA256fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d
SHA512dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d
-
Filesize
6KB
MD579e8cd4869d2c6b46b03a927e1c30717
SHA164fcf282c708d8790727e3d4fdd0001869dab515
SHA256400d576e26384ea9119568a1e37946a99fbe15b663606b03e9fc908f197d505d
SHA512517fd52836491055daa7474523cb9a777fd6bc6cb725fc738f36d26c9cb8b51cf4bd8ca182fe969332a7a9f6d9504e355f6ab624ba03f0e8ef56704c0356042f
-
Filesize
6KB
MD581be4dbbabff94ff9d787870467c40ff
SHA10589ae4bb6a725112d148a939f425ed0a9118f8e
SHA256ec298d79fa8e735f78f42d71799ac1be3c3e32156b93cea2f4aedf05d6aa1f94
SHA512be525c4126918544f1698cd2cee62d7b4eb2788647991eba6b64c60ce01846964ad2542128c23a45724fbdc470ae638ca478836046d3dd10f6112e1dca88526c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD59a9dc7b126ed23c36c974335d5eb68ac
SHA13772797544d84dea9e367e3fa72dab0a533d6483
SHA25632e798752b2e3b0639a7f6754cace57d1f37ec1c06aafd7a55ef8e95523b726a
SHA5125aea3405ac9d25604c9c6096a7c21028ebec451b47aed020830c46f879cd5e9006e270a33b94740d82ba2ba24bf500319d8777a4bd8e2a5aac13ee948cb28623
-
Filesize
11KB
MD5f60a199d07c5e65ccefb842589d6eda5
SHA1a4ee1febf5aa2cedbd3fd4b60d397bc7905bcc55
SHA2561bb0aa1695a4caa2cb1d347e46c66183af27c951eb693d9a3f97add7b2b18b3c
SHA51297038cd0f5249d0aaa5c64fe77e6f820b761cd64ae97a31738f63f333216d11ca62dbc6ae31834a626193108ac12d6a24d4f36986b59668f19dc4d6bc5f56a50
-
Filesize
445KB
MD506a4fcd5eb3a39d7f50a0709de9900db
SHA150d089e915f69313a5187569cda4e6dec2d55ca7
SHA256c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97
SHA51275e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b
-
Filesize
78KB
MD55fa78b19ae158350ead3ef50feb6a7a2
SHA157d57ca525968fd9d5a9ee38e783e288896caa01
SHA2561d4914ee768fbaf1b82a860ace972a01338c12a05ff7dbdde42bfab43b21a4d5
SHA512c0d0803b5ceaa4c3013132ead8d8a95faae4a01933c41cb4c998572c2a31c971faab5bb2c488aee8d73a16a0037a78e09130e1ecd2804c40f0665399c404c00e