Malware Analysis Report

2025-03-15 00:33

Sample ID 240928-xer28atcre
Target 50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N
SHA256 50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606
Tags
upx mydoom discovery persistence worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606

Threat Level: Known bad

The file 50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N was found to be: Known bad.

Malicious Activity Summary

upx mydoom discovery persistence worm

Detects MyDoom family

MyDoom

Executes dropped EXE

Adds Run key to start application

UPX packed file

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-28 18:46

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-28 18:46

Reported

2024-09-28 18:48

Platform

win7-20240708-en

Max time kernel

120s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe"

Signatures

Detects MyDoom family

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

MyDoom

worm mydoom

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\services.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe

"C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.156.133.4:1034 tcp
N/A 172.16.1.5:1034 tcp
N/A 10.93.103.153:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.41.4:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
N/A 192.168.10.107:1034 tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 85.187.148.2:25 gzip.org tcp
US 204.13.239.180:25 alumni.caltech.edu tcp
N/A 10.241.35.61:1034 tcp
US 8.8.8.8:53 mx.gzip.org udp
US 8.8.8.8:53 mx.alumni.caltech.edu udp
US 8.8.8.8:53 mail.alumni.caltech.edu udp
US 8.8.8.8:53 smtp.alumni.caltech.edu udp
US 8.8.8.8:53 mail.gzip.org udp
US 85.187.148.2:25 mail.gzip.org tcp
N/A 192.168.2.18:1034 tcp

Files

memory/2876-0-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2876-4-0x0000000000220000-0x0000000000228000-memory.dmp

memory/2876-8-0x0000000000220000-0x0000000000228000-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/2868-11-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2876-17-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2876-18-0x0000000000220000-0x0000000000228000-memory.dmp

memory/2868-20-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2868-21-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2868-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2868-31-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2876-32-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2868-33-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2868-38-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 4277ee6c910f3d8f43f73f63ecdb69ff
SHA1 6bb6bd4198b0824ce8fab5772a398eff0fe33dbb
SHA256 32bc3f9d9e65bb40931a5c879f93f638de7e4f08983dae3921417352e38a4776
SHA512 1b859ed01c54c69f62b270f87308ab977b6bafade52a3166527a48a442b8fa6f4b6d1d113b3b81ce681bd9a0e181250cb32bd234469465887c2e6d2e7e70b7e4

C:\Users\Admin\AppData\Local\Temp\tmp4607.tmp

MD5 f281c083039c85438732c6f909a90320
SHA1 69caa502907a895707e978651a9d2f8be505fc81
SHA256 0f01aedee5d8d86be54e8b3948978e4f52c8534e34cf2c75c52048552c64578e
SHA512 29a5101288137bf58715f6118436632ab1a5949a3cb88a7155f45b89f0b197c01cf276a361bebd409e0c1b73728e14c982f1280499f06567d463a512110f4e2a

memory/2868-59-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2876-58-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2876-60-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2868-61-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2876-65-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2868-66-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2868-71-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2868-73-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2876-72-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2868-78-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-28 18:46

Reported

2024-09-28 18:48

Platform

win10v2004-20240802-en

Max time kernel

120s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe"

Signatures

Detects MyDoom family

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

MyDoom

worm mydoom

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\services.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe" C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe" C:\Windows\services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\services.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe

"C:\Users\Admin\AppData\Local\Temp\50192dde7cc12281f2e6169dada90410fd5d31a578c3593a82b8e958e533d606N.exe"

C:\Windows\services.exe

"C:\Windows\services.exe"

Network

Country Destination Domain Proto
N/A 10.156.133.4:1034 tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
N/A 172.16.1.5:1034 tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
N/A 10.93.103.153:1034 tcp
N/A 192.168.10.107:1034 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
N/A 10.241.35.61:1034 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 m-ou.se udp
US 8.8.8.8:53 aspmx2.googlemail.com udp
US 8.8.8.8:53 acm.org udp
FI 142.250.150.27:25 aspmx2.googlemail.com tcp
US 8.8.8.8:53 mail.mailroute.net udp
US 199.89.1.120:25 mail.mailroute.net tcp
US 8.8.8.8:53 cs.stanford.edu udp
US 8.8.8.8:53 smtp1.cs.stanford.edu udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 burtleburtle.net udp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 8.8.8.8:53 mx.burtleburtle.net udp
US 65.254.254.51:25 mx.burtleburtle.net tcp
US 8.8.8.8:53 alumni.caltech.edu udp
US 8.8.8.8:53 alumni-caltech-edu.mail.protection.outlook.com udp
US 8.8.8.8:53 gzip.org udp
US 52.101.42.4:25 alumni-caltech-edu.mail.protection.outlook.com tcp
US 8.8.8.8:53 gzip.org udp
US 85.187.148.2:25 gzip.org tcp
N/A 192.168.2.18:1034 tcp
US 8.8.8.8:53 search.lycos.com udp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:80 www.google.com tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
GB 142.250.179.228:80 www.google.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 2.23.210.82:80 r10.o.lencr.org tcp
GB 142.250.179.228:80 www.google.com tcp
US 8.8.8.8:53 10.254.202.209.in-addr.arpa udp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 82.210.23.2.in-addr.arpa udp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
GB 142.250.179.228:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 8.8.8.8:53 www.altavista.com udp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
GB 142.250.179.228:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.179.228:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.179.228:80 www.google.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
GB 142.250.179.228:80 www.google.com tcp
GB 142.250.179.228:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
IE 212.82.100.137:443 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:443 search.lycos.com tcp
IE 212.82.100.137:80 www.altavista.com tcp
US 209.202.254.10:80 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 171.64.64.25:25 smtp1.cs.stanford.edu tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.179.228:80 www.google.com tcp
US 209.202.254.10:443 search.lycos.com tcp
US 209.202.254.10:443 search.lycos.com tcp
GB 142.250.179.228:80 www.google.com tcp
GB 142.250.179.228:80 www.google.com tcp
GB 142.250.179.228:80 tcp

Files

memory/2804-0-0x0000000000500000-0x0000000000510200-memory.dmp

C:\Windows\services.exe

MD5 b0fe74719b1b647e2056641931907f4a
SHA1 e858c206d2d1542a79936cb00d85da853bfc95e2
SHA256 bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c
SHA512 9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

memory/4640-5-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2804-13-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4640-15-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4640-16-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4640-21-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4640-26-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4640-28-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4640-33-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4640-38-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4640-40-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4640-45-0x0000000000400000-0x0000000000408000-memory.dmp

memory/4640-50-0x0000000000400000-0x0000000000408000-memory.dmp

memory/2804-49-0x0000000000500000-0x0000000000510200-memory.dmp

memory/2804-51-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4640-52-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 62e07d5afb66609de79efe751ed19ef5
SHA1 8baa270a875e510a4b311df5a5d42696ca4c20d4
SHA256 5d9aec72202f0ad01669d3d2935ce04cf7d78efd86178daf41dbbf64a75d1194
SHA512 c14a6bef54d3ee432313f599281fd8266212202a34c2c39466d5f7616a98ec8f5077682d0a5fe87fd43a49456d447fc5ac21a938be9ef969bad1ddb347afbb33

C:\Users\Admin\AppData\Local\Temp\tmpFC1E.tmp

MD5 04502a6b7249cd6a2e21a60587cd9c8f
SHA1 ba19558e5a7962f9256f83de8103d3c3db919698
SHA256 c23a8c21c5557428c3a74428c44d86eb9a66ae84caa090bd54ee174f4f96d681
SHA512 99c73bfa704d676c3ae8390e9dcc1c887e9c965e2948b82ecb85989eeb0404f2a7914f5048c5ff9d856eaa7a34f15e3fba6e214e362692bb2d39d8894487d5de

C:\Users\Admin\AppData\Local\Temp\zincite.log

MD5 eaae1e6f735337e429aeaf333982b6dc
SHA1 2bea666c9542532e2ab6edea8f2dcd3b51b79c54
SHA256 ecebd52337a2fb4d28d481a53bf39ba9ed4987df28b84222824caa9656fc94d8
SHA512 379691499fa8afb9d73937121a9dc8e5258237b0b7b670ac45c90b90aedbd0b2445f30be7aa27026905cbe042ccdec61669c9c5b0167c64920a8ddb456a126f0

memory/2804-125-0x0000000000500000-0x0000000000510200-memory.dmp

memory/4640-128-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YHMF37VK\search[2].htm

MD5 8ba61a16b71609a08bfa35bc213fce49
SHA1 8374dddcc6b2ede14b0ea00a5870a11b57ced33f
SHA256 6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1
SHA512 5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1