Analysis
-
max time kernel
50s -
max time network
21s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
29-01-2025 14:30
Static task
static1
1 signatures
General
-
Target
d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe
-
Size
2.7MB
-
MD5
db47ecf2f847ff342c418327eef7186c
-
SHA1
57196f1d6eeb3ca5ae6bf8b537ff62784a5c113f
-
SHA256
d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712
-
SHA512
34ffb69e6d6e4d24d96b20af0b2ecbe818a52594f468bccb15979c5ba3ee85f98895add607ad375bdd15231de71d82478b6a09b03ca9c45383a7d1c6ee24468f
-
SSDEEP
49152:3dK5/5dc7MIAyxy2QjGhzwcJdAud+EscXQzA:3dK5Rdc7MIDvFbdnd+Es2QzA
Malware Config
Signatures
-
Detects Healer an antivirus disabler dropper 3 IoCs
resource yara_rule behavioral1/memory/3892-1-0x0000000000600000-0x00000000008C2000-memory.dmp healer behavioral1/memory/3892-2-0x0000000000600000-0x00000000008C2000-memory.dmp healer behavioral1/memory/3892-7-0x0000000000600000-0x00000000008C2000-memory.dmp healer -
Healer family
-
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware = "1" d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe -
Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1" d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe Key created \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0" d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe -
Modifies Windows Defender notification settings 3 TTPs 2 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications\DisableNotifications = "1" d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe Key created \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe -
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe -
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Wine d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe -
Windows security modification 2 TTPs 2 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0" d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 3892 d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DllHost.exe -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName taskmgr.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe -
Modifies registry class 37 IoCs
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix BackgroundTransferHost.exe Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" BackgroundTransferHost.exe Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" BackgroundTransferHost.exe Set value (data) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Key created \Registry\User\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\NotificationData explorer.exe Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1" explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f706806ee260aa0d7449371beb064c986830000 explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1" explorer.exe Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} explorer.exe Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings control.exe Set value (data) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}" explorer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ explorer.exe Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0" explorer.exe Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0" explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 1e00718000000000000000000000e1a40ed25739d211a40b0c50205241530000 explorer.exe Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 explorer.exe Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags explorer.exe Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 0c0001008421de39050000000000 explorer.exe Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 explorer.exe Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff explorer.exe Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "287309825" explorer.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1708 explorer.exe -
Suspicious behavior: EnumeratesProcesses 37 IoCs
pid Process 3892 d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe 3892 d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe 3892 d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe 3892 d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeDebugPrivilege 3892 d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe Token: SeShutdownPrivilege 1820 control.exe Token: SeCreatePagefilePrivilege 1820 control.exe Token: SeDebugPrivilege 3320 taskmgr.exe Token: SeSystemProfilePrivilege 3320 taskmgr.exe Token: SeCreateGlobalPrivilege 3320 taskmgr.exe -
Suspicious use of FindShellTrayWindow 46 IoCs
pid Process 1708 explorer.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe -
Suspicious use of SendNotifyMessage 45 IoCs
pid Process 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe 3320 taskmgr.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 1708 wrote to memory of 3320 1708 explorer.exe 83 PID 1708 wrote to memory of 3320 1708 explorer.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe"C:\Users\Admin\AppData\Local\Temp\d2ec308c83a3256727c6045efb99ea27a19ee06d2966083a0bf99b3300106712.exe"1⤵
- Modifies Windows Defender DisableAntiSpyware settings
- Modifies Windows Defender Real-time Protection settings
- Modifies Windows Defender TamperProtection settings
- Modifies Windows Defender notification settings
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Windows security modification
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3892
-
C:\Windows\system32\control.exe"C:\Windows\system32\control.exe" /name Microsoft.AdministrativeTools1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1820
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
- System Location Discovery: System Language Discovery
PID:2976
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1708 -
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /72⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3320
-
-
C:\Windows\system32\BackgroundTransferHost.exe"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.131⤵
- Modifies registry class
PID:2088
Network
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
5Disable or Modify Tools
5Modify Registry
6Virtualization/Sandbox Evasion
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
14KB
MD5f83149158a82a4339f0e499dd7897c88
SHA1533962d636eb76865baa36a71725be3f4cbc78dc
SHA2569570920e827603190603f2fed8037a423814c59a48693a0ce724910d8e6c9234
SHA512bff6d676e004c4cd2d51ee6631dcff8151e0a3366a3974267f7612ef1fa9cc1ffad34d662174904ef6cba264bc6531135f36dd9d1850e35696ab3e7491e924d8