Analysis
-
max time kernel
32s -
max time network
33s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
16-06-2024 14:01
Static task
static1
Behavioral task
behavioral1
Sample
T7ZjLEhV.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
T7ZjLEhV.dll
Resource
win11-20240508-en
Behavioral task
behavioral3
Sample
T7ZjLEhV.dll
Resource
macos-20240611-en
General
-
Target
T7ZjLEhV.dll
-
Size
2.1MB
-
MD5
ff7642fd946e915caace924effc3b85b
-
SHA1
e5a808e792b1f7315175612ffd2af8481d614c05
-
SHA256
fbdf92118c57786f44aac51d136a755d9bf9992b23af97779e2edc963f73894c
-
SHA512
af70ae16217d9b34f9709ff7627b2a55f1b438d543f6a84b611a65b1f7a870983f5359efbab2cdc112352d39da820b1deb73f7b0aa4fe2790346ca1f6d159afd
-
SSDEEP
24576:6PhpAQ742Z3JT3wODWlW9f2/MzpjnijarIqJ2I:uLA6Z3JTFDOgxNJh
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630200977797792" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 1768 chrome.exe 1768 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
chrome.exepid process 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe -
Suspicious use of AdjustPrivilegeToken 56 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe Token: SeShutdownPrivilege 1768 chrome.exe Token: SeCreatePagefilePrivilege 1768 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe 1768 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 1768 wrote to memory of 2764 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2764 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 2724 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 3196 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 3196 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe PID 1768 wrote to memory of 1900 1768 chrome.exe chrome.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\T7ZjLEhV.dll,#11⤵PID:2156
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1768 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcaaa3ab58,0x7ffcaaa3ab68,0x7ffcaaa3ab782⤵PID:2764
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=2024,i,17100136550321576823,14210071995386609569,131072 /prefetch:22⤵PID:2724
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=2024,i,17100136550321576823,14210071995386609569,131072 /prefetch:82⤵PID:3196
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=2024,i,17100136550321576823,14210071995386609569,131072 /prefetch:82⤵PID:1900
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2936 --field-trial-handle=2024,i,17100136550321576823,14210071995386609569,131072 /prefetch:12⤵PID:2100
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=2024,i,17100136550321576823,14210071995386609569,131072 /prefetch:12⤵PID:1088
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3600 --field-trial-handle=2024,i,17100136550321576823,14210071995386609569,131072 /prefetch:12⤵PID:3088
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4328 --field-trial-handle=2024,i,17100136550321576823,14210071995386609569,131072 /prefetch:12⤵PID:5032
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=2024,i,17100136550321576823,14210071995386609569,131072 /prefetch:82⤵PID:4072
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=2024,i,17100136550321576823,14210071995386609569,131072 /prefetch:82⤵PID:3552
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4840 --field-trial-handle=2024,i,17100136550321576823,14210071995386609569,131072 /prefetch:12⤵PID:1692
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4416 --field-trial-handle=2024,i,17100136550321576823,14210071995386609569,131072 /prefetch:12⤵PID:1196
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5068 --field-trial-handle=2024,i,17100136550321576823,14210071995386609569,131072 /prefetch:12⤵PID:4592
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3112 --field-trial-handle=2024,i,17100136550321576823,14210071995386609569,131072 /prefetch:12⤵PID:1180
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4656 --field-trial-handle=2024,i,17100136550321576823,14210071995386609569,131072 /prefetch:12⤵PID:1612
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:1116
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD525210fa11d48008a8e25c6f9e0febbc7
SHA1f8d2c18671d4372717fd2d9b9dc7107bcc2031f1
SHA25682c61cde33e109ab2147a1ca329603f8e3a7d4c79081afb56df1586cf0979b33
SHA512cd0c64690d5a1881a9a5e09a1eb63a856e900306ad9faf450871c3152394f84bcff75521a662f2f083ec2e15b715b7bbe5cc7c274b4ace1e65541218b135bee4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD562cb23ddb55bcb83f5370f71c06d0092
SHA133dc8257586c498379578135cf0d745f201e3cca
SHA256344aa5c6efd32ebc22045b5eff1a229cb3e295a68d1fd46f342c4f828d658024
SHA5121aae0c38c19cedfd54c13021ff3dee8585d3dda3bc51d3cf92a831ebbc62d513e5ac65bea30e49881076ab6b845dfef3167c32a08ac791c4ca6f89ae12e91052
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
257KB
MD51e7d72f016a93a9c762fc93c87d51679
SHA17557991f7083a734235031b33982d2259d808794
SHA256fe0d06c3851e28c124afd8c69f7d704eabd548eedee04a901be08e8adda100f1
SHA5121858a69b3a6e7c1427cdee8b8bb576925aad59d4e065c52464a5e03b76c6eb2aff46c787a8a21a961191b78f48e07b01ab2d3e6a640f3c4892b02ff8646e00c8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
257KB
MD53619be4d4ef55bb84ca7188ffa122615
SHA19589271ce511a3e2f305d42d28b691c532ad510f
SHA25615567db116f3a90dea5c7337dec8f7c3219e84a281425e84b025ec5526f01a3c
SHA512b4d988fcfb680145860d3cb9cac0ed5c3e035094b4fd9c482a7d1c9da5407c815dc3d222278c880f6c27119dd1090e504e1a142ede196412a766a3e2c39b8076
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
257KB
MD5b81fdec9bb083238821a2ab95a3fa95c
SHA184507539789a0a7d4e12d7d10d23f3ae42d56bc0
SHA25680ea1f234d59d8b6e81690df3db396ff180152a58b1a4e2940f63d16c01157fc
SHA5120763fd8ae1c80e84eb2f4548aa73ff18e8d8407c386c1638a1b5e6b454cb9fccb67b7e604fe6438db2943021dc28ae57f0f46141fe523de102e45ab37de37e88
-
\??\pipe\crashpad_1768_WKNCQIARAXKAKYATMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e