Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
01-11-2024 18:16
Static task
static1
Behavioral task
behavioral1
Sample
Nitro Gen V1.0 By JF.rar
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
Nitro Gen V1.0 By JF.rar
Resource
win11-20241007-en
General
-
Target
Nitro Gen V1.0 By JF.rar
-
Size
896KB
-
MD5
13a99a4d50680729e184b063de8e9190
-
SHA1
2557e7feac1fc0e5a33a75e19308f0db76a5dffc
-
SHA256
a168edbf63b98d8e0dbdb524308f89ff2fd3b7226e5b9a400763d1fa357f1483
-
SHA512
7ad8d51b756942db12d25cbd425eaaf4560239d52278d56130bdd7b19c3c7d7217f38bfd9a72d0c6be8e1c14e64bad2b9945590ff8b10b085f53133d3bfdc57c
-
SSDEEP
24576:IDGcSY0uvqSsmJ/w/p7maGUmD2dEcg4cnzMFIEhzw:ICRnvNtlbXdMvWhc
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SystemTemp chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133749587548066249" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3408 chrome.exe 3408 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 892 7zFM.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeRestorePrivilege 892 7zFM.exe Token: 35 892 7zFM.exe Token: SeSecurityPrivilege 892 7zFM.exe Token: SeSecurityPrivilege 892 7zFM.exe Token: SeSecurityPrivilege 892 7zFM.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe Token: SeCreatePagefilePrivilege 3408 chrome.exe Token: SeShutdownPrivilege 3408 chrome.exe -
Suspicious use of FindShellTrayWindow 30 IoCs
pid Process 892 7zFM.exe 892 7zFM.exe 892 7zFM.exe 892 7zFM.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe 3408 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3408 wrote to memory of 2580 3408 chrome.exe 82 PID 3408 wrote to memory of 2580 3408 chrome.exe 82 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 4124 3408 chrome.exe 83 PID 3408 wrote to memory of 2164 3408 chrome.exe 84 PID 3408 wrote to memory of 2164 3408 chrome.exe 84 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85 PID 3408 wrote to memory of 4752 3408 chrome.exe 85
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Nitro Gen V1.0 By JF.rar"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:892
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2228
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3408 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a595cc40,0x7ff9a595cc4c,0x7ff9a595cc582⤵PID:2580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1832 /prefetch:22⤵PID:4124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:32⤵PID:2164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2204 /prefetch:82⤵PID:4752
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:4608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:3556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4364,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4104 /prefetch:12⤵PID:3144
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4616,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4352 /prefetch:82⤵PID:4084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:82⤵PID:3260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4812,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4956 /prefetch:82⤵PID:1804
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:82⤵PID:3432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3096,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4912 /prefetch:12⤵PID:1980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3520,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4600 /prefetch:12⤵PID:4180
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4656,i,14044419840171867076,4915225596837040101,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3516 /prefetch:12⤵PID:1808
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:4236
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:724
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD589f50b7a82ac2c5158e8cb774b811314
SHA179f08f72e71fa0e59fc5f0da6be840e614528d94
SHA256fac244937fb6fd3ad528c30401059d8e029631c20f0b5e383cc890990f2698c0
SHA512fe6ca4b2fc0f69539da6ada1dad15dba0287ff20616e107a8c9aa3e8fe44524253dc5e32226d3ea34d650d02ddcad12f070b0c0d71f0503c9eb04911d880bacf
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD5804466c865b55128d386944763b3246a
SHA16a457198f861ebbf3ef984e3e69f449e522c94f7
SHA25660499d9b53af0a7ac724c0e317d30dc6f56644bcceb36f43df5a391a5d255399
SHA512f64f5405a9497295382061961a74189ce08ed4313240e7c08f97f0494942632fd849b19dc76b02dfa5640679796a2890537432bff8b6c574305783fabdde573b
-
Filesize
8KB
MD586ed8f85de910bb2283bbc5b3f8a57a6
SHA16be2b69a7cc87fbc301dfc89615f0ca1e4a829d2
SHA256ca499776c392bafabb2d8d6a93f3cd4cd8df46bd6c0d4c321235437df2efe088
SHA5125631c236a9ded00565a7629b4f0935ce4038bafe4651a69d1e886225f47c2bcd1844f85e098ead2a83ca5038306552a9c5343dfbf0a8a15b121018fbc98c3863
-
Filesize
9KB
MD5271feb958a85bcfdd20814bc499b08b7
SHA1c793866fb45fe22b18c59351d07eb434a7d28c88
SHA256ec9215482a7bb6be054768fc6521ed8f6a7c11f8238a786e91c438ea706ce089
SHA5121b08c47415caac8435a8f5f8c43b6bae5592bba12a92084cdfcc1e429e4c0e0814189eb28e94d479f683be79ed4340ce638e5086ab82d719174cebedbec73acd
-
Filesize
15KB
MD5f066af9ed9c44d3f39271493902a0c84
SHA1d4fd6015ba9485e7ab70fb3826f5ee28eb4471c0
SHA25691519bf3214535b23f15cf73cc80527e7358c9ac20bb32f933075760dd3f3b49
SHA512e9ae1114f1da0b85e7f66ed788971bc5e7b3b19b208941a0868a21f12444327e231e542b67c110a70648aaffcde8e604d953fffcb82787831c406d98bb46d7aa
-
Filesize
229KB
MD5ef969c212da05032d1598b46e381d397
SHA12d3e74e49372fef83f9fa066802a1722645b065d
SHA2565d5a03b81e856d8fc77d5fe203b69a02a98b2ec8907025b911486f9652bbdf87
SHA512c4416408b417c97026dad9e0bb39dbc0fe5dc5fd465e869e132aa589e3204980914e0b2ec33fe9b668122bbe7d982413cbb682e4ff8f41bc6a5c2f0ba12aecad