Analysis
-
max time kernel
151s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
19-09-2022 05:37
General
-
Target
54da687acb6fad9328e6c7cd3ae06dceebf53bce74bb4653d8b8588e2d770c70.exe
-
Size
2.0MB
-
MD5
019c4a62d597ea5ed7e19ac822007ff4
-
SHA1
b60090812f2838bf622bf464c17d17b963b7537f
-
SHA256
54da687acb6fad9328e6c7cd3ae06dceebf53bce74bb4653d8b8588e2d770c70
-
SHA512
9937efc65247be8f60d61f1ac192623faaa6e196dac3b6d2cd39c887e5fc2b347ac7d1b8c0893dfab2708ebdc606463b20148a35bd0d5bc9d64edbb23fcbe727
-
SSDEEP
49152:FuXX9evCLqAyxF9GIVzAFCmPMYqWOZX6+kra:FudeE4GIVEFC5DxZKTra
Malware Config
Signatures
-
Executes dropped EXE 3 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 8 IoCs
-
Modifies registry class 28 IoCs
-
Runs .reg file with regedit 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
-
Suspicious use of FindShellTrayWindow 13 IoCs
-
Suspicious use of SendNotifyMessage 5 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\54da687acb6fad9328e6c7cd3ae06dceebf53bce74bb4653d8b8588e2d770c70.exe"C:\Users\Admin\AppData\Local\Temp\54da687acb6fad9328e6c7cd3ae06dceebf53bce74bb4653d8b8588e2d770c70.exe"1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\hahagame\FlashGames.exe"C:\Program Files (x86)\hahagame\FlashGames.exe"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\hahagame\softsetup.exe"C:\Program Files (x86)\hahagame\softsetup.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 13404⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c regedit /s "C:\Program Files (x86)\hahagame\QQMain.reg"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regedit.exeregedit /s "C:\Program Files (x86)\hahagame\QQMain.reg"4⤵
- Modifies registry class
- Runs .reg file with regedit
-
-
-
-
C:\Program Files (x86)\hahagame\ie1.exe"C:\Program Files (x86)\hahagame\ie1.exe"2⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files (x86)\hahagame\count.htm2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb865046f8,0x7ffb86504708,0x7ffb865047183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,13353605379344100612,14075254394705353316,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1884 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,13353605379344100612,14075254394705353316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,13353605379344100612,14075254394705353316,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13353605379344100612,14075254394705353316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13353605379344100612,14075254394705353316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2108,13353605379344100612,14075254394705353316,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5220 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13353605379344100612,14075254394705353316,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2108,13353605379344100612,14075254394705353316,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5832 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13353605379344100612,14075254394705353316,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13353605379344100612,14075254394705353316,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,13353605379344100612,14075254394705353316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff66fa15460,0x7ff66fa15470,0x7ff66fa154804⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,13353605379344100612,14075254394705353316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2108,13353605379344100612,14075254394705353316,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2108,13353605379344100612,14075254394705353316,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2108,13353605379344100612,14075254394705353316,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3348 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2108,13353605379344100612,14075254394705353316,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1328 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,13353605379344100612,14075254394705353316,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2792 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2108,13353605379344100612,14075254394705353316,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1680 /prefetch:83⤵
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 528 -ip 5281⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5b255f54b7dcbffe1a8eb82ed120cdaf4
SHA1426116e57da0be77adcf22bec824da3b6033ee26
SHA256b60b3c0a4817699ded2370edabde4ee845b45766ab08e8c492d883235e395721
SHA512fcd8fa312d09b94b8352600799c89669843a02d88f8615635a3accc1653062010222b002568a9cebd2081d66d9b5f20fe6e0ca97fa39be72c817c0dc044e0d8d
-
Filesize
26KB
MD5436d326dc83bff4b69bc9abc3136ba3c
SHA14c53f487a7656cf6cf720e993b47855e49285e31
SHA256ef24d78e219fbca0ea92baf999234ffa1430e9af303f8000aa02379f9f8ab915
SHA512f29238f2ffcab9939baa81db664973cf0918d37e1b7ade5f25d885388a9eb12fc030cf73b7e1df46f03886011ee54ffc7c4082e769b6a25bb7ac15c8628e60a9
-
Filesize
309B
MD5fba30dd1954dc39b0c20ed8037168323
SHA1c771f2581ce351dad54073fca3bd38e4b56bb413
SHA256d00153728e7dff40cadb33e9b8b026eb0379a2c04bfbaff7cc9c50a94e82071e
SHA512b746f3b21b7feb4b26c05baa3b17112b0d119f2c3abc53ef57778f0fd52d9b5cde75204ff07e3fa3d6d4a1f895e5013438edd3d083ead98c8705567aeade2278
-
Filesize
40KB
MD5ca4eaec0ea91240435451c0ba92b6f0e
SHA1bd86265dd4aa094cd8497b5f08cf5ffe5c15631c
SHA256934dae2a67ac80a7e4c0f01ce3a3514b4d51a84dd60aeb10a59c1666c2ae3c0c
SHA5124f2d9849e78e6a7924627394509835838e76f28f48ae4c522323bd0c2bb12b54f5cd8fe1a8e652a8b034e19fb1683debb6339066f43a528f188146997fd25bb2
-
Filesize
40KB
MD5ca4eaec0ea91240435451c0ba92b6f0e
SHA1bd86265dd4aa094cd8497b5f08cf5ffe5c15631c
SHA256934dae2a67ac80a7e4c0f01ce3a3514b4d51a84dd60aeb10a59c1666c2ae3c0c
SHA5124f2d9849e78e6a7924627394509835838e76f28f48ae4c522323bd0c2bb12b54f5cd8fe1a8e652a8b034e19fb1683debb6339066f43a528f188146997fd25bb2
-
Filesize
2KB
MD5ef2e536c9692e1f23c80b7d0e5d245ce
SHA1f874806fdba9c9bc443e0b938154103f89701f3f
SHA256e30ac7ee658f28e905bf1477d95d9fb74bb62126b05a8cc4d4756f7d5a546c9d
SHA512cecd2e6e2e80ee7b9880587e44eaf6cb216a5247591b6af4eee68e469ea14115042e8f997e09e66a2e33384166ae3ccc6f1df0cc02ee5d2beaea67f10e264e5a
-
Filesize
106B
MD5d6a88958485169689293d30deabccded
SHA139c30a52ac4f4d911d3da4004b87a32c9e195d17
SHA25667a4c1cb84fdb567df796f73d9fbf88bf0f2834a042f11d0d33b49ccc9ca10f8
SHA512190af1892ea9d49057150e2136b5cb5eef9a3bdaa3db2b6cddce354baa7f8724b88da98961bb7761ad0c3b0003dd5df8ce0ebfefce35741028f84d634e9a6f8a
-
Filesize
1.1MB
MD5331810e9f6de0679e9cd337aa026aab4
SHA188cbc6a80afcfdd2d5506d8f73ca889a669c5eed
SHA2567c06daa6628997c39580b86e9601ee35c7e688efe0079d11517310f6433911cf
SHA5125c82f7a497519d8a466d898701c210c27908d12ec9ff0dae56e121b574551648fcbb30d2af0c8e2bdb9b3fc1f86801bdea0fe23858b721a61905eeabcb59e55d
-
Filesize
1.1MB
MD5331810e9f6de0679e9cd337aa026aab4
SHA188cbc6a80afcfdd2d5506d8f73ca889a669c5eed
SHA2567c06daa6628997c39580b86e9601ee35c7e688efe0079d11517310f6433911cf
SHA5125c82f7a497519d8a466d898701c210c27908d12ec9ff0dae56e121b574551648fcbb30d2af0c8e2bdb9b3fc1f86801bdea0fe23858b721a61905eeabcb59e55d
-
Filesize
15KB
MD50da6ac74dd42d741d3c317afca4c13b1
SHA1843e5ca16a26e4b72713b351fc3b7864159a7206
SHA256c1c719b60400852dee2b21369fb964636fb1182077014ff90ccddb90477f882f
SHA5124a290aef891c0a07c197a59126cf92562f249419ff3fa19727ceeeac4bbdc0043acaaab861f60297c2ecae4c1339e044d8d0d1073cec3ea4104353603e1b0638
-
Filesize
1.7MB
MD5defb455a14e4fca645e1195726519ac4
SHA129cecb231f1ad4d3bc128b0270ec28463205ac69
SHA25610f48a16005329c52189760add4b78a34f2e3e736417371bf5b9cfd85f44dc3e
SHA5128bf879da722cccb9e7a9eec0e4efb52642431e1030e3e8c3bc5a9ed27bf7f8ab8b85271b952a87c79dbe5d3ba4fe402b706a293842386dacd486d3990916cba3
-
Filesize
1.7MB
MD5defb455a14e4fca645e1195726519ac4
SHA129cecb231f1ad4d3bc128b0270ec28463205ac69
SHA25610f48a16005329c52189760add4b78a34f2e3e736417371bf5b9cfd85f44dc3e
SHA5128bf879da722cccb9e7a9eec0e4efb52642431e1030e3e8c3bc5a9ed27bf7f8ab8b85271b952a87c79dbe5d3ba4fe402b706a293842386dacd486d3990916cba3
-
Filesize
1KB
MD5fcf99b92bccdcfb11aeba903efc0959e
SHA1be04b02b479c1d6b1b279d4e0359cb0dee7ac0b5
SHA256d41c41ccef044e90c69d99c15abf0811f61ba8611ff2e1e3c53ed3b39f15afda
SHA512bad56dfaf41d525d8249fe980b13b2230f5d7f4ee4a3d212b419cd97ed5b9b20a1aa33fbb28a87fc84d05e4c931a1b5827fa822aa06c40cccec7f9c92d204623
-
Filesize
724B
MD55a11c6099b9e5808dfb08c5c9570c92f
SHA1e5dc219641146d1839557973f348037fa589fd18
SHA25691291a5edc4e10a225d3c23265d236ecc74473d9893be5bd07e202d95b3fb172
SHA512c2435b6619464a14c65ab116ab83a6e0568bdf7abc5e5a5e19f3deaf56c70a46360965da8b60e1256e9c8656aef9751adb9e762731bb8dbab145f1c8224ac8f9
-
Filesize
410B
MD5e391b7cb4e8eb98c27ccc3d7bc2e6bd1
SHA1143f51a452623c562fbdde69d1cb61d8ed87fadb
SHA256525d6a893355106cda7b2082cc8c3ba0f657f2e138eb9173c6cdadfd007f4613
SHA512ad3bc7bdf97dad4eb6ba4426940b2270dc3c129558662566b8434cd76c078a062683d2ad6b51fd15ae1325cc735baa8783b50ea2a546e7ee7edce587cecd5642
-
Filesize
392B
MD50ae88115b4b40612a06fa37f1ae1ebc8
SHA1f342f816b693d43cf3808bcc12e9175021a2f870
SHA256d716cf8a4e8feddaeff87ff9ce47837433124eb2df3e346bd126fa9f969afb9f
SHA5129c35bc736b0f777d5304a7a345547b4c62ff51149486ef49a7d8ce2e5d46df2af8285eb7d2bf6f06c19abf67b9630f87259e290b26850f86f958413b6ddb862e