Analysis
-
max time kernel
300s -
max time network
297s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2023, 14:29
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://ib.adnxs.com/getuid?https://7l4sjp.codesandbox.io/[email protected]
Resource
win10v2004-20230915-en
General
-
Target
http://ib.adnxs.com/getuid?https://7l4sjp.codesandbox.io/[email protected]
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133415945908284741" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 5020 chrome.exe 5020 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe Token: SeShutdownPrivilege 420 chrome.exe Token: SeCreatePagefilePrivilege 420 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe 420 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 420 wrote to memory of 4328 420 chrome.exe 38 PID 420 wrote to memory of 4328 420 chrome.exe 38 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 4228 420 chrome.exe 84 PID 420 wrote to memory of 920 420 chrome.exe 85 PID 420 wrote to memory of 920 420 chrome.exe 85 PID 420 wrote to memory of 3276 420 chrome.exe 86 PID 420 wrote to memory of 3276 420 chrome.exe 86 PID 420 wrote to memory of 3276 420 chrome.exe 86 PID 420 wrote to memory of 3276 420 chrome.exe 86 PID 420 wrote to memory of 3276 420 chrome.exe 86 PID 420 wrote to memory of 3276 420 chrome.exe 86 PID 420 wrote to memory of 3276 420 chrome.exe 86 PID 420 wrote to memory of 3276 420 chrome.exe 86 PID 420 wrote to memory of 3276 420 chrome.exe 86 PID 420 wrote to memory of 3276 420 chrome.exe 86 PID 420 wrote to memory of 3276 420 chrome.exe 86 PID 420 wrote to memory of 3276 420 chrome.exe 86 PID 420 wrote to memory of 3276 420 chrome.exe 86 PID 420 wrote to memory of 3276 420 chrome.exe 86 PID 420 wrote to memory of 3276 420 chrome.exe 86 PID 420 wrote to memory of 3276 420 chrome.exe 86 PID 420 wrote to memory of 3276 420 chrome.exe 86 PID 420 wrote to memory of 3276 420 chrome.exe 86 PID 420 wrote to memory of 3276 420 chrome.exe 86 PID 420 wrote to memory of 3276 420 chrome.exe 86 PID 420 wrote to memory of 3276 420 chrome.exe 86 PID 420 wrote to memory of 3276 420 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://ib.adnxs.com/getuid?https://7l4sjp.codesandbox.io/[email protected]1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:420 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffa00539758,0x7ffa00539768,0x7ffa005397782⤵PID:4328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1900,i,11973597829832572642,17672482977283788466,131072 /prefetch:22⤵PID:4228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1900,i,11973597829832572642,17672482977283788466,131072 /prefetch:82⤵PID:920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1900,i,11973597829832572642,17672482977283788466,131072 /prefetch:82⤵PID:3276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1900,i,11973597829832572642,17672482977283788466,131072 /prefetch:12⤵PID:3620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1900,i,11973597829832572642,17672482977283788466,131072 /prefetch:12⤵PID:4840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4588 --field-trial-handle=1900,i,11973597829832572642,17672482977283788466,131072 /prefetch:12⤵PID:996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3192 --field-trial-handle=1900,i,11973597829832572642,17672482977283788466,131072 /prefetch:12⤵PID:3296
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1900,i,11973597829832572642,17672482977283788466,131072 /prefetch:82⤵PID:2628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1900,i,11973597829832572642,17672482977283788466,131072 /prefetch:82⤵PID:1560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1900,i,11973597829832572642,17672482977283788466,131072 /prefetch:82⤵PID:1228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1900,i,11973597829832572642,17672482977283788466,131072 /prefetch:82⤵PID:1840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5408 --field-trial-handle=1900,i,11973597829832572642,17672482977283788466,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5020
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4972
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
312B
MD5fcdeab7866a651df9297bf4b69d5c9a4
SHA1a3564297eba1de6227de1e273e9af0a709de40b1
SHA256a04c45a180be4fe3e5281ba4b8c4e791fb5b0b9a704f73d4c7764d47113be781
SHA5128b6ccf0bd5a3f0213f9364d2f128236ccd20557c798b82c9e19ec892ed1f555b7a8ae3014ff38f38326c4bd317baa408fde888a1228d15757c1932d52a69250a
-
Filesize
3KB
MD51ffaf4728291624db06f7c4b37d353d0
SHA164563132c89c7d769adfc1f8a54875c07a8452a3
SHA256ad3ea6d0f4112c7cdacba520c2e3a0221a4526aefff2ac59d9150a900f7ec380
SHA512f30c3a5f42603002928349f6a2b548a5993724288fa8822911eb37346dc00a8fd76b939e2aa730bee5580dd7fe2dc0c4bb0818bcff220ad64b0cfee4763b8418
-
Filesize
874B
MD5784abd6eb881a4700fa883936d089db4
SHA133894b46e975f346b90928bcfaa46d5ffb4ebeb0
SHA25625be5c76ea94021b062a7f19cda79b267c8fbf482e406ce85fbcca44733c27e7
SHA5120b4b86cd27ae9e21e31b41e0fa619b33bca4372199eb015b7491d57711badb524906c086076c4326507da3eb3753fd5fce372297b05f77b000f91f2399a63b23
-
Filesize
6KB
MD573a224412aa5f83c3c9372ee1a19ff3f
SHA164797c7dffe4371b5c6c52de93fbca658ffd26ba
SHA256c71bca8aceeac4e8e6b9b0e3f81d39af383f294721f79e9ee69e129dc7d299dd
SHA512462447c59605557a49721421a5808e91bca66c7c5b83859b9affd210d0183ff3b5f19baf576d0c0644ea9f369fb5d8b6670de34e71646c200d155524a27ebb52
-
Filesize
6KB
MD5fba7041cba3e773b72ed0321525bcf38
SHA1cc57afeeaec6be5fa28df7f0f06e4ab4f93d478a
SHA256949477e1e84f703b317ad19aa2a7190c3b014c681696026ffb3cb631c3cba136
SHA512d819f1f14d7e3732a8366179ffc40645c5a3ac8ba99cc1dceb77c5d5d826daddd1aa0b0530dd6c2d0536c84a1307d90abe895379379e3e91c9b482b64b3e4cc6
-
Filesize
6KB
MD5e8fb954f8ee0de4031db728e645b04ba
SHA13570c2690689d6a139626b8c0ccd3d1c13211cd2
SHA2563d1686e1e70c678d02a835150d0d9060b04c8e6a6363483c11444bad38f87970
SHA512df9b9e20cb166ef6af77962b91a953799e1301533ee565dc671fa460c791d96a2bd4e412465d7a5ee5f57b978ed6e7935ba7e22a9b3ed8c2b037997c4913471b
-
Filesize
104KB
MD5e9fd21e95b5acbabced66b20c5911854
SHA1c84a4a0f0638dd2e5d09f460896588abed1a05ca
SHA2564d639433349028d9edf5be37b51d01e48bb75a0292eda12621531e0333c8fdb3
SHA5123a58e22afdb24d60cd5958863dc070490f4d2121d0fcf7466379956007e409a88a5fc61ddad830c5ce3c66a47b07ed2eb9ea574bd7443f3c21783dac12f68d3d
-
Filesize
121KB
MD5b1764e7333b14da4501d324a4679f577
SHA17bba9e33f783be753fbb4ca4b575f5804eeed3de
SHA256547212124c6bbf68eaf8b1dda8169edfc778b96daa275fea4e822a18a17f797d
SHA512f1a6958ba3cbbae1809d9d59d52ee4ab8adaa3610492a3f07fc2a53d4b298bb5682f4b488167459dfaf493acd8861765fc412195c35157932e9e209c291da6ac
-
Filesize
103KB
MD5ed9dbb22d2176f26118f396544144dab
SHA1fc17d9dd7689745797772c87a612248dc2877c57
SHA256658c7f608061fd697c991d12115842834023be990cfca60e69c0ce9e91d592a3
SHA5121deda0ee07fd1a7ac0b5a9107b003c7733d44f1508d8c5017e87961fb66c594db1b2380140821546e5302b94cb0c623d1de5ad17a89e145b633c709baedc65a5
-
Filesize
103KB
MD558d381a68b2a829f5e3592e7b7c77f49
SHA1ae9f0ba46aa7540ef2e0942b84927a3ed2425c6d
SHA256dba6ef1d3a759b3652f0b049b1a0c4f81bed83ab5b65ebffd1015932cbb9a59c
SHA512d6b19248756b49161c5932d6b6a5b4fd286fb84f5ab9eac43143ebbc3dd69532a3ea54b3063f410fc088737c76a12b4b96dbae360e1f2c408877dcb9fbef316d
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd