Analysis
-
max time kernel
141s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
24-10-2023 03:40
Behavioral task
behavioral1
Sample
install_zcsbprintcontrol32.exe
Resource
win7-20231023-en
General
-
Target
install_zcsbprintcontrol32.exe
-
Size
2.3MB
-
MD5
cee0d7092ec83373078d0045a0c74c40
-
SHA1
74359367f95990e189e485cac12532a5bf1053bb
-
SHA256
99658a950b0acbee61b56609690efd98b8c3a5b2dfa09eb47cca3ef31d8cdb77
-
SHA512
73f48e633735acc4098a5b85be4792db8c979ab5ba39eb6d67e971064f8d6b903c71e86cef027a0d96d50f5dd2eddc89f257a77a3007bdee82af683df6461ad0
-
SSDEEP
49152:xJxNHabdDlGc/za1rlFQFigZL+l63UBU3EWttCwYXn6CQqilfG1M3FB:xOLa1ZFU6l0YU3l3QCjgMVB
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 6 IoCs
Detects file using ACProtect software.
Processes:
resource yara_rule \Program Files (x86)\MountTaiSoftware\Lodop\CAOSOFT_WEB_PRINT_lodop.ocx acprotect \Program Files (x86)\MountTaiSoftware\Lodop\NPCAOSOFT_WEB_PRINT_lodop.dll acprotect C:\Program Files (x86)\MountTaiSoftware\Lodop\CAOSOFT_WEB_PRINT_lodop.ocx acprotect \Program Files (x86)\MountTaiSoftware\Lodop\CAOSOFT_WEB_PRINT_lodop.ocx acprotect \Program Files (x86)\MountTaiSoftware\Lodop\CAOSOFT_WEB_PRINT_lodop.ocx acprotect \Program Files (x86)\MountTaiSoftware\Lodop\NPCAOSOFT_WEB_PRINT_lodop.dll acprotect -
Loads dropped DLL 5 IoCs
Processes:
install_zcsbprintcontrol32.exepid process 2152 install_zcsbprintcontrol32.exe 2152 install_zcsbprintcontrol32.exe 2152 install_zcsbprintcontrol32.exe 2152 install_zcsbprintcontrol32.exe 2152 install_zcsbprintcontrol32.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Processes:
resource yara_rule behavioral1/memory/2152-0-0x0000000000400000-0x00000000006F2000-memory.dmp upx \Program Files (x86)\MountTaiSoftware\Lodop\CAOSOFT_WEB_PRINT_lodop.ocx upx \Program Files (x86)\MountTaiSoftware\Lodop\NPCAOSOFT_WEB_PRINT_lodop.dll upx behavioral1/memory/2152-22-0x0000000074700000-0x0000000074C00000-memory.dmp upx C:\Program Files (x86)\MountTaiSoftware\Lodop\CAOSOFT_WEB_PRINT_lodop.ocx upx \Program Files (x86)\MountTaiSoftware\Lodop\CAOSOFT_WEB_PRINT_lodop.ocx upx \Program Files (x86)\MountTaiSoftware\Lodop\CAOSOFT_WEB_PRINT_lodop.ocx upx \Program Files (x86)\MountTaiSoftware\Lodop\NPCAOSOFT_WEB_PRINT_lodop.dll upx behavioral1/memory/2152-27-0x0000000000400000-0x00000000006F2000-memory.dmp upx -
Drops file in Program Files directory 2 IoCs
Processes:
install_zcsbprintcontrol32.exedescription ioc process File created C:\Program Files (x86)\MountTaiSoftware\Lodop\CAOSOFT_WEB_PRINT_lodop.ocx install_zcsbprintcontrol32.exe File created C:\Program Files (x86)\MountTaiSoftware\Lodop\NPCAOSOFT_WEB_PRINT_lodop.dll install_zcsbprintcontrol32.exe -
Processes:
install_zcsbprintcontrol32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings install_zcsbprintcontrol32.exe Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings\LOCALMACHINE_CD_UNLOCK = "0" install_zcsbprintcontrol32.exe Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN install_zcsbprintcontrol32.exe Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main install_zcsbprintcontrol32.exe Key created \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl install_zcsbprintcontrol32.exe Set value (int) \REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe = "0" install_zcsbprintcontrol32.exe -
Modifies registry class 64 IoCs
Processes:
install_zcsbprintcontrol32.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA}\MiscStatus\ = "0" install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA}\Verb\0\ = "Properties,0,2" install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0F9014E9-F31C-408E-9CBA-C484B39066ED}\6.0\0\win32 install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{409D8542-9C63-4719-8DF6-ABDA44494A4E}\TypeLib install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA}\TypeLib\ = "{0F9014E9-F31C-408E-9CBA-C484B39066ED}" install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{409D8542-9C63-4719-8DF6-ABDA44494A4E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Lodop.LodopX\Clsid install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA}\Verb install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA}\InprocServer32 install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA}\ToolboxBitmap32\ = "C:\\Program Files (x86)\\MountTaiSoftware\\Lodop\\CAOSOFT_WEB_PRINT_lodop.ocx,0" install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0DC96C68-587A-486E-93D8-7BA1EAF5B9CB} install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA}\Version install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA}\Verb\ install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{409D8542-9C63-4719-8DF6-ABDA44494A4E}\ProxyStubClsid32 install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{409D8542-9C63-4719-8DF6-ABDA44494A4E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{409D8542-9C63-4719-8DF6-ABDA44494A4E}\TypeLib\ = "{0F9014E9-F31C-408E-9CBA-C484B39066ED}" install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0DC96C68-587A-486E-93D8-7BA1EAF5B9CB}\TypeLib\Version = "6.0" install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA}\MiscStatus install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0F9014E9-F31C-408E-9CBA-C484B39066ED}\6.0\FLAGS install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{409D8542-9C63-4719-8DF6-ABDA44494A4E}\ProxyStubClsid32 install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{409D8542-9C63-4719-8DF6-ABDA44494A4E}\TypeLib install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0F9014E9-F31C-408E-9CBA-C484B39066ED}\6.0\0\win32\ = "C:\\Program Files (x86)\\MountTaiSoftware\\Lodop\\CAOSOFT_WEB_PRINT_lodop.ocx" install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0F9014E9-F31C-408E-9CBA-C484B39066ED}\6.0\HELPDIR install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{409D8542-9C63-4719-8DF6-ABDA44494A4E} install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA}\InprocServer32\ = "C:\\PROGRA~2\\MOUNTT~1\\Lodop\\CAOSOF~1.OCX" install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA}\ProgID install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA}\MiscStatus\1 install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0F9014E9-F31C-408E-9CBA-C484B39066ED}\6.0\ = "Lodop" install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0F9014E9-F31C-408E-9CBA-C484B39066ED}\6.0\HELPDIR\ = "C:\\Program Files (x86)\\MountTaiSoftware\\Lodop\\" install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0DC96C68-587A-486E-93D8-7BA1EAF5B9CB}\TypeLib\ = "{0F9014E9-F31C-408E-9CBA-C484B39066ED}" install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0DC96C68-587A-486E-93D8-7BA1EAF5B9CB}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA} install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Lodop.LodopX install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA}\ToolboxBitmap32 install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{409D8542-9C63-4719-8DF6-ABDA44494A4E}\ = "ILodopX" install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0DC96C68-587A-486E-93D8-7BA1EAF5B9CB} install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0DC96C68-587A-486E-93D8-7BA1EAF5B9CB}\ = "ILodopXEvents" install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0DC96C68-587A-486E-93D8-7BA1EAF5B9CB}\ProxyStubClsid32 install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA}\ = "LodopX Control" install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA}\TypeLib install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0DC96C68-587A-486E-93D8-7BA1EAF5B9CB}\ProxyStubClsid32 install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0DC96C68-587A-486E-93D8-7BA1EAF5B9CB}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Lodop.LodopX\Clsid\ = "{2105C259-1E0C-4534-8141-A753534CB4CA}" install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA}\Version\ = "6.0" install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0F9014E9-F31C-408E-9CBA-C484B39066ED}\6.0\0 install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{409D8542-9C63-4719-8DF6-ABDA44494A4E}\TypeLib\Version = "6.0" install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{409D8542-9C63-4719-8DF6-ABDA44494A4E}\TypeLib\Version = "6.0" install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA}\MiscStatus\1\ = "205201" install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA}\Verb\0 install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{409D8542-9C63-4719-8DF6-ABDA44494A4E}\TypeLib\ = "{0F9014E9-F31C-408E-9CBA-C484B39066ED}" install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0DC96C68-587A-486E-93D8-7BA1EAF5B9CB}\TypeLib install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Lodop.LodopX\ = "LodopX Control" install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0F9014E9-F31C-408E-9CBA-C484B39066ED} install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0F9014E9-F31C-408E-9CBA-C484B39066ED}\6.0 install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA}\Control\ install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0DC96C68-587A-486E-93D8-7BA1EAF5B9CB}\TypeLib\Version = "6.0" install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0F9014E9-F31C-408E-9CBA-C484B39066ED}\6.0\FLAGS\ = "2" install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0DC96C68-587A-486E-93D8-7BA1EAF5B9CB}\ = "ILodopXEvents" install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0DC96C68-587A-486E-93D8-7BA1EAF5B9CB}\TypeLib install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA}\InprocServer32\ThreadingModel = "Apartment" install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA}\ProgID\ = "Lodop.LodopX" install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2105C259-1E0C-4534-8141-A753534CB4CA}\Control install_zcsbprintcontrol32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{409D8542-9C63-4719-8DF6-ABDA44494A4E} install_zcsbprintcontrol32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{409D8542-9C63-4719-8DF6-ABDA44494A4E}\ = "ILodopX" install_zcsbprintcontrol32.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
install_zcsbprintcontrol32.exepid process 2152 install_zcsbprintcontrol32.exe 2152 install_zcsbprintcontrol32.exe 2152 install_zcsbprintcontrol32.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\install_zcsbprintcontrol32.exe"C:\Users\Admin\AppData\Local\Temp\install_zcsbprintcontrol32.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2152
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
MD5230c8f87850fd67b6b3024da50f360bb
SHA1f3a629ece2b85aee9a88b3caebc54ac66053330a
SHA2563b30b5a1a4561ce2ef9b7fd0f2aa97e533f35c2bdbdb534995cc44066ae0f90a
SHA5125dfdedebe4a0e3843d68a3d93a44e54979f8a637902f499c278b5bb91c3a61561f3ed5de510c54405dd4f093128b9b69e175f6b63f9be2b000bbe381f6a2c3eb
-
Filesize
1.5MB
MD5230c8f87850fd67b6b3024da50f360bb
SHA1f3a629ece2b85aee9a88b3caebc54ac66053330a
SHA2563b30b5a1a4561ce2ef9b7fd0f2aa97e533f35c2bdbdb534995cc44066ae0f90a
SHA5125dfdedebe4a0e3843d68a3d93a44e54979f8a637902f499c278b5bb91c3a61561f3ed5de510c54405dd4f093128b9b69e175f6b63f9be2b000bbe381f6a2c3eb
-
Filesize
1.5MB
MD5230c8f87850fd67b6b3024da50f360bb
SHA1f3a629ece2b85aee9a88b3caebc54ac66053330a
SHA2563b30b5a1a4561ce2ef9b7fd0f2aa97e533f35c2bdbdb534995cc44066ae0f90a
SHA5125dfdedebe4a0e3843d68a3d93a44e54979f8a637902f499c278b5bb91c3a61561f3ed5de510c54405dd4f093128b9b69e175f6b63f9be2b000bbe381f6a2c3eb
-
Filesize
1.5MB
MD5230c8f87850fd67b6b3024da50f360bb
SHA1f3a629ece2b85aee9a88b3caebc54ac66053330a
SHA2563b30b5a1a4561ce2ef9b7fd0f2aa97e533f35c2bdbdb534995cc44066ae0f90a
SHA5125dfdedebe4a0e3843d68a3d93a44e54979f8a637902f499c278b5bb91c3a61561f3ed5de510c54405dd4f093128b9b69e175f6b63f9be2b000bbe381f6a2c3eb
-
Filesize
335KB
MD54be7a88a6be0464bc7c32ebd85e9e8c1
SHA1747bebf322559cea3b2b2f22f9e830bc1afe8b9f
SHA256d0779ff3652d8178f6b2108c381d4a873cfbb559c769c5186553c7cb14e124eb
SHA512768edaff00914884e48bdcf8c57e0c1a1b484f2370ca38017633ce4c92d75701121a36adc054f6ec498b7075c70601601f64f463c90087b1b55d6c764ea324e9
-
Filesize
335KB
MD54be7a88a6be0464bc7c32ebd85e9e8c1
SHA1747bebf322559cea3b2b2f22f9e830bc1afe8b9f
SHA256d0779ff3652d8178f6b2108c381d4a873cfbb559c769c5186553c7cb14e124eb
SHA512768edaff00914884e48bdcf8c57e0c1a1b484f2370ca38017633ce4c92d75701121a36adc054f6ec498b7075c70601601f64f463c90087b1b55d6c764ea324e9