Overview
overview
7Static
static
3External 4.2.5.exe
windows10-2004-x64
7External 4.2.5.exe
windows11-21h2-x64
7$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...ls.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3EpicGamesLauncher.exe
windows10-2004-x64
7EpicGamesLauncher.exe
windows11-21h2-x64
7LICENSES.c...m.html
windows10-2004-x64
1LICENSES.c...m.html
windows11-21h2-x64
1d3dcompiler_47.dll
windows10-2004-x64
1d3dcompiler_47.dll
windows11-21h2-x64
1ffmpeg.dll
windows10-2004-x64
1ffmpeg.dll
windows11-21h2-x64
1libEGL.dll
windows10-2004-x64
1libEGL.dll
windows11-21h2-x64
1libGLESv2.dll
windows10-2004-x64
1libGLESv2.dll
windows11-21h2-x64
1locales/uk.ps1
windows10-2004-x64
1locales/uk.ps1
windows11-21h2-x64
1resources/elevate.exe
windows10-2004-x64
1resources/elevate.exe
windows11-21h2-x64
1vk_swiftshader.dll
windows10-2004-x64
1vk_swiftshader.dll
windows11-21h2-x64
1vulkan-1.dll
windows10-2004-x64
1vulkan-1.dll
windows11-21h2-x64
1$PLUGINSDI...7z.dll
windows10-2004-x64
3$PLUGINSDI...7z.dll
windows11-21h2-x64
3Analysis
-
max time kernel
120s -
max time network
112s -
platform
windows11-21h2_x64 -
resource
win11-20231215-en -
resource tags
arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system -
submitted
28/01/2024, 18:28
Static task
static1
Behavioral task
behavioral1
Sample
External 4.2.5.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
External 4.2.5.exe
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win11-20231222-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
EpicGamesLauncher.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
EpicGamesLauncher.exe
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
LICENSES.chromium.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
LICENSES.chromium.html
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
d3dcompiler_47.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
d3dcompiler_47.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
ffmpeg.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
ffmpeg.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
libEGL.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
libEGL.dll
Resource
win11-20231222-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
libGLESv2.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
libGLESv2.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
locales/uk.ps1
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
locales/uk.ps1
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
resources/elevate.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
resources/elevate.exe
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral23
Sample
vk_swiftshader.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
vk_swiftshader.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
vulkan-1.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
vulkan-1.dll
Resource
win11-20231215-en
windows11-21h2-x64
Behavioral task
behavioral27
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win11-20231222-en
windows11-21h2-x64
General
-
Target
LICENSES.chromium.html
-
Size
6.5MB
-
MD5
180f8acc70405077badc751453d13625
-
SHA1
35dc54acad60a98aeec47c7ade3e6a8c81f06883
-
SHA256
0bfa9a636e722107b6192ff35c365d963a54e1de8a09c8157680e8d0fbbfba1c
-
SHA512
40d3358b35eb0445127c70deb0cb87ec1313eca285307cda168605a4fd3d558b4be9eb24a59568eca9ee1f761e578c39b2def63ad48e40d31958db82f128e0ec
-
SSDEEP
24576:d7rs5kjWSnB3lWNeUmf0f6W6M6q6A6r/HXpErpem:rovj
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133509408065258234" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 5972 chrome.exe 5972 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 5972 chrome.exe 5972 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe Token: SeShutdownPrivilege 5972 chrome.exe Token: SeCreatePagefilePrivilege 5972 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe 5972 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5972 wrote to memory of 6008 5972 chrome.exe 78 PID 5972 wrote to memory of 6008 5972 chrome.exe 78 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 5404 5972 chrome.exe 80 PID 5972 wrote to memory of 4300 5972 chrome.exe 82 PID 5972 wrote to memory of 4300 5972 chrome.exe 82 PID 5972 wrote to memory of 6136 5972 chrome.exe 81 PID 5972 wrote to memory of 6136 5972 chrome.exe 81 PID 5972 wrote to memory of 6136 5972 chrome.exe 81 PID 5972 wrote to memory of 6136 5972 chrome.exe 81 PID 5972 wrote to memory of 6136 5972 chrome.exe 81 PID 5972 wrote to memory of 6136 5972 chrome.exe 81 PID 5972 wrote to memory of 6136 5972 chrome.exe 81 PID 5972 wrote to memory of 6136 5972 chrome.exe 81 PID 5972 wrote to memory of 6136 5972 chrome.exe 81 PID 5972 wrote to memory of 6136 5972 chrome.exe 81 PID 5972 wrote to memory of 6136 5972 chrome.exe 81 PID 5972 wrote to memory of 6136 5972 chrome.exe 81 PID 5972 wrote to memory of 6136 5972 chrome.exe 81 PID 5972 wrote to memory of 6136 5972 chrome.exe 81 PID 5972 wrote to memory of 6136 5972 chrome.exe 81 PID 5972 wrote to memory of 6136 5972 chrome.exe 81 PID 5972 wrote to memory of 6136 5972 chrome.exe 81 PID 5972 wrote to memory of 6136 5972 chrome.exe 81 PID 5972 wrote to memory of 6136 5972 chrome.exe 81 PID 5972 wrote to memory of 6136 5972 chrome.exe 81 PID 5972 wrote to memory of 6136 5972 chrome.exe 81 PID 5972 wrote to memory of 6136 5972 chrome.exe 81
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5972 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc89319758,0x7ffc89319768,0x7ffc893197782⤵PID:6008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1800,i,15458580361032152807,2660406389343856108,131072 /prefetch:22⤵PID:5404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 --field-trial-handle=1800,i,15458580361032152807,2660406389343856108,131072 /prefetch:82⤵PID:6136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1800,i,15458580361032152807,2660406389343856108,131072 /prefetch:82⤵PID:4300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1800,i,15458580361032152807,2660406389343856108,131072 /prefetch:12⤵PID:796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1800,i,15458580361032152807,2660406389343856108,131072 /prefetch:12⤵PID:4284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1800,i,15458580361032152807,2660406389343856108,131072 /prefetch:82⤵PID:5380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1800,i,15458580361032152807,2660406389343856108,131072 /prefetch:82⤵PID:5780
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4836
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
824B
MD540d05bac4b400141358a79e9ce7ff8b3
SHA1f4b2edf503d4e977c16b9d092ad7ffa48148e2ea
SHA2565ae2a3cd28b6ddf6f713679daf8a9375510a00185d9fc9eed255c12ff61e14c3
SHA51251dca51318b613af7c816967d17025822f90493661e439187f804aec976d0b70c1f170ac6a3a7f2e8205c34a69f452fed2915c434099609a167ab7639023b6d3
-
Filesize
6KB
MD530c910d1a900c7f4f6a33a07feb78182
SHA122492827bf1ce27a69f06fd9db038162d82391a3
SHA25657d3554c904749ea17869e3b060addedfdbbd3d723aa6c974583fa76fd073a7c
SHA512785642cac64fc0fcf3a9efb081e0556974708f61ac51a51d440e9df81644367c38ac73bffefd95b08337ba8c1eb5a2bd8a871e8e33935f25ec584a484b3ad435
-
Filesize
6KB
MD5a80367abc0370b493bf043b00dcd30d9
SHA1d3165104659fb7041b86a1859f809051a4ac1993
SHA25699f4910058912f3bacddb851aa8c76db33f4be35a6c27cae6bf033506ee9c690
SHA5127ecd6110e346577620d1c77d85a4d5ebaf73fb4e002d25b20a7c32993a3364c39eb9917841d7c5d25358bec4b6ace6cd603bde74c6944480a7c0c6f760edae01
-
Filesize
114KB
MD525b162361050cbf4d3f0a81bc8f91a0c
SHA1f07fc6ddc064e13f658301291c4942eaf4868b8d
SHA2561850d8d0dbc563bd78ff86aefb6101ada6d97c2f743e433a47b00323ad6c4dda
SHA5129988c82c7a03b7a556f03ef0ed4c99e95be3a4a9a26d846f2db317a5e30ca7651a61fcd94356918a05a240f3580432145ca156c5d3ddd9ddd89e1b0eb1a15599
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd