Overview
overview
8Static
static
3Vega X Executor.exe
windows7-x64
8Vega X Executor.exe
windows10-2004-x64
8$PLUGINSDIR/INetC.dll
windows7-x64
3$PLUGINSDIR/INetC.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...23.exe
windows7-x64
4$PLUGINSDI...23.exe
windows10-2004-x64
1Analysis
-
max time kernel
118s -
max time network
157s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02/03/2024, 23:19
Static task
static1
Behavioral task
behavioral1
Sample
Vega X Executor.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Vega X Executor.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/INetC.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/INetC.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/winrar-x64-623.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/winrar-x64-623.exe
Resource
win10v2004-20240226-en
General
-
Target
$PLUGINSDIR/winrar-x64-623.exe
-
Size
3.4MB
-
MD5
7a647af3c112ad805296a22b2a276e7c
-
SHA1
9cdf137e3f2493c9e141d5ec05f890e32b9b4e87
-
SHA256
20739e8fc050187af013e2499718895e4c980699ccaf046b2f96b12497e61959
-
SHA512
71d86d8dc598aafa91da8e0d971d1bbb87135832b848547c5c611bc828d165625c7a19af2cd300373190cf3eb782c714ac73d84ada53b37b6d8c1ee8508bcd86
-
SSDEEP
98304:kzBOBfKMpHGqcfsLyQecNEqCNCjRqGy5XYBHOhN2qlxR:kz/MpmJ0LdDLCAyiHOvl
Malware Config
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 60 IoCs
description ioc Process File opened for modification C:\Program Files\WinRAR\Order.htm winrar-x64-623.exe File created C:\Program Files\WinRAR\RarExt.dll winrar-x64-623.exe File created C:\Program Files\WinRAR\WinCon64.SFX winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\Zip64.SFX winrar-x64-623.exe File created C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png winrar-x64-623.exe File created C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png winrar-x64-623.exe File created C:\Program Files\WinRAR\Zip.SFX winrar-x64-623.exe File created C:\Program Files\WinRAR\ReadMe.txt winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\Uninstall.lst winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\Uninstall.exe winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\RarExt.dll winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\Default.SFX winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\Default64.SFX winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\Descript.ion winrar-x64-623.exe File created C:\Program Files\WinRAR\RarExtInstaller.exe winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\RarExtInstaller.exe winrar-x64-623.exe File created C:\Program Files\WinRAR\UnRAR.exe winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\RarExt32.dll winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\ReadMe.txt winrar-x64-623.exe File created C:\Program Files\WinRAR\Rar.txt winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\Zip.SFX winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\WinRAR.chm winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\Rar.txt winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\WinCon.SFX winrar-x64-623.exe File created C:\Program Files\WinRAR\Zip64.SFX winrar-x64-623.exe File created C:\Program Files\WinRAR\rarnew.dat uninstall.exe File created C:\Program Files\WinRAR\RarExtPackage.msix winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\RarExtPackage.msix winrar-x64-623.exe File created C:\Program Files\WinRAR\Order.htm winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\Rar.exe winrar-x64-623.exe File created C:\Program Files\WinRAR\RarExt32.dll winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\Resources.pri winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\WinCon64.SFX winrar-x64-623.exe File created C:\Program Files\WinRAR\WhatsNew.txt winrar-x64-623.exe File created C:\Program Files\WinRAR\WinRAR.exe winrar-x64-623.exe File created C:\Program Files\WinRAR\Descript.ion winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\RarFiles.lst winrar-x64-623.exe File created C:\Program Files\WinRAR\Uninstall.exe winrar-x64-623.exe File created C:\Program Files\WinRAR\__tmp_rar_sfx_access_check_259498396 winrar-x64-623.exe File created C:\Program Files\WinRAR\License.txt winrar-x64-623.exe File created C:\Program Files\WinRAR\Uninstall.lst winrar-x64-623.exe File created C:\Program Files\WinRAR\WinCon.SFX winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png winrar-x64-623.exe File created C:\Program Files\WinRAR\WinRAR.chm winrar-x64-623.exe File created C:\Program Files\WinRAR\Rar.exe winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\UnRAR.exe winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\WinRAR.exe winrar-x64-623.exe File created C:\Program Files\WinRAR\Resources.pri winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png winrar-x64-623.exe File created C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\License.txt winrar-x64-623.exe File opened for modification C:\Program Files\WinRAR\WhatsNew.txt winrar-x64-623.exe File created C:\Program Files\WinRAR\RarFiles.lst winrar-x64-623.exe File created C:\Program Files\WinRAR\7zxa.dll winrar-x64-623.exe File created C:\Program Files\WinRAR\Default64.SFX winrar-x64-623.exe File created C:\Program Files\WinRAR\Default.SFX winrar-x64-623.exe File created C:\Program Files\WinRAR\zipnew.dat uninstall.exe File opened for modification C:\Program Files\WinRAR\7zxa.dll winrar-x64-623.exe -
Executes dropped EXE 1 IoCs
pid Process 1520 uninstall.exe -
Loads dropped DLL 9 IoCs
pid Process 2428 winrar-x64-623.exe 1204 Process not Found 1204 Process not Found 1520 uninstall.exe 1520 uninstall.exe 1204 Process not Found 1204 Process not Found 1204 Process not Found 1204 Process not Found -
Modifies system executable filetype association 2 TTPs 8 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32 uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" uninstall.exe -
Registers COM server for autorun 1 TTPs 3 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32 uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Program Files\\WinRAR\\rarext.dll" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment" uninstall.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main winrar-x64-623.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.rar uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r09\ = "WinRAR" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r10\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.zst uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.lzh\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.gz uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xz\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r07\ = "WinRAR" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r14\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.bz2 uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r21 uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.zip uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r27 uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tar uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.txz\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r15 uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.rev\ = "WinRAR.REV" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tlz uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.uu uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r19 uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.lz uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.tbz2\ = "WinRAR" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r23\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r20 uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.taz\ = "WinRAR" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon\ = "C:\\Program Files\\WinRAR\\WinRAR.exe,0" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r13 uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.xz uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\ = "WinRAR" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.z\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.taz uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.zst\ = "WinRAR" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32 uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r24 uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.tlz\ = "WinRAR" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xxe\ = "WinRAR" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r03\ = "WinRAR" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r13\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open\command uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r28\ = "WinRAR" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.zipx\ = "WinRAR" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r11\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r14 uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.zip\ = "WinRAR.ZIP" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command\ = "\"C:\\Program Files\\WinRAR\\WinRAR.exe\" \"%1\"" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r01 uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r17 uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.rev uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon uninstall.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2428 winrar-x64-623.exe 2428 winrar-x64-623.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2428 wrote to memory of 1520 2428 winrar-x64-623.exe 30 PID 2428 wrote to memory of 1520 2428 winrar-x64-623.exe 30 PID 2428 wrote to memory of 1520 2428 winrar-x64-623.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\winrar-x64-623.exe"C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\winrar-x64-623.exe"1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2428 -
C:\Program Files\WinRAR\uninstall.exe"C:\Program Files\WinRAR\uninstall.exe" /setup2⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies registry class
PID:1520
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
109KB
MD5a9369594740dc19b0e95ea48dca8bc23
SHA1f4fa020e0bb4076411dc792eab887d876734672a
SHA25605addd3d2be44b79266e6758239191147705e2918809cc21d821fb11a14bee2f
SHA512a8f53f97c93157eecef6015b7e86f3cf4aca593098ef5cba4a0c23829efea580d92012673b4abc66deac5c868f4c76e762eb5e8b03e722ac6c6ac6a500119d20
-
Filesize
105KB
MD5575f5596dab03c85365221907a806b55
SHA10b99cf32075936f8ceb8bd900a9770713a61f31a
SHA256aefcdffa9a231ea50b75785bd9a96a7bc209a33b1bddc26c643415ed6439483a
SHA5124abe3b5c33e6e9ece1b3e95ac95d87451fff62e09d30c6fcca4965e6d226d480c396b5f47db3abc13e2520827514bcb5c030b664f299622df2ecc5eaa5d2051e
-
Filesize
317KB
MD570f999656185c78c219fa1eab112e92a
SHA11970bbc16947648e3abcdd431c1be6af945073bd
SHA2566958bd49bcb61617eb8bc1c222cc65319c281357f8bb83d1526c576cb137f08a
SHA512da62040a72babbdd150c30734a79f70b9f91addcf70c50a309538df6f2e06b8e20aae621f56a25ea21112fa94733a5e45ace91824c1c731ee8bb9adb8aaa3862
-
Filesize
2.5MB
MD5ee69d18ef002d3119c8b67acf2243103
SHA13edf9831a6536e6351b85501253794a6e0bf98e3
SHA25641bd325aff9b19c028c1e96eb1a3b08a8d00859004dbd16b7495b6a4cfdc1227
SHA512813c9e3dd61ea8778089468f04e7c844248321ce92a2c4eeeea758c1eb2480e3cf3d041a38f23efab64f459167d0c7bbbb26a3d5345332ededcfcf281b991bbe
-
Filesize
437KB
MD575aac9d1f8f9079920e67a2e5a69756e
SHA19a82e23162f801ae9025d3bdb504b8be6f01367d
SHA25666440d6bd2554caec740850782036b372d15f298af28f68c5daec9f13a42e3ab
SHA5129f54d32817d561fadfc32f99ecc809d6f9eb87f0fe1409882307a5407218a73dc6e00610501d59e0acc9b9bf1a12e8bc311da7ec471b785df6d39f3d626a3542
-
Filesize
768KB
MD556702716ecf0ccaf9131943f85f07eae
SHA1cbcc4b552adace221aad6e4a88978179269109fe
SHA2563d5404ec47e939941db9373aadf803b9dceccb30e3ad1923691bc6ab99422d7b
SHA512a640b698f255ddd5dec17cadfa222ff731f9ea070cfeb855e1e6781bd7693c672c47fe01e8d50858a395b0e757794fcb0813fc34d4869510f9a0909078ee7a27
-
Filesize
2.2MB
MD502a6532b41765cf151a9b57cc795da7c
SHA15dfed83965e58d934ac3d11627db61b5a5cdad22
SHA256abf6108192c3a8fcf1bea3e4a812e00c2e94d41e8f585e98d2e3158097711e13
SHA512cf612687d4109f31310257b699f848e472a15d36513f81f5f71a260cafb0730e7216cb120769ee4e2df33ec6e9c69ec9fc0ec90b05a6be45b47a525817dc901c