Analysis
-
max time kernel
70s -
max time network
98s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
29-03-2024 05:43
General
-
Target
tcmd1103x64.exe
-
Size
6.2MB
-
MD5
2bc1009b18915f773803aa5ce0c8c5aa
-
SHA1
e7ce87c81da0ed4eda263c0bc1a6e87ea2f5b6ec
-
SHA256
d1b9e3a7e548eedbbe122287b8589f1eb42023f77e8f7d6856dc1644f038f617
-
SHA512
cecff47bc915b4ca56ca6e524a78835adbe1d14d822f4e1fb7746fc9f5aeaa6ec50a4f2607b7b9a587165d30bce025395421a70832dfd08514fe44531d8d997c
-
SSDEEP
196608:fuoi4HImqMBbtrrxzf04DC4CycKkPpOMLvo:Gcz3uZlxOMk
Malware Config
Signatures
-
Checks whether UAC is enabled 1 TTPs 3 IoCs
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 64 IoCs
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 25 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 46 IoCs
-
Suspicious use of FindShellTrayWindow 38 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\tcmd1103x64.exe"C:\Users\Admin\AppData\Local\Temp\tcmd1103x64.exe"1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\totalcmd\TOTALCMD64.EXE"C:\Program Files\totalcmd\TOTALCMD64.EXE"1⤵
- Checks whether UAC is enabled
- Enumerates connected drives
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\totalcmd\TOTALCMD64.EXE"C:\Program Files\totalcmd\TOTALCMD64.EXE"1⤵
- Checks whether UAC is enabled
- Enumerates connected drives
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\totalcmd\TOTALCMD64.EXE"C:\Program Files\totalcmd\TOTALCMD64.EXE"1⤵
- Checks whether UAC is enabled
- Enumerates connected drives
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef66c9758,0x7fef66c9768,0x7fef66c97782⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1280,i,14274534468172830489,17946201578975651445,131072 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1280,i,14274534468172830489,17946201578975651445,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1280,i,14274534468172830489,17946201578975651445,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2252 --field-trial-handle=1280,i,14274534468172830489,17946201578975651445,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1280,i,14274534468172830489,17946201578975651445,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1144 --field-trial-handle=1280,i,14274534468172830489,17946201578975651445,131072 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1336 --field-trial-handle=1280,i,14274534468172830489,17946201578975651445,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 --field-trial-handle=1280,i,14274534468172830489,17946201578975651445,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3776 --field-trial-handle=1280,i,14274534468172830489,17946201578975651445,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3700 --field-trial-handle=1280,i,14274534468172830489,17946201578975651445,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3672 --field-trial-handle=1280,i,14274534468172830489,17946201578975651445,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
977B
MD5f103b23c658d801d5c31cb056bafdc16
SHA18de136fc1dd6372b4eb357304c73eb55393bba13
SHA2568159c946398eec59d8065342c06b957ae38165e664850fb57f5d9971cffb7c21
SHA512a4edb8541eea5fcb6411c59ee604304324aea37e7d0cfc271faf0f8bd044f93282d14c54168e355f59ccd81ad679c2f3cf4cd65dc5b22c6ed4ce6f160beb1cd3
-
Filesize
20KB
MD53a6b27edadab326bbe5d47e0eb6dcaae
SHA16dcbd84131375612b13503e3b65e17f04bceb0ef
SHA2566842ab1e7e498e3eb015e92acdf09daf95b480d48f6f3b5f3256dfb277690ed6
SHA512062c6aaccba2dec42da3c1e89011aae25a16b2a1e28c2518fd38bf64e2a8d682761006e6e085d3f34a6d3500841cb347586699f9e1c1fb9eb3dd2ee3cda7bb99
-
Filesize
29KB
MD50e5650341b163a9bd1986a300e3a550b
SHA11c322886379e0c11d748d9ae7d2a341144fc4946
SHA256dd47559564aacce38a055631ad34ee0000f6b10241917d403cf00dd432d2d616
SHA512dd7de3f4f9ffac489c6f369ccdad3e57f6bb31282f98cbd54c25cc46a464f9a658cc3aa59252eeb1028da6311cce9948c251a2273aa8c2070a07f1f220ac09d5
-
Filesize
417B
MD5359a5959600405bafe7f527698403fd5
SHA14024b741ec3a894123436c20d92e742d2c5549e8
SHA2562269161181abceb488f93ed7a52e81900d3217d0da4cd3fe7cd405b7658d814a
SHA51204af487a7c3a680effdad2ac34881312863a8c1fd5f02d651440a749672972e081b63bc715f0048639618c323377295201195c2b893f5748fe936568282f8ac6
-
Filesize
6KB
MD5708da336eca1f69565cb10092e6b654f
SHA14e7b674dd94e69b9d6dc2d9f703f68363b22fbe0
SHA2565b838143eb9ebd92177e583fd6e247730c06606fe75cbe93751b51e33b1c3495
SHA51286748c8eb868ecb7f0a66c5762574a19c8f8ac82f8502d547dfdb4533ec2127779ebad3256f1a289aeb2b1f6d6d8e88a334998995d01426ca554a6a839041c32
-
Filesize
1.5MB
MD5e27082b0866a67ce44e1b87cf49a59a5
SHA19307b91833f8234c34d797c0feb4538e3be497f7
SHA2569f1ee34b38da173f59bdf6172198ff2ec872fb75bc09ffa55cc3847ecda14cba
SHA5128ee78da80693d5eaa49db85e1c3c0c3b94d70e17f6a8390f35c4a89aa08bc65c6aca05100c05ae32d789f1dc8e4cf23585abba1b6193a647c891daffaffc9fe6
-
Filesize
623KB
MD5c6a57219c6e2c4ebb4b6e887a3895308
SHA180bd3a6ca1b5ae395e64ad16665099efe759856e
SHA25623498765aeb0f74007ecd45a8eb83d64d839ad8cacfce59f1d77621583dd61ef
SHA5120f42a0cb29cfbbc0ef988cba1876dba492759a103be55d94757d1fafde111aec225fc6384af450544df5fd027f3df8d028ba2c76c8df77271002c62812f6e0e4
-
Filesize
1KB
MD57413491be06e421a6d8b0e64a1f54b13
SHA1ba2637885daec4685a8c9983626d92820b8fc00d
SHA2564d74f2df5eef181bb65d66648afacc61391fd2213312d0b0929e6c3850f27be9
SHA5128db9fa4dab27870ceea978f6b16293b94f8a1f424ba2042a791b9cfd2ce122c6c6af2c4bfae665d5ba3853a5cfe1f94b84e178880a773fbea596b9db7cef5e52
-
Filesize
22B
MD5f6be9a37aff62a08ef805c309561381d
SHA139d75eeebd8dba3af4c45f18902b3ab5fccd0207
SHA256eca936d69011a6aa9c12366b2b2cefa74763d093b93a6e4edb44242667a28740
SHA51211c952ae2e4c36f002bf4ab063dfea97058e66b750921e29fe180085f4850a137d914ff2eabbe7353a99afd34f163b33c9d2db047e0d76012709f0b3f9f5e171
-
Filesize
198KB
MD5cda68ffa26095220a82ae0a7eaea5f57
SHA1e892d887688790ddd8f0594607b539fc6baa9e40
SHA256f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb
SHA51284c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
359B
MD58ad8fd77368c5fdf4cfe6a0881e558be
SHA1523d97d533e9b6ac86182fed47baf33960687cc9
SHA256dcfefa386898c21d8d27e2eb16d13eca324ab52bfdb0120a10e335383f9ec94b
SHA512c196debec0fec4f05ac3db56f01b4049f853408a6de5313808c38e1eede78c9749bc29d64d6379fe39dbd404ca6d5893c87d2dc24b613bf83f08ae8565d878dd
-
Filesize
6KB
MD57025f1fd1689e79b6d97e78b1a7b8055
SHA1ccf83a3c13dbd5590ef382aa218dfaf12b4b3b20
SHA256b29c68ddc10ec551a6e59b4bb8f8037b1e21c1727d71a51af882c70d3053cd3a
SHA512d671134cca7850685738d9c019e9f4c3a4d28e5b8bdb30d9b3d2b711f989e4a2a392e012f7d61fceb483acfadb1446150b1727c49427fda5feb284a3b9ae3846
-
Filesize
5KB
MD5663e6ecf15af0e8ef90881a6c6af4018
SHA1f4ab634625c17d9a74e7e52b97eca46e028c8311
SHA256c392eaa53b1965581f97052e42500753f61a0902148d70127c3649d60a1c1c36
SHA512efea3b489beba6aaa80b7fe4319af1d27f38767e52f4e74f57040b244f5514d39e55a6a8cccc939b9248b19b2d5e1f6a6071a7a42898c51fdaf928c8faf4accf
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
262KB
MD56a9def74e39e9ffd9c700ad24c79ac4e
SHA1e969b01a2dc69ae7fec8cc6e9b32a088cccbf9e4
SHA256ee1a626194e2d56a87063c18c6741167f5be80e68966f4a4b786a36cc1dbb811
SHA512428b545542db2da2e820461f561a9eb77fd806c85705c408a23959057145aad21a200b91563c222ff7999b64cbcb32dd49c2712ca644cfb764a1a20859bfbce2
-
Filesize
55B
MD58d158ff6c3d1872a17896ca8a116c9b1
SHA1f8e57560a4fd5f9c47c7fd9c1cad773f58cba6d5
SHA2566f54122f094088382bacecfee05210769ea957f5cdd35b6f4e1e69ea6851ebe8
SHA5129df88ce729a12dab4d750a1012f53c2d064b677cd31c901c22a0090e873f7600843db3db42a3478f914d821141393c5a5cd14068cb9ed4bb9b6f958600e14109
-
Filesize
72B
MD57125e35228f66938f369a50011a2df6d
SHA1ffe74e057cde68d7fc2378b7eb830e3d59030bc5
SHA256df0a35a35ed074325726d5e927fe2013bd47ca4d898039d23a4a062d675bfd23
SHA512223b579b1ebdf308541cc10cb2fa01fd887c931f4b413ec15b18adb1efcb16b6a429eb83b7c59888b0208f7b568da34d3e2f12f9ef6170552c7ddd42408224fa
-
Filesize
112B
MD52a59360a75a97af5811c0c17b92c90e5
SHA17b5f9407e715b6fddf279ff850563b3852309343
SHA2564e367e5483c8e8640236633b47963ccb07b16133ffaefa2d7c923a2f5d704ed5
SHA5129312e05c5b9a38261f49af4dc5ca96d6e2697201cef4d9d97bf723efb70582c184694b5efcddbacb5eb38f1ad50201767b5befb620744517ab26d7ae7c4f30e9
-
Filesize
223B
MD5af6ecebfa269ea202fa1c5a8e04bfde6
SHA14c0b41e892e932c42b4c7ba13838ec8104cec116
SHA2562f681e2ebd2339c75ab929a364a50b6aa62ebe054754cfebf7312cf9380b1866
SHA5126cfa50464e65a99bf200d0e8fa65c888ecdbdd80159f98867eef63caeec9e9109064517dae9faac8c9aa9546b34003a7033c6b84fd45b03201e00f7e90dab94b
-
Filesize
666B
MD5b4a48e573b0c5af447660da9d9fd39cc
SHA19ff9d8c0d2ef4e0f12eb3429d259c5ab7a8e4428
SHA256c9976f021e9f0aa3dfed68b0f711da0860a0a6f64a37c56ef81ca29d1681f9bc
SHA512efc4ee10cbe699921a0cd6323df25da2df398064662efc6667844bbe5aa32114dab942b47f3083738aae3545c9dc3f1b407d2d8c883a7cca6cf6152ad43935a0
-
Filesize
717B
MD5b3eb1f7f33282a0d9328107454a93e0c
SHA1350c83cdf436019895e31a017799405fdb3bb74f
SHA256811b7323da640b9ae2617b8afc901822c1ce4af3c6fdc71dbe06a3931d6a6349
SHA5122d5bcc4037385ab521e07dc1349c6af68d14327726c4baf735449ccc6edbe526817cab8a311760ae0390682ab2f607053e29493c1499d3a34c2b358f94f32102
-
Filesize
717B
MD5da476704eb237d893cebbf408271677a
SHA1c8b95aee60e2a1b9106269b2accd72716ee51ead
SHA25651c76e55d15fd263cd6f2f8e22c5800bd5651d04022a21b248ebb84e4a39ab07
SHA512ab2e9354d20da8969bdd335b9e79e40216aff0a4e648146d485bcc9c4fd41fbad7f63e1746adb6b9e0f886a8e4f953d3b8981ffa9f9351655612e721b2c636b0
-
Filesize
717B
MD553cb051a1496ccc4e17044ca6449a2a0
SHA1ac01ce5487d4908c6246f6462820450fa3d0b7e1
SHA256e6ba4afc3823e6979c9c51fc277ed9b635fb2248683515dcaa45da5258cb6403
SHA5124c52eaf663d8cb0d3e01b6b87abf2fa12adba017c9293f80345676d82f8eebe2dce1d9d0bffd48eb14b7134ef4b2de54d18a0ee6a1cab4db7dbbdd7a29616061
-
Filesize
750B
MD58cb044bf2d36097fe02939f920b7e04c
SHA11cf7cf32f47bf89faaa16edc8f23f80afa38dc6e
SHA25605c007e52b387d61e547ad8aa55f1068a302fb40403d02289a7516926b4683de
SHA512aaddf41073d94d750496a816c8ef485bd9f3ca0849e02cba3e9ef37fab0af68eb9241bb27a2b98a5ea37670ffc3034fb5a4d884ae76b68b10aae3809427cfa25
-
Filesize
760B
MD5b0790a6cf451441e2db6b03b30dafe00
SHA153950927fa2722141e30e0451e7cb2c76ee2572e
SHA25600277778d2a4d7c4da26ce6705e24ee43c47d86f18964980f63cdade2889028d
SHA5124146d3eaf66be35fb00cefc9ac5fcf048c41152247887e0497ebba35625af368f1a5dc80c72b9bf7f255e98b130e788dd8ec16286a10bf90311952d8a8a345e6
-
Filesize
97KB
MD5c8ba1e4d21a658eb5e28132e07716374
SHA12a25b7fe965a9f6a393de4ddb77baf20a7c331e3
SHA256a5fdb6a6cc5a172e4099b897e09b7eabca54e51f4ba83e6e1f604a9cda825739
SHA512180587b701a56dbfe4a1c6c341418ea07562c11a1d6cdee35dbdf8425b78908ba5f600bc49707113f96ad3d33e9cf3fb8ef29a9d441e576cf0b9c4ca3c8338f2
-
Filesize
9.9MB
MD5010b1b115950c530717128a665f090ee
SHA1bdabfdfc91f6ad541da2c6cd4a7abcb59f3e72c6
SHA256aa7d04a9fad39fb4745804a90489ef5c283b9ec780d8f577106042c9e0ed78eb
SHA512f52e2389dddc3d24ce64345a347813b6eed455e24d11c50fe31f0c197f36732bc0657e88bfb1f6abc3fbee60605e48cc7398d2bfb94733a5a11cbd2274779dd6