Resubmissions
03-05-2024 11:14
240503-nb1qhsdb5z 503-05-2024 11:11
240503-naj2dadb3t 103-05-2024 11:08
240503-m8y3hsda8x 5Analysis
-
max time kernel
143s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-05-2024 11:08
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133592081509977763" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1884 chrome.exe 1884 chrome.exe 4508 chrome.exe 4508 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe Token: SeShutdownPrivilege 1884 chrome.exe Token: SeCreatePagefilePrivilege 1884 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe 1884 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1884 wrote to memory of 3208 1884 chrome.exe 82 PID 1884 wrote to memory of 3208 1884 chrome.exe 82 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 800 1884 chrome.exe 84 PID 1884 wrote to memory of 2988 1884 chrome.exe 85 PID 1884 wrote to memory of 2988 1884 chrome.exe 85 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86 PID 1884 wrote to memory of 2080 1884 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://community.fabric.microsoft.com/t5/Issues/free-v-bucks-generator-2024-free-vbucks-codes/idi-p/38730131⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1884 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1f3bab58,0x7ffb1f3bab68,0x7ffb1f3bab782⤵PID:3208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1800,i,6871242657080543349,9267201585514103564,131072 /prefetch:22⤵PID:800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1800,i,6871242657080543349,9267201585514103564,131072 /prefetch:82⤵PID:2988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1800,i,6871242657080543349,9267201585514103564,131072 /prefetch:82⤵PID:2080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1800,i,6871242657080543349,9267201585514103564,131072 /prefetch:12⤵PID:1844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1800,i,6871242657080543349,9267201585514103564,131072 /prefetch:12⤵PID:3196
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1800,i,6871242657080543349,9267201585514103564,131072 /prefetch:82⤵PID:1136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1800,i,6871242657080543349,9267201585514103564,131072 /prefetch:82⤵PID:3284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4648 --field-trial-handle=1800,i,6871242657080543349,9267201585514103564,131072 /prefetch:12⤵PID:2808
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4924 --field-trial-handle=1800,i,6871242657080543349,9267201585514103564,131072 /prefetch:12⤵PID:1412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1800,i,6871242657080543349,9267201585514103564,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4508
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3772
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
45KB
MD5924ec0b5fc38d83ded825040fb99c64f
SHA1e81d87aa265e9050a2f13d91f6f46cd0d184a588
SHA2563d7091de924af030c74139c54b210405cab85d088279c5f742e5ec97070f47c2
SHA51221977c8ec433880a372e5a4acef9f637219cb78fb609231b4970e11bb05cd3bd013f78bbaf930d5faea982d672a75ee94005665100c4a67d99f44ab1f1715983
-
Filesize
312B
MD5e0ed2dbb33de829d337e82fbb2206a7c
SHA1ef6973e2d61f8e2ac904079dae7ea73a9444f1a6
SHA256f55eca18954eeadcdce78796e7bde556707673bacef8c55ad40549c87971ad60
SHA512a725602314b2409f53aa173423e3494bdd4f52c1e9b927c4f2e78825e15eef5e29077c79e6a2ef5e291fae4ed31314cb276e2fa411c2b7c36dc6cb4e1c9112de
-
Filesize
480B
MD5bde4aaac477ef81988cc670efe5be169
SHA19050554977ff0c9be016dae32d706f191c66bdc6
SHA2568938498638b9b9d2577860706a55d97cafd6fffd98b7c2a733e833bd816ee790
SHA5127465cec1958be2f853d0aa2829369f3112e625731631024d3144c0445b474172aeb8ac56217f8f434a79bc5d1676e921033db6c51b2e7186f26506e9ae27fc00
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\6e3e0edc-1538-4c05-b714-5510d815f42f.tmp
Filesize690B
MD57d095407ecc8246c0f17107f93025433
SHA183754d511e5afba0a740404e293b79c2467c16a3
SHA2560673b150230416de4258ee37f89629c1fd279813c49f386a57e64a5f421bf56f
SHA512dc08f3a3c4c7e21aa4c2e2beb6c60cc8f544c660712e6f157b9f5ab921f29d4f34c429a007bef76b8863a034a2f467f3f4ef447a83b167932c458c666e99db06
-
Filesize
4KB
MD5571c64284dbf33d6dbd699f3eff75c72
SHA10aff58758fb3d7adb2b47e20fc896c44e8da457c
SHA256feb9465c8ca8b4da6b4d21d442f66eb813e4267e0f8fe3629cdab00badee02e8
SHA512487631b2f09531bd46859b48546c164ddecbff17474238723d2682dc49d2505cf2208babd2eea5d29a50e31ca552a2aa238f2142315039b1b413eebfdc8eedaa
-
Filesize
4KB
MD5e8285b224e3210a0f18953fcc9509a42
SHA19b9a9dd260ab20fa7700ccdefb23cd05437b95a3
SHA25610e315114eec7e0d3e21f64ca087b6dd1da32c5ec7f356a9ec4d43929e9088b3
SHA5124e10dfd9939388d0ee4bf1618ce5828ae09893b5bc9fb336ab86fe543079f80049b798868b462dc2fd639d1c88b4b2e2a1155452afdbdc99f4b6c17f286d219f
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD58c4fb4d434a867abfa0cbd5395c31015
SHA1ea89d39b3c0aec61fbbe7ede3242b9d55ff1a725
SHA256650ed83af32ba49a0a1bea165496708f6f09aaf6f3c9953cf4cec423950aab0e
SHA512eba031e25b7ff2c5d0e826dd4ba696fc8ce467ef656f2ec136e192d465375491eab8585837c5d9476d51fcb7bad05a934ff808510c3fafcc806e4309a46679f6
-
Filesize
690B
MD50ea1f2b3029934bbcd638f25981c9153
SHA1deca0b1747596dd252f2055d0b19f7fed9009b7a
SHA256caf47d18544e48cd2f62e14aa12b6e8fd27dbb6d265f2e3ff92195bb33eb3e9a
SHA51262c3142d2fb25ec4766274ae34f06ee2e632deef9df8ca895822baacd73d6e1042edafcdceb8a494f46a150d9d57e9ecbfe02b8d5be6bbdc5e5c6e73f1a520dc
-
Filesize
7KB
MD5444d1dd327234fb2d47eff44a82e9e5d
SHA1cced04eb7e2acc6928b87e10b1aa5a544716390c
SHA2563c796f476ca4ded88729eb4d8e19a4fb962d6ad02c95909053e068e263ac9218
SHA512248a226a5bc39e749af24ba330aef52770b41617a17ef50f68cab67b14d344ba0063ca65a337008a05f69406d74744d6604d1259d851550e5aec4da3a1e2e328
-
Filesize
7KB
MD5cbb92e0a09973d4b294217c69f3499fd
SHA11ceb7fc201fb04d4060149a2cd27ee6c55e3382a
SHA256758e2c289b662bee2a891bde00c5b63273fb751ce256e652cc06c314de9844fc
SHA512baf6c70608256018411175075bada4e510cc38b518e29c4c3a29c2515cc9c1ba077afadd7eb0acb6ec7d4e03fd167de8238bdf77961d8b9d2a9f9eb3b661f551
-
Filesize
130KB
MD5dfae758640f4a45a60873b06f828d800
SHA1baacc15fa2ba557b8c46ff4d73e4cf3491f6c9e6
SHA256915bdce108bd008031a2edf5260be5af9728754813d35363495b92c3139f0d1a
SHA51273b0aefe2b95b7847c66efa4d059deed20f32a4731ae9b2f71a985becdf006f021c83e0dad0a26a2ecfaf1e39b9bdf873c3f5b11b2f628b22061d0ea3e8770c5