Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20/05/2024, 03:18
General
-
Target
d73cbc311d5fc6f297f661bf465a8fdb13ca184619aafad61235f672c27610a6.exe
-
Size
124KB
-
MD5
8148b0a59054f3c79278875508fa7a85
-
SHA1
9955b3503f7e526361f018e283b3356b3679db00
-
SHA256
d73cbc311d5fc6f297f661bf465a8fdb13ca184619aafad61235f672c27610a6
-
SHA512
694dd86d744ade19e3bed906e550557ba3be6fc75d1d5a5ecba39fcdfe0b562ac9d191cd1862160ae7f44c0a4417a7e29e9a40c4c27ea0fd54bdf9b7d28c0028
-
SSDEEP
1536:FVszw5YSd0hRO/N69BH3OoGa+FL9jKceRgrkjSo:nGSYK0hkFoN3Oo1+F92S
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 43 IoCs
-
Executes dropped EXE 43 IoCs
-
Loads dropped DLL 64 IoCs
-
Adds Run key to start application 2 TTPs 43 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 43 IoCs
-
Suspicious use of SetWindowsHookEx 44 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d73cbc311d5fc6f297f661bf465a8fdb13ca184619aafad61235f672c27610a6.exe"C:\Users\Admin\AppData\Local\Temp\d73cbc311d5fc6f297f661bf465a8fdb13ca184619aafad61235f672c27610a6.exe"1⤵
- Modifies visiblity of hidden/system files in Explorer
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\voiuvix.exe"C:\Users\Admin\voiuvix.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\ceiob.exe"C:\Users\Admin\ceiob.exe"3⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\ciomoaj.exe"C:\Users\Admin\ciomoaj.exe"4⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\cueulix.exe"C:\Users\Admin\cueulix.exe"5⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\gaier.exe"C:\Users\Admin\gaier.exe"6⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\wiibie.exe"C:\Users\Admin\wiibie.exe"7⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\hdvaev.exe"C:\Users\Admin\hdvaev.exe"8⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\qiuwiaq.exe"C:\Users\Admin\qiuwiaq.exe"9⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\yibah.exe"C:\Users\Admin\yibah.exe"10⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\soibiuk.exe"C:\Users\Admin\soibiuk.exe"11⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\peisa.exe"C:\Users\Admin\peisa.exe"12⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\ztmuiv.exe"C:\Users\Admin\ztmuiv.exe"13⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\bofol.exe"C:\Users\Admin\bofol.exe"14⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\cuicus.exe"C:\Users\Admin\cuicus.exe"15⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\xoasoam.exe"C:\Users\Admin\xoasoam.exe"16⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\bioini.exe"C:\Users\Admin\bioini.exe"17⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\kuuqo.exe"C:\Users\Admin\kuuqo.exe"18⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\roucan.exe"C:\Users\Admin\roucan.exe"19⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\muodeol.exe"C:\Users\Admin\muodeol.exe"20⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\neuise.exe"C:\Users\Admin\neuise.exe"21⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\frxip.exe"C:\Users\Admin\frxip.exe"22⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\reiye.exe"C:\Users\Admin\reiye.exe"23⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\moaohi.exe"C:\Users\Admin\moaohi.exe"24⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\niajab.exe"C:\Users\Admin\niajab.exe"25⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\bczip.exe"C:\Users\Admin\bczip.exe"26⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\koueka.exe"C:\Users\Admin\koueka.exe"27⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\duaomo.exe"C:\Users\Admin\duaomo.exe"28⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\ybruiq.exe"C:\Users\Admin\ybruiq.exe"29⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\yioak.exe"C:\Users\Admin\yioak.exe"30⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\hueiqi.exe"C:\Users\Admin\hueiqi.exe"31⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\juekup.exe"C:\Users\Admin\juekup.exe"32⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\zaujoun.exe"C:\Users\Admin\zaujoun.exe"33⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\noaxub.exe"C:\Users\Admin\noaxub.exe"34⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\joajog.exe"C:\Users\Admin\joajog.exe"35⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\bmyel.exe"C:\Users\Admin\bmyel.exe"36⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\soocu.exe"C:\Users\Admin\soocu.exe"37⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\haunuz.exe"C:\Users\Admin\haunuz.exe"38⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\joaosu.exe"C:\Users\Admin\joaosu.exe"39⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\krmac.exe"C:\Users\Admin\krmac.exe"40⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\yaeer.exe"C:\Users\Admin\yaeer.exe"41⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\voaot.exe"C:\Users\Admin\voaot.exe"42⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\haibuon.exe"C:\Users\Admin\haibuon.exe"43⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\quaote.exe"C:\Users\Admin\quaote.exe"44⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
124KB
MD5bc3dab0db29a920c3857bcb0564cf92c
SHA1227e01c43ee2fcd2ed5cdc6c9413db1ceb180c6f
SHA25606ca3c8570b8afa83269ab3eaac6fa014fc5be1af4b6390c872b711b8726cf10
SHA5127f20146db3028436a3a892a0fad9ea46f1d063e1671f520dfb7dce4de08f1fb76c4d2299dd312a32d3c010db34f594e9bdd6022dae6f0a0a76af45cd147a637f
-
Filesize
124KB
MD567f6edbb540f9dfbb761a2caa50941f2
SHA10acc455168158d6b8204d5be43aa73c43bf01b1c
SHA2561f35305077939ed0bc89c3734f0b61c2aad0e8871f1d3584bfd7ad10c25db68f
SHA51239f434e9b81c561c20de78355bf0e1ca469e2bd7ef95e6215930e2e2af06acec18089088e2766ecf7c3650acb199c68b3b0ada87823d04b6965a351e317d86b9
-
Filesize
124KB
MD5f68f61d9e0704c0c0a5686e19025a4ad
SHA176c5b6bda4b0e2cce21b51cdb917308259856d23
SHA256a049e663e982cf03cdfa1e3aae09850fff52f462aa5bbbedd1d930da0dac18d5
SHA512f02d6e269ac626d0d7a4ea25a2b7be271fafaa604efbf7e9fe49c2685b26a06ff253725e590968d2908d1492673ec792a78db0657f6094123a0ebd699560059c
-
Filesize
124KB
MD5e9f1858b0aadc81093644621c4b9aaa1
SHA1d7f4554668d0679e049d94c28d1a98c7e125b937
SHA2568ae9e89ec547133452e5f7eae7e54ec608e09389950c1cd3ff2275fc7ff3a8dd
SHA5123e1bae567a74d3b08cf095057aef51915803a79e57a51a323835cd367d68275dfb72b04f81c39594d216285f6ef925c53517c45a991717048e4afce8ddbcc96e
-
Filesize
124KB
MD5730f9f25cf1012bf3f22761fb14bcbe3
SHA156c004f2f8f416bca663a15f8e85f99e0528fbd3
SHA256b210bdf362fb72f4f18602957bfa422d07c69a31087cf1f4d93e8d5731f52c77
SHA5126506c85bcd000c2726e9659b06b70be989c54585091828282e2b7e5c5f9de0cc6b3c125db898b6c05478263ed47dcaf4bdc837a6a3a360c0fcc43c7b7fa63142
-
Filesize
124KB
MD55c3a897933184f49bb9488b39a9b28ec
SHA1f6a4013a5fc350f62aa8a86306b88833e3302e84
SHA2565540de5e711a9266d651d59b4e46e66730a35a2d81bb1ecf2b6375148f7e7d28
SHA51233f761dbc52bf92fa5028fa44295edb1beec9a669ce5133f653511cac5e669cebed3ba5801f69ac7a6d0874f1f5dfd5c8ad57b80b2dc470c9d549af1a67eca12
-
Filesize
124KB
MD547626a4577434280e8958c55da6c24e1
SHA1f8170030aca4101fd2a7a2fa62762ffbad25b217
SHA256870073e67149927b3cc98f0051db3030f7c3958c34c7bacccd566551f438fc73
SHA5127508232d8169ead0a40b72370f5dfbd8ded9cc31ed3d975e53825f349e94fdea6befe29d200f8d25dd7bfb32b5d82d74a0e04c9d0dd2d72ca9c73716e873f81e
-
Filesize
124KB
MD53b3881da2198d288e97c55616468c12f
SHA1371f2818226f38e55ae7ff73f24ae5e2e5af57b3
SHA256e1443080f107fc802984cbe8950490006561963e3e7217d0e52d1ec5e77764eb
SHA5123703fffb141ecf0aa8f57612ed53ea0417a6ffa04ffa10daeb2de523d96a543f9e6b943fca7e67e523efedba2755f22d6fc45e1bcd91410c7078640cf080b9ca
-
Filesize
124KB
MD5b04d3f6658b69e240bed8751d3344441
SHA1f01a966d9e39cd8d63bee3ef31ac7dbe88cc20e7
SHA2564756f992d81fadc8b9430b4b87244aaf27eb72abdbfb092ba7318edcd5f40c59
SHA512acd4dcd432f2b853f5ad960ba8240b7edd753a154236f7a3081f7c84f0863ff3cbcdff2af92c48400b2d8f9af5c0eba8c006ce7da47d3cf472b34ee5e73764c9
-
Filesize
124KB
MD51d0049520d15a5fcd03269c767ccd4de
SHA13f1d210a300442191cb0219a2fc84af68882d5c3
SHA2561e14b61f252d6f02e74c0a3eae99edd119da24d37ad1334e2dbc3125db0dbbf7
SHA5128cfe83d97470afd52a9de4597de394a430d9e56de64c0a76bcf8d8843eb11a127856b8132e8f607506713fc4c02aeb585f3f81c8a7eace2f39e64e22ace54018
-
Filesize
124KB
MD5612b1ae2006d05a6ff96d04daf01a2a8
SHA1c97f4d6cb2388ccc9ae220cd3a21914b390da732
SHA2563b365145008f38e63ea60f217ebde0f19ff1d5e51402026cdf443ff366b64cdf
SHA512b6f47f7ccc41d12f8821f1749a786d9857330adb2606f2fc44a15ab57260dc303f764099687c68b8dbf7bd108e7155c89608b8eb1e002291f17578cd3edf08db
-
Filesize
124KB
MD5d3bb8932768c5b82713c04ab17d1a81e
SHA1e351e6957a5dc1f8f9a3e71e917eb1528b031486
SHA2568146ecda5a4d76eec1c9a11a60ad843c32b8d6f0316f22518cb973bbcf6524f1
SHA512812652f5f2979d9c958df4772f96fcf1fd5c7e891bb8d5978430e9ffbd3a3549412c2ee10012c7313f72a42b49b3613731d888f0bcccb0411b58f7db0b359bff
-
Filesize
124KB
MD59aa21772016130a170686cae46649f74
SHA1ff20c90a6386cc3966ecd3c9be98ceaf20ac70ca
SHA25667b8d66c708b5f34865edade2be512a1f1785bb8f234989e220b1f7197e48492
SHA51254defd566fe2056c482b2f96ea8e719f0611c894e3110036e2ab69ff0e1beeb2e1871d09873b0d325c7cbe7a0b04c457c14c7cc25be9c8b4c5a5e34524a45af3
-
Filesize
124KB
MD56e6bea81e3a05d82c51e972fb5cc9be5
SHA160596a870a57991903c33627ec9a585ae349013c
SHA2560ecfbea99809a386e07c1f95f5aa78beccd170188171c39b4e7e6d0238dcae8f
SHA5129fd366d86172bc23551277a359a1b607f72e919a2b56e84e158bc56f8c614569e9787872d36084eae5d780fa59fe89a0e9d0d166d3a5de91f68e4bd23794d38c
-
Filesize
124KB
MD5f36875dc56b620550829fd6715270594
SHA156e533823f185c4480c2d3dc94e7ac989203b8ea
SHA256df27da9685adc97e1f673fa7d33e8fb16b571de6b89787a499b2a3a0ec812d1d
SHA5120c0d3d33a1f12f3d656f3b7397da8f7ea655606902b00754ab7228f1887e5f7427527ce13a581693057f3e38f1a9d288be75e0b940aef1597ce07ad5183f00e4
-
Filesize
124KB
MD53381add37838f7477189b089af8fd685
SHA14db1c3eb8def4a8291494b64bc12feb179380680
SHA25670b5b404692896e9e0c7d641d6d6d3cd15e3b076d99bac1a666e17ff89c4bfbd
SHA512842890375ead8fa21955f67c47d38056126c744bba697ae6e89537de7a2bdcdfbe7a769c3daeda2ce7773e9bded55fa1a444c7d27bfd16fec4b4f10db082bf4b