Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
20-05-2024 09:02
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://rcoa.streamgo.live
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
http://rcoa.streamgo.live
Resource
android-33-x64-arm64-20240514-en
Behavioral task
behavioral3
Sample
http://rcoa.streamgo.live
Resource
macos-20240410-en
Behavioral task
behavioral4
Sample
http://rcoa.streamgo.live
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral5
Sample
http://rcoa.streamgo.live
Resource
ubuntu2004-amd64-20240508-en
General
-
Target
http://rcoa.streamgo.live
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133606693544213452" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 1148 chrome.exe 1148 chrome.exe 3036 chrome.exe 3036 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
Processes:
chrome.exepid process 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe Token: SeShutdownPrivilege 1148 chrome.exe Token: SeCreatePagefilePrivilege 1148 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe 1148 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 1148 wrote to memory of 1724 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1724 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 3832 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1456 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1456 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe PID 1148 wrote to memory of 1268 1148 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://rcoa.streamgo.live1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1148 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb610fab58,0x7ffb610fab68,0x7ffb610fab782⤵PID:1724
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1912,i,14105978467153263386,11414881217387841594,131072 /prefetch:22⤵PID:3832
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1892 --field-trial-handle=1912,i,14105978467153263386,11414881217387841594,131072 /prefetch:82⤵PID:1456
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1912,i,14105978467153263386,11414881217387841594,131072 /prefetch:82⤵PID:1268
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1912,i,14105978467153263386,11414881217387841594,131072 /prefetch:12⤵PID:4856
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1912,i,14105978467153263386,11414881217387841594,131072 /prefetch:12⤵PID:2488
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1668 --field-trial-handle=1912,i,14105978467153263386,11414881217387841594,131072 /prefetch:12⤵PID:2520
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4392 --field-trial-handle=1912,i,14105978467153263386,11414881217387841594,131072 /prefetch:82⤵PID:4088
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 --field-trial-handle=1912,i,14105978467153263386,11414881217387841594,131072 /prefetch:82⤵PID:1632
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4704 --field-trial-handle=1912,i,14105978467153263386,11414881217387841594,131072 /prefetch:12⤵PID:312
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4720 --field-trial-handle=1912,i,14105978467153263386,11414881217387841594,131072 /prefetch:12⤵PID:1916
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 --field-trial-handle=1912,i,14105978467153263386,11414881217387841594,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3036
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4952
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72B
MD541cb0a9d2d3a9872a671d6ce0747783c
SHA1bb5a647bba6fe5a82f64121687abb5fda1d9de76
SHA256a1e3ec8c6bfb3ef5c1ab51d04a6c3f13f9f99874123d780988727f142c6f3d5d
SHA5123dcd4b49c25a3ded31b273ef34e0ce33887f9802b73730872e7038f6e871b507aa0c580853bd988c8e7b461a4ac1bdfc564843751918d0a50c54a568dc7546a5
-
Filesize
2KB
MD5d89006a7857db5fc3db383767cc21f7b
SHA1a402fe3b2e7e347c34960ed15baab518a1d3876d
SHA256202437dc137c73bd345b4ebd19656a2d465673ae603f5718e048a61d86404f4d
SHA512bb780b619aa510fc7ccba48a78ad9eab9b0c9758c397730092f99b63d48e120e4bdaeac47af0c716825c1fd9c610a6a723a90cfd8ca656141761a14d5c3e051a
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
518B
MD5781caa583a25e73c186192c71a8b3ec3
SHA19e8488310f00b1d23c558dfac1be7ac847f46681
SHA256984a676de52f4aa1a924030850d98600de432aaf17cf45f5132dc27a81787867
SHA512977bdb29cb1b74814833cba2c4b7a0a59e586edc2536289bc92fa477f620d1ae0b8fb4a5cf8dc0cab09da9ba93d3bfa44496ebb69e745b40e5a64a20662451f4
-
Filesize
9KB
MD5c7bda64902e4305c7378cc3bf367fea3
SHA1cbdf53ab45c37a9e64e21166840b5aa4961481e8
SHA25699601908a1106e4ed478fdbf0460c4ec1e491a80657f2797a7b182ae3bf7b0d2
SHA512e899815cd9e4ddcd7d0c4a474c2b196be8e223fa763b3a92446e8ea0eef95174d91d8665971452fdd29b72b62769fd19b5e2e32ecd36b3d608b310820a92f2cd
-
Filesize
10KB
MD5dc15b5751613584469eb152805402afd
SHA1c94fd05e3cd311d1bd0de1a82690ae0ade788e39
SHA2565f5436009f21ad7c2b479eb28bc93c834f2c9ce0b3d0daa5805135d5e5ec98e5
SHA512f4316b22d4f0a316c9cae122dc955ecb60adb49bf47522c3dc641b7b7b3fbec811a97c9bdd84ce24c8d03cf052f8cd3b5f457900130a818ce2a8eb134a575c7b
-
Filesize
7KB
MD5ab3f9ebf55e5388d2be6abd2b4a5690c
SHA180a525b4977faeab113861eb214bb86c331fecf3
SHA25609c60af3884ee524bbcbd76a29eefc20698bab170d9bceeeb39f467a5f926698
SHA5122fb51bb903e4d87e7e0405af4557a118b7a6f73981a80eecff1eeb5aec2310cab8a275f09238a435659dbbbe9f42785eb118da705ea780a498431a2995ca1391
-
Filesize
255KB
MD52bba3d9db8f9e19f72481aeb486dca05
SHA12687784c56d420e732537b0555332ec571716095
SHA256a3d4567fcc7f1be17b067b97bc5d5a4c2b6e74a7352a1dd75e25172cf3db87e0
SHA5125232ea8432f107b91f581b46c905424d91ada27f8dcc196a659eb5f2fbbc3e573f237587ea5239061ff73626c642320ade19d06ffdf2564756464d10683dd58d
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e