Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
21/05/2024, 12:33
General
-
Target
4b91f0f341a55ab2e50baa375c23b5e534ea901559cce893b3c43dbc0b811e5b_NeikiAnalytics.exe
-
Size
124KB
-
MD5
adff7c9c612d14e7497dbc10d46ca850
-
SHA1
2a467710a869f729c0d496b6d8e63fc4342030ab
-
SHA256
4b91f0f341a55ab2e50baa375c23b5e534ea901559cce893b3c43dbc0b811e5b
-
SHA512
9dd25bc75d1876c3dfad8432b1190792a21cf46716fa3bea52399f743c0dae5558bfaf55a25b8a3a58e508a16d097b2755091fdf7d99b30d4add5bf39a130326
-
SSDEEP
1536:43szT5YLTKhRO/N69BH3OoGa+FL9jKceRgrkjSo3E:EGVYLehkFoN3Oo1+F92SP
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 43 IoCs
-
Executes dropped EXE 43 IoCs
-
Loads dropped DLL 64 IoCs
-
Adds Run key to start application 2 TTPs 43 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 43 IoCs
-
Suspicious use of SetWindowsHookEx 44 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4b91f0f341a55ab2e50baa375c23b5e534ea901559cce893b3c43dbc0b811e5b_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4b91f0f341a55ab2e50baa375c23b5e534ea901559cce893b3c43dbc0b811e5b_NeikiAnalytics.exe"1⤵
- Modifies visiblity of hidden/system files in Explorer
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\mbfaic.exe"C:\Users\Admin\mbfaic.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\vzyiiw.exe"C:\Users\Admin\vzyiiw.exe"3⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\bbjoag.exe"C:\Users\Admin\bbjoag.exe"4⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\sqcor.exe"C:\Users\Admin\sqcor.exe"5⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\jouegej.exe"C:\Users\Admin\jouegej.exe"6⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\laoaf.exe"C:\Users\Admin\laoaf.exe"7⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\jeone.exe"C:\Users\Admin\jeone.exe"8⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\hdceof.exe"C:\Users\Admin\hdceof.exe"9⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\qouxew.exe"C:\Users\Admin\qouxew.exe"10⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\zxqaeh.exe"C:\Users\Admin\zxqaeh.exe"11⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\datiq.exe"C:\Users\Admin\datiq.exe"12⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\gvkuuc.exe"C:\Users\Admin\gvkuuc.exe"13⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\lhnuac.exe"C:\Users\Admin\lhnuac.exe"14⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\noopeoc.exe"C:\Users\Admin\noopeoc.exe"15⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\gaigip.exe"C:\Users\Admin\gaigip.exe"16⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\yoaurif.exe"C:\Users\Admin\yoaurif.exe"17⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\nxmeox.exe"C:\Users\Admin\nxmeox.exe"18⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\vaoute.exe"C:\Users\Admin\vaoute.exe"19⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\racib.exe"C:\Users\Admin\racib.exe"20⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\puofub.exe"C:\Users\Admin\puofub.exe"21⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\yiiyof.exe"C:\Users\Admin\yiiyof.exe"22⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\veeol.exe"C:\Users\Admin\veeol.exe"23⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\seaxio.exe"C:\Users\Admin\seaxio.exe"24⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\kauoqez.exe"C:\Users\Admin\kauoqez.exe"25⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\kuodae.exe"C:\Users\Admin\kuodae.exe"26⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\qaoeve.exe"C:\Users\Admin\qaoeve.exe"27⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\luosao.exe"C:\Users\Admin\luosao.exe"28⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\koubu.exe"C:\Users\Admin\koubu.exe"29⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\goaabiv.exe"C:\Users\Admin\goaabiv.exe"30⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\kauih.exe"C:\Users\Admin\kauih.exe"31⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\qspuux.exe"C:\Users\Admin\qspuux.exe"32⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\saaoqo.exe"C:\Users\Admin\saaoqo.exe"33⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\geitoi.exe"C:\Users\Admin\geitoi.exe"34⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\hisec.exe"C:\Users\Admin\hisec.exe"35⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\nmlut.exe"C:\Users\Admin\nmlut.exe"36⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\soeopav.exe"C:\Users\Admin\soeopav.exe"37⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\meoada.exe"C:\Users\Admin\meoada.exe"38⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\twkih.exe"C:\Users\Admin\twkih.exe"39⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\mxvooj.exe"C:\Users\Admin\mxvooj.exe"40⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\zaeike.exe"C:\Users\Admin\zaeike.exe"41⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\yiagou.exe"C:\Users\Admin\yiagou.exe"42⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\qoeusof.exe"C:\Users\Admin\qoeusof.exe"43⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\loawao.exe"C:\Users\Admin\loawao.exe"44⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
124KB
MD5943beebad2cf25e47d9daa45f6c79fac
SHA13806d4efe122d014b497f3841c3139d78daf7380
SHA2565b315a9691384780d5708898085c5c63a6f066c0078535675e5adccd39aad00f
SHA512225efec38d9cfedd03526ce3121da47bc73f3e46e539b710bae3914eba1a8cd2da0f59e7d27cd846e04322a92c0d40c301bf861b975fa1213147d3bd03e91999
-
Filesize
124KB
MD51a41f5d1418632d9f13466aeb65c65bc
SHA1a47b138ebeb8bef8f51e7c6c318e242669cc4302
SHA256c3ddba545aaeafa863a82a5b8efa6ea7259a8b7f2e2200399e5efbd390325c1e
SHA5120df69540d159477de5291c52082b426ec1fe6aca322aaf2e883d016ccf99d6d69b1a98e645625452d7a88f39d81082dc355e481245c427458742abb24acbacef
-
Filesize
124KB
MD5122b60b4d5525c901e0d3eb73ae3dd08
SHA1fd2784f29d2d40b91e3016dc3d92b6901dcc4a2d
SHA25610551137a396573dde9343bec67520559002e31b0eb83de549ce310991570723
SHA5125325c638ec77e6f6c3a8506300416f9a5755ced0f2eaa1991fcbec9c791476b0a7c49ff682a6979b4b35c037172bf80f4a695533d13d176d5daaea210bf65cd9
-
Filesize
124KB
MD568a6bb837bfe8d828cea340d861e61f8
SHA1a243c9f6d8ce0ccb12f2e721bb76664f1ca1c744
SHA256dfef210b7ca8b4bf662647228d0a74684585fec4e65b376aacb145e170f324d5
SHA5123740664efacea9e74a1fba9bed98a8e30d18d3dd6f41bd934ed8088a3c58b506a9ba85ee57b7a095a170953f29bc74bcf73c8061fa43151eafcd5a1e60b2c1a6
-
Filesize
124KB
MD5e8ab56a95ae8ed8865418e01c2b3a141
SHA1dc82b20a281887144031bc3545757b1403865f70
SHA256d277357abc31f81e9384b7a066d084d4c4185234242be6e37546f5e79549eb15
SHA512e2340943e0166879db30898677453c184a7ed4164c578f41a7738545946f309ccc9d587c3766ef95a9da48aa2d3fe759676525c3c4963429d0effc09eba0b9a9
-
Filesize
124KB
MD5d9068add7e8743b95bb93ee75755d5d7
SHA1713fac6f7672e58d3378e79a354ce0d36ef7cb29
SHA256bb1c12a67f8c46ef94d3b75ec4c57641ee9f95ba9bbfd8ca1909b670a895e224
SHA512f5a8aa0f1aba72d020da4699bf87a1c821b64b46aafb3df2dd6e2537b572f7387ed97f8fe8c84771794d2e7ec944a2ce99eb95859ca0021c783439c4b0795fdd
-
Filesize
124KB
MD547ee8d36980fd65d31fc2a622120df2a
SHA16537adaf630eadc68f0263a7d52dacf51f0ae058
SHA25601362213791258aa91b50f2b14153284af782ed4c57effb71b593235d40e4571
SHA51239b544ac469efc9498aaf441d2b2e409719dcf6ddeef20227115050aa2e0ce33cf45e89314ff034ca1b86b3dc8cc4d47d21cbfe88960004cf4d9e6d1313fb4b4
-
Filesize
124KB
MD575ab26635d8ea85e0409a7ca9642fc65
SHA113576721cc61d2e3212a780df405c388e2cfde6f
SHA256ab9ab7f0778fa51f3f2f7cf0c820effe42bf4836c3f60d76251a6c02e0b6fa49
SHA5128f2cca910d41a53900ebdf5b9119912147629df10de16788e28232c1bd40412260bea4201468c5417e9fc2a711a45455323eb20de2556ea49917de1e5a89d975
-
Filesize
124KB
MD5d7cbc0bca90fe16c3c7e9116b8d16fe0
SHA12a61734ef58e5e96378119d4cde78b89dc1d60f0
SHA256bc447c01eb5e6a6d9aa2ac88aff7472a234f4127cc4c09a41b8b0dd5eea8cfb5
SHA512deb4c99c908da0f50d598c89f176607e484a1587c624da8974681bc236116a564c87a38258ff567bc30e555a1180db2e364b2736e696c33abc32dfc1cafb266c
-
Filesize
124KB
MD51929f5109c959ee5f8dff8c4cef11182
SHA1933ecef65b6695e49255682e30b22e6267f65887
SHA256068dc6e516b86cf190bc8244b361538b7fb4b778d69699f5a87514ebbb54f6de
SHA512c87ad40f006e637671cce64592b2b849ed12cd8ac449af19f7a17f65f9e70ddef56abf6be05c72ba2721624a837a24acef5008e469de62d58cd912332ce846cc
-
Filesize
124KB
MD5b23c9d1ccdfcf3715d956fcb60021172
SHA1cfa354c8a558830e332be989ee287896b2a44fff
SHA25665150523685552f238a78192cfd7917d1322df73276507300e5edfa49c216f9a
SHA5122e1efda6cc66c9ba61fbee68610f99167a8309f0927b9beeda28677bfa50c80541318769f29b6fc5f4cdd02955494ea0321dec1ea633d226c6b0cfe429f349fe
-
Filesize
124KB
MD5b16f828d20a177a34e6313deafce2a9c
SHA1ee543b6b2c618e770f6e7fd60dd86d1d415b8333
SHA256fa76aecb6391af841be1336e7c8b49921c7fd1434180d0f24883f5ffca34cb7c
SHA51240846e4f20deb447670816fdd71ca5e1fc4374be7d6cd35aede49a66fe96a3c229af979e1ec2331b4df27f175a02748a18cfd31ff6458378488ed56e0b3f9eed
-
Filesize
124KB
MD57e62c99fe9f4d5a86e8217562c307f5a
SHA1ce7027ba67a343d4fcc2f28f55eccaf57ebe3fbc
SHA2564e344aed8e1b10c3786f9a9ca5c6c6c4ec82bcbfe721ed227cc00e1d8c8f2d06
SHA512c210f716072dca7d3f3a43d008c559d8ba4c0777054dbeab3d7d6765b2dc3e511d2c89f69287911a27722bf8442fdece071297061f73257bdae661614d0db63e
-
Filesize
124KB
MD5fc0121ea49e5989fc3059995e93e1919
SHA17907cc4781492f1fa74896f0ac19a4fb2729a9dc
SHA256e1801a70b88bcd75e11cb8cbf2789ff67b949462a16e7bcca7bf852c32353a9f
SHA512dc25ec446de53eb3ac95b702e6e6a1272424bfe4328c695bae55ba2dc529b9378e18aa67ce7429c0a3fe1c4422b4b9da6a0c8aad1baac3efb38be5afd59216a7
-
Filesize
124KB
MD522c629811f475a7bed3fe65620a88a67
SHA1b6c171ea13b53265369eaf4b83723a00bc9e221c
SHA2564b8070b1b13bdc738ea5737d80b934b9df82d3404c03fdbec93c843ddbd24303
SHA5128b668cac25e882e76d4f2b42c214f098f5984469aab91635c7cecb0bae81f746c714213ef64dae530841fc7c55116951c96c261893d3d02b16c0bfc44f01ce2e
-
Filesize
124KB
MD55048202f459a74d5cfe3d8c1c5ea5d7f
SHA16f2e73e0607d0e5576a7cb5da73febbb245d1766
SHA2562726afe62e0780a68d45a071ef64f9f6ea5180cee66b4474f9614e998c5cc0b9
SHA51282388f9c9e35268793775ddefe7bc702eef222d7d3e11999688a719bc3d20cdb7ab00d8a9fd3dbdd7c27af73d4dab2851bba971898ebab877aca6aa9df63167e