Overview
overview
7Static
static
3LayetuFixed.exe
windows10-1703-x64
7$PLUGINSDI...er.dll
windows10-1703-x64
1$PLUGINSDI...ls.dll
windows10-1703-x64
3$PLUGINSDI...em.dll
windows10-1703-x64
3$PLUGINSDI...ll.dll
windows10-1703-x64
3LICENSES.c...m.html
windows10-1703-x64
1LayetuFixed.exe
windows10-1703-x64
7d3dcompiler_47.dll
windows10-1703-x64
1ffmpeg.dll
windows10-1703-x64
1libEGL.dll
windows10-1703-x64
1libGLESv2.dll
windows10-1703-x64
1locales/af.ps1
windows10-1703-x64
3locales/uk.ps1
windows10-1703-x64
3resources/elevate.exe
windows10-1703-x64
1vk_swiftshader.dll
windows10-1703-x64
1vulkan-1.dll
windows10-1703-x64
1$PLUGINSDI...ec.dll
windows10-1703-x64
3$PLUGINSDI...7z.dll
windows10-1703-x64
3$R0/Uninst...ed.exe
windows10-1703-x64
7$PLUGINSDI...ls.dll
windows10-1703-x64
3$PLUGINSDI...em.dll
windows10-1703-x64
3$PLUGINSDI...ll.dll
windows10-1703-x64
3$PLUGINSDI...ec.dll
windows10-1703-x64
3Analysis
-
max time kernel
123s -
max time network
136s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
27/05/2024, 04:22
Static task
static1
Behavioral task
behavioral1
Sample
LayetuFixed.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral2
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral6
Sample
LICENSES.chromium.html
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral7
Sample
LayetuFixed.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral8
Sample
d3dcompiler_47.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral9
Sample
ffmpeg.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral10
Sample
libEGL.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral11
Sample
libGLESv2.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral12
Sample
locales/af.ps1
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral13
Sample
locales/uk.ps1
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral14
Sample
resources/elevate.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral15
Sample
vk_swiftshader.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral16
Sample
vulkan-1.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral17
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral18
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral19
Sample
$R0/Uninstall LayetuFixed.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral20
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral21
Sample
$PLUGINSDIR/System.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral22
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral23
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10-20240404-en
windows10-1703-x64
General
-
Target
LICENSES.chromium.html
-
Size
7.9MB
-
MD5
312446edf757f7e92aad311f625cef2a
-
SHA1
91102d30d5abcfa7b6ec732e3682fb9c77279ba3
-
SHA256
c2656201ac86438d062673771e33e44d6d5e97670c3160e0de1cb0bd5fbbae9b
-
SHA512
dce01f2448a49a0e6f08bbde6570f76a87dcc81179bb51d5e2642ad033ee81ae3996800363826a65485ab79085572bbace51409ae7102ed1a12df65018676333
-
SSDEEP
24576:dbTy6TU675kfWScRQfJw91SmfJB6i6e6R626X8HHdE/pG6:tygpj
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133612576371082071" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4160 chrome.exe 4160 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4160 chrome.exe 4160 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe Token: SeShutdownPrivilege 4160 chrome.exe Token: SeCreatePagefilePrivilege 4160 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe 4160 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4160 wrote to memory of 3068 4160 chrome.exe 72 PID 4160 wrote to memory of 3068 4160 chrome.exe 72 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 4652 4160 chrome.exe 74 PID 4160 wrote to memory of 3648 4160 chrome.exe 75 PID 4160 wrote to memory of 3648 4160 chrome.exe 75 PID 4160 wrote to memory of 4824 4160 chrome.exe 76 PID 4160 wrote to memory of 4824 4160 chrome.exe 76 PID 4160 wrote to memory of 4824 4160 chrome.exe 76 PID 4160 wrote to memory of 4824 4160 chrome.exe 76 PID 4160 wrote to memory of 4824 4160 chrome.exe 76 PID 4160 wrote to memory of 4824 4160 chrome.exe 76 PID 4160 wrote to memory of 4824 4160 chrome.exe 76 PID 4160 wrote to memory of 4824 4160 chrome.exe 76 PID 4160 wrote to memory of 4824 4160 chrome.exe 76 PID 4160 wrote to memory of 4824 4160 chrome.exe 76 PID 4160 wrote to memory of 4824 4160 chrome.exe 76 PID 4160 wrote to memory of 4824 4160 chrome.exe 76 PID 4160 wrote to memory of 4824 4160 chrome.exe 76 PID 4160 wrote to memory of 4824 4160 chrome.exe 76 PID 4160 wrote to memory of 4824 4160 chrome.exe 76 PID 4160 wrote to memory of 4824 4160 chrome.exe 76 PID 4160 wrote to memory of 4824 4160 chrome.exe 76 PID 4160 wrote to memory of 4824 4160 chrome.exe 76 PID 4160 wrote to memory of 4824 4160 chrome.exe 76 PID 4160 wrote to memory of 4824 4160 chrome.exe 76 PID 4160 wrote to memory of 4824 4160 chrome.exe 76 PID 4160 wrote to memory of 4824 4160 chrome.exe 76
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4160 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8d2959758,0x7ff8d2959768,0x7ff8d29597782⤵PID:3068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1844,i,2006807088819852820,2536236817835019954,131072 /prefetch:22⤵PID:4652
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1844,i,2006807088819852820,2536236817835019954,131072 /prefetch:82⤵PID:3648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2052 --field-trial-handle=1844,i,2006807088819852820,2536236817835019954,131072 /prefetch:82⤵PID:4824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1844,i,2006807088819852820,2536236817835019954,131072 /prefetch:12⤵PID:4220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1844,i,2006807088819852820,2536236817835019954,131072 /prefetch:12⤵PID:1692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1844,i,2006807088819852820,2536236817835019954,131072 /prefetch:82⤵PID:1644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 --field-trial-handle=1844,i,2006807088819852820,2536236817835019954,131072 /prefetch:82⤵PID:1048
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3364
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\850b9c36-bc30-4eb3-9bc2-6d17f659b0b5.tmp
Filesize5KB
MD5770819b7c002ed42653865644ef4fd9a
SHA1ee6eb69f95837def81e79b6cd25e28dd0dcd8eb4
SHA256a616048343605522f8ab711511e603741ce0821ede848933d68495dcf59755d8
SHA5122d8a3b226f2859a8317e75528c7040d352229b4d059ac067f116cf656dd0e7dbdc14f7d0486a78b866be06796eb46de2537863818a62190825d4867ea797153f
-
Filesize
5KB
MD5f1b0e59a77aa85e7e57c1e3c4a5850a5
SHA1cd5836e219cb39906432e6db049da1306ba54a7e
SHA256392354d73a1d442907403c0d220c12be362da2d3ee88ca7182a7ca52c642fc0f
SHA512b94784d2667a94d54e5d7d2f1abeb4301b6c884eef58c71e7d135db588c3a163c638f7a807004d7d4dca52490402488c3425a180ec6d96b5d263f5c1255bec6c
-
Filesize
5KB
MD5eae3a47f8083974cea1baf959a04a59c
SHA17821bfbac0e1ca4d23e5d23c44f31e8124df6aba
SHA256974162394dfce0c09d815e2499057820ced43e8eaaf53a85a15272ffb1fee44f
SHA512e6fcc08def70c9387556a91f49e69b80adcc3f6f203ec7f6b7e4890ab0ec878f08e1ceca91990a6100b152ea015c3b5adc5cafe60621153ccac41063930327e3
-
Filesize
5KB
MD50a311457068cf191cd7d53b84fa7aa9a
SHA19c3d880efb618aa2064d917ff625ca32000ca8e5
SHA2564045f1301c99c69d3bb6a9458db59af9af951f6b32e132cd08576cd3ff5b457f
SHA5126e7d6274644096c019e80b93c47d951d342268264d1a3fb67b08216a55624b6a672d4d1829a9ad9e0d7ea6eb35b197c5bb72a5076cfe413c03a8f2660b313ca1
-
Filesize
136KB
MD5546955e9bd4eb7ef11419f2edd5626e4
SHA1e2b2cf055f28620f9c5636fa30a25d67a58088e9
SHA256b1fe99723fa59cfad6b78946696c5a440da21ac8a818ec2ad695dfc74520dd3e
SHA5120f746d9804c36a1ec32c5693210780e9d063230865aff4509227bbcc0da70f787bc24d824bd080f258c9cf0ffe2d31a1d1d2bdfebe450b783b24f7040a5567db