Analysis
-
max time kernel
77s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06-06-2024 15:52
Behavioral task
behavioral1
Sample
myfirstluagame-worm.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
myfirstluagame-worm.exe
Resource
win10v2004-20240508-en
General
-
Target
myfirstluagame-worm.exe
-
Size
52.0MB
-
MD5
9a2e8cc3dfe894ae84b49faf1a15002d
-
SHA1
1c94a10e67fd65420a90f987e843cb7afd309e8c
-
SHA256
fd1f253b7e560ca0a80e4645be97f6529eb21080d6b68c7ccb34c0855a99648d
-
SHA512
255879db522ba0b7bc3d6f239e1d6546607a485091554e1efac93b450be357d38c03fa7e7161c971d12701c3077a2c47d047c4db49e88bbdc17c583244457149
-
SSDEEP
1572864:sghHQ1MAhRnOPrONJ0Vl41duCE7EHA8VWTTjK3yI:bh8MAhBOycVlau4g8VKv
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
myfirstluagame-worm.exepid process 2072 myfirstluagame-worm.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI20242\python312.dll upx -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 1488 chrome.exe 1488 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe Token: SeShutdownPrivilege 1488 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
Processes:
chrome.exepid process 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
Processes:
chrome.exepid process 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe 1488 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
myfirstluagame-worm.exechrome.exedescription pid process target process PID 2024 wrote to memory of 2072 2024 myfirstluagame-worm.exe myfirstluagame-worm.exe PID 2024 wrote to memory of 2072 2024 myfirstluagame-worm.exe myfirstluagame-worm.exe PID 2024 wrote to memory of 2072 2024 myfirstluagame-worm.exe myfirstluagame-worm.exe PID 1488 wrote to memory of 1612 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 1612 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 1612 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 644 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 1540 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 1540 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 1540 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 1360 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 1360 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 1360 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 1360 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 1360 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 1360 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 1360 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 1360 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 1360 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 1360 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 1360 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 1360 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 1360 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 1360 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 1360 1488 chrome.exe chrome.exe PID 1488 wrote to memory of 1360 1488 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe"C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2024 -
C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe"C:\Users\Admin\AppData\Local\Temp\myfirstluagame-worm.exe"2⤵
- Loads dropped DLL
PID:2072
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1488 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7369758,0x7fef7369768,0x7fef73697782⤵PID:1612
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:22⤵PID:644
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:82⤵PID:1540
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:82⤵PID:1360
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:12⤵PID:2132
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:12⤵PID:540
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1712 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:22⤵PID:1580
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2804 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:12⤵PID:3024
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3452 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:82⤵PID:1936
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3572 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:82⤵PID:2100
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3688 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:82⤵PID:2044
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3804 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:82⤵PID:2556
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 --field-trial-handle=1196,i,13067084568906712591,15635319060246158332,131072 /prefetch:82⤵PID:2648
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:304
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2868
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
1KB
MD520480e3cf8d9dbb301293f156adbf116
SHA1f181dffac98886d88e3ca436d60318953944197e
SHA2569b5fe343f6228316f4f1bbffecbae71b1da833a069382de807c5f7fd992b82f4
SHA5125c32118770114f74b8afdecc8f9742ce10c687004eed6f77e8e4208f5af5808313ed2fde36e3aba26490b75cd2e8fa80b62e925cf4a764d7b075a0cff8338c8f
-
Filesize
5KB
MD5967dd602b12036869c84f2d9493733fa
SHA12f33e93b6f38f3b0d5f1ab0bb4cf32cf7f56349c
SHA2564e45e14f6945dc2ad64bb1dd87d314b5423c8cffa5c8c5b584ac5dcaad3a5822
SHA5123062673627e222cb651912f12497332a8f8cba529f8129ef05c760d0dee1d5b342184666142236e2cf2cd9d4ff963ec2ec692e5da6e73a4be1e106df9f298fe8
-
Filesize
5KB
MD514bf5f01b691b7643b6c0290bc50404c
SHA161ec2dea571ab5b9b973193f79ceb183edfdcbc0
SHA2563ed3934a7df5327b66ab38a167b0232a696dcd05e36bf3d6daf898bee0861baf
SHA51238071095461f6eb6f9a9f31bc89d94020c67321363e055c86316398b3f2adb551c5fefcc42a0a41136559c3c3ffae466da0a2c313d45290e67f90f27cf4bb47c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
1.7MB
MD5fb8bedf8440eb432c9f3587b8114abc0
SHA1136bb4dd38a7f6cb3e2613910607131c97674f7c
SHA256cb627a3c89de8e114c95bda70e9e75c73310eb8af6cf3a937b1e3678c8f525b6
SHA512b632235d5f60370efa23f8c50170a8ac569ba3705ec3d515efcad14009e0641649ab0f2139f06868024d929defffffefb352bd2516e8cd084e11557b31e95a63
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e