Analysis

  • max time kernel
    125s
  • max time network
    127s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12/06/2024, 15:08

General

  • Target

    Screenshot 2024-05-23 150600.png

  • Size

    13KB

  • MD5

    6f876ae028604bb4a249a6867210a2a9

  • SHA1

    c1267e953c79345137abb10b095c7311ac975309

  • SHA256

    a39a47b8af14e487c4569745ee567714543a906e398f6c399d6e90f95ae2fd9f

  • SHA512

    64fb3e33763c5e2f81ec3fffd4dcdff977f7e84ea5fa37221ec2fa9c5c750807d4cca9de1275668bf13597e071399993e9222d952cd7feefe8edacbb87b688c4

  • SSDEEP

    192:jMKVzc1hb+m0eFmLBlklkAKlFEUF2x6bWLh3ZE75wZKD6GkGuxntHDQLcH+6KniA:IKcL+8FmFGlvBx6bEdZYwmBPOSEYl

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 17 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 31 IoCs
  • Suspicious use of SendNotifyMessage 15 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-05-23 150600.png"
    1⤵
      PID:2720
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:236
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2380
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2380.0.135712598\92976449" -parentBuildID 20230214051806 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e45501c-c4e3-4bd4-b121-a4ed359b848b} 2380 "\\.\pipe\gecko-crash-server-pipe.2380" 1848 1af0e10a058 gpu
          3⤵
            PID:4128
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2380.1.924894941\594771187" -parentBuildID 20230214051806 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {395e7317-24a7-4fe1-8615-e5fbba0ad1f5} 2380 "\\.\pipe\gecko-crash-server-pipe.2380" 2372 1af01385658 socket
            3⤵
            • Checks processor information in registry
            PID:4028
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2380.2.792689539\1881108692" -childID 1 -isForBrowser -prefsHandle 2832 -prefMapHandle 3056 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5aa6402-9b09-4dd2-8679-fc3713448e00} 2380 "\\.\pipe\gecko-crash-server-pipe.2380" 3120 1af109d9858 tab
            3⤵
              PID:4152
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2380.3.1541400480\408503307" -childID 2 -isForBrowser -prefsHandle 3392 -prefMapHandle 3240 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {328b4239-bc05-422d-900f-511556282fd4} 2380 "\\.\pipe\gecko-crash-server-pipe.2380" 3228 1af127e1058 tab
              3⤵
                PID:1724
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2380.4.1169559926\145756084" -childID 3 -isForBrowser -prefsHandle 4992 -prefMapHandle 5036 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cbe7342-aa83-43f4-8bd2-b584668f7499} 2380 "\\.\pipe\gecko-crash-server-pipe.2380" 5032 1af15c60858 tab
                3⤵
                  PID:3024
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2380.5.1008742324\1975777336" -childID 4 -isForBrowser -prefsHandle 5180 -prefMapHandle 5184 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {808b75a3-9f03-4e1a-900a-48435e95571b} 2380 "\\.\pipe\gecko-crash-server-pipe.2380" 5168 1af1550da58 tab
                  3⤵
                    PID:3112
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2380.6.1080181801\1174597921" -childID 5 -isForBrowser -prefsHandle 5456 -prefMapHandle 5452 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1324 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44fbd1e8-0fbd-4bd6-a499-a55d3b5f2801} 2380 "\\.\pipe\gecko-crash-server-pipe.2380" 5372 1af1550f558 tab
                    3⤵
                      PID:784
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe"
                  1⤵
                  • Enumerates system info in registry
                  • Modifies data under HKEY_USERS
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SendNotifyMessage
                  PID:684
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffa635ab58,0x7fffa635ab68,0x7fffa635ab78
                    2⤵
                      PID:2204
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1748,i,4875093053405332426,8331843734736542425,131072 /prefetch:2
                      2⤵
                        PID:1992
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1676 --field-trial-handle=1748,i,4875093053405332426,8331843734736542425,131072 /prefetch:8
                        2⤵
                          PID:1112
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1748,i,4875093053405332426,8331843734736542425,131072 /prefetch:8
                          2⤵
                            PID:4824
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1748,i,4875093053405332426,8331843734736542425,131072 /prefetch:1
                            2⤵
                              PID:236
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1748,i,4875093053405332426,8331843734736542425,131072 /prefetch:1
                              2⤵
                                PID:1952
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4256 --field-trial-handle=1748,i,4875093053405332426,8331843734736542425,131072 /prefetch:1
                                2⤵
                                  PID:3548
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1748,i,4875093053405332426,8331843734736542425,131072 /prefetch:8
                                  2⤵
                                    PID:2472
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1748,i,4875093053405332426,8331843734736542425,131072 /prefetch:8
                                    2⤵
                                      PID:3560
                                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
                                      "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
                                      2⤵
                                        PID:4896
                                        • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
                                          "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff7bb60ae48,0x7ff7bb60ae58,0x7ff7bb60ae68
                                          3⤵
                                            PID:900
                                        • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
                                          "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
                                          2⤵
                                            PID:72
                                            • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
                                              "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff7bb60ae48,0x7ff7bb60ae58,0x7ff7bb60ae68
                                              3⤵
                                                PID:2436
                                          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                            "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                            1⤵
                                              PID:4060
                                            • C:\Windows\system32\svchost.exe
                                              C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                              1⤵
                                                PID:460
                                              • C:\Windows\System32\oobe\UserOOBEBroker.exe
                                                C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
                                                1⤵
                                                • Drops file in Windows directory
                                                PID:3136
                                              • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
                                                C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
                                                1⤵
                                                  PID:2880
                                                • C:\Windows\system32\SystemSettingsAdminFlows.exe
                                                  "C:\Windows\system32\SystemSettingsAdminFlows.exe" TroubleshootActivation
                                                  1⤵
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:2900
                                                • C:\Windows\system32\LogonUI.exe
                                                  "LogonUI.exe" /flags:0x4 /state0:0xa3a2b855 /state1:0x41c64e6d
                                                  1⤵
                                                  • Modifies data under HKEY_USERS
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:1948

                                                Network

                                                MITRE ATT&CK Enterprise v15

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                  Filesize

                                                  811B

                                                  MD5

                                                  1b9058fc700543c9b6b36a184614a488

                                                  SHA1

                                                  ac8d47f0639a3c4c8afd1ef95ed44ff1ea693d2c

                                                  SHA256

                                                  6c8363b28b89a27c73c90debc7ab8a95aaeef3def12307376e3cb829f5a69a89

                                                  SHA512

                                                  24fb3466d3252757ca00fd9fc3d75503c29d6339273cf898767dac6a98309a4a786d1eee558c5691f0ae013d4487968a01ef825cca2ea0fb3f81d034cb267ef0

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                  Filesize

                                                  2B

                                                  MD5

                                                  d751713988987e9331980363e24189ce

                                                  SHA1

                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                  SHA256

                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                  SHA512

                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                  Filesize

                                                  7KB

                                                  MD5

                                                  9f6c6da6af4f5b97216d22d9ca836bd9

                                                  SHA1

                                                  a53884394d5c8329e8be3e06bc47f0231593e1b7

                                                  SHA256

                                                  f65103393bef9d5b52a84926d36867db84d37cb4312793ce21f87b6631a939e2

                                                  SHA512

                                                  bfa01236358f6175eadf0d58e9c8db47683bddde8101192b779a9f3cce73e1d641d1f9fb7bbaf8e74bb6848530962fab96f4082fa236f3fa8b01ff26c5b386da

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                  Filesize

                                                  129KB

                                                  MD5

                                                  98752827e2792bccf4a3432860d69325

                                                  SHA1

                                                  80f0be09abb888bcdf987b6c9a8a2b8bd6042368

                                                  SHA256

                                                  5b44501b17bc71ecb157a5c4da921da01c48c378c40465120973613d9b92b85a

                                                  SHA512

                                                  188725eec10131645669ac6012fbc8d2e3aab635e16265c5303ced13779fd9c82fdbcba65fe9bac289ebbaa935ffd97038d8a7889e945ffb3fe749490eff1fcc

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                  Filesize

                                                  129KB

                                                  MD5

                                                  1818d3f700a48d014da1ae9b864f543c

                                                  SHA1

                                                  ce69a0a97e27df8ca39a365066bee0690faab809

                                                  SHA256

                                                  4efafd0631858f7ffea76cb48ebde651f8250581edffa49e659eb55f7c5c4686

                                                  SHA512

                                                  784592eb681fd5f5afebb251bd9e94bd67b16a530c445bad0aaf8a140998f0419a945a910c4de3be6665d2c6f6b5e3f95281d7b74edd7e3e0486d50871f132bc

                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                                  Filesize

                                                  264KB

                                                  MD5

                                                  70fc493dcf843725209b61bf01e07af5

                                                  SHA1

                                                  961627e8f37dc0aef4f3fe24bdfd43dc646d9c16

                                                  SHA256

                                                  b3cb926c09cbdf3f66e27be813d9dfe1fb0423ae0123c571397d7c624531faf7

                                                  SHA512

                                                  38c0d1a082bc1bc95b0cc832b7d46fe969749d282c0d3fae37f8a228d9b409d41b8bfd54c1454e5bc119139e6adb530e7e4a09474991f1d64756bc1a8e4fbeb2

                                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\activity-stream.discovery_stream.json.tmp

                                                  Filesize

                                                  24KB

                                                  MD5

                                                  77810453b5fe125233fca152d0d1588f

                                                  SHA1

                                                  2be58e763c81c307e5bc394cd55c686572cef5ac

                                                  SHA256

                                                  38288bf640660835906f2c67b17a986ea942381095231baeba40338b8fa2efc3

                                                  SHA512

                                                  18bce601a1843fc0b8fb1fe4b0c329f1b7ce1a18534e6b772042dd73bd3808a00225041ea5d466e80bb63413187ad0dade29fadf7647044ff45d7e49cb5654b3

                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\prefs-1.js

                                                  Filesize

                                                  7KB

                                                  MD5

                                                  70d598b108e8116abb1f3bef6dd2bf80

                                                  SHA1

                                                  b7ba3d2a708c40292cf08ec707e8f23b8d59fdeb

                                                  SHA256

                                                  93419f2c8f8f417b11a89eb68ffa3e47bb8ee2d30cfcd645ce88eebf8b25ba9f

                                                  SHA512

                                                  9df068cc4bba7467680830dc83beb34249e8c7ea5017b3b12809302d7c60ffdf3fcdaa0b42023af91f206711daa3588310d759a98892b46ff0ed875b33464dd1

                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\prefs.js

                                                  Filesize

                                                  6KB

                                                  MD5

                                                  ca738e6bc32e2d63ac5506aaaacf5705

                                                  SHA1

                                                  de2cb641c2729ba639f919a71454c0977e5c1c65

                                                  SHA256

                                                  2bed469b5bc3997b8738edde82e795705386a182d4ed989984e879c9e7978341

                                                  SHA512

                                                  b8d836403277305dbe8b5266a27fcfd904c8fd93e0081dd79b23711da71be870dc74180d0d6ca3def188c3099a39bc01263fdfcceba86cd43d677392d7879727

                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r6lt1pc6.default-release\sessionstore.jsonlz4

                                                  Filesize

                                                  902B

                                                  MD5

                                                  32ecbaff4214a32be780dd4548fc8d4f

                                                  SHA1

                                                  c60bf5b140eb10ab6d656e291ec7e57c35c8d620

                                                  SHA256

                                                  ce399522babc574c2faa3b43f8f7eea5243799182dc4f5208c5ee56c4e3d0d7c

                                                  SHA512

                                                  5865d49ece49188eeaa674619f0ea2dc3d8592fcf167f0889b9732c0c5c6ecfc5c2789ff1d18ddb5489db9b887bf486e9633030520cbfb146e47a7c379bcba4d

                                                • C:\Windows\TEMP\Crashpad\settings.dat

                                                  Filesize

                                                  40B

                                                  MD5

                                                  7e334f6f67d39e6ade57ec0134e6eb22

                                                  SHA1

                                                  050069e127ad538fedc51bdf283401860428d04c

                                                  SHA256

                                                  6049d57289a1b5a8244285241bc90efdb6ce8d673ae85ab4f7f4b7f958f541ca

                                                  SHA512

                                                  23fac90144f96e227f8a1dd73b9b40752c14a7babda282c2a33cd66d13fc9e29a60e693201a0b3bb7599cba13feb9424714b9aa8d81da2eca3b10c64e3e3c691