Analysis
-
max time kernel
149s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 03:18
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://d3g4v0cf6ioz32.cloudfront.net/buenatierra/Escudos/a5fa35d2_b526_4c11_947c_1828ef044eb21.png
Resource
win10v2004-20240508-en
General
-
Target
https://d3g4v0cf6ioz32.cloudfront.net/buenatierra/Escudos/a5fa35d2_b526_4c11_947c_1828ef044eb21.png
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627223208956996" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1740 chrome.exe 1740 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe Token: SeShutdownPrivilege 1360 chrome.exe Token: SeCreatePagefilePrivilege 1360 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe 1360 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1360 wrote to memory of 3096 1360 chrome.exe 82 PID 1360 wrote to memory of 3096 1360 chrome.exe 82 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1800 1360 chrome.exe 85 PID 1360 wrote to memory of 1684 1360 chrome.exe 86 PID 1360 wrote to memory of 1684 1360 chrome.exe 86 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87 PID 1360 wrote to memory of 4824 1360 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://d3g4v0cf6ioz32.cloudfront.net/buenatierra/Escudos/a5fa35d2_b526_4c11_947c_1828ef044eb21.png1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1360 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa05d5ab58,0x7ffa05d5ab68,0x7ffa05d5ab782⤵PID:3096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1892,i,9523093306085651824,13387610174858520024,131072 /prefetch:22⤵PID:1800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1892,i,9523093306085651824,13387610174858520024,131072 /prefetch:82⤵PID:1684
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1892,i,9523093306085651824,13387610174858520024,131072 /prefetch:82⤵PID:4824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1892,i,9523093306085651824,13387610174858520024,131072 /prefetch:12⤵PID:4904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1892,i,9523093306085651824,13387610174858520024,131072 /prefetch:12⤵PID:888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1892,i,9523093306085651824,13387610174858520024,131072 /prefetch:82⤵PID:3448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1892,i,9523093306085651824,13387610174858520024,131072 /prefetch:82⤵PID:1248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5084 --field-trial-handle=1892,i,9523093306085651824,13387610174858520024,131072 /prefetch:12⤵PID:1184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4848 --field-trial-handle=1892,i,9523093306085651824,13387610174858520024,131072 /prefetch:12⤵PID:5108
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1892,i,9523093306085651824,13387610174858520024,131072 /prefetch:82⤵PID:3996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1892,i,9523093306085651824,13387610174858520024,131072 /prefetch:82⤵PID:5020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1892,i,9523093306085651824,13387610174858520024,131072 /prefetch:82⤵PID:1504
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3980 --field-trial-handle=1892,i,9523093306085651824,13387610174858520024,131072 /prefetch:12⤵PID:228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2456 --field-trial-handle=1892,i,9523093306085651824,13387610174858520024,131072 /prefetch:12⤵PID:1696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5104 --field-trial-handle=1892,i,9523093306085651824,13387610174858520024,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5060 --field-trial-handle=1892,i,9523093306085651824,13387610174858520024,131072 /prefetch:12⤵PID:1600
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:3920
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD5819992e046ec6273b504a00bedc9f2e4
SHA1a3df5b53e38c878adfc2a1aadda552c29ce06751
SHA256a287f4a2f86a3241a6e5487e317d29941dbf2248e83e1785e80498c922bc8896
SHA5122d9fbd26b417ddac522c2cfe5fb9a332f8978c8b90b47ebc2eb0471796842af129a1cc07d85793c7f1e8a866e4fb07d59e0815ba1c3f6817743dadb924b3f7df
-
Filesize
257KB
MD51fa2ef4daedc1434d726f4c1903a3e7e
SHA1b09ac9f5a3663423b220b507cd35e8c3ac8fb5e9
SHA25650e4d61e039753c7332f75922d5f1ee2cd33d35669e0cbc8c4ce773d66413577
SHA512023c6c13fe1f6ae1bdfd432076613e21dbd5c1e4bc59a5398a9c1c37fdcf63259c341e25b1b1a0c1b4198c29eec0f61c3077335fde4ebfce47c276deb470e6c0
-
Filesize
257KB
MD56e4c4fce423344f12f4b1b1211bbc1a9
SHA19736146f1df0bf00ef8ce12e3da8be4f1c9d6575
SHA256fcbab6414f607f25076ebc575a9f6b63e1f16fc0650cd86fee3166279487dea1
SHA512a315fde04973d3836df26f7dfa714913d6ab87ccbb58a3dd956a5f4b511099e559ba51d29335a78fbd542220a88b38972e356ba10ae752c3fa3b15761e071e6c
-
Filesize
91KB
MD57869fa52089db08a323597f0e521ddb3
SHA1d00a0a0e38ce4abf73deba8af209cbb578792c36
SHA2562a3428942ab8485f26b192cbe7e0b729102a21e0d5e4b6bc908afeb1bb5bec81
SHA512111e5d285ae2d9aea841508040b622e3200239a69052bcc00576e5b5551a076721c306c46264b9c81a0989e19580e73268474936afd07187c80273e0be68f7c8
-
Filesize
88KB
MD5ef9d730c1a4627bca0f62a96981c4d7d
SHA1ca715935cb5a436331b50d5fa6cfb24f2fdf4879
SHA256dc2df36b335da0568f2d38428e58c25d8d8f9cff976a60dff08eedfffb79ddbf
SHA512622721c424e605b71a55051e8108633b497a0c4af00fb882f619e7f2543cddef140623180772d50b59dd4f67cdf0b229b4064cfb66c560d763e6364be6369097