Overview
overview
4Static
static
1URLScan
urlscan
1https://crypto-o.cli...
windows10-1703-x64
1https://crypto-o.cli...
windows7-x64
1https://crypto-o.cli...
windows10-2004-x64
1https://crypto-o.cli...
windows11-21h2-x64
1https://crypto-o.cli...
android-10-x64
1https://crypto-o.cli...
android-11-x64
1https://crypto-o.cli...
android-13-x64
1https://crypto-o.cli...
android-9-x86
1https://crypto-o.cli...
macos-10.15-amd64
https://crypto-o.cli...
debian-12-armhf
https://crypto-o.cli...
debian-12-mipsel
https://crypto-o.cli...
debian-9-armhf
https://crypto-o.cli...
debian-9-mips
https://crypto-o.cli...
debian-9-mipsel
https://crypto-o.cli...
ubuntu-18.04-amd64
3https://crypto-o.cli...
ubuntu-20.04-amd64
4https://crypto-o.cli...
ubuntu-22.04-amd64
1https://crypto-o.cli...
ubuntu-24.04-amd64
1Analysis
-
max time kernel
1199s -
max time network
1179s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
23-06-2024 16:48
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://crypto-o.click/K1XP8K
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
https://crypto-o.click/K1XP8K
Resource
win7-20240419-en
Behavioral task
behavioral3
Sample
https://crypto-o.click/K1XP8K
Resource
win10v2004-20240611-en
Behavioral task
behavioral4
Sample
https://crypto-o.click/K1XP8K
Resource
win11-20240611-en
Behavioral task
behavioral5
Sample
https://crypto-o.click/K1XP8K
Resource
android-x64-20240611.1-en
Behavioral task
behavioral6
Sample
https://crypto-o.click/K1XP8K
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral7
Sample
https://crypto-o.click/K1XP8K
Resource
android-33-x64-arm64-20240611.1-en
Behavioral task
behavioral8
Sample
https://crypto-o.click/K1XP8K
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral9
Sample
https://crypto-o.click/K1XP8K
Resource
macos-20240611-en
Behavioral task
behavioral10
Sample
https://crypto-o.click/K1XP8K
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral11
Sample
https://crypto-o.click/K1XP8K
Resource
debian12-mipsel-20240418-en
Behavioral task
behavioral12
Sample
https://crypto-o.click/K1XP8K
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral13
Sample
https://crypto-o.click/K1XP8K
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral14
Sample
https://crypto-o.click/K1XP8K
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral15
Sample
https://crypto-o.click/K1XP8K
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral16
Sample
https://crypto-o.click/K1XP8K
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral17
Sample
https://crypto-o.click/K1XP8K
Resource
ubuntu2204-amd64-20240522.1-en
Behavioral task
behavioral18
Sample
https://crypto-o.click/K1XP8K
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
https://crypto-o.click/K1XP8K
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133636349446080123" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 900 chrome.exe 900 chrome.exe 1536 chrome.exe 1536 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
Processes:
chrome.exepid process 900 chrome.exe 900 chrome.exe 900 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe Token: SeShutdownPrivilege 900 chrome.exe Token: SeCreatePagefilePrivilege 900 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
chrome.exepid process 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe 900 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 900 wrote to memory of 3736 900 chrome.exe chrome.exe PID 900 wrote to memory of 3736 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 3728 900 chrome.exe chrome.exe PID 900 wrote to memory of 1528 900 chrome.exe chrome.exe PID 900 wrote to memory of 1528 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe PID 900 wrote to memory of 2476 900 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://crypto-o.click/K1XP8K1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:900 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe2a3bab58,0x7ffe2a3bab68,0x7ffe2a3bab782⤵PID:3736
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1784,i,14876695636711622074,14134218932905097243,131072 /prefetch:22⤵PID:3728
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1784,i,14876695636711622074,14134218932905097243,131072 /prefetch:82⤵PID:1528
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2128 --field-trial-handle=1784,i,14876695636711622074,14134218932905097243,131072 /prefetch:82⤵PID:2476
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1784,i,14876695636711622074,14134218932905097243,131072 /prefetch:12⤵PID:2316
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1784,i,14876695636711622074,14134218932905097243,131072 /prefetch:12⤵PID:652
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4032 --field-trial-handle=1784,i,14876695636711622074,14134218932905097243,131072 /prefetch:12⤵PID:3148
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3144 --field-trial-handle=1784,i,14876695636711622074,14134218932905097243,131072 /prefetch:82⤵PID:4484
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 --field-trial-handle=1784,i,14876695636711622074,14134218932905097243,131072 /prefetch:82⤵PID:2096
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4248 --field-trial-handle=1784,i,14876695636711622074,14134218932905097243,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1536
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:2304
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD533ad79e7adf036af7ce679114938426f
SHA1f0d7ce84f0fbf868f63b6cc575dfc286362f6156
SHA2563cbf27363ad6457b2e36436ab1ad91d13ebc6b0394913a44c0a3de0f46b0f69b
SHA512a45737853cd014112f7ff195e32a7307dfd1646b0cee99347c1b1d7b08ef4cbda696061625ce78107cdef0f836b15621f01163d7dc9fa079883f3be5023ef51e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD5e1a47ea071824b4561099ba8f0e444a2
SHA1f555a520cced29f5948a4607fa529337f90a6ffc
SHA256f0eac747c98d9ac04f18b5f1dbbf2ab0857ccf2cf178660b8bf1e6c74385eb1b
SHA51240515cceb645e15f3f5c76f8e7f605f0c99fc88336b2a296ee898b361f1bdb34c5b37c89ccd1b476e038b3693ef9badc8fda6ef1b2b3fac450e0519e8544f7fa
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD564516f19aefd4baa039e13cfbf87d29d
SHA1b1b1efcbee1c6a878a67cd264d62e8cafb5938b4
SHA25672683a7bb4c46b9a1056d02bd1659f1d0a1ece8029a108630877e0392856027f
SHA512b63ae83a753427d351e5800f3a3df64ff1d01e05ff8dc94fe6b0914ad180580608f6983465b6806738ac32cb2b859e0288680ab572478d9650d375c4408d631f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
138KB
MD5c58ad21e4b1d2cc51c2015b976c00d90
SHA1fc1d9ad7e3917910a67e8d9319e20707a0194c36
SHA256751b71a9c2d971bca3bc534f17b58bbf3f3ec874a1d13243036b5d2e61a1e60b
SHA512ccd6e69889568a4d7794b14cef7ed90baabf941f193ee2818a4ccfe901a8b8e3ae8895854126f43f628c936fd5b7e45e4b73a845af4c0ea221abad2cad3d560b
-
\??\pipe\crashpad_900_YVCSXVAZBTDWTHLDMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e