Analysis
-
max time kernel
141s -
max time network
139s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
-
submitted
24/06/2024, 10:59
General
-
Target
https://htbkcomputer.com/huong-dan-tai-va-cai-dat-bandicam/
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 48 IoCs
-
Suspicious use of SendNotifyMessage 47 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://htbkcomputer.com/huong-dan-tai-va-cai-dat-bandicam/"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://htbkcomputer.com/huong-dan-tai-va-cai-dat-bandicam/2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.0.1872925956\2049603779" -parentBuildID 20230214051806 -prefsHandle 1812 -prefMapHandle 1804 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09b99b87-d219-41fc-86de-0262e9296988} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 1892 251aad0ca58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.1.1468632216\1571191746" -parentBuildID 20230214051806 -prefsHandle 2420 -prefMapHandle 2408 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0ae80f8-cced-4140-ad14-2ff5272784cd} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 2436 2519ed89f58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.2.1317593163\1404340460" -childID 1 -isForBrowser -prefsHandle 1664 -prefMapHandle 2876 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff3f7c5a-6949-4a50-b0f3-e355d71ad595} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 2968 251ae943558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.3.2060971813\418992100" -childID 2 -isForBrowser -prefsHandle 3496 -prefMapHandle 3536 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2924bb2f-64a0-4fa3-ad81-ffa1327846d4} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 3604 251b173e658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.4.118997919\210851578" -childID 3 -isForBrowser -prefsHandle 5216 -prefMapHandle 5212 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0ceee37-2f34-469c-bd75-84cf4dbf0c87} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 5224 251add1b058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.5.1026482348\1771655910" -childID 4 -isForBrowser -prefsHandle 5452 -prefMapHandle 5448 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f03f4ec-9225-4a0f-a6fe-36cbea3ef57d} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 5460 251b38d5458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.6.599635736\1565636759" -childID 5 -isForBrowser -prefsHandle 5664 -prefMapHandle 5668 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {377a7626-e9ae-4116-8c4b-70321e02ca76} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 5656 251b38d6c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.7.75375717\2000782592" -childID 6 -isForBrowser -prefsHandle 5828 -prefMapHandle 5844 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c14c1040-10e3-4e25-a88a-78e65eb1acc0} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 5820 251b509ce58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.8.1794211590\1093948582" -childID 7 -isForBrowser -prefsHandle 6244 -prefMapHandle 6252 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d131de91-9cf1-4ca6-bf9a-aadc89c3bde0} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 6232 251b509f858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.9.1167633948\1349167408" -childID 8 -isForBrowser -prefsHandle 6420 -prefMapHandle 6424 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c99a5cf3-8183-4558-b62c-4baaaaa7400f} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 6412 251b509ef58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.10.1262164948\1700604731" -parentBuildID 20230214051806 -prefsHandle 10612 -prefMapHandle 10620 -prefsLen 27695 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e0ea59e-4832-4378-a845-cab2c9e9409c} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 10600 251b53d1958 rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.11.640913350\2107246842" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 10588 -prefMapHandle 10592 -prefsLen 27695 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2984b1e-dc1c-4994-a151-8805246fb6cb} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 10560 251b53d0a58 utility3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.12.119644744\1191240608" -childID 9 -isForBrowser -prefsHandle 10212 -prefMapHandle 10216 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {172f2a7c-b8b3-4b51-b18c-6153d942a92d} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 10200 251b5755c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.13.30571919\1149247422" -childID 10 -isForBrowser -prefsHandle 10080 -prefMapHandle 10036 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3aae5a70-d89e-47f8-b161-ff7827619e99} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 10172 251b5a79c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.14.1653254179\95162392" -childID 11 -isForBrowser -prefsHandle 5948 -prefMapHandle 6700 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a296c851-6c62-4073-9855-aa85eea69c76} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 6016 251b561d858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.15.1020662156\1615249225" -childID 12 -isForBrowser -prefsHandle 5456 -prefMapHandle 5652 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ee7f749-61c1-4d79-ac8b-90004f48bb50} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 6664 251b561e758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.16.156445985\344929428" -childID 13 -isForBrowser -prefsHandle 5248 -prefMapHandle 5328 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f1d4150-0675-49dc-9146-18b1602c0ae3} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 5244 251b52e4e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.17.1050094516\1330721318" -childID 14 -isForBrowser -prefsHandle 5372 -prefMapHandle 3788 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ca3e9a9-329d-46db-b6e8-1b6a1ff49a52} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 10300 2519ed77558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.18.1145769104\302467464" -childID 15 -isForBrowser -prefsHandle 5760 -prefMapHandle 6152 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9924c65d-7dcf-4f03-b548-3c49af22a7f5} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 5776 251b5a7a258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.19.908428516\42894380" -childID 16 -isForBrowser -prefsHandle 5776 -prefMapHandle 5760 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {755d6951-604d-47ff-8f15-2504892b3aa5} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 5380 251b605a258 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
29KB
MD54adc4496ccb798993535f8b53dbeda3a
SHA17bfd19061abcbc89ccb26645e26078b991a6fd81
SHA25636cb4ee201168cee5ca115674f4dd24b6b4fc283335ae10e5aca9dfa0ace7049
SHA5128c07d10967f4faf2e415d7557016eb4f852551af53a60c9b426afc1e86b693890e59d413f1e5026cc106cd94d8beb858ca0939d9cf69a075101b4eb6cf4a776c
-
Filesize
16KB
MD55369b29d62496c794c3a9989be85ffee
SHA116f7e5fc62e03854b9e1fa2ac0cb3bb5d406852c
SHA25671a69df7623fd675802e69c576bf50784cf265eb70ad4da5f452aa9dd5249f72
SHA5120c09f5cdb654531e7c396448d989b2b51f7cdd08eba1cc7a0d4c44052cee6e697f2ebb7315c34ca7c911ef943de3e8130496783d0fca65f31468ca88d7f14c43
-
Filesize
21KB
MD5c60456ab529c2c70352df43d92d18cce
SHA1409e4f74259cf44958e54cfeac9e0c03e0654ce8
SHA25602932b19ef67c8ceab8f0b515b8e3aca470f3912cd68808a6e3930003fefcdb0
SHA51291e2d6284b091ebbd77167e45bd3ebe2517c97622bdb88927ffb34b27aca38107e13ce9317731956168754cd8786170126bfaaf16e6eba95e490b98561256a4f
-
Filesize
32KB
MD5f3ad13d267ec7ebfbc71283001ba5a15
SHA136e339be177d28cf942780e6b47a7e3bc0e06b61
SHA25662af4bea31f7f2a12e20f92cd5f386f98bf45159e95ccb9c7e54e77edc151fd9
SHA512b08fad7517b092bdb8a1aaee2362e1ae0e18042106700334a979b1518c117e3e01822e40cbee0f99cd6d5fbd7e477de77fbf54bf9bab51e770063dbaefb074e1
-
Filesize
213KB
MD5afcf25187802e95e39a34d1ed1eb3fb2
SHA168e1086fa1260f0c7246e4eb8520d18c6f65484c
SHA2568f87e22db2e75f398282b2b6b209b3e72028a3991b3e26d319f96fd6bab380c3
SHA512c97eac1746d3c8042e306dfbaa2e94480a39d22c0ae6ce52f9df7ad3bf980b1640edba3f54d46284a267d6d067223e49b4e03ead5f6c39fc881ff7a354804909
-
Filesize
23KB
MD5728c8d6f4bfc04a90123b6782c79e3a8
SHA17d66f3783730051c4a7a0645ee2aec841feab68b
SHA2563d3cc602f636bd0954c64419d29840710c570bf5472228f8dd0b354db848f779
SHA512db363b60f2b5ea03fdf77129e91b2c754baefb0836603757fce3530df5d3457343f4e00a531e7c14119ba15898466d5f9cd1cc31cf8aff109769a0673c9ea2c2
-
Filesize
23KB
MD5504be0190d6babf47b180cd9b160c6ec
SHA13b866088b1228f9af1a9f6eb779d615e48b8dcad
SHA256741fea720769400f48ffb21ab5299f2de2fee9c9ebfb49b9491153fe4ae6b734
SHA512b60676965a4ebf61915f2b52bd9700b9975a6e22a42aaa773040e8865dfd1068da5ee7f4c192188456a92ae7ffee29fa27bfae4ab27f227af54ce7fd073dcdad
-
Filesize
60KB
MD5b47c242bac8ffb8792da79e6331ec20d
SHA1b078fb941fdd8cefb7ca25d452b19cb706034b5e
SHA25665403042e246b740138fb2cb634f2cdeb2f46c26a78bf98a17cf21edb48c2552
SHA512ca678759fb751902b447d6154c6175c92d719e83b45e0a5f7408ec41b5bcacf5c2f81025277d052749f588408f45cf4bc9ce34c1c448f5cc9fdfbb4171b8aea9
-
Filesize
35KB
MD57dbfd46ae9fe622bf76e9e6f21d9cef9
SHA18e55fdcaf60f55f06af6095342e38375c4e5e006
SHA25626f50ecd3169066213386e321bfa11ff062c079e77d8547fcb53bd4e35418b56
SHA512c36a365bd0391f712cf4fa5c6a85bdccf8f33dd1d353a60d4679dcc1943e60276992a92a2ee7e74229b22a8f1ef1f0c8c286880b31dcded852c78e166e598758
-
Filesize
7KB
MD5798f4c9d6c572fc6e395e4098780448d
SHA1f15e98444b38b11d7c868369d8e5d20adb44551c
SHA256024348bd02ff7f3041a7dd1074a36e1a10b61bc6a2fc0abb7161e811e7072421
SHA512b0242cad7ef6e955a0ef169cb6758cc04c66d309d80f6471ca79e902a3af6ca361ba6f002767c91b0e856592211656eecc10c6bcc6a8a26563a6d42d0eb6fa18
-
Filesize
6KB
MD594c80dba0c946ee2090a1724345bec8d
SHA117e667bc9087ba79d970f097fbc18340e9272b9f
SHA256d1915f0a6e6c7e0ef5d028a05c3b00b6202b9428f762b0bebe08c907c864753b
SHA512362974dff29ef66d4c21d096bc099c74aa4cb1a132111354a1f9cb77f5cd0a8f23cb560a7e8d837ec11a98d077269237802c93d3f887cdec11606a60088ace3e
-
Filesize
6KB
MD5167968dbbb48df4d70739c0e05350349
SHA194994a523532681a3a531f39e700ff93d30bbe4c
SHA25690674807330f4d5f821022945b0cb33ddbea726c7b98badfb105bf28945ef297
SHA512736a977f69205503da1c9b4e50f6b059244462edfb5ed9dc6446a65c3b1440428880c34415e813f75637a7f22093dc60dce71b5428b9d0fff7785bf29845726b
-
Filesize
4KB
MD52ccbcc1e67395be97a4397ba027622bb
SHA120db3619b9e913096fe3edecc0126c84492da542
SHA2563e9faa13c634956a6ebfe3f325703899d7210a34e04d3ecf3b6c1bb52e67f56a
SHA51290370360c6bbe382aa49179e473798a17708a07a2ba9b60fc63da7a124a1e5d30a48b5b9b61e78d1fe07aad82192293a83c2794805c371c37dc73e6fae4f2232
-
Filesize
5KB
MD56066fb38177a47f3999e476c7f175204
SHA18f25d2a82383301c3b9e66aa99634470e4ac0d86
SHA2561754b7ed4805677e6b3e4a319458f180dad6b5c69863b3bdd58e858624faaaea
SHA512b73bc73c562576a0058837d9ef1bbfa51932719dd03bc5ba12c4a4772e0fbff436e116d08c266afa1b468498f0365a530958a92dda59b69d91fff67555c09151
-
Filesize
3KB
MD5c2818d4fa10b1f50abb40816ccccc6cd
SHA1e47960f18312b19557a81621bfb9d59d5c0bcc9e
SHA25679a06e946ab926ab7c3bce238a16bf9ca867b7552c979224ce0d830beacfd5a3
SHA5122f4a198f8d132ee3a2c628c4af92919f18126bdb99a9496fdb5c38fee4d386d46b9692f16ed178a410faedde8e699460ae33379f02211376a0f67407add99cf2
-
Filesize
5KB
MD5ebecf885031e1308d94fc9189f1bedac
SHA15453040d9fad6501207e13b0c55b61d0128a21ea
SHA2561038518a150448c45a678ad5f6fbecceabf57e4668529737aec65ff73506ed1f
SHA5122218e9c952aec81d507d91ca694dee7c2b604bde16c195d7059e32f1fbc0e0194f54a3268a9ed86f73cb9b8f66bf24059a26c293491146e18bf74c935e898b03
-
Filesize
5KB
MD5485d72e90d564898f0294cc22130972c
SHA10dcd59aecee74070357cb7206a36a31ab09fa428
SHA256a6cc91502f12bff4bf502576a3f38fb1e2f266e2b49a0b7d8cc8767268b0eadb
SHA5129b1d4110012ffc726610a324ae9f1491187c91379f41b8efc1cdcc42cc49ca301287880d0361ac301e7e5d5372352244adad56e0cfcb9a98c3c5cd2b7991064c
-
Filesize
48KB
MD54da4dcefab1677b5b89d4bdce7e092a5
SHA14e883c596c32ea88d44b989ff81e2911d88547ad
SHA256eea8a8317be24f21520533459ba20aac533a1bd5b20e09ddc9c856197a26dd8f
SHA512d7810abf19dd184792f30d8d83a9b5b1e81fb1ba0b44f834f4b54cf5a999c5c37ce2a8b3765b03699f6f507ab461d3e17ad062b2a94803cb3c113fd1b7e9fef8
-
Filesize
192KB
MD551f0a3fe3bfa6ad9801acc6320a74f55
SHA1e5512dbca910bb145127bc2c083e9acc9ee92239
SHA256330ccf3bfa6ad85d15b7aee5cfdaee8897f68ef7ae841311676859fcd149bb5a
SHA512db135f88a5ceb532081a7501e0d624264aa500beacdad9fe5631b6e5ceb046104110167ba5c2b3394f00802469e3727524f9344141b7429448fc2ec1bfac5985