Analysis Overview
SHA256
379449b8c2d0053cea2aa786cf2ad6e3cd61e67793ac5b68be77358360b0ce42
Threat Level: Known bad
The file ocean.exe was found to be: Known bad.
Malicious Activity Summary
Discordrat family
Discord RAT
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-25 23:04
Signatures
Discordrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-25 23:04
Reported
2024-06-25 23:07
Platform
win7-20240508-en
Max time kernel
122s
Max time network
125s
Command Line
Signatures
Discord RAT
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1252 wrote to memory of 1960 | N/A | C:\Users\Admin\AppData\Local\Temp\ocean.exe | C:\Windows\system32\WerFault.exe |
| PID 1252 wrote to memory of 1960 | N/A | C:\Users\Admin\AppData\Local\Temp\ocean.exe | C:\Windows\system32\WerFault.exe |
| PID 1252 wrote to memory of 1960 | N/A | C:\Users\Admin\AppData\Local\Temp\ocean.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\ocean.exe
"C:\Users\Admin\AppData\Local\Temp\ocean.exe"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1252 -s 596
Network
Files
memory/1252-0-0x000007FEF5693000-0x000007FEF5694000-memory.dmp
memory/1252-1-0x000000013F780000-0x000000013F798000-memory.dmp
memory/1252-2-0x000007FEF5690000-0x000007FEF607C000-memory.dmp
memory/1252-3-0x000007FEF5690000-0x000007FEF607C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-25 23:04
Reported
2024-06-25 23:07
Platform
win10v2004-20240508-en
Max time kernel
116s
Max time network
111s
Command Line
Signatures
Discord RAT
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ocean.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ocean.exe
"C:\Users\Admin\AppData\Local\Temp\ocean.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.136.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
memory/3172-0-0x00007FFFF3A33000-0x00007FFFF3A35000-memory.dmp
memory/3172-1-0x0000025660D30000-0x0000025660D48000-memory.dmp
memory/3172-2-0x000002567B450000-0x000002567B612000-memory.dmp
memory/3172-3-0x00007FFFF3A30000-0x00007FFFF44F1000-memory.dmp
memory/3172-4-0x000002567BC90000-0x000002567C1B8000-memory.dmp
memory/3172-5-0x00007FFFF3A33000-0x00007FFFF3A35000-memory.dmp
memory/3172-6-0x00007FFFF3A30000-0x00007FFFF44F1000-memory.dmp
C:\Users\Admin\Downloads\ResizeSend.temp
| MD5 | 0e5405312bfa935a083d2f1a67d0be7b |
| SHA1 | 50a1a991b64c457da1e41f7c7e033d1209818b52 |
| SHA256 | 1fce0f414c3356003955eef52dcaaaab9479eeca29a3db220f2e43c876b3d0e7 |
| SHA512 | a315fb505d5a7b929a083a81afbf0b7d96d2b2f3cb4301903ba85e173800adcce3210d31552043a51d77aa1bffa6bf0db6df80596c871ae704da12e5457041e9 |
C:\Users\Admin\Downloads\UnpublishOpen.wmf
| MD5 | b540a8f54a6b20244dacf87fbe54c4af |
| SHA1 | 4de447f3a01efe8e48d04356b33216db3ed7e6ab |
| SHA256 | 9900f37f6b0de5532c9efd4be5dc371f1c190668cda6ec7f22b6550168d4dbc7 |
| SHA512 | 4b8132dcfa74aa59a2b83b220f8a3fd15bb57c5bd0dc6fad1caa9d315545726f793ffc852f6676059c2cf415e82be7f3aa4780b2020ae9a1cfac94833fb76501 |
C:\Users\Admin\Downloads\SelectUnpublish.mp4v
| MD5 | 4a80baa27548f74df7c63e6ab5d76840 |
| SHA1 | 076e7be4c27c3c24529fc4ec268b55deccfc6ad7 |
| SHA256 | f859efb0a4c48130826aa7ebf26b9305130b7d3ca0f9c51354e8735ea0ed51e2 |
| SHA512 | 98c348023d97ba26bda5baa3ec468dd8f3dfa6e4069a50aca37cda46647748016fb1063f444ad11b2dc3d43dbb1b2dc83fd33c4cdaf404b1f53d1510a97bc198 |
C:\Users\Admin\Downloads\WriteUse.7z
| MD5 | f576193c727c9d1f92d0d33e216d7d9d |
| SHA1 | f273758d3b879297ee92270d1cfc67cda192f430 |
| SHA256 | 484f1db4b689409d74011720ee7d35dc79887765e4f7e1a0c4c61d89e59a6b40 |
| SHA512 | 920cd618e24909abbce27c72e61b71ed1fcba8a95b7887988603fd916989b56e245b196c4f2c183be11643995bafa315e5d9d9990f6100092c112628e27219b1 |
C:\Users\Admin\Downloads\SendMeasure.bmp
| MD5 | d1fba50411e211181b0ee8ae9ce0f301 |
| SHA1 | cf6d0cfe7592c6963f65191fb1569926eba7bc8a |
| SHA256 | 0d5b4f04dc6d15a7226c1b454a863905f1e71d7046a49362e4e940c3a83637ca |
| SHA512 | f2af5e3b18a96a54dea69e6261646d2b11968d53d67778e4d79fb8dd53f6f377f937815c2622a01781ca31f3777da987c1239dc5a57e5f2de333f07ef32cab27 |
C:\Users\Admin\Downloads\WatchStep.au
| MD5 | 8f91f76ef6ba2825661289eebd902759 |
| SHA1 | 37f4fc9577598c4bd478ae6043d62152ea0580c6 |
| SHA256 | 8ec6d086dbcf03d740f98e97e505c3858a1266c1deb5d1298a23fb6593721df9 |
| SHA512 | 5096cfd384e7e9410a08d9115d1639e6cc9f78c8d01b43a8bad520119404ff1e526d13b75bff50941afda62f7353d871ee6bbde39afce9aace4f53a377a8fb5c |
C:\Users\Admin\Downloads\GrantConvertFrom.jpg
| MD5 | b662e2178699fa20f4b62960dd32d7b5 |
| SHA1 | 16dfd9e0abf20c0281f86bdbb111b3b1a914e6b5 |
| SHA256 | 8f82650d5719837c64b49df4e35cd8458010a3a56c41a289c34aa3efc86e13e7 |
| SHA512 | 6c4881a416a6e40ebf8eb744497e88ea88ca790381f2a10142c3693d2f34efbea17b22cd5037992e4f4736b186005f8261c3263e619be0acfef64219256a0a81 |
C:\Users\Admin\Downloads\ConfirmRedo.jpeg
| MD5 | 9cf1e0d767c4d7d58a75ffb85ce67929 |
| SHA1 | 1ef369b1ebf0d7597deffcdd81caf8593424bb09 |
| SHA256 | 8ffd939a1ab738189c22461da953cbbe060f068a04b4394c98bfab4783974655 |
| SHA512 | 17b96f97029a502a37defdeae60c5fc36661f96498548d8faedef3102af77c34833dd9e83c2322e43331a3cac3496fad044acccab3ab200cf947fb0a86165b36 |
C:\Users\Admin\Downloads\ExpandDeny.ico
| MD5 | 2a8fc76f07b8a379233abf955f3e6395 |
| SHA1 | 285b34d91eb36b1775df0fe371d68117b506e352 |
| SHA256 | 89a09cd2c40fed9e5df0a08f7fe798afbee43fa0ba720a356e16a27245b64ff5 |
| SHA512 | 26fccc66b29d01b61f9e659c5d598eb44fddc05d9c48be8de583bb6bf02360274744fb1e00bfe40d8ef20ec25f11c0a1890451efdc9e29a5ece2582622868e01 |
C:\Users\Admin\Downloads\FindConvertFrom.ogg
| MD5 | baec6f0c830c353ba87efcd734106b6f |
| SHA1 | 365181da5be776a577a725adf82a4f7073c19c93 |
| SHA256 | 77a84bce1cce1a0dcc22671a98f775e73cf5e687b056f17acc1673ebacc464cc |
| SHA512 | 2e5cf170984509d1bc47e36ad444add8806353a315a403e5021cb43ab45cfd534181b33c94fae50b850330444319e1a8e3bfdd1012cd0c2539afc748fcdfa0e6 |
C:\Users\Admin\Downloads\SwitchRename.midi
| MD5 | de620c8ca7d32c2cb2745b18cac185cb |
| SHA1 | 5f6a31e0ed50c68763bb2176db5a854ce5bdf9b4 |
| SHA256 | a95b9e510c8be3a2e37c715c6b37c725992a16509708d904f829fe57669dd079 |
| SHA512 | c21e26e2a313c0693893a4a410ed39539daccce6b4f5e8c7c53fe0a429a0c0fbe1da78d6cf6adb6456392f4d83b4a3deaa497350520ff7e41265ab1d7c972e41 |
C:\Users\Admin\Downloads\SelectStop.tiff
| MD5 | 2f1af528767ec7ec49f75eade80d6f45 |
| SHA1 | 81401d8d22639290a4725534674ccafe1d27c398 |
| SHA256 | a2cc8d2a0b33f1bd0786bb11a6984236ec5f4a0169260110b1efec2ae66d42f2 |
| SHA512 | 1b7b76a4b4a84b40fa461d5691d56c001a70ded96f487c4e2bb03e0bfe062d74345fcad365f1b12daa5402a99cc45e6c42cde03551222a89829ac20495acf31d |
C:\Users\Admin\Downloads\EditShow.vdx
| MD5 | e7a07970fd2a03d56913841fb93d72b2 |
| SHA1 | 2acbe00eb61bb039d466ab72435d41f1ec35cf94 |
| SHA256 | ff6479615198abff76de95ee955e7dc753bed5f73a5e80b88e08d1d78f6deef9 |
| SHA512 | 7882dc20e3c18f46dc91097cc2260be7b292fcfb4c5cbd5242810c3c763b67e17ce6d03ee8d1d9505be470383a9dfe77653d7587b1ed33b28df4095fa46d1d0f |
C:\Users\Admin\Downloads\ResumeResize.ogg
| MD5 | 5f1ae77c7710bfe813fd193c24ba487b |
| SHA1 | 53e5bcc1024c0885a5c77ab0ad12b21aee3246df |
| SHA256 | f3fb95aced9247f157fb7054762dc1b4f74e3c24ac6afed6b431fc9c2211e48e |
| SHA512 | e43378640c66b3adf46719559f075f18521251ae8b40f8ded8b89d4422bb943f06bb9bf929a22d31836d13ebaf8f696c76b37213f66dc31a86aa649be551abf4 |
C:\Users\Admin\Downloads\DisableUnlock.search-ms
| MD5 | a2567f68204691012d47f919eca7231b |
| SHA1 | 008317a8b1f222121d1869bb400ce9873a2dafb1 |
| SHA256 | 92c890bf7cc6d85befafcf5764e8c3afab159bee4ad7372ba3e235e7ea56221c |
| SHA512 | b5c3a34d0e0c0c99956b36594fe8f63c0feb2efd76c54dbc74df2b14224d7b32e3be446fb7d97bf06ea4e5875b92320f4637fed16d239b7aa6442d9cc6834fd1 |
C:\Users\Admin\Downloads\EnterRegister.aiff
| MD5 | a9c6b6cc1558e83169a076f10d3fb23c |
| SHA1 | 9120e25106b9387e32cc70da274f91369a1ef410 |
| SHA256 | 90486abddd3fcfe73a7e369328a6a651cad6ef8eb2cf080c41ce4a5977818bc0 |
| SHA512 | a783a62f24008f3423522dce4d622a78f7f5c374cc4808d24dac07b6068667b94a062782253c1ffd01abb2cc9327bfcc33877daa8416fdc724f97934556f165a |
C:\Users\Admin\Downloads\PingRevoke.xht
| MD5 | cc0c382cf1ff1d42555ad683a6043235 |
| SHA1 | 7e76183680cf6e185f510ceba9ddac4fddf31f7f |
| SHA256 | af53470cde7c5b2fddc1745975f748640fe0905359c8275bf955ca03dd3b5d15 |
| SHA512 | f9044524824fd30a474552916b100fe3d1c29fa7594bf780da22808f575a4c2c41aa9061a3d7af070a0dfd63b7c754322707e76a83e03a8444bb578185383b44 |
C:\Users\Admin\Downloads\SuspendEnter.xml
| MD5 | 8e75c3bf50175de86422c4d832497985 |
| SHA1 | 0c07df3e9ded57568c0454aa56226c0dd36229a3 |
| SHA256 | 574c6a670a4c6272db202c0c3377b062133b93cb53d702c3e20a0871ad0b44d7 |
| SHA512 | 1a7a679af5170dfde46ee40dda6d6700104966837094c3f31abd765fc857c45432882d00a3078b8d411ff1b2ccf346bef8e3250ec3cefd460273facd907b1a0e |
C:\Users\Admin\Downloads\CompressReset.aiff
| MD5 | 7c07c3c0ddca11e4c9c591cd2aa5f2f8 |
| SHA1 | dd271bfaaa139b0d213cae060ed9d51eb378032e |
| SHA256 | 5e02821f0723b14311dc186a2e381b265ae056a14add74be141edfac8788b50e |
| SHA512 | 5e4e77c5d3093e5c3fdc40988f389ff283443d8e6f1555e49101761d63a63df6e0a021e197d6f19bf10cef96804c07c530b06fb51e78a1ba11b6f091a7bcc140 |
C:\Users\Admin\Downloads\UseWait.pdf
| MD5 | 2f7dcaece67efa1edeb799526f1451b9 |
| SHA1 | 8ea48bb44b1158372994ae88b1d96c1d36474c9f |
| SHA256 | 956178ec4f641a08bf6a6f0302bf9e1121cf17698933100fbe79a2299c0e1f33 |
| SHA512 | 47295dcfe6ecef036d7947b18231e6af3b1eb19be92344b9315aca45efe42c6d9ea11a8f14f1c61c38644fd1ab9a85750cedd150e48f2949914be768bcba177e |
C:\Users\Admin\Downloads\CheckpointPop.odt
| MD5 | b5a594374afaeea922948a24687a7f1a |
| SHA1 | e1006083b677ef5066c11c376c0d93f8df71cb13 |
| SHA256 | 8f51589fdd62f678b78c3d17089db8e59d493834fa744b636bf3b4b119dd092a |
| SHA512 | cf4aca5b5eefe52910bf1ac70cf2c4aed4166fb09505492b28cf5340d532ea643f4f326e105c6077db2ce0462ad5ab643080a8c8d322ba69bfa2076b7f3ea23a |
C:\Users\Admin\Downloads\NewLimit.mp4
| MD5 | 52ef658cdc29b769a6ecba56705b0e4a |
| SHA1 | f6311035190e3d02784906ecac169f0de583964f |
| SHA256 | a4b138388f0702933f84a8b3896588dc1474cf96ad08095cbdd937c70c97726b |
| SHA512 | 70c9ee475f4352dd5c9f72ccbd7c875d5fafa8b63ceac35b0ff0c9a1fc59c08969c85c9c4affc49405525371fc3a3639d8f92f394c25207f8e51b4628be79926 |
C:\Users\Admin\Downloads\ConnectConfirm.bat
| MD5 | b458df6696f67f39a859a80df07f16fd |
| SHA1 | ac9ae3007f965e8449239d82be5acf8e0449e355 |
| SHA256 | 18e8f8c78e623f25389ac79f193466fbe9c7b6d4f9cfa378901d2a8013fd6fc3 |
| SHA512 | 86c189ace45f38ace71922640e45d496957e83dc9de7eb4fc4b20489d679933bad096580e678b4792394dcbac15f46c6933e1b75711a7987f894622442180503 |
C:\Users\Admin\Downloads\SaveExpand.rar
| MD5 | 2d415d1d5b0e7fcb4bfdf0ac10f7427c |
| SHA1 | 1f8f2cab0149fbc5e69909e864cff6a14d5d2bb3 |
| SHA256 | 04a41e61049f933f7772164c7b67f381188abd46133a4d4f1f1dc860353acd0b |
| SHA512 | 2a88092dc1272a5cd4b41b3123674f32510d653ce51eed86ec0bd8d82b6315b9e40f0f2d18a54320d59fd6b291fe43c3f3e1365e708def4e10330de48cd85117 |
C:\Users\Admin\Downloads\EnterExport.doc
| MD5 | 9b425aead2bc76fe7873d2b1ca6c27c9 |
| SHA1 | 85a3a2df816a725796fa9880e94e324877506457 |
| SHA256 | 709aa738a9ac92f7375ec195bef0f894b5532d82677bc3adf15fd2d3705d2b36 |
| SHA512 | d973f59eb6bc6128311242dd0b64e743ff02ae0fe2850d0674ea7a3b25a54f8662d390ed98c5500760aea6aee7cf9816bdb5c04b924447bf71debc4f27f19e7c |
C:\Users\Admin\Downloads\UpdateBackup.i64
| MD5 | 457d3d3f954191c8d347867ff1c7e2fb |
| SHA1 | 0e0aafa14d262a243ddd80c3a9240b266e9833a9 |
| SHA256 | 9602409788fadb1effe2c1c973c10e9ca2d5b371d6ef7c4d29e6884e4800c11c |
| SHA512 | 530a3b1697be6bab8faacaf8b8ffc8ab2e7fb5584af673524c97fe60c19d62a8ed286f35973c39e0b01e85c80138b80eda29bb7f460ee4f004df62ed6eccd4f7 |
C:\Users\Admin\Downloads\SkipLimit.mht
| MD5 | 6fc28cf2590fd477f6d643b0eb9deca6 |
| SHA1 | 4152b84dd7996fb823b7978073b4af44dadeb765 |
| SHA256 | 3f0a1a2b0dde922fa2b30881f199d62878e0605528bff0ca0033c2b60c270053 |
| SHA512 | 61e6dea5ac76bdc941765418fc58b403d3f7ec0855e8d1f1ae85307576deda2b6481f9db2b587e8bd759b71d420246121a0278c21070585437660ef6e9c02c34 |
C:\Users\Admin\Downloads\SyncGroup.cr2
| MD5 | f3ed9c3b6859f1a54522687756b4dfaa |
| SHA1 | c191fe27a096a5ee2982860dd101390e395956eb |
| SHA256 | 5aad0ffa8fc342a380f6f2560e6e8eef70b0c39f34c06d1e8513d5d2695bf719 |
| SHA512 | 13dd79970bfb7594460dd9718cce782061287309cee5e8673501572243776e936e3311575b0231b6d580076417546975ed947a013616c40d80fa41c276b305fa |
C:\Users\Admin\Downloads\AssertRepair.temp
| MD5 | 1f1e6d4417e612066e344fb162929b69 |
| SHA1 | 2ed36c00654ce31faca2c34210bd92023238aa2a |
| SHA256 | c641abfedb6622f4b6083e15881d145cad8ddf0bc8749e1fc00951c357b147fc |
| SHA512 | f28c4f678cb163e6b5e391c2cb80cebd91832e4174ff45d259325a0f4782cdc148b0661729ed16843691b456ab955c35052775964bac7806757e160b1410359d |
C:\Users\Admin\Downloads\ConvertGrant.mid
| MD5 | a0d7473fd4b872229af3da75d35f7393 |
| SHA1 | 76bebe603b56f2a383a18ec46ae99517780b2229 |
| SHA256 | bc991cb20f6559c8c392c0e3b677e193e2d6f13c427d74415457c5623a8ad972 |
| SHA512 | 83b4afd89d639857d8602c96f9dd779e264179203e8f3c010761930b2fbf84adf3734b1ed5e15dd2ef04d138e99f1ef1729dd68241f49535deab5487b7669fa3 |
C:\Users\Admin\Downloads\UsePush.mov
| MD5 | 927ce05a07a89650241e0616b9ed108b |
| SHA1 | 4a3eb93b92d7cc3a3a0ef5a6cdab93ab30428f77 |
| SHA256 | 6d56ca30374e5156cbd76a5bfe595051e4375bec3fbdc5380c6a8ebea744f6e7 |
| SHA512 | a1fc932e3b53623aa1750b00cb0447dde6d90d6eced462737ad5d7adb23caf9a767173c0ab35fe746e310d13f16ccf08bc31ffecbde317a9c84edc3ad5825c7f |
C:\Users\Admin\Downloads\UnlockRegister.ppsm
| MD5 | ec7bb81f2bd8940fb484764269669d53 |
| SHA1 | 2f04c0ad7f77d6240430a3b2ea5e1fc1187b89b0 |
| SHA256 | 6328ed811a615c9f9eb28d43c92f40b004be23f1ec0ed3b9c9355b7f785b16ea |
| SHA512 | 8133f9f7b7cb1a7ac8fcd2f2b0d473fe0da6b2ffe275e8eee3b253ede5a02c1cbd131b9564eec0fd106c0f3c24dade4d1498e1d713574b7c09ca735508d27ad0 |
C:\Users\Admin\Downloads\ReadInstall.rm
| MD5 | 270d9304662e5823227e1c6080e66f7c |
| SHA1 | e3d44d0d9f58b971fcfd48de5fd5d4f57ca1ca70 |
| SHA256 | 70094080f8e4aed398f3728147bf02f47ad4b862ef04dd10ea05927b4ef0e816 |
| SHA512 | ba2beb8b20126ba77cabc8895470999aeb7467a624a759d16da6de16fe1a5512379fb11e70a63af2d7ec6f6eb4591e1d44f29cd70d80d8330df22c46fb3f6a84 |
C:\Users\Admin\Downloads\WaitWrite.mp2
| MD5 | 6e0203fa80045edc66f48d3be8b2beaf |
| SHA1 | 09635f92bfac0f0d5ccf25aa142cc8f65d440cc5 |
| SHA256 | 81828934fc8f5ee5a67bda13cda53dfc0fcea0be6121f8dfd99f22fd6dabceb1 |
| SHA512 | f14f7857089f179582ffe99be0c956c4361a6574a3a962178bea762c33bbf55e97de622dcc34df18e0aa7023ec4bf6996ef95653e9ed206dcace1659e1924be1 |
C:\Users\Admin\Downloads\ReadUndo.iso
| MD5 | f1b25a4c36f773982dfc095b254f5a80 |
| SHA1 | cfea74bf69a01eee2a18616472c288c200860344 |
| SHA256 | d526c6ce2d6ca2211d4f881e6b751d5fd95e236db2f3db1a77cb411370a130a9 |
| SHA512 | 6279cf6ed4fa82ce9775aada7a94a1349c3b0b883396220d4aac3866d240d9c3a5360995f3df7a685944aedd23f458e4e059ca6179120642dfee10a24279cd94 |