Overview
overview
7Static
static
30f562ef020...18.exe
windows7-x64
70f562ef020...18.exe
windows10-2004-x64
7$APPDATA/�...÷.lnk
windows7-x64
3$APPDATA/�...÷.lnk
windows10-2004-x64
7$FAVORITES...÷.url
windows7-x64
6$FAVORITES...÷.url
windows10-2004-x64
3$FAVORITES...÷.url
windows7-x64
6$FAVORITES...÷.url
windows10-2004-x64
3$FAVORITES...Ø.url
windows7-x64
6$FAVORITES...Ø.url
windows10-2004-x64
3$FAVORITES...½.url
windows7-x64
6$FAVORITES...½.url
windows10-2004-x64
3$TEMP/A±�...HJ.dll
windows7-x64
1$TEMP/A±�...HJ.dll
windows10-2004-x64
1$TEMP/A±�...Io.dll
windows7-x64
1$TEMP/A±�...Io.dll
windows10-2004-x64
1$TEMP/A±�...Io.sys
windows7-x64
1$TEMP/A±�...Io.sys
windows10-2004-x64
1$TEMP/A±�...er.exe
windows7-x64
1$TEMP/A±�...er.exe
windows10-2004-x64
1$TEMP/A±�...ll.exe
windows7-x64
7$TEMP/A±�...ll.exe
windows10-2004-x64
7C:/Documen...��.lnk
windows7-x64
1C:/Documen...��.lnk
windows10-2004-x64
1C:/Documen...÷.url
windows7-x64
1C:/Documen...÷.url
windows10-2004-x64
1C:/Documen...÷.url
windows7-x64
1C:/Documen...÷.url
windows10-2004-x64
1C:/Documen...Ø.url
windows7-x64
1C:/Documen...Ø.url
windows10-2004-x64
1C:/Documen...½.url
windows7-x64
1C:/Documen...½.url
windows10-2004-x64
1Analysis
-
max time kernel
148s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
25/06/2024, 19:57
Static task
static1
Behavioral task
behavioral1
Sample
0f562ef0200664bc779e2e2569337a14_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
0f562ef0200664bc779e2e2569337a14_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$APPDATA/Æô¶¯ Internet Explorer ä¯ÀÀÆ÷.lnk
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
$APPDATA/Æô¶¯ Internet Explorer ä¯ÀÀÆ÷.lnk
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$FAVORITES/GoogleËÑË÷.url
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$FAVORITES/GoogleËÑË÷.url
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$FAVORITES/°Ù¶ÈËÑË÷.url
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
$FAVORITES/°Ù¶ÈËÑË÷.url
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
$FAVORITES/ÍêÃÀϵͳÏÂÔØ.url
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
$FAVORITES/ÍêÃÀϵͳÏÂÔØ.url
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
$FAVORITES/ÍøÖ·µ¼º½.url
Resource
win7-20240220-en
Behavioral task
behavioral12
Sample
$FAVORITES/ÍøÖ·µ¼º½.url
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
$TEMP/A±äËÙÆ÷/JSHJ.dll
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
$TEMP/A±äËÙÆ÷/JSHJ.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
$TEMP/A±äËÙÆ÷/WinIo.dll
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
$TEMP/A±äËÙÆ÷/WinIo.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
$TEMP/A±äËÙÆ÷/WinIo.sys
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
$TEMP/A±äËÙÆ÷/WinIo.sys
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
$TEMP/A±äËÙÆ÷/aspeeder.exe
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
$TEMP/A±äËÙÆ÷/aspeeder.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
$TEMP/A±äËÙÆ÷/uninstall.exe
Resource
win7-20240611-en
Behavioral task
behavioral22
Sample
$TEMP/A±äËÙÆ÷/uninstall.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
C:/Documents and Settings/Default User/Application Data/Microsoft/Internet Explorer/Quick Launch/�.lnk
Resource
win7-20240611-en
Behavioral task
behavioral24
Sample
C:/Documents and Settings/Default User/Application Data/Microsoft/Internet Explorer/Quick Launch/�.lnk
Resource
win10v2004-20240611-en
Behavioral task
behavioral25
Sample
C:/Documents and Settings/Default User/Favorites/GoogleËÑË÷.url
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
C:/Documents and Settings/Default User/Favorites/GoogleËÑË÷.url
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
C:/Documents and Settings/Default User/Favorites/°Ù¶ÈËÑË÷.url
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
C:/Documents and Settings/Default User/Favorites/°Ù¶ÈËÑË÷.url
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
C:/Documents and Settings/Default User/Favorites/ÍêÃÀϵͳÏÂÔØ.url
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
C:/Documents and Settings/Default User/Favorites/ÍêÃÀϵͳÏÂÔØ.url
Resource
win10v2004-20240611-en
Behavioral task
behavioral31
Sample
C:/Documents and Settings/Default User/Favorites/ÍøÖ·µ¼º½.url
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
C:/Documents and Settings/Default User/Favorites/ÍøÖ·µ¼º½.url
Resource
win10v2004-20240611-en
General
-
Target
$FAVORITES/°Ù¶ÈËÑË÷.url
-
Size
216B
-
MD5
ea47d4327c78dd3003c5a68d2584ab95
-
SHA1
33b81f6611537bcf0ecae9472a14ec9a3c0ef584
-
SHA256
9fc516a75a7c24580bdebe99fa106b37173ecd25f5ff8060db9fe03cdba64f53
-
SHA512
f77fd30a2c8529ab6ffbf037a3f7a9a4c5e6c6bf9c161fb532786108bd34a8ff85b22b277036a05ac97b4d6dde3d23cee0eebaa457980442a469c25d06e06542
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2372 msedge.exe 2372 msedge.exe 2728 msedge.exe 2728 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe 3564 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2728 msedge.exe 2728 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe 2728 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2856 wrote to memory of 2728 2856 rundll32.exe 83 PID 2856 wrote to memory of 2728 2856 rundll32.exe 83 PID 2728 wrote to memory of 1364 2728 msedge.exe 85 PID 2728 wrote to memory of 1364 2728 msedge.exe 85 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 644 2728 msedge.exe 86 PID 2728 wrote to memory of 2372 2728 msedge.exe 87 PID 2728 wrote to memory of 2372 2728 msedge.exe 87 PID 2728 wrote to memory of 2572 2728 msedge.exe 88 PID 2728 wrote to memory of 2572 2728 msedge.exe 88 PID 2728 wrote to memory of 2572 2728 msedge.exe 88 PID 2728 wrote to memory of 2572 2728 msedge.exe 88 PID 2728 wrote to memory of 2572 2728 msedge.exe 88 PID 2728 wrote to memory of 2572 2728 msedge.exe 88 PID 2728 wrote to memory of 2572 2728 msedge.exe 88 PID 2728 wrote to memory of 2572 2728 msedge.exe 88 PID 2728 wrote to memory of 2572 2728 msedge.exe 88 PID 2728 wrote to memory of 2572 2728 msedge.exe 88 PID 2728 wrote to memory of 2572 2728 msedge.exe 88 PID 2728 wrote to memory of 2572 2728 msedge.exe 88 PID 2728 wrote to memory of 2572 2728 msedge.exe 88 PID 2728 wrote to memory of 2572 2728 msedge.exe 88 PID 2728 wrote to memory of 2572 2728 msedge.exe 88 PID 2728 wrote to memory of 2572 2728 msedge.exe 88 PID 2728 wrote to memory of 2572 2728 msedge.exe 88 PID 2728 wrote to memory of 2572 2728 msedge.exe 88
Processes
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\$FAVORITES\°Ù¶ÈËÑË÷.url1⤵
- Suspicious use of WriteProcessMemory
PID:2856 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.baidu.com/index.php?tn=dh234_pg2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2728 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8330046f8,0x7ff833004708,0x7ff8330047183⤵PID:1364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5086884617407637337,535078857407204510,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:23⤵PID:644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,5086884617407637337,535078857407204510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:2372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,5086884617407637337,535078857407204510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:83⤵PID:2572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5086884617407637337,535078857407204510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:13⤵PID:1616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5086884617407637337,535078857407204510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:13⤵PID:2352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5086884617407637337,535078857407204510,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4984 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:3564
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1488
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3676
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5bfb7efc953834640246eeaa7b8d6a27a
SHA101891c0e39262a6f2579bb798c67135eb265704b
SHA25649489f4c29c1e0b43ac89d9c91e11390fc25f7eb42655e16337f7b82f241a53e
SHA5123aec7bc200b2a26ab11cfd07a449f4a34e297ec50bb9702625e353731130efea43ddf89c6d7b164c185c6a6d1fc321432f6ab74c33069383a455a48ad2d24440
-
Filesize
152B
MD5c5abc082d9d9307e797b7e89a2f755f4
SHA154c442690a8727f1d3453b6452198d3ec4ec13df
SHA256a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c
-
Filesize
152B
MD5b4a74bc775caf3de7fc9cde3c30ce482
SHA1c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA51255578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize408B
MD5ef19a9a81c14285da8b7960e93a956d7
SHA19f1925de2abd853886c02568063012420670043e
SHA2560b940d8915a022992c23a14d91347b49d7fc9cda48b153bfb154cf0174c1f815
SHA5123a89e612fe6bcab8677837e62dd7b2546920393bbb5ecd1e224556e6a8c7d8af6a97137caf0bd3e42d2b70b8d1157da6b124ea70982dd069f34f5265c1522b69
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
184B
MD5e07c35e0086b77ec93f2266861152c7d
SHA197bf1f4bb085ae1dbca944da62895381bcef8835
SHA2564da5337dcfdd9a385475af0bf9c4841fcb75add192013d61e8b6677322cb0c73
SHA5125c788928f59801e39653dc11bbc5f068ad7485c519cc92c490c01d3133c45d494ee327710cd4833e6c11c5795dc77a1689e8936f990a913602c5bf8f6153ce8d
-
Filesize
5KB
MD5ff676d2257e968e889da4c2997d0895b
SHA14a14cd290b279f986088cbedae6b0ba6a12eb853
SHA256b81b26edc68c06f59a3c5eec74b431b84af2c68982202137d745777e4989bd68
SHA512c118ed375e95c39b9cf92a4ce88982dc0048869786b067a9a665d6654132899b254db129a0c37e9654b6e4a19bf364732bc80e0409dc20c154a80c9413218cce
-
Filesize
6KB
MD53ee5168917e19bff2719ffc164d4e208
SHA11b8008a70069c4c740202742e55ca906eb5abf54
SHA256dea28a2af1af5538441c6963e2112ae960c49ad3eb94ed36c76e8b166791d4a7
SHA51227895c560f5aadaabcfd7d60224d58b460ab6195dc9d324da46bd9a1e2a23c115c4a307504953d6269e80d385dd715a10f77ef289a6b0e304146a39cb25492e6