Analysis Overview
SHA256
222737de3425574c9a8bbf7155f2c74d901a6891b8bac115b867b272e056a9e1
Threat Level: Shows suspicious behavior
The file 222737de3425574c9a8bbf7155f2c74d901a6891b8bac115b867b272e056a9e1 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Loads dropped DLL
Drops file in Program Files directory
Detects Pyinstaller
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Scheduled Task/Job: Scheduled Task
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-26 18:04
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-26 18:04
Reported
2024-06-26 18:06
Platform
win7-20240221-en
Max time kernel
48s
Max time network
16s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\222737de3425574c9a8bbf7155f2c74d901a6891b8bac115b867b272e056a9e1.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2036 wrote to memory of 2668 | N/A | C:\Users\Admin\AppData\Local\Temp\222737de3425574c9a8bbf7155f2c74d901a6891b8bac115b867b272e056a9e1.exe | C:\Users\Admin\AppData\Local\Temp\222737de3425574c9a8bbf7155f2c74d901a6891b8bac115b867b272e056a9e1.exe |
| PID 2036 wrote to memory of 2668 | N/A | C:\Users\Admin\AppData\Local\Temp\222737de3425574c9a8bbf7155f2c74d901a6891b8bac115b867b272e056a9e1.exe | C:\Users\Admin\AppData\Local\Temp\222737de3425574c9a8bbf7155f2c74d901a6891b8bac115b867b272e056a9e1.exe |
| PID 2036 wrote to memory of 2668 | N/A | C:\Users\Admin\AppData\Local\Temp\222737de3425574c9a8bbf7155f2c74d901a6891b8bac115b867b272e056a9e1.exe | C:\Users\Admin\AppData\Local\Temp\222737de3425574c9a8bbf7155f2c74d901a6891b8bac115b867b272e056a9e1.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\222737de3425574c9a8bbf7155f2c74d901a6891b8bac115b867b272e056a9e1.exe
"C:\Users\Admin\AppData\Local\Temp\222737de3425574c9a8bbf7155f2c74d901a6891b8bac115b867b272e056a9e1.exe"
C:\Users\Admin\AppData\Local\Temp\222737de3425574c9a8bbf7155f2c74d901a6891b8bac115b867b272e056a9e1.exe
"C:\Users\Admin\AppData\Local\Temp\222737de3425574c9a8bbf7155f2c74d901a6891b8bac115b867b272e056a9e1.exe"
Network
Files
C:\Users\Admin\AppData\Local\Temp\_MEI20362\python311.dll
| MD5 | 58e01abc9c9b5c885635180ed104fe95 |
| SHA1 | 1c2f7216b125539d63bd111a7aba615c69deb8ba |
| SHA256 | de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837 |
| SHA512 | cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-26 18:04
Reported
2024-06-26 18:06
Platform
win10v2004-20240508-en
Max time kernel
32s
Max time network
33s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Full Browser Manager\1.0.0\bmanager.exe | N/A |
| N/A | N/A | C:\Program Files\Full Browser Manager\1.0.0\bmanager.exe | N/A |
Loads dropped DLL
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Full Browser Manager\1.0.0\bmanager.exe | C:\Users\Admin\AppData\Local\Temp\222737de3425574c9a8bbf7155f2c74d901a6891b8bac115b867b272e056a9e1.exe | N/A |
| File created | C:\Program Files\Full Browser Manager\1.0.0\bmbackup.exe | C:\Program Files\Full Browser Manager\1.0.0\bmanager.exe | N/A |
| File created | C:\Program Files\Full Browser Manager\1.0.0\bmhook.exe | C:\Program Files\Full Browser Manager\1.0.0\bmanager.exe | N/A |
| File created | C:\Program Files\Full Browser Manager\1.0.0\bmlog.exe | C:\Program Files\Full Browser Manager\1.0.0\bmanager.exe | N/A |
| File created | C:\Program Files\Full Browser Manager\1.0.0\bmreader.exe | C:\Program Files\Full Browser Manager\1.0.0\bmanager.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\222737de3425574c9a8bbf7155f2c74d901a6891b8bac115b867b272e056a9e1.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Full Browser Manager\1.0.0\bmanager.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\222737de3425574c9a8bbf7155f2c74d901a6891b8bac115b867b272e056a9e1.exe
"C:\Users\Admin\AppData\Local\Temp\222737de3425574c9a8bbf7155f2c74d901a6891b8bac115b867b272e056a9e1.exe"
C:\Users\Admin\AppData\Local\Temp\222737de3425574c9a8bbf7155f2c74d901a6891b8bac115b867b272e056a9e1.exe
"C:\Users\Admin\AppData\Local\Temp\222737de3425574c9a8bbf7155f2c74d901a6891b8bac115b867b272e056a9e1.exe"
C:\Windows\SYSTEM32\schtasks.exe
schtasks /create /sc onlogon /tn bmanager /tr "'C:\Program Files\Full Browser Manager\1.0.0\bmanager.exe'" /it /rl HIGHEST
C:\Windows\SYSTEM32\schtasks.exe
schtasks /run /tn bmanager
C:\Program Files\Full Browser Manager\1.0.0\bmanager.exe
"C:\Program Files\Full Browser Manager\1.0.0\bmanager.exe"
C:\Program Files\Full Browser Manager\1.0.0\bmanager.exe
"C:\Program Files\Full Browser Manager\1.0.0\bmanager.exe"
C:\Windows\system32\schtasks.exe
schtasks /create /sc onlogon /tn bmbackup /tr "'C:\Program Files\Full Browser Manager\1.0.0\bmbackup.exe'" /it /rl HIGHEST
C:\Windows\system32\schtasks.exe
schtasks /create /sc onlogon /tn bmhook /tr "'C:\Program Files\Full Browser Manager\1.0.0\bmhook.exe'" /it /rl HIGHEST
C:\Windows\system32\schtasks.exe
schtasks /create /sc onlogon /tn bmlog /tr "'C:\Program Files\Full Browser Manager\1.0.0\bmlog.exe'" /it /rl HIGHEST
C:\Windows\system32\schtasks.exe
schtasks /create /sc onlogon /tn bmreader /tr "'C:\Program Files\Full Browser Manager\1.0.0\bmreader.exe'" /it /rl HIGHEST
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | updatebrower.com | udp |
| RU | 45.182.189.109:443 | updatebrower.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.189.182.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mainnode.beonlineboo.com | udp |
| NL | 141.98.9.152:443 | mainnode.beonlineboo.com | tcp |
| NL | 141.98.9.152:443 | mainnode.beonlineboo.com | tcp |
| NL | 141.98.9.152:443 | mainnode.beonlineboo.com | tcp |
| NL | 141.98.9.152:443 | mainnode.beonlineboo.com | tcp |
| US | 8.8.8.8:53 | 152.9.98.141.in-addr.arpa | udp |
| NL | 141.98.9.152:443 | mainnode.beonlineboo.com | tcp |
| NL | 141.98.9.152:443 | mainnode.beonlineboo.com | tcp |
| NL | 141.98.9.152:443 | mainnode.beonlineboo.com | tcp |
| RU | 45.182.189.109:443 | updatebrower.com | tcp |
| RU | 45.182.189.109:443 | updatebrower.com | tcp |
| RU | 45.182.189.109:443 | updatebrower.com | tcp |
| RU | 45.182.189.109:443 | updatebrower.com | tcp |
| NL | 141.98.9.152:443 | mainnode.beonlineboo.com | tcp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI11002\python311.dll
| MD5 | 58e01abc9c9b5c885635180ed104fe95 |
| SHA1 | 1c2f7216b125539d63bd111a7aba615c69deb8ba |
| SHA256 | de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837 |
| SHA512 | cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081 |
C:\Users\Admin\AppData\Local\Temp\_MEI11002\VCRUNTIME140.dll
| MD5 | 49c96cecda5c6c660a107d378fdfc3d4 |
| SHA1 | 00149b7a66723e3f0310f139489fe172f818ca8e |
| SHA256 | 69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc |
| SHA512 | e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d |
C:\Users\Admin\AppData\Local\Temp\_MEI11002\_ctypes.pyd
| MD5 | 6114277c6fc040f68d25ca90e25924cd |
| SHA1 | 028179c77cb3ba29cd8494049421eaa4900ccd0e |
| SHA256 | f07fe92ce85f7786f96a4d59c6ee5c05fe1db63a1889ba40a67e37069639b656 |
| SHA512 | 76e8ebefb9ba4ea8dcab8fce50629946af4f2b3f2f43163f75483cfb0a97968478c8aaef1d6a37be85bfc4c91a859deda6da21d3e753daefe084a203d839353d |
C:\Users\Admin\AppData\Local\Temp\_MEI11002\python3.DLL
| MD5 | 0e105f62fdd1ff4157560fe38512220b |
| SHA1 | 99bd69a94b3dc99fe2c0f7bbbcd05aa0bc8cd45c |
| SHA256 | 803ba8242b409080df166320c05a4402aab6dd30e31c4389871f4b68ca1ad423 |
| SHA512 | 59c0f749ed9c59efdbcd04265b4985b1175fdd825e5a307745531ed2537397e739bc9290fdc3936cfd04f566e28bb76b878f124248b8344cf74f641c6b1101de |
C:\Users\Admin\AppData\Local\Temp\_MEI11002\base_library.zip
| MD5 | 32ede00817b1d74ce945dcd1e8505ad0 |
| SHA1 | 51b5390db339feeed89bffca925896aff49c63fb |
| SHA256 | 4a73d461851b484d213684f0aadf59d537cba6fe7e75497e609d54c9f2ba5d4a |
| SHA512 | a0e070b2ee1347e85f37e9fd589bc8484f206fa9c8f4020de147b815d2041293551e3a14a09a6eb4050cfa1f74843525377e1a99bbdcfb867b61ebddb89f21f7 |
C:\Users\Admin\AppData\Local\Temp\_MEI11002\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI11002\_decimal.pyd
| MD5 | be315973aff9bdeb06629cd90e1a901f |
| SHA1 | 151f98d278e1f1308f2be1788c9f3b950ab88242 |
| SHA256 | 0f9c6cc463611a9b2c692382fe1cdd7a52fea4733ffaf645d433f716f8bbd725 |
| SHA512 | 8ea715438472e9c174dee5ece3c7d9752c31159e2d5796e5229b1df19f87316579352fc3649373db066dc537adf4869198b70b7d4d1d39ac647da2dd7cfc21e8 |
C:\Users\Admin\AppData\Local\Temp\_MEI11002\_uuid.pyd
| MD5 | 4faa479423c54d5be2a103b46ecb4d04 |
| SHA1 | 011f6cdbd3badaa5c969595985a9ad18547dd7ec |
| SHA256 | c2ad3c1b4333bc388b6a22049c89008505c434b1b85bff0823b19ef0cf48065a |
| SHA512 | 92d35824c30667af606bba883bf6e275f2a8b5cbfea2e84a77e256d122b91b3ee7e84d9f4e2a4946e903a11293af9648a45e8cfbe247cbdc3bcdea92eb5349c6 |
C:\Users\Admin\AppData\Local\Temp\_MEI11002\_socket.pyd
| MD5 | 64a6c475f59e5c57b3f4dd935f429f09 |
| SHA1 | ca2e0719dc32f22163ae0e7b53b2caadb0b9d023 |
| SHA256 | d03fa645cde89b4b01f4a2577139fbb7e1392cb91dc26213b3b76419110d8e49 |
| SHA512 | cf9e03b7b34cc095fe05c465f9d794319aaa0428fe30ab4ddce14ba78e835edf228d11ec016fd31dfe9f09d84b6f73482fb8e0f574d1fd08943c1ec9e0584973 |
C:\Users\Admin\AppData\Local\Temp\_MEI11002\select.pyd
| MD5 | 653bdccb7af2aa9ccf50cb050fd3be64 |
| SHA1 | afe0a85425ae911694c250ab4cb1f6c3d3f2cc69 |
| SHA256 | e24a3e7885df9a18c29ba058c49c3adcf59e4b58107847b98eca365b6d94f279 |
| SHA512 | 07e841fda7a2295380bfa05db7a4699f18c6e639da91d8ee2d126d4f96e4cddaedbd490deb4d2a2e8e5877edfff877693f67a9dc487e29742943e062d7be6277 |
C:\Users\Admin\AppData\Local\Temp\_MEI11002\_ssl.pyd
| MD5 | a0b40f1f8fc6656c5637eacacf7021f6 |
| SHA1 | 38813e25ffde1eee0b8154fa34af635186a243c1 |
| SHA256 | 79d861f0670828dee06c2e3523e2f9a2a90d6c6996bde38201425aa4003119f1 |
| SHA512 | c18855d7c0069fff392d422e5b01fc518bbdf497eb3390c0b333ecac2497cd29abbdae4557e4f0c4e90321fba910fc3e4d235ce62b745fa34918f40fa667b713 |
C:\Users\Admin\AppData\Local\Temp\_MEI11002\_queue.pyd
| MD5 | 8bbed19359892f8c95c802c6ad7598e9 |
| SHA1 | 773fca164965241f63170e7a1f3a8fa17f73ea18 |
| SHA256 | 4e5b7c653c1b3dc3fd7519e4f39cc8a2fb2746e0ecdc4e433fe6029f5f4d9065 |
| SHA512 | 22ea7667689a9f049fa34ddae6b858e1af3e646a379d2c5a4aef3e74a4ff1a4109418b363c9be960127f1c7e020aa393a47885bc45517c9e9aebe71ec7cb61a0 |
C:\Users\Admin\AppData\Local\Temp\_MEI11002\_lzma.pyd
| MD5 | 737119a80303ef4eccaa998d500e7640 |
| SHA1 | 328c67c6c4d297ac13da725bf24467d8b5e982e3 |
| SHA256 | 7158c1290ac29169160b3ec94d9c8bcde4012d67a555f325d44b418c54e2cc28 |
| SHA512 | 1c9920e0841a65b01a0b339c5f5254d1039ef9a16fe0c2484a7e2a9048727f2cc081817aa771b0c574fb8d1a5a49dc39798a3c5e5b5e64392e9c168e1827be7c |
C:\Users\Admin\AppData\Local\Temp\_MEI11002\_hashlib.pyd
| MD5 | 1524882af71247adecf5815a4e55366a |
| SHA1 | e25014c793c53503bdff9af046140edda329d01b |
| SHA256 | 6f7742dfdd371c39048d775f37df3bc2d8d4316c9008e62347b337d64ebed327 |
| SHA512 | 5b954bb7953f19aa6f7c65ad3f105b77d37077950fb1b50d9d8d337bdd4b95343bac2f4c9fe17a02d1738d1f87eeef73dbbf5cdddcb470588cbc5a63845b188a |
C:\Users\Admin\AppData\Local\Temp\_MEI11002\_bz2.pyd
| MD5 | 4438affaaa0ca1df5b9b1cdaa0115ec1 |
| SHA1 | 4eda79eaf3de614d5f744aa9eea5bfcf66e2d386 |
| SHA256 | ec91e2b4baca31b992d016b84b70f110ce2b1b2dfd54f5e5bef6270ed7d13b85 |
| SHA512 | 6992107ac4d2108e477bc81af667b8b8e5439231e7e9f4b15ce4bce1aeea811bc0f1aaa438be3b0e38597760cb504367512809ee1937c4b538a86724ae543ba6 |
C:\Users\Admin\AppData\Local\Temp\_MEI11002\unicodedata.pyd
| MD5 | 1905b5d0f945499441e8cd58eb123d86 |
| SHA1 | 117e584e6fcc0e8cfc8e24e3af527999f14bac30 |
| SHA256 | b1788b81fa160e5120451f9252c7745cdde98b8ce59bf273a3dd867bb034c532 |
| SHA512 | ed88cd7e3259239a0c8d42d95fa2447fc454a944c849fa97449ad88871236fefdafe21dbfa6e9b5d8a54ddf1d5281ec34d314cb93d47ce7b13912a69d284f522 |
C:\Users\Admin\AppData\Local\Temp\_MEI11002\libssl-3.dll
| MD5 | 64acb046fe68d64ee475e19f67253a3c |
| SHA1 | d9e66c9437ce6f775189d6fdbd171635193ec4cc |
| SHA256 | b21309abd3dbbb1bf8fb6aa3c250fc85d7b0d9984bf4c942d1d4421502f31a10 |
| SHA512 | f8b583981df528cf4f1854b94eff6f51dd9d4be91e6fa6329a8c4435b705457c868ae40ee030fa54bebb646a37b547bc182c9cbf0df9a07fea03a18cf85c6766 |
C:\Users\Admin\AppData\Local\Temp\_MEI11002\libcrypto-3.dll
| MD5 | 7a6a8c2a8c379b111cdceb66b18d687d |
| SHA1 | f3b8a4c731fa0145f224112f91f046fddf642794 |
| SHA256 | 8e13b53ee25825b97f191d77b51ed03966f8b435773fa3fbc36f3eb668fc569b |
| SHA512 | f2ef1702df861ef55ef397ad69985d62b675d348cab3862f6ca761f1ce3ee896f663a77d7b69b286be64e7c69be1215b03945781450b186fc02cfb1e4cb226b5 |
C:\Users\Admin\AppData\Local\Temp\_MEI11002\charset_normalizer\md.cp311-win_amd64.pyd
| MD5 | 723ec2e1404ae1047c3ef860b9840c29 |
| SHA1 | 8fc869b92863fb6d2758019dd01edbef2a9a100a |
| SHA256 | 790a11aa270523c2efa6021ce4f994c3c5a67e8eaaaf02074d5308420b68bd94 |
| SHA512 | 2e323ae5b816adde7aaa14398f1fdb3efe15a19df3735a604a7db6cadc22b753046eab242e0f1fbcd3310a8fbb59ff49865827d242baf21f44fd994c3ac9a878 |
C:\Users\Admin\AppData\Local\Temp\_MEI11002\charset_normalizer\md__mypyc.cp311-win_amd64.pyd
| MD5 | 9ea8098d31adb0f9d928759bdca39819 |
| SHA1 | e309c85c1c8e6ce049eea1f39bee654b9f98d7c5 |
| SHA256 | 3d9893aa79efd13d81fcd614e9ef5fb6aad90569beeded5112de5ed5ac3cf753 |
| SHA512 | 86af770f61c94dfbf074bcc4b11932bba2511caa83c223780112bda4ffb7986270dc2649d4d3ea78614dbce6f7468c8983a34966fc3f2de53055ac6b5059a707 |
C:\Users\Admin\AppData\Local\Temp\_MEI11002\psutil\_psutil_windows.pyd
| MD5 | 01f9d30dd889a3519e3ca93fe6efee70 |
| SHA1 | ebf55adbd8cd938c4c11d076203a3e54d995aeff |
| SHA256 | a66444a08a8b9ceafa05daefeb32aa1e65c8009a3c480599f648fa52a20afb7d |
| SHA512 | 76fed302d62bb38a39e0bf6c9038730e83b6afffa2f36e7a62b85770d4847ea6c688098061945509a1fdb799fb7f5c88699f94e7da1934f88a9c3b6a433ee9ef |
C:\Users\Admin\AppData\Local\Temp\_MEI11002\certifi\cacert.pem
| MD5 | 302b49c5f476c0ae35571430bb2e4aa0 |
| SHA1 | 35a7837a3f1b960807bf46b1c95ec22792262846 |
| SHA256 | cf9d37fa81407afe11dcc0d70fe602561422aa2344708c324e4504db8c6c5748 |
| SHA512 | 1345af52984b570b1ff223032575feb36cdfb4f38e75e0bd3b998bc46e9c646f7ac5c583d23a70460219299b9c04875ef672bf5a0d614618731df9b7a5637d0a |
C:\Program Files\Full Browser Manager\1.0.0\bmanager.exe
| MD5 | 059c8fa8112fcfc72c9bca3d96b1f2c1 |
| SHA1 | aa1f6faa2d20b53d845865615366abc59604ae00 |
| SHA256 | 7266f20123edcb2e0b92ac0b63225b8db2c5ff349818b339ef1553bff06719e4 |
| SHA512 | 510ab6debc56e05470420de1052aa367aba59ef756df09de933403d4f019951c84646e10503f0580e42850faf78f4028bd5f054c2c39b1d24d7467837e92cbbb |
C:\Users\Admin\AppData\Local\Temp\_MEI40682\sqlite3.dll
| MD5 | b49b8fde59ee4e8178c4d02404d06ee7 |
| SHA1 | 1816fc83155d01351e191d583c68e722928cce40 |
| SHA256 | 1afd7f650596ad97fcf358b0e077121111641c38ca9d53132bab4c9588cf262f |
| SHA512 | a033ce87c2e503b386fb92aa79a7ec14d6c96e4a35d0cb76d4989bacd16f44c4ed5ac4e13057f05f9d199a3fd8545b9a25296515ec456f29c464d949ff34942a |