Analysis
-
max time kernel
151s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
27-06-2024 20:40
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://zombero.com/ko/app/[email protected]
Resource
win10v2004-20240226-en
General
-
Target
https://zombero.com/ko/app/[email protected]
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639944863355834" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4536 chrome.exe 4536 chrome.exe 4836 chrome.exe 4836 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe Token: SeShutdownPrivilege 4536 chrome.exe Token: SeCreatePagefilePrivilege 4536 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe 4536 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4536 wrote to memory of 1304 4536 chrome.exe 93 PID 4536 wrote to memory of 1304 4536 chrome.exe 93 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 4436 4536 chrome.exe 95 PID 4536 wrote to memory of 3632 4536 chrome.exe 96 PID 4536 wrote to memory of 3632 4536 chrome.exe 96 PID 4536 wrote to memory of 1308 4536 chrome.exe 97 PID 4536 wrote to memory of 1308 4536 chrome.exe 97 PID 4536 wrote to memory of 1308 4536 chrome.exe 97 PID 4536 wrote to memory of 1308 4536 chrome.exe 97 PID 4536 wrote to memory of 1308 4536 chrome.exe 97 PID 4536 wrote to memory of 1308 4536 chrome.exe 97 PID 4536 wrote to memory of 1308 4536 chrome.exe 97 PID 4536 wrote to memory of 1308 4536 chrome.exe 97 PID 4536 wrote to memory of 1308 4536 chrome.exe 97 PID 4536 wrote to memory of 1308 4536 chrome.exe 97 PID 4536 wrote to memory of 1308 4536 chrome.exe 97 PID 4536 wrote to memory of 1308 4536 chrome.exe 97 PID 4536 wrote to memory of 1308 4536 chrome.exe 97 PID 4536 wrote to memory of 1308 4536 chrome.exe 97 PID 4536 wrote to memory of 1308 4536 chrome.exe 97 PID 4536 wrote to memory of 1308 4536 chrome.exe 97 PID 4536 wrote to memory of 1308 4536 chrome.exe 97 PID 4536 wrote to memory of 1308 4536 chrome.exe 97 PID 4536 wrote to memory of 1308 4536 chrome.exe 97 PID 4536 wrote to memory of 1308 4536 chrome.exe 97 PID 4536 wrote to memory of 1308 4536 chrome.exe 97 PID 4536 wrote to memory of 1308 4536 chrome.exe 97
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://zombero.com/ko/app/[email protected]1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4536 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9e6ac9758,0x7ff9e6ac9768,0x7ff9e6ac97782⤵PID:1304
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1780,i,14734270013318046548,17420955912124313414,131072 /prefetch:22⤵PID:4436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1780,i,14734270013318046548,17420955912124313414,131072 /prefetch:82⤵PID:3632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1780,i,14734270013318046548,17420955912124313414,131072 /prefetch:82⤵PID:1308
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1780,i,14734270013318046548,17420955912124313414,131072 /prefetch:12⤵PID:1224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1780,i,14734270013318046548,17420955912124313414,131072 /prefetch:12⤵PID:4276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4496 --field-trial-handle=1780,i,14734270013318046548,17420955912124313414,131072 /prefetch:12⤵PID:3804
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3144 --field-trial-handle=1780,i,14734270013318046548,17420955912124313414,131072 /prefetch:12⤵PID:3164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3008 --field-trial-handle=1780,i,14734270013318046548,17420955912124313414,131072 /prefetch:12⤵PID:4988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=1780,i,14734270013318046548,17420955912124313414,131072 /prefetch:82⤵PID:2364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1780,i,14734270013318046548,17420955912124313414,131072 /prefetch:82⤵PID:4836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5124 --field-trial-handle=1780,i,14734270013318046548,17420955912124313414,131072 /prefetch:12⤵PID:3484
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2336 --field-trial-handle=1780,i,14734270013318046548,17420955912124313414,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4836
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3704
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3756 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:81⤵PID:2568
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
144B
MD552f54f3d5613c486c27c29eb73f6ad1f
SHA1374a2200f5e5a89abd5023bc8137f12f13c2f686
SHA256631750c5a2c474d6a96b735391f08bf9188ab6266778f899bb118d3736ed08e3
SHA51241df335993fb5d8873522567dd067271e033aae77fb4f87961745440ca97762f18edfea7fdc278f1e536af7b7ea5d0d95a79708f1249b1f644dd5b852d3e0aaa
-
Filesize
1KB
MD5f4c777c8fb66773fc0f68559f473abda
SHA1089bd8ab0b72beb8c80721f0857910cec88ac630
SHA2561809ed87ab341ddca205e9f90d2db4b181300835dda1a4e002853a7e5cde5862
SHA5123543d9b7c07bcc394b63466d6ff38bbe863f9981e76d6779f4b1924ec2816921fa74a9c778ef31862fa482433ceffa1ee10d7e6e7d0d5fff8703d1e5f2608b94
-
Filesize
1KB
MD5de5aa36d71268c4ea1159abc403bb156
SHA1a6a695a3e26b605d30221ee19e99b0c1890de746
SHA256ab7d46560374bb52148e560b4f8fbda8160eafa05af069b7ad165be7ea3ff1d7
SHA5127d8328758b551e5b18a539a835b935dee809c31ed0dcd44f6ec39f3508459166b65d0258b4b4f6183b3854722899d15eee13e74b2f57e62ad4c1326c0de7b60d
-
Filesize
6KB
MD5648ad8b02723bac6e7dae3c126ae7665
SHA125bf303b8b258d88d4d49405ca6d44c2eaba6316
SHA256e9973473bc6a976993565a5377fb4165f7609991e2046a89279ad700c867f791
SHA512cd2d7e61499691f3bd8480bf6cd61512e146b08d2f38368f2a204db05731da14c0a083859c1cc4959d1be39db364968ebdac7c4b09db5e932d5bfa1609416fe1
-
Filesize
5KB
MD5eaeb794acd0d0aa0eb01949d35ec04a4
SHA128728df33370306b5264633f179001b9af0dd39f
SHA2565bd9dedd06a715ee119ca573c7dfc20ddee4079cc8ec27e25357a42fd2978291
SHA512c7c7ced7ec7a9c96dca44767fb6cd5fc9d0a9cd89253ce17923cba69025f249f6308450d62a04b3a1ea3f581147393ed7091b3728ca9b4c1d09afd142aae1e3c
-
Filesize
6KB
MD54109cb351acc0ed0a5e5fbe77ecdbd59
SHA1f4a164e8de37439fd9d7d1794e59fb7e86e5ee90
SHA256c2bb5858d03369697749f3bd5c65d232a1a9068a4507c0f432ee2cfe691f15b7
SHA5123dbb37c3945472f373dd582425c254087f0391982dcb6b6855e94fe004226aef7e413118872f3b599b76cf991d64b06358b42db66f5fb82ef4fc0e1332952032
-
Filesize
6KB
MD585de505647ac838377099b61ea3301ac
SHA159ba2e85c19f0d6c45911da4eb7a1b06ca898afb
SHA256619851cf604cf2a49d65e9ae8748be4cc5f73cc70222692a4c0ffc7b6c7b30ed
SHA5124922b634ebf6cdd2d39f63fb256b7396b46ab8e0188f12f4de1fd0101449d03eb28f8e0d38e61a041ed1d41bacfb7c633830f8d0c3edbe8507dad4064feed7be
-
Filesize
128KB
MD54201633340e5fddd445a3c6429f91ab7
SHA1083177c77eacbc6c4309d05b44a120959212c401
SHA2568b9b6b2b9c4683a65d23fb64e6ca203f12c9e027a7330b0af1c125055bf90173
SHA51225c82cd217b8806eb29da55f6c53a41e6dfe93a47be56915e238111dc935b59607455b34e423f8a2d8c015534e13baf8d4b55b786f73786ecc34b751a7a529b4
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd