Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
9Static
static
7DLL/msvcp140d.zip
windows11-21h2-x64
4msvcp140d.dll
windows11-21h2-x64
1DLL/try.exe
windows11-21h2-x64
9DLL/ucrtbased.zip
windows11-21h2-x64
1ucrtbased.dll
windows11-21h2-x64
1DLL/vcrunt...1d.zip
windows11-21h2-x64
1vcruntime140_1d.dll
windows11-21h2-x64
1DLL/vcruntime140d.zip
windows11-21h2-x64
1vcruntime140d.dll
windows11-21h2-x64
1Setup.exe
windows11-21h2-x64
9idman642build17.exe
windows11-21h2-x64
8Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
03/08/2024, 05:57
Behavioral task
behavioral1
Sample
DLL/msvcp140d.zip
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral2
Sample
msvcp140d.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
DLL/try.exe
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
DLL/ucrtbased.zip
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
ucrtbased.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
DLL/vcruntime140_1d.zip
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
vcruntime140_1d.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral8
Sample
DLL/vcruntime140d.zip
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
vcruntime140d.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
Setup.exe
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
idman642build17.exe
Resource
win11-20240802-en
windows11-21h2-x64
General
-
Target
DLL/msvcp140d.zip
-
Size
261KB
-
MD5
9c5c2a77a24fe399d7c7409a2b2eb063
-
SHA1
17c464e2e833e55efaa0e430b5b156193424c914
-
SHA256
5494ddf639f522f5706c0564301524ac79b6051da8d68c7cc956e0a70b093f2c
-
SHA512
cb2297c67d4f56bda7df230ee8f7d437559c33fec1387de5c6cb6f61e724bbdacb6a829468586e915214f96d57a2239cd8f0c8930fedba9f1fa233403b5488f3
-
SSDEEP
6144:dzo4zeYw3BpZ0BIHhnZdJRfj0DQW/YJWB2:m4zYp0KHpQLyW4
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SystemTemp chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3496 chrome.exe 3496 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe Token: SeShutdownPrivilege 3496 chrome.exe Token: SeCreatePagefilePrivilege 3496 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe 3496 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3496 wrote to memory of 4592 3496 chrome.exe 84 PID 3496 wrote to memory of 4592 3496 chrome.exe 84 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 3248 3496 chrome.exe 85 PID 3496 wrote to memory of 1472 3496 chrome.exe 86 PID 3496 wrote to memory of 1472 3496 chrome.exe 86 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87 PID 3496 wrote to memory of 4936 3496 chrome.exe 87
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\DLL\msvcp140d.zip1⤵PID:2852
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3568
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3496 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4511cc40,0x7ffd4511cc4c,0x7ffd4511cc582⤵PID:4592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,6055179492648491271,5926317169817724695,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1800 /prefetch:22⤵PID:3248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1788,i,6055179492648491271,5926317169817724695,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2072 /prefetch:32⤵PID:1472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,6055179492648491271,5926317169817724695,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2212 /prefetch:82⤵PID:4936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,6055179492648491271,5926317169817724695,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:1412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,6055179492648491271,5926317169817724695,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3388 /prefetch:12⤵PID:4600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,6055179492648491271,5926317169817724695,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4496 /prefetch:12⤵PID:4872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4788,i,6055179492648491271,5926317169817724695,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4748 /prefetch:82⤵PID:4036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4808,i,6055179492648491271,5926317169817724695,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3548 /prefetch:82⤵PID:1548
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:2168
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:5820
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5d5c00e02538a8276f3d734c49f8e56fb
SHA1f643795410baadd5308e4f79dd79a5e77a4df7c8
SHA2562872ab67f0cd52f6730bb7256c9280f703777948679445f7d092bbcbd5c4be4b
SHA5121594c2368b86b819ec63cf3c1119213b7fac3053007a3da5e568352e7d16c24290a5e02fc9726831f66db38ae4cf8fa85f1410930f58201d15c545369060c7f3
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD5aca89da9deb0b8a59f9d3ed2b7a173e1
SHA1e5ebc650077127dee5a8164497bdb74a74593a00
SHA256875e74fbfd3fe67cd29c397ce826252d536ffa6792e12520e320a928b8cbd752
SHA512c8fbc1d8214224eba4522789a9c1d8be42f585084102f7289a93ff6f6ffd104a80492c16e022665faedba476ffbecb5dec3a391bd2c0d7b65f0f0331cb1ba031
-
Filesize
7KB
MD5e8e30294efe12628c7095ee7312182d2
SHA1ce7ff4bea7a1dd223eec22f942af31c38ea2c172
SHA256a4b6d187006b8a3714bcf142a2f88bcd182ec0259a7918c97d15bb44d8fbaf1e
SHA5128c9e864a54194d69f350b40f12f314c80409f665d2e60b24f9ef33b2907509cd4f87b206d46d7f796cf0f4b1af1af8c59f3819aa9f45ccc0bb16909b99e8fb70
-
Filesize
7KB
MD5d6ad520403549d9744bfa4e627700f05
SHA1ecca7e39cd5ae940d1711dcd1543ce310f103970
SHA256d31fb5adb0564de403d4b3a78b21b56e1f86cfd731ad3b43d5de535ea43a40ec
SHA5123524e7be8fcec223d6441aa97f3bd9f801c2e1069541a32e71772e55ed82831294194f7bbec3fb03cf767994373ce93c82fc9d8759014e4ca4697914cd1bc9ff
-
Filesize
8KB
MD5422dbd8049d53cee47521039b3e554c6
SHA14b1e3f44c38039d6c0513e8c4a387dcb85c475b5
SHA256f2a18d536d012e461335979151f517f7c6a5ffbeaec8189991d187f009d4ab14
SHA5120a8f0c1b98f62f83664e8b05b4841154ef2fffdba39f424220f07ca2cc4b931f9bcceccd74955bfde60eec025244149b0304615104945b612563ddd70b5d2b6e
-
Filesize
8KB
MD54edafff4110d1cbbaf8d6309e27e7942
SHA1e076658dd48ffb465347f89d02d4553eaddfaf7a
SHA256662fdd628256321f22986575baa753604091cc475a75c3e5c7a18eabdb55c728
SHA512ff5838ec58f99cb7255ce11693da0be0a1f29096b82f7444aed4e26050ca5fe61a7e9aec883218cb8062060baef4aeaf96a93db8a7a140c1cca8084713a698f6
-
Filesize
195KB
MD5771380c191b55a8125f2b5821f39221b
SHA112b144e3be82ec67c97ec8d71f0d8d8dc9c611a6
SHA256f11d9903e673d634ffe773a8a8efe6c305100ced810278e2e0999638c3026ca7
SHA512f86ce123c36d8dc65c46591f5d7551222b3ad74763b1e0f7eab31f7f775da9691e0925999df3ff3ed2b66d40e2f80a5479e4a9317f7342d322c37a2738e4a5bb
-
Filesize
195KB
MD54e86bb2f95e9fbdd756b01b915515d07
SHA1ec8c89589a92158b5a25bf50076d7308608262d3
SHA256f10d6957ea5bd2867ded27f4c5154eee2af335d0d17a847a203de1995b2bb97c
SHA512f2de996b7397fbebb46cfd50a8ead150e4fa39303eb12db94dd476e9ceba4a3219f01e062df348eae51607c28ae4e92cef26c655754f7c187c72105b71a0b2ac