Overview
overview
10Static
static
102024-08-08.zip
windows10-1703-x64
10163684970...64.exe
windows10-1703-x64
80581756a65...1b.exe
windows10-1703-x64
306fcfd75f4...40.exe
windows10-1703-x64
6083b02e212...c7.exe
windows10-1703-x64
3087a3b8725...c9.jar
windows10-1703-x64
708c7fb6067...a2.exe
windows10-1703-x64
30e85d0a9fc...50.exe
windows10-1703-x64
60f1b66752d...9d.exe
windows10-1703-x64
30f2abe41f4...70.exe
windows10-1703-x64
100f8a6d8705...e5.exe
windows10-1703-x64
101026da21d9...42.exe
windows10-1703-x64
10109927ded1...91.exe
windows10-1703-x64
615c71b616f...79.exe
windows10-1703-x64
1017b5394a5c...70.exe
windows10-1703-x64
101873c4b2bd...d4.exe
windows10-1703-x64
1019efe1624f...3c.exe
windows10-1703-x64
101de0ce90e5...f7.vbe
windows10-1703-x64
11e6ad08c5e...5f.exe
windows10-1703-x64
101f7cedbe04...4c.exe
windows10-1703-x64
1022586df437...62.exe
windows10-1703-x64
1029f90a4f62...e6.xls
windows10-1703-x64
12b34ad054e...da.exe
windows10-1703-x64
102bb032333f...2c.exe
windows10-1703-x64
32bda6048a8...dc.exe
windows10-1703-x64
72c7da6690b...6a.exe
windows10-1703-x64
42caf283566...2e.exe
windows10-1703-x64
10300d87987d...45.exe
windows10-1703-x64
7353a75d0ad...a5.exe
windows10-1703-x64
7391ac1ceed...57.exe
windows10-1703-x64
7d4cb60a0e9...01.hta
windows10-1703-x64
10e0fa6d69b2...1e.msi
windows10-1703-x64
6Analysis
-
max time kernel
96s -
max time network
189s -
platform
windows10-1703_x64 -
resource
win10-20240611-en -
resource tags
arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system -
submitted
10-08-2024 17:49
Behavioral task
behavioral1
Sample
2024-08-08.zip
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
01636849700a046589f6e2b58ca6b02ec108fd20534973f83737f1749af16e64.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
0581756a656ace2e7d164b1f66846e9d079755bd7a5cead72e73b53ab534531b.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
06fcfd75f456e542f161dc3e74b1c7ccc52e6cded909f5f06e00c847e5bedf40.exe
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
083b02e21246fa17ee9ac50eab39033abd920274259ad848df9eb412d4350ec7.exe
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
087a3b87252a021f6f3696f496d4fd890f28fc31735d8f850aa1184ed7bf59c9.jar
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2.exe
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
0e85d0a9fcf30f823c43e697f99cf61743ef1d29228e160f19005e343f2a5b50.exe
Resource
win10-20240404-en
Behavioral task
behavioral9
Sample
0f1b66752dea36f9ad237a452b4bfb2950ab3ce90fcd920c6708f69ee8ce8c9d.exe
Resource
win10-20240404-en
Behavioral task
behavioral10
Sample
0f2abe41f47c8287b81f6f5be7983b8486b298d7121bbc8435ccd334a5f7ce70.exe
Resource
win10-20240611-en
Behavioral task
behavioral11
Sample
0f8a6d8705eba15b8958bd7984d9c46f1f5510790249b3fa330740a626ef45e5.exe
Resource
win10-20240404-en
Behavioral task
behavioral12
Sample
1026da21d95ab9bc3a5dff5163d8029ea6ca3413e586272074105e4727ab1342.exe
Resource
win10-20240404-en
Behavioral task
behavioral13
Sample
109927ded1c6f8ce79192bc804efab8f52e6924d16476236eef82a1631349d91.exe
Resource
win10-20240404-en
Behavioral task
behavioral14
Sample
15c71b616f8ff314907e2e9f15601adc81529f6129acd67751bf7d16b4d52479.exe
Resource
win10-20240404-en
Behavioral task
behavioral15
Sample
17b5394a5cea17aa14672179b10eb87f650675bbabb6bbf12e5cb62916c62770.exe
Resource
win10-20240404-en
Behavioral task
behavioral16
Sample
1873c4b2bde16da1d2e923d66d20eea2536bc824e5134b60f3df4b770edf72d4.exe
Resource
win10-20240404-en
Behavioral task
behavioral17
Sample
19efe1624f526c084e096431a4b1e5bf63c299351751fa0bf466106a99196d3c.exe
Resource
win10-20240611-en
Behavioral task
behavioral18
Sample
1de0ce90e503e10f763f00b591d48973bb213d3979c517097b252881630257f7.vbe
Resource
win10-20240404-en
Behavioral task
behavioral19
Sample
1e6ad08c5ed9b4fdbef86181e8cd01170fe9ec5615d9a37f90e7ea43bcad175f.exe
Resource
win10-20240404-en
Behavioral task
behavioral20
Sample
1f7cedbe04af43e29efdfecce0580ab826b577bd0d7c9f6db3d1c58a8eeffb4c.exe
Resource
win10-20240404-en
Behavioral task
behavioral21
Sample
22586df4379d432c8e5d2d852bbecf70558da09f77ec0f7ac46d28e4928a7462.exe
Resource
win10-20240404-en
Behavioral task
behavioral22
Sample
29f90a4f6266e43e668b41187ef4e8c2acdfccab8a8c898e64349a5432081ce6.xls
Resource
win10-20240404-en
Behavioral task
behavioral23
Sample
2b34ad054e9dde8cbc0abfbe1379a7f0343cb32d92f3411ec2c2ff02ae5673da.exe
Resource
win10-20240611-en
Behavioral task
behavioral24
Sample
2bb032333f6f2199f35a512aa920a651975ea1b4c3aa7fac0ad69efa2539f42c.exe
Resource
win10-20240404-en
Behavioral task
behavioral25
Sample
2bda6048a888003443cd18df65f75441974ea3dfa04d524c957b0d7c268654dc.exe
Resource
win10-20240404-en
Behavioral task
behavioral26
Sample
2c7da6690be26bd6b5ceea90b233fdd26589d7a72b2a62468903aba887e7ad6a.exe
Resource
win10-20240404-en
Behavioral task
behavioral27
Sample
2caf283566656a13bf71f8ceac3c81f58a049c92a788368323b1ba25d872372e.exe
Resource
win10-20240404-en
Behavioral task
behavioral28
Sample
300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe
Resource
win10-20240611-en
Behavioral task
behavioral29
Sample
353a75d0ad34c89fbdd11ec9cc6f6ea302f5669c5c1326686f7d328e656d1ea5.exe
Resource
win10-20240404-en
Behavioral task
behavioral30
Sample
391ac1ceedd3c960f32890f834a86ba1570ee5a0cc12dcef1714d43bb29fc457.exe
Resource
win10-20240404-en
Behavioral task
behavioral31
Sample
d4cb60a0e93c856f642f862e51cf4af34f626c8d1e1b995b5e9dfb3e72db1101.hta
Resource
win10-20240404-en
Behavioral task
behavioral32
Sample
e0fa6d69b26f18cfdef3bd930d067eca476b3d2cb78d14bec88f05ae87d25b1e.msi
Resource
win10-20240404-en
General
-
Target
300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe
-
Size
31.6MB
-
MD5
0483ff2b9382e11b33f97b35e62d8d41
-
SHA1
0a5b5081bdedd90b7a5183343dc4be720c01c80f
-
SHA256
300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45
-
SHA512
ed774140b89c712eccfdbcdaf06004382ff715c71f1a043897cdad48d8adeeac69e8dc3765029b432562a89644c109ff3993f60a6f53e7a3d9e8dc424508b9d5
-
SSDEEP
786432:W9lzMRum1Qz0eoDr9NdkIvhlr4cGtMVsjVKmWRZc+BsVEVk:W9lzMRum1QQRzkIvhjuAfzsVEK
Malware Config
Signatures
-
Loads dropped DLL 16 IoCs
pid Process 3904 MsiExec.exe 3904 MsiExec.exe 3904 MsiExec.exe 3904 MsiExec.exe 3904 MsiExec.exe 3904 MsiExec.exe 3904 MsiExec.exe 3904 MsiExec.exe 3904 MsiExec.exe 3904 MsiExec.exe 3904 MsiExec.exe 3904 MsiExec.exe 3904 MsiExec.exe 3904 MsiExec.exe 3904 MsiExec.exe 3904 MsiExec.exe -
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\A: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\L: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\X: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\Y: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\J: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\M: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\R: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\T: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\H: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\Q: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\V: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\N: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\O: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\S: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\B: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\U: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\W: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\Z: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\I: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\P: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\E: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\G: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\K: 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\Y: msiexec.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe -
description ioc Process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e2000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 1900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c000000010000000400000000100000040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 0f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeSecurityPrivilege 1548 msiexec.exe Token: SeCreateTokenPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeAssignPrimaryTokenPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeLockMemoryPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeIncreaseQuotaPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeMachineAccountPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeTcbPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeSecurityPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeTakeOwnershipPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeLoadDriverPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeSystemProfilePrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeSystemtimePrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeProfSingleProcessPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeIncBasePriorityPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeCreatePagefilePrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeCreatePermanentPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeBackupPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeRestorePrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeShutdownPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeDebugPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeAuditPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeSystemEnvironmentPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeChangeNotifyPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeRemoteShutdownPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeUndockPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeSyncAgentPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeEnableDelegationPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeManageVolumePrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeImpersonatePrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeCreateGlobalPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeCreateTokenPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeAssignPrimaryTokenPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeLockMemoryPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeIncreaseQuotaPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeMachineAccountPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeTcbPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeSecurityPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeTakeOwnershipPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeLoadDriverPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeSystemProfilePrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeSystemtimePrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeProfSingleProcessPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeIncBasePriorityPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeCreatePagefilePrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeCreatePermanentPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeBackupPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeRestorePrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeShutdownPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeDebugPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeAuditPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeSystemEnvironmentPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeChangeNotifyPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeRemoteShutdownPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeUndockPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeSyncAgentPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeEnableDelegationPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeManageVolumePrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeImpersonatePrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeCreateGlobalPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeCreateTokenPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeAssignPrimaryTokenPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeLockMemoryPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeIncreaseQuotaPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe Token: SeMachineAccountPrivilege 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4860 300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1548 wrote to memory of 3904 1548 msiexec.exe 74 PID 1548 wrote to memory of 3904 1548 msiexec.exe 74 PID 1548 wrote to memory of 3904 1548 msiexec.exe 74
Processes
-
C:\Users\Admin\AppData\Local\Temp\300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe"C:\Users\Admin\AppData\Local\Temp\300d87987d360bd4abc2927a791031f41450cdf547c830902107daceba263a45.exe"1⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4860
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1548 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 2439BB8248930437943E3EA900E6DFDA C2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3904
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
27KB
MD524103f71a86c20089528c96c0dbe1445
SHA1007d7a930dcae7684477347f4f2bd58d4ee5d184
SHA2568542e195ef15dfd3ed9b246d3539295f266a19f3bde524c3f41b99adb6719c11
SHA51294267aa20fb17e2db9ac31bb20b17e108f99c17f181c8f1612d9ecc9ac1375703b2ec7af3795b7c4ab379723c4c764a137025fb21df3e60859d0480ca546eb10
-
Filesize
9KB
MD58b8f458692d5b36610ce0253ab6895b0
SHA124706349b0452acff47ef9fb4619f7ac308c1a49
SHA25693c2d2add96a069af6d24ce5aa15a408dca618603d47711ab1f83c7293e741c1
SHA51265ed822ebf559641a39e2b25f5bf5706a5117711f520db48452ec2afce734d052f358b04077255f858bb616c1cef0c1234fdd461aaa1fc1b4eb67935da63dbe8
-
Filesize
819KB
MD53604517a3e6e69ba339239cf82fc94a5
SHA1c4757e31f9c8a90ee5de233792da71c8915050c5
SHA256bdd1d14c9cb54b19f6a7f37adbc7537ce8fd2f6fa59a74a4a90b08c7979708d2
SHA512c22ffc410886fae221dfee6ab469e44694f87cecce14d505a059f5fe01c1b4e1ad93c15b78c7623e821a37737491e89c627ddae5d03c407a877835ab6d611619
-
Filesize
1.1MB
MD5cc048c7aadc4adf3a29d429f1f5eead0
SHA16b4d89df901427fe955be2d58ad91a6de30be9d6
SHA256d23c6ac751423ff6961694437e67d7b608102bd351e3e0cd10d34d026a1a08ca
SHA5120e67c0a4db70e19ead49f6c0fd41045f3fd9ee688d75a6da2916e347b70783843fa0e3d6cfc2b0bcd5e16a6045ba27707dff655556ebc725c126082e45cee2fa
-
Filesize
877KB
MD5899a6d5f1c9e00ec2f43e732c6b7548f
SHA1a795646d8c878a21beb51120a8c709dc83b87960
SHA2560ca4e5eb5a7bac56a3ee31df50110a4e89ab4781ecb1da43bb5cab66ff799491
SHA5128467de1ede139dbf6f6d2225c58f379d140972101f2770e59ef50d98d6793bacfc62a4abe80644d7ab587ee20c8da02839efb95ae3f0689dfa837c4495c1a172
-
Filesize
319KB
MD5132f0fac22e0b118569fd0fb0b2765b6
SHA14869ddb45822a873020d2cd91afd85e131809a21
SHA256c76f966457883d3c0d6126787e3f1fab7219a96f1ecc7fe1a89773eecf744ca3
SHA5123232a8107b91c0b9a3920a482188874d8d308f27c3aa07dbaf806adc821ef7708f0b023b22df8d6d7b39eb93bea39f8f0b6d0199080ba6f8d59f4f632bf460c6
-
C:\Users\Admin\AppData\Roaming\Key Metric Software\SQL Backup Master 7.4.842.0\install\955D7DF\sbm-setup.x64.msi
Filesize5.9MB
MD5c4fea01c5092689bc9b37733181a3bee
SHA12a35b7b6968c129740bf5e6d18cfdc59124ab747
SHA25609f35db13be70da8aa21150b3b9a7b917e80c7473ae6def60a21098862f5bea7
SHA5120600427d5ae182953c22014aa5837a6eff0b44b7bc475bf6fb94baba233e9afd30ce6f602cee692ba438b58260489ffd3289eb5ec43ad690c102df804dc7c93b