Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
13-08-2024 16:17
General
-
Target
12cf2a3cdcf3d27f8aac0a570a74f5e0N.exe
-
Size
124KB
-
MD5
12cf2a3cdcf3d27f8aac0a570a74f5e0
-
SHA1
71c560d49676689c67f9afda6fe39aa905556d68
-
SHA256
6bf159edcbe127182afd6333eff7d10c473dfe706182d45869a466a7b14eea48
-
SHA512
64073906e0e1d0a767184c3a3e05d5b29ad4ca4acc6cb1d71ecb3fb70ed543175a259dfb9b9ca8e5747bd57fe50d4fc40c346f66a8318d27f211befaf080ce02
-
SSDEEP
1536:23szH5YUhRO/N69BH3OoGa+FL9jKceRgrkjSo:eGZYUhkFoN3Oo1+F92S
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 37 IoCs
-
Executes dropped EXE 37 IoCs
-
Loads dropped DLL 64 IoCs
-
Adds Run key to start application 2 TTPs 37 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 38 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 37 IoCs
-
Suspicious use of SetWindowsHookEx 38 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\12cf2a3cdcf3d27f8aac0a570a74f5e0N.exe"C:\Users\Admin\AppData\Local\Temp\12cf2a3cdcf3d27f8aac0a570a74f5e0N.exe"1⤵
- Modifies visiblity of hidden/system files in Explorer
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\glvoir.exe"C:\Users\Admin\glvoir.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\huaaxe.exe"C:\Users\Admin\huaaxe.exe"3⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\duvic.exe"C:\Users\Admin\duvic.exe"4⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\leayuoz.exe"C:\Users\Admin\leayuoz.exe"5⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\vioima.exe"C:\Users\Admin\vioima.exe"6⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\jouix.exe"C:\Users\Admin\jouix.exe"7⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\houwiuj.exe"C:\Users\Admin\houwiuj.exe"8⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\coiobe.exe"C:\Users\Admin\coiobe.exe"9⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\naobi.exe"C:\Users\Admin\naobi.exe"10⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\niiolim.exe"C:\Users\Admin\niiolim.exe"11⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\jiioh.exe"C:\Users\Admin\jiioh.exe"12⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\cnkiug.exe"C:\Users\Admin\cnkiug.exe"13⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\boeazun.exe"C:\Users\Admin\boeazun.exe"14⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\xrwef.exe"C:\Users\Admin\xrwef.exe"15⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\vobaj.exe"C:\Users\Admin\vobaj.exe"16⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\yiakaiq.exe"C:\Users\Admin\yiakaiq.exe"17⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\keejai.exe"C:\Users\Admin\keejai.exe"18⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\rieol.exe"C:\Users\Admin\rieol.exe"19⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\yuetue.exe"C:\Users\Admin\yuetue.exe"20⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\sgwom.exe"C:\Users\Admin\sgwom.exe"21⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\gfwaal.exe"C:\Users\Admin\gfwaal.exe"22⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\vmqas.exe"C:\Users\Admin\vmqas.exe"23⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\dejox.exe"C:\Users\Admin\dejox.exe"24⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\yuiye.exe"C:\Users\Admin\yuiye.exe"25⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\jeuubi.exe"C:\Users\Admin\jeuubi.exe"26⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\niuvom.exe"C:\Users\Admin\niuvom.exe"27⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\reeweu.exe"C:\Users\Admin\reeweu.exe"28⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\vcyay.exe"C:\Users\Admin\vcyay.exe"29⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\faooy.exe"C:\Users\Admin\faooy.exe"30⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\deeze.exe"C:\Users\Admin\deeze.exe"31⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\zjcam.exe"C:\Users\Admin\zjcam.exe"32⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\feual.exe"C:\Users\Admin\feual.exe"33⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\fbluid.exe"C:\Users\Admin\fbluid.exe"34⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\znhooj.exe"C:\Users\Admin\znhooj.exe"35⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\voogait.exe"C:\Users\Admin\voogait.exe"36⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\faaneu.exe"C:\Users\Admin\faaneu.exe"37⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\lieut.exe"C:\Users\Admin\lieut.exe"38⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
124KB
MD5830cc2b05086a47559e5f6511beb4ebf
SHA1e2434992f238c3987c3442a0eae7d9801f3bf14c
SHA25600b61df2157ad5071c402d0efa5a25ac4f8909c24819587a6ac71da369816d42
SHA512acd2646acd26a5755a5e3764739476d51d4e1f331ba2725210f0e7e019588b8266c49451b6c32890fb14a6880daf403923ad4ab5cc74a9acda9d796a14bf2368
-
Filesize
124KB
MD58fdb8ed52451fa327b24b64bef64c6b1
SHA17285ff4603670ca901f7893cb8e9ab0aa759ded9
SHA2562b43f6f1a1096d1eb4078e472a0b583ef809786ea12d4a8f76efcf299840f2ff
SHA51294f954190191aba02cb73e0eb10085a52509f97ad45ef8f8aa747ff710308476ed93883e4303787d2059d7b4c49418c03591398ff24883c011cd7389b9317a00
-
Filesize
124KB
MD5add1322acccd9e11a3d5186e94a7eacc
SHA14c075b8dc30fe56a5ce8f48e76f7dfd8674c0c23
SHA2562a0b2728ba94211b392895115d8d6dee21c1ccc60e5cb75f97e3ac2ca1013947
SHA512d0566a454baa4c4d2caed3d8ebb913a7fdcfc84353f93ed11754dd470fea4c7c170a177cc6ed2c09a3a11d671665c96a1d4defc451c10eb673d9c47d46d166fd
-
Filesize
124KB
MD5c6c554bae5d576ad1fb5bafe531f8eb7
SHA18f73717f4ae5d16758f051f98660b0738367a276
SHA2569fdc042334922440d7db3bfa38adbcf187882fc76282d00a3fa590342c3b1bdc
SHA5120df2a99596c9ea58f1ddcef17ac8aa5ce53a6ded92b7bd824cfdb0cf3ccb316c558a7ca5c9462b05404f60f8edad30aef8ac011eb0f4f43f042478901a7fdfcf
-
Filesize
124KB
MD5a54a574e05e04b67b92df0dc7b064ce3
SHA1d78855257aade5f07108cf66718eb2b8d48d8ded
SHA256f89a6c9c41655322d6ab6f3f701fe0ab693c9693e05c9e917d50bdf6f0317b8c
SHA5122013502f4b02d52a3c148dc80f5bd3d0bb28b4830e63db8a99442e132ca9c80d6962d59fc9623bb8ef43dad33c74e41f61722755e8ab56b1751f6acce25f2792
-
Filesize
124KB
MD5b01575a3802ad79c46194ba2ec351d93
SHA1590492e0c29af99938d91d36043ac20438168dcf
SHA256614e15bf3d3d07e0a13893c6a30e226fb0adc3a8438bbfa81df36f09508cdb61
SHA512c75a465641af0da98066ffbe229b2019b64a777e7089c4f39caf292ab4265978ceab86a199bf2046103b3fcc84a06674ed1ff666f63811bfd1a2602b695a794f
-
Filesize
124KB
MD52f11d7fd668951d14163cd838dfc0bbc
SHA1eef6363ec90b2aca3c0d67ceec61ba6733e2913b
SHA25667da0ea1a1a34dc95a15d738045a2d2f2ae5d9e0a42f0a6a9c714e905a9ca5dc
SHA512049e40f382aef031fe8136392f9244ade6b0e78ae4bde637447b275ab69817acb771f0ce7ba88dd08f6725e14bdb1c2c76d43472076da5ecff7438b06fc639a9
-
Filesize
124KB
MD57d29e62ba02dbb98ea019255cf1a7b2f
SHA1ff64a47b85a6c1a867a3898c8253d4109ea7fbe7
SHA2561a5017679f3a1918582bfbdeb753a1775d3dfa9595eba410d512f988b075734b
SHA512a7ca9e844a54956caa3ec95a97900cdfa6af23b58b6a7e50d5a711be470906619bac567656edaa60ae696bcdbac9eb0b683e0fcb715b2e6d1f962895dbcad4e7
-
Filesize
124KB
MD5fa36f62d61b3627faa8fd39a204fc86a
SHA1b3545d290762cbfd8ff63d8ae05da1e36451d152
SHA256f1b2ca3a5e816fd61cfc32cba4a10001117462d2d9eb673230e5f85b29b1c6c8
SHA512e590564f149ab49a5e7d0ca7383b2b0e8a3c522b18b7f2cf1c4af12c5c74293fe36f44e6dc37d70fde5cf5a2690dcfde068a16d0f3ab24c8d82e94d72277245a
-
Filesize
124KB
MD58e1803517507078185a68a8916126f38
SHA1495fa9668bff1069e7be70de51d4d895a80eae72
SHA2569abb331574c2cf4ccd154c9b766733aa12bd47bcf96681845fe5d63f17cd74af
SHA51224fcf92d94122e77ac0b6337f0af14c3607b2c1eae38a8987b32899730bd31c1068ffb1cc3c88f7c49968fe214c950123deae877395a4c96abf1c1535f72f3db
-
Filesize
124KB
MD5d256cf641334e151d76c4a08f7be31ab
SHA115474ed63de48ad6d9bf539a4b91d7a3ec5b4d74
SHA256427fd196958b79d43c9b89ccd423107e51513f85dacf3add3924b40c6c6dd277
SHA512e54aeb349998dbeafcdfa1ce76198ff89200c5896dd900247f780ecb30f04270e5d4877dfd845902bb0f8f5c4adc135a8f47b51429cc9d51a76cc56a84a7f878
-
Filesize
124KB
MD54317e008ff3e659c1b9d23adb742bb81
SHA1711ce5b4355b988486f21aa23701de040e799623
SHA256563911cadab012d23a6bf2fd5388f16d9d847e5ad22834e85c5e458000abe396
SHA5126798f1036c91dc9288bcb682e51ba56de26f81d5600764913a1eaf00955ab3544b1d44d571b99982b2d81e7714832be34514f15b8fd47a1c5dfae9a4bdb083b4
-
Filesize
124KB
MD54fdc3535a8323e5e3a454ac24cbe86e6
SHA1cc608fd3c336d7390c593a65623ed96ecd3152a1
SHA256397894bf7d6f0a8db1d2e0b7df95fe84a43db185e3cdce5ec51ca477e4a8a12f
SHA512631565184286de3c6ff0f73d40a5366adfca8e3f53180596dae03ed23787068becda63c12d4ed1a919446607870246a7a5fbfe2d23896114b3d37b07bd4d3592
-
Filesize
124KB
MD53167d7d1fce151f13194197f5c2c34b9
SHA1af2513d8372eec4b9fac71a1c2240a5f0cdd1e73
SHA256d8286f757a703f852574f7e8a66887f15cc167a27364bc75be7712bd7039ca51
SHA5126ab5260e1dda801a1299489e4cfc358728cb5166b2786977f3c87df284a1c68eeb6c61cb7f54e7398bfedc13879548b526408647a15adf0c9d4a528409aa5c1c
-
Filesize
124KB
MD56501b4f34ca5ead810de48d09d9cceee
SHA11af68ee20220dae75cd5f8ad8c4fca50549034ce
SHA256381e6bf3204e5ebd44a9c4063672648970581fa11bb5cea51da36cb9c5446858
SHA512c8b2caaab409b39da25a66bec8de64f5bcaafc045e38a849742ee2b99bbe27025712d826e8ea2396504606c9f1feafbd20addf42c9fcc2bb1da62075aa7e1784
-
Filesize
124KB
MD5c5d9919a45bda0ae2bf31ab6ea703f7e
SHA15f94ab25e1b9d065789f13941ae3cec25fac77ad
SHA256d30ebf3a35d98852081e423412e660a21f0dabd00a0131c6a7079bf3e3d810c9
SHA512d7dfec4dcbfe3f7cf105e28dc767b1b91d0be126a9e13c12588ffb2eeb3178ac2c39d1dcf255224eef53179fd654046f59335e55133ebba2db4adf9a853bc26a