Analysis Overview
SHA256
3bb3a370af8aaefefff36a0c408ddf41f49c1a8bf176a68c2bf3f042bc8a2c5d
Threat Level: Shows suspicious behavior
The file cd41c0e3d6aa075cbacadee78a42986c_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Deletes itself
Executes dropped EXE
Modifies systemd
Reads MAC address of network interface
Write file to user bin folder
Changes its process name
Checks CPU configuration
Reads runtime system information
Enumerates kernel/hardware configuration
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-31 17:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-31 17:25
Reported
2024-08-31 17:28
Platform
ubuntu2404-amd64-20240523-en
Max time kernel
146s
Max time network
142s
Command Line
Signatures
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/cd41c0e3d6aa075cbacadee78a42986c_JaffaCakes118 | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /usr/bin/fsopen | /usr/bin/fsopen | N/A |
Modifies systemd
| Description | Indicator | Process | Target |
| File opened for modification | /lib/systemd/system/fsopen.service | /tmp/cd41c0e3d6aa075cbacadee78a42986c_JaffaCakes118 | N/A |
Reads MAC address of network interface
| Description | Indicator | Process | Target |
| File opened for reading | /sys/class/net/ens3/address | /usr/bin/fsopen | N/A |
Write file to user bin folder
| Description | Indicator | Process | Target |
| File opened for modification | /usr/bin/fsopen | /tmp/cd41c0e3d6aa075cbacadee78a42986c_JaffaCakes118 | N/A |
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | [ighlfflicj] | /usr/bin/fsopen | N/A |
| Changes the process name, possibly in an attempt to hide itself | [ighlfflicj] | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | [nhdhirnapwuy] | N/A | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/cat | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/block/dm-0/dm/name | /usr/bin/mount | N/A |
| File opened for reading | /sys/class/net | /usr/bin/fsopen | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /usr/bin/mount | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/bin/mount | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/systemctl | N/A |
| File opened for reading | /proc/version | /usr/bin/cat | N/A |
| File opened for reading | /proc/filesystems | /sbin/setfiles | N/A |
| File opened for reading | /proc/filesystems | /sbin/sefcontext_compile | N/A |
| File opened for reading | /proc/filesystems | /sbin/sefcontext_compile | N/A |
| File opened for reading | /proc/filesystems | /sbin/sefcontext_compile | N/A |
| File opened for reading | /proc/filesystems | /usr/sbin/semanage | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | /usr/sbin/semanage | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | /usr/sbin/restorecon | N/A |
| File opened for reading | /proc/filesystems | /usr/sbin/restorecon | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/id | N/A |
| File opened for reading | /proc/partitions | /usr/bin/cat | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/sbin/semanage | N/A |
| File opened for reading | /proc/sys/kernel/random/boot_id | /usr/sbin/semanage | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | /sbin/setfiles | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/bin/id | N/A |
| File opened for reading | /proc/meminfo | /usr/bin/cat | N/A |
Processes
/tmp/cd41c0e3d6aa075cbacadee78a42986c_JaffaCakes118
[/tmp/cd41c0e3d6aa075cbacadee78a42986c_JaffaCakes118]
/bin/sh
[sh -c mount -o remount,rw /system]
/usr/bin/mount
[mount -o remount,rw /system]
/bin/sh
[sh -c which semanage 2> /dev/null]
/usr/bin/which
[which semanage]
/bin/sh
[sh -c semanage fcontext -a -t bin_t "/usr/bin/fsopen" 2> /dev/null && restorecon "/usr/bin/fsopen"]
/usr/sbin/semanage
[semanage fcontext -a -t bin_t /usr/bin/fsopen]
/sbin/setfiles
[/sbin/setfiles -q -c /var/lib/selinux/final/default/policy/policy.33 /var/lib/selinux/final/default/contexts/files/file_contexts]
/sbin/sefcontext_compile
[/sbin/sefcontext_compile /var/lib/selinux/final/default/contexts/files/file_contexts]
/sbin/sefcontext_compile
[/sbin/sefcontext_compile /var/lib/selinux/final/default/contexts/files/file_contexts.local]
/sbin/sefcontext_compile
[/sbin/sefcontext_compile /var/lib/selinux/final/default/contexts/files/file_contexts.homedirs]
/usr/sbin/restorecon
[restorecon /usr/bin/fsopen]
/bin/sh
[sh -c systemctl enable fsopen.service 2>/dev/null]
/usr/bin/systemctl
[systemctl enable fsopen.service]
/bin/sh
[sh -c /usr/bin/fsopen 0 &]
/usr/bin/fsopen
[/usr/bin/fsopen 0]
/bin/sh
[sh -c id 2>/dev/null]
/usr/bin/id
[id]
/bin/sh
[sh -c uname -a 2>/dev/null]
/usr/bin/uname
[uname -a]
/bin/sh
[sh -c whoami 2>/dev/null]
/usr/bin/whoami
[whoami]
/bin/sh
[sh -c cat /proc/cpuinfo 2>/dev/null]
/usr/bin/cat
[cat /proc/cpuinfo]
/bin/sh
[sh -c cat /proc/meminfo 2>/dev/null]
/usr/bin/cat
[cat /proc/meminfo]
/bin/sh
[sh -c cat /proc/version 2>/dev/null]
/usr/bin/cat
[cat /proc/version]
/bin/sh
[sh -c cat /proc/partitions 2>/dev/null]
/usr/bin/cat
[cat /proc/partitions]
/bin/sh
[sh -c cat /etc/*release /etc/issue 2>/dev/null]
/usr/bin/cat
[cat /etc/lsb-release /etc/os-release /etc/issue]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 91.189.91.81:80 | security.ubuntu.com | tcp |
| SE | 194.71.11.173:80 | se.archive.ubuntu.com | tcp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | web.reeglais.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | press.eonhep.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
| US | 8.8.8.8:53 | editor.akotae.com | udp |
Files
/usr/bin/fsopen
| MD5 | 1ea98f56aaeedf1bb67080a14f80cb17 |
| SHA1 | 93de5f011e7d978f7efbd81eeddd616bf0e6aa98 |
| SHA256 | d23ed0abcfafb30198a437866ffe4b29a4cc33889b04684f6b8fac283eab0d29 |
| SHA512 | 57a225efb718574bbb57fcb6886b4d648787b5cb65ec6ebf47009bb2e990049f22ada85dc45a97f6cf12ff87e03c86ba522c91ab1ff48071a4f2f2db324f03ed |
/var/lib/selinux/default/tmp/file_contexts.homedirs.tmp
| MD5 | 10b9e663623f5903829e995949c5f5a8 |
| SHA1 | 3749fb7c0b3115cf85e223ca4c22c5cb645be322 |
| SHA256 | 958812d26d5e8aa58e00d8b2fe9914f9ec635c414d69f9e21cb242b82753df1c |
| SHA512 | 04d5cad77ad424ba3354ca158c99727a6753ef661b0238a62fecee819e3ddf51019218ec3a8301d7d403842f1920d2bab4ee036b421d18754b31cbb52bb85d9a |
/var/lib/selinux/default/tmp/users_extra.linked.tmp
| MD5 | af66bbd7e3ab3608e1e413489e0b5090 |
| SHA1 | cb7c139f454e0dc1eafe71514b9477bf758fe45f |
| SHA256 | 99a883604033179c920b5d17f590c74ebc15d29c581b632d030c35ed7f8eb1cf |
| SHA512 | 1d9b0d398d60d4d8bfbc3dc1913d0ed99ee629e63aec2e66d3bbccdf26b8766ef21d91fbf6ce96456473189e9b80ccfe0aa88e49f723b586a8c153889195a87c |
/var/lib/selinux/default/tmp/homedir_template.tmp
| MD5 | 7876fd19db5e8146f0edc9e27092b719 |
| SHA1 | 46433f610d6cd3c81782c417d06a4de7398da1d3 |
| SHA256 | 1e92a147532caa911fe62c2d7783168ed26326285878ecc64f2cc4ec75eaa668 |
| SHA512 | 9b7451c230071e1eefc7e683d27fe7206cc55b01dfb0fea08f06e542729e0a01c39d681430eabe1ef15c52197e4033e142c68c07e641f7ff6b53c53d2bbb788d |
/var/lib/selinux/default/tmp/modules/100/logadm/hll.tmp
| MD5 | 3b0c1f1663a45c303a60af61bf66418d |
| SHA1 | b7c56398101c92c00bbc3672394df5997fc068be |
| SHA256 | e9dfcd89c06618c28711415351a2a13582352f24790b2af2b800f4380f3b72d4 |
| SHA512 | f739d8be306e7ab5f8748d32f04679c7f0d2e1f1611a14df6c554fda1b25ee9666c4a6a640f10f93bdbca501f142223ada144cc2200fa9a948d8e756370158de |
/var/lib/selinux/default/tmp/modules/100/logadm/lang_ext.tmp
| MD5 | c483f6ce851c9ecd9fb835ff7551737c |
| SHA1 | 6d3236ec3c88039ca534b81acad564e847ecb062 |
| SHA256 | d53315bea08cec50d2591fcaf3b32dc5d289cdc6c16b7e8bed8c8e3f7ceaa34e |
| SHA512 | 745d02ffe3f66d0e8d77936c200e1474f2ee8e6f1b1ffdeaeda983ffb722d883c31be89d7188b63bb0e9718569af03fc0f067d28f12bf318a94dbc07cae404ba |
/var/lib/selinux/default/tmp/modules/100/logadm/cil.tmp
| MD5 | d2ec00f0deae3b67ec710e34a70269d4 |
| SHA1 | 59f9d89fb1c100adfb075f0e2b720ee81c95f0ab |
| SHA256 | 2153d172b8d3465cc71350076f9baa4794b2c1fa51dcf07542e4abd420d6225f |
| SHA512 | 4bd874c841b14e7cf9861c4cbcad8a6f9d43412d1d5faaeb8377d1bb71bd0fecf6899ca06eebf0243c7714f8a392f300e3c9261c975354e5040ac362bf10793b |
/var/lib/selinux/default/tmp/modules_checksum.tmp
| MD5 | e7696ee9880e18e7a0792bb1dfcac652 |
| SHA1 | eabe757a6ed4673b8136b42eae4aa873aadd31cb |
| SHA256 | adb0d234a14c09fb728ebdffd4022ae4aba45ebd5ff3d336565afd58943ecb37 |
| SHA512 | 5ed5566621a428d6865c26c0c5cb10c7cc267a3f6e569fbe360c07e97996586998aac62fef460fc5c51a6684583972718a16663d575fc04242d545639d384ca6 |
/var/lib/selinux/default/tmp/seusers.tmp
| MD5 | aad081dbd35481f70deec3aa7bac1dec |
| SHA1 | 6869925f38ad06a8fc5fbc56b6b6119d6f2ae731 |
| SHA256 | fc941b384be1ddf9f423feafc0cd64680df0ea5abec78b5286a9bba181d4562f |
| SHA512 | 14e153db2a3593d0860f1b3373b7f2f576677b97c06a6dda5ad3f55cce254d217f7e794646feb143d7604e90436f64be7e0b619236ef6d36a51f68d45cde1485 |
/var/lib/selinux/default/tmp/policy.kern.tmp
| MD5 | c795304f0657512f5b7fa00456a9a5fa |
| SHA1 | 2b1a977b539abd2362bd65dc0ef838d528df5278 |
| SHA256 | 77dbef770ee7d1b18b76558524c09a317d1737722b1bd2f5e84d979999d4d176 |
| SHA512 | 52ac5fc70bcf803e15b296af72c6e1070fc952de392e704ee167c0bdea7d4ee076f9460c4ba88c6f47ec963a25574fb7963dbcda86b4d23324007ea4153b7de9 |
/var/lib/selinux/default/tmp/commit_num.tmp
| MD5 | c08cc266624f6409b01432dac9576ab0 |
| SHA1 | f4d5a962086e8355e71ca948173917b55fa44e39 |
| SHA256 | 255cbe0ae3ec01b56845b0d03a121e2f2eef1815b019731507a6f19fa140f148 |
| SHA512 | a45d8ffd265afd524d2d97b6bf6754efaa8f77afcc2fd71e657e8910d7944102d0340760571e043d58a9e33066520fbed67ac7e5acf4850f694960c7fa851673 |
/var/lib/selinux/default/tmp/policy.linked.tmp
| MD5 | d1694e2e68cfd4080b22a81785729427 |
| SHA1 | 9ee9643428c5c94c14e29414ac76f469d27a67fb |
| SHA256 | 41351967cdd01df72b527f317f44d04925cd49f06d409ac4802d9b31dbdc14b6 |
| SHA512 | f1b9f759cb0fcd5e126230c40dda2b849afd291c396c63e89b719784224afe1737552d794d4d5f67a16eede12ac85dd5be0a8bbe4ba7ef2cbe8a84fecb86bfdd |
/var/lib/selinux/final/default/policy/policy.33.tmp
| MD5 | 132131b105f95f879cdb42281e4663fd |
| SHA1 | b874099b17125ee3042aececc99a65c64b24b662 |
| SHA256 | a5bf89bad096b40b9a7a0cf9075bfb8466c2137f48ef11bca54036b54dd21d56 |
| SHA512 | 4668f202aa096f25abd5032c5ae73ab19ab2b3b3152269d5b1c41060347a5c935842d90c97cdf4b00dab71583853af0c077b122fcdf73ef0237bef8c9617218c |
/var/lib/selinux/final/default/contexts/files/file_contexts.local.tmp
| MD5 | 4546e05c360a5255e1e4a4d248d46920 |
| SHA1 | df357815dbde9998040d1c66d4e681bc6d10cc67 |
| SHA256 | c25817343836442811b3ba3480983921e5a83930128c6172a10f9db7d90054a8 |
| SHA512 | 5c282a15ce2aa83d80eeb08900d4ff609f4a4cd46c2315bbcc4dcdaea5fd10d1b2dbb7802263d4f32e1e9325e67b37f79523e429b3fc1f74b271b530f12bf296 |
/var/lib/selinux/default/tmp/commit_num
| MD5 | f9e86c7eb87008df11e1a658d9d4eb1a |
| SHA1 | 8d098113aca266b66df06d5e73fea5d07ba6ac1e |
| SHA256 | bab5ee4df3e95905a9287de62ed921465a107f2571992a977afc70ecd135ac39 |
| SHA512 | 3b9285a9ed41d11a9b5d30787e4e834860e67eb06e6756c1cbc3b0bd2e74f763839b5b680114981d031bd97d87a4d7d8b52aed829de471b1a0d5ac74eb2bcee3 |
/etc/selinux/default/contexts/files/file_contexts.bin.tmp
| MD5 | ecb2bed67a80b89150f39755a10ec8dd |
| SHA1 | 47039a0c0fc1de9af4438dd4166e779245d27276 |
| SHA256 | d99557a86112aeb9dcc7c556e9f97055b22cfa955062083bbe665317a0193c06 |
| SHA512 | 38f6e38dea462391103e0e7e228d02d2ee7dcdbb0efd0cb51312ee15ecd5f8c125fc96070e58fbba894249c0a0db51c30ff6f6c0cfeaeb382d841e283eb648b7 |
/etc/selinux/default/contexts/files/file_contexts.homedirs.bin.tmp
| MD5 | 31a81f7c0f0680bfead94e98a915a170 |
| SHA1 | 130d569980b7970c98c898c8f32ac9900d5c8dff |
| SHA256 | f5ab9ca11563dbc9228a6c6a76aa1abe2a5727f91dd3a9bf273979bcf6c94ac5 |
| SHA512 | 91ce73bbcb5b30bac72e65acb8debb28b6b09e127f70dd185f8221159fe45ee624935c564dfbb361d8f11b3c40e2426e6947aad94fdfa6e9cbdbae590527dc69 |
/etc/selinux/default/contexts/files/file_contexts.local.bin.tmp
| MD5 | eee8bda5044925fabc2ee733c855fbf9 |
| SHA1 | b086958f36cfb14155464a3cca9b5058aa2313fa |
| SHA256 | ff4d08ec3190a17945cae2298e9bbce43226a5ba82fe4d192c5bf034390a7928 |
| SHA512 | a1d7661009669013ede1f2e214db6caf690add0696e7dd13a2346f5e963f758016fe00ff80e525a86bfd18673d5c066825eecc8b7221f6630a593c6ed089b0c8 |
/usr/lib/systemd/system/fsopen.service
| MD5 | de5ea06884f7fab857b6ef207be08208 |
| SHA1 | f4b6d4a5b03c7ffb6476bd2030199b70371279fe |
| SHA256 | f08c96015bb7a54439af159c89df88bb036dfa9a0567cf4a3f627993544ce888 |
| SHA512 | 2f4cee23b3f99c43408e60125fa6981954be02d9b8cc560f057de9c8a0ed52a0104e769a76ca4693ab956bddec9f721a1edd9242d572bfe2843e2fae9ef4af0c |
/etc/.wbgngofGaCave
| MD5 | 13430ab9c49230b370b6493421901ff8 |
| SHA1 | d69fb1b454678c4227b4a1a9407b30be6886460d |
| SHA256 | 57b3ba1044a73ed7e94788fa16da34ba58158e56747021edd31534e13774fad8 |
| SHA512 | d36d023d967f78d6971afc659dce260f2c114f61b4c7fe7466f0828a0d5570132e81a6dbbe2de9f9d4355346255a11dc3152390e2e22f191521ca78ee7bc396a |