Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
08/09/2024, 09:55
Static task
static1
Behavioral task
behavioral1
Sample
1d5346b4c7cfc3f3ba126487e84063263462f2d35124f337afb766638fc2ccfe.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
1d5346b4c7cfc3f3ba126487e84063263462f2d35124f337afb766638fc2ccfe.exe
Resource
win10v2004-20240802-en
General
-
Target
1d5346b4c7cfc3f3ba126487e84063263462f2d35124f337afb766638fc2ccfe.exe
-
Size
1.3MB
-
MD5
a61cfc6c4c203311d43ab8b08cd3f087
-
SHA1
25133ed1bb80ccf9f17b60e09e14de6a79c7b1f2
-
SHA256
1d5346b4c7cfc3f3ba126487e84063263462f2d35124f337afb766638fc2ccfe
-
SHA512
66416012e51dce8be66150d0213c8edf5c51c3783cea4c0ee6443178aeaf445bf7d5ea82f83dd920b8e1b65a9dc4e20638ed1ce769913fda40b6cf592b43791c
-
SSDEEP
24576:M79OdZfkO6+EFFKBqM8C9uU0N4ryz4EAX6pipxX6:M79wEoUZ5N4rREAX64pxX6
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 404 Logo1_.exe 4572 1d5346b4c7cfc3f3ba126487e84063263462f2d35124f337afb766638fc2ccfe.exe -
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\U: Logo1_.exe File opened (read-only) \??\R: Logo1_.exe File opened (read-only) \??\Q: Logo1_.exe File opened (read-only) \??\N: Logo1_.exe File opened (read-only) \??\H: Logo1_.exe File opened (read-only) \??\G: Logo1_.exe File opened (read-only) \??\W: Logo1_.exe File opened (read-only) \??\Y: Logo1_.exe File opened (read-only) \??\K: Logo1_.exe File opened (read-only) \??\I: Logo1_.exe File opened (read-only) \??\Z: Logo1_.exe File opened (read-only) \??\V: Logo1_.exe File opened (read-only) \??\P: Logo1_.exe File opened (read-only) \??\O: Logo1_.exe File opened (read-only) \??\L: Logo1_.exe File opened (read-only) \??\J: Logo1_.exe File opened (read-only) \??\E: Logo1_.exe File opened (read-only) \??\X: Logo1_.exe File opened (read-only) \??\S: Logo1_.exe File opened (read-only) \??\M: Logo1_.exe File opened (read-only) \??\T: Logo1_.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsPowerShell\Modules\Pester\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\de-de\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\css\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ja-jp\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ru-ru\_desktop.ini Logo1_.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Images\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\en-US\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-cn\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\tr-tr\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\it-it\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\sl-si\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ko-kr\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\fr-ma\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-us\jscripts\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ko-kr\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hr-hr\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\versions\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\plugins\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\de-de\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\en-gb\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Google\Update\Install\{4896B57A-BA2E-425E-ACC6-3260D1FD1C27}\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\fr-FR\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\uk-ua\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\sk-sk\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\locale\eo\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ka\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\skins\fonts\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_neutral_~_8wekyb3d8bbwe\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sk-sk\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ko-kr\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\ru-ru\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\de-de\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\locale\nb\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\da-dk\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Windows Media Player\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\es-ES\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-cn\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\de-de\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\uk-ua\_desktop.ini Logo1_.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File created C:\Windows\rundl132.exe 1d5346b4c7cfc3f3ba126487e84063263462f2d35124f337afb766638fc2ccfe.exe File created C:\Windows\Logo1_.exe 1d5346b4c7cfc3f3ba126487e84063263462f2d35124f337afb766638fc2ccfe.exe File opened for modification C:\Windows\rundl132.exe Logo1_.exe File created C:\Windows\vDll.dll Logo1_.exe -
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 1d5346b4c7cfc3f3ba126487e84063263462f2d35124f337afb766638fc2ccfe.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Logo1_.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net1.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 1d5346b4c7cfc3f3ba126487e84063263462f2d35124f337afb766638fc2ccfe.exe -
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 404 Logo1_.exe 404 Logo1_.exe 404 Logo1_.exe 404 Logo1_.exe 404 Logo1_.exe 404 Logo1_.exe 404 Logo1_.exe 404 Logo1_.exe 404 Logo1_.exe 404 Logo1_.exe 404 Logo1_.exe 404 Logo1_.exe 404 Logo1_.exe 404 Logo1_.exe 404 Logo1_.exe 404 Logo1_.exe 404 Logo1_.exe 404 Logo1_.exe 404 Logo1_.exe 404 Logo1_.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeBackupPrivilege 4572 1d5346b4c7cfc3f3ba126487e84063263462f2d35124f337afb766638fc2ccfe.exe Token: SeDebugPrivilege 4572 1d5346b4c7cfc3f3ba126487e84063263462f2d35124f337afb766638fc2ccfe.exe -
Suspicious use of WriteProcessMemory 17 IoCs
description pid Process procid_target PID 3880 wrote to memory of 3680 3880 1d5346b4c7cfc3f3ba126487e84063263462f2d35124f337afb766638fc2ccfe.exe 83 PID 3880 wrote to memory of 3680 3880 1d5346b4c7cfc3f3ba126487e84063263462f2d35124f337afb766638fc2ccfe.exe 83 PID 3880 wrote to memory of 3680 3880 1d5346b4c7cfc3f3ba126487e84063263462f2d35124f337afb766638fc2ccfe.exe 83 PID 3880 wrote to memory of 404 3880 1d5346b4c7cfc3f3ba126487e84063263462f2d35124f337afb766638fc2ccfe.exe 84 PID 3880 wrote to memory of 404 3880 1d5346b4c7cfc3f3ba126487e84063263462f2d35124f337afb766638fc2ccfe.exe 84 PID 3880 wrote to memory of 404 3880 1d5346b4c7cfc3f3ba126487e84063263462f2d35124f337afb766638fc2ccfe.exe 84 PID 404 wrote to memory of 4112 404 Logo1_.exe 85 PID 404 wrote to memory of 4112 404 Logo1_.exe 85 PID 404 wrote to memory of 4112 404 Logo1_.exe 85 PID 4112 wrote to memory of 4756 4112 net.exe 88 PID 4112 wrote to memory of 4756 4112 net.exe 88 PID 4112 wrote to memory of 4756 4112 net.exe 88 PID 3680 wrote to memory of 4572 3680 cmd.exe 89 PID 3680 wrote to memory of 4572 3680 cmd.exe 89 PID 3680 wrote to memory of 4572 3680 cmd.exe 89 PID 404 wrote to memory of 3472 404 Logo1_.exe 56 PID 404 wrote to memory of 3472 404 Logo1_.exe 56
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3472
-
C:\Users\Admin\AppData\Local\Temp\1d5346b4c7cfc3f3ba126487e84063263462f2d35124f337afb766638fc2ccfe.exe"C:\Users\Admin\AppData\Local\Temp\1d5346b4c7cfc3f3ba126487e84063263462f2d35124f337afb766638fc2ccfe.exe"2⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3880 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB258.bat3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3680 -
C:\Users\Admin\AppData\Local\Temp\1d5346b4c7cfc3f3ba126487e84063263462f2d35124f337afb766638fc2ccfe.exe"C:\Users\Admin\AppData\Local\Temp\1d5346b4c7cfc3f3ba126487e84063263462f2d35124f337afb766638fc2ccfe.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4572
-
-
-
C:\Windows\Logo1_.exeC:\Windows\Logo1_.exe3⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:404 -
C:\Windows\SysWOW64\net.exenet stop "Kingsoft AntiVirus Service"4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4112 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"5⤵
- System Location Discovery: System Language Discovery
PID:4756
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
244KB
MD5eda97e2bff8a53be06025304152892c1
SHA17acc3b17f6c62690f42519ee9dc4706221165f67
SHA25652277041a1ae6cb4ddf4e0db7d1e8239b5d93cdc5930941c3904a2b5999609d7
SHA512e2daca195d81fa8a9a44ce4f338650b641a9459ad2e4612cd0bb53ccdee3d2f326eba3cdf216fcdd983aa936eb6f22165b7d2c3ac0ac876cd5205406b3bad0f1
-
Filesize
570KB
MD5ce7e43d72e4a3de460ea0c3c25d52c72
SHA116781c2100cb6095607fbe18c69ce30c3d2a6786
SHA256d14f142663a8442e596ce805c3d1b694a9caf9db7f9d8174f5c9251c45957661
SHA512c50b9b37c31a3316cbfad52089497e6770980259c7600dded7ebaa25894c20fa6614bc75a009dcb8b7b603e03662244b4121e0d9771ce8bf8ff06e48ae3d355c
-
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
Filesize636KB
MD582168b5f40194e6e86457c2b534cfc21
SHA13e2702a384a03243e98ee6866e09f6d5df9b5de5
SHA256c2f452c90356d0070c71ce17da69c4245dc24f46e1215eca22748567e48279d9
SHA5126d041166b41e4608aa46b1724322a22d49e5d709f4b1bf89d2c6819282a813c88cd74ba6167f337d4d36a741ae53830b04e58e92fbfc597f85cd7f763284c774
-
Filesize
722B
MD56b5d9a03cacd4426229e98e76b3574b9
SHA114479ace9950be1c3bdf289e1cf554a873df8cc1
SHA25614680f0c4c9af7ca2cd23e6c69933b1c46ebe23b5b9a430424a72040eb66d5ce
SHA51259929dd2c5da4ee5b5bf406d5bf1b4f4721424cd985f85bf8350a5c45ff62c64587bc041a23eef75355ab76f9ee8a8a7cf1654253f10fd9d27683e19ba9c50ee
-
C:\Users\Admin\AppData\Local\Temp\1d5346b4c7cfc3f3ba126487e84063263462f2d35124f337afb766638fc2ccfe.exe.exe
Filesize1.3MB
MD5ce73e5b504434e95869a276c0b908a6e
SHA1abadfe6f48fcbca375021b34bd7483bb6428b699
SHA2566bf251b9615a53f84b2ecbd19f146b8b977aae3bc6a7abadfefe30eca6ec64e2
SHA512395066d444ef8bdb9d6bfb56e729b75517855ec5e8ec123e2f0fd6d4994aa26b126dc5f6c733767880063c599d270c9e26499f2d41fd2eef9062127bbaffc2ad
-
Filesize
26KB
MD5dd889a3e0c7516d8e3ba89a8b6b98232
SHA15a7733c34782590a34e9931221cdf8654c3e465e
SHA25621af4733e7b12937ef11a44607a9dbe649d6ab3af8b296eef08f0a42c4802f2f
SHA512a9ce858ca0b5972bcdadf3bc06dd6fcc323cd0178dc2a24949f736b947832de0a629a7f63a171823377d49e391fc8beb5f0d9b73358ac931c8273d8e3cfbf266
-
Filesize
8B
MD5646a1be8fae9210cfba53ee1aab14c96
SHA18677ff347131a9c8304f10b48012ebd8b075030c
SHA256660d57a3dc71884e70a9cbd6ca26d02872f4706abeb098c6d35f6b217462edf5
SHA512812b716a422628d486a4c78c66a85c641f13976537fbd452e14fab9a6c440b442632df04de8437c485c9c8164e3b3499201d3dbe681b36fe6bec749df1ab75e4