Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
28/09/2024, 17:12
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
16eba3cb3091da8e0ed7b7c69c37e6dfbfd40974e4a324ba2662363ddd0cef68N.exe
Resource
win7-20240903-en
windows7-x64
9 signatures
120 seconds
Behavioral task
behavioral2
Sample
16eba3cb3091da8e0ed7b7c69c37e6dfbfd40974e4a324ba2662363ddd0cef68N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
9 signatures
120 seconds
General
-
Target
16eba3cb3091da8e0ed7b7c69c37e6dfbfd40974e4a324ba2662363ddd0cef68N.exe
-
Size
88KB
-
MD5
f0bfb19312ed9ee36f8326c2d56d6df0
-
SHA1
de0e092ecd062ea81580c9647a69d507359a7ae0
-
SHA256
16eba3cb3091da8e0ed7b7c69c37e6dfbfd40974e4a324ba2662363ddd0cef68
-
SHA512
b3ed2d1ff69b485361d807d6093e0449ad679439d75574457a61a4a7c979cd102c0623c917710f02beda1c011fbae5a83d955b388d959fb78e76e00ef78ff200
-
SSDEEP
768:jDFI/MsddaqnObOasGEwU8Z1Rbe2kjEQJQ1H7a8zFkzqcwOg03I4:dIkZiCU8Z1QjEQJecwOf
Score
10/10
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" guoay.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation 16eba3cb3091da8e0ed7b7c69c37e6dfbfd40974e4a324ba2662363ddd0cef68N.exe -
Executes dropped EXE 1 IoCs
pid Process 2300 guoay.exe -
Adds Run key to start application 2 TTPs 51 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /h" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /Z" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /M" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /S" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /Y" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /V" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /E" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /c" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /N" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /m" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /g" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /T" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /n" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /u" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /o" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /I" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /P" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /i" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /C" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /J" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /t" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /L" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /O" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /s" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /y" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /b" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /r" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /f" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /D" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /q" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /p" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /e" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /l" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /G" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /z" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /v" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /X" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /H" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /d" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /B" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /Q" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /w" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /k" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /A" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /F" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /j" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /K" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /W" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /U" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /x" guoay.exe Set value (str) \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\guoay = "C:\\Users\\Admin\\guoay.exe /R" guoay.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 16eba3cb3091da8e0ed7b7c69c37e6dfbfd40974e4a324ba2662363ddd0cef68N.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language guoay.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe 2300 guoay.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 436 16eba3cb3091da8e0ed7b7c69c37e6dfbfd40974e4a324ba2662363ddd0cef68N.exe 2300 guoay.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 436 wrote to memory of 2300 436 16eba3cb3091da8e0ed7b7c69c37e6dfbfd40974e4a324ba2662363ddd0cef68N.exe 89 PID 436 wrote to memory of 2300 436 16eba3cb3091da8e0ed7b7c69c37e6dfbfd40974e4a324ba2662363ddd0cef68N.exe 89 PID 436 wrote to memory of 2300 436 16eba3cb3091da8e0ed7b7c69c37e6dfbfd40974e4a324ba2662363ddd0cef68N.exe 89 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88 PID 2300 wrote to memory of 436 2300 guoay.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\16eba3cb3091da8e0ed7b7c69c37e6dfbfd40974e4a324ba2662363ddd0cef68N.exe"C:\Users\Admin\AppData\Local\Temp\16eba3cb3091da8e0ed7b7c69c37e6dfbfd40974e4a324ba2662363ddd0cef68N.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:436 -
C:\Users\Admin\guoay.exe"C:\Users\Admin\guoay.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4400,i,6510295916244954942,10164894160290787457,262144 --variations-seed-version --mojo-platform-channel-handle=4436 /prefetch:81⤵PID:856
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
88KB
MD535fd35e29489a34b964875e44ca7f31e
SHA1d7c90cc5f9a89a163959dfe460488b1e3b15b6a3
SHA2568efb5eae5407dd8744c89db0d992c1c473fdb7ea6d6533904defafdd3614ed43
SHA51298a6f4024dad10bcbe8f518d525a8baed131b5cf997b0a5e4189c2faffba3884ac1fc48e8c9063b2a88f9cdcf56f31715f3e02cb0e2aaf205b6dcd41992f34c4