Overview
overview
10Static
static
10._cache_�...��.exe
windows7-x64
6._cache_�...��.exe
windows10-2004-x64
6COMDLG32.dll
windows7-x64
3COMDLG32.dll
windows10-2004-x64
3MSCOMCTL.dll
windows7-x64
3MSCOMCTL.dll
windows10-2004-x64
3MSDATGRD.dll
windows7-x64
3MSDATGRD.dll
windows10-2004-x64
3MSINET.dll
windows7-x64
3MSINET.dll
windows10-2004-x64
3VB6STKIT.dll
windows7-x64
3VB6STKIT.dll
windows10-2004-x64
3msadodc.dll
windows7-x64
3msadodc.dll
windows10-2004-x64
3msvbvm60.dll
windows7-x64
3msvbvm60.dll
windows10-2004-x64
3scrrnchs.dll
windows7-x64
1scrrnchs.dll
windows10-2004-x64
1《语音�...��.doc
windows7-x64
4《语音�...��.doc
windows10-2004-x64
1新编赞�...ar.lnk
windows7-x64
3新编赞�...ar.lnk
windows10-2004-x64
3旷野呼声.url
windows7-x64
1旷野呼声.url
windows10-2004-x64
1语音投�...��.exe
windows7-x64
10语音投�...��.exe
windows10-2004-x64
10Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
12-11-2024 12:53
Behavioral task
behavioral1
Sample
._cache_语音投影圣经无声版.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral2
Sample
._cache_语音投影圣经无声版.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
COMDLG32.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral4
Sample
COMDLG32.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
MSCOMCTL.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
MSCOMCTL.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
MSDATGRD.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
MSDATGRD.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
MSINET.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
MSINET.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
VB6STKIT.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral12
Sample
VB6STKIT.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
msadodc.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral14
Sample
msadodc.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
msvbvm60.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral16
Sample
msvbvm60.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
scrrnchs.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral18
Sample
scrrnchs.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
《语音投影圣经》5.20版说明.doc
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
《语音投影圣经》5.20版说明.doc
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
新编赞美诗补充本200首pps.rar.lnk
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral22
Sample
新编赞美诗补充本200首pps.rar.lnk
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
旷野呼声.url
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral24
Sample
旷野呼声.url
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
语音投影圣经无声版.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral26
Sample
语音投影圣经无声版.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
General
-
Target
._cache_语音投影圣经无声版.exe
-
Size
992KB
-
MD5
31fe511406b34ab828f59b2f83a34cd6
-
SHA1
6289753d84161b8262db001512a964abf099faac
-
SHA256
8d26ea240ab0ad93dbddd87611f2073d9169c89f901ab6410fc67a3a9bb67676
-
SHA512
f2252e5f62c7a7b9651298e50bd86f829051d36511010a78c6fc6b03d002dc1eea3855946b8734aa5ee9ee0e8cbe290c5b6d113e634e7d2eb2918f1efc442be7
-
SSDEEP
12288:MNDMnDn1jzF7TpRQR+VSXxGQegVC8Gz1+H5sJlpsLmkyUt1hqJF4e6M+VyWK:ADgn1jNrQkVSXcl8GBG5epsL0uo+k
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
._cache_语音投影圣经无声版.exedescription ioc Process File opened (read-only) \??\B: ._cache_语音投影圣经无声版.exe File opened (read-only) \??\R: ._cache_语音投影圣经无声版.exe File opened (read-only) \??\T: ._cache_语音投影圣经无声版.exe File opened (read-only) \??\J: ._cache_语音投影圣经无声版.exe File opened (read-only) \??\L: ._cache_语音投影圣经无声版.exe File opened (read-only) \??\U: ._cache_语音投影圣经无声版.exe File opened (read-only) \??\V: ._cache_语音投影圣经无声版.exe File opened (read-only) \??\W: ._cache_语音投影圣经无声版.exe File opened (read-only) \??\X: ._cache_语音投影圣经无声版.exe File opened (read-only) \??\A: ._cache_语音投影圣经无声版.exe File opened (read-only) \??\E: ._cache_语音投影圣经无声版.exe File opened (read-only) \??\G: ._cache_语音投影圣经无声版.exe File opened (read-only) \??\I: ._cache_语音投影圣经无声版.exe File opened (read-only) \??\P: ._cache_语音投影圣经无声版.exe File opened (read-only) \??\Q: ._cache_语音投影圣经无声版.exe File opened (read-only) \??\Y: ._cache_语音投影圣经无声版.exe File opened (read-only) \??\Z: ._cache_语音投影圣经无声版.exe File opened (read-only) \??\H: ._cache_语音投影圣经无声版.exe File opened (read-only) \??\K: ._cache_语音投影圣经无声版.exe File opened (read-only) \??\M: ._cache_语音投影圣经无声版.exe File opened (read-only) \??\N: ._cache_语音投影圣经无声版.exe File opened (read-only) \??\O: ._cache_语音投影圣经无声版.exe File opened (read-only) \??\S: ._cache_语音投影圣经无声版.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
._cache_语音投影圣经无声版.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ._cache_语音投影圣经无声版.exe -
Modifies registry class 64 IoCs
Processes:
._cache_语音投影圣经无声版.exedescription ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CDE57A52-8B86-11D0-B3C6-00A0C90AEA82}\ = "SelBookmarks" ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CDE57A53-8B86-11D0-B3C6-00A0C90AEA82}\ = "Splits" ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{67397AA3-7FB1-11D0-B148-00A0C922E820}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MSADODC.OCX" ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{27F8FFB2-7406-11D1-B18C-00A0C922E820}\ = "Adodc RecordSource Property Page Object" ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{67397AA3-7FB1-11D0-B148-00A0C922E820}\Implemented Categories ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\VersionIndependentProgID\ = "InetCtls.Inet" ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0 ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7C0FFAB3-CD84-11D0-949A-00A0C91110ED}\TypeLib ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{67397AA3-7FB1-11D0-B148-00A0C922E820}\VersionIndependentProgID ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CLSID ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\Version = "1.0" ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSDataGridLib.DataGrid\CLSID ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CDE57A52-8B86-11D0-B3C6-00A0C90AEA82}\TypeLib\Version = "1.0" ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CDE57A54-8B86-11D0-B3C6-00A0C90AEA82}\ = "Split" ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CDE57A42-8B86-11D0-B3C6-00A0C90AEA82} ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CDE57A44-8B86-11D0-B3C6-00A0C90AEA82}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MSDATGRD.OCX" ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CAD92F0-D7C4-11D0-BCF7-00C04FC2FB86}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MSDATGRD.OCX" ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CDE57A42-8B86-11D0-B3C6-00A0C90AEA82}\TypeLib\ = "{CDE57A40-8B86-11D0-B3C6-00A0C90AEA82}" ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid32 ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib\Version = "1.2" ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{27F8FFB1-7406-11D1-B18C-00A0C922E820}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MSADODC.OCX" ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{67397AA2-7FB1-11D0-B148-00A0C922E820}\TypeLib ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\VersionIndependentProgID ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog\CurVer\ = "MSComDlg.CommonDialog.1" ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0 ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\TypeLib ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7C0FFAB0-CD84-11D0-949A-00A0C91110ED}\1.0\0\win32 ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7C0FFAB3-CD84-11D0-949A-00A0C91110ED}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CDE57A43-8B86-11D0-B3C6-00A0C90AEA82}\VersionIndependentProgID\ = "MSDataGridLib.DataGrid" ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E9D00F06-D948-11D0-BCF7-00C04FC2FB86}\InprocServer32 ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59291-9880-11CF-9754-00AA00C00908} ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib\ = "{F9043C88-F6F2-101A-A3C9-08002B2F49FB}" ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CAD92F0-D7C4-11D0-BCF7-00C04FC2FB86}\ = "DataGrid Keyboard Property Page Object" ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CDE57A53-8B86-11D0-B3C6-00A0C90AEA82} ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{67397AA3-7FB1-11D0-B148-00A0C922E820} ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Version ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7C0FFAB2-CD84-11D0-949A-00A0C91110ED} ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7C0FFAB2-CD84-11D0-949A-00A0C91110ED}\TypeLib ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSDataGridLib.DataGrid\CurVer ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\TypeLib ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Version\ = "1.2" ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{67397AA3-7FB1-11D0-B148-00A0C922E820}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MSADODC.OCX, 1" ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ = "DInetEvents" ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{67397AA3-7FB1-11D0-B148-00A0C922E820}\Control ._cache_语音投影圣经无声版.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908} ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ = "IInet" ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7C0FFAB2-CD84-11D0-949A-00A0C91110ED}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\COMDLG32.OCX" ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7C0FFAB3-CD84-11D0-949A-00A0C91110ED}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CDE57A44-8B86-11D0-B3C6-00A0C90AEA82}\ = "DataGrid General Property Page Object" ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CDE57A50-8B86-11D0-B3C6-00A0C90AEA82}\TypeLib\ = "{CDE57A40-8B86-11D0-B3C6-00A0C90AEA82}" ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CDE57A54-8B86-11D0-B3C6-00A0C90AEA82}\TypeLib\Version = "1.0" ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\MSINET.OCX" ._cache_语音投影圣经无声版.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CDE57A4F-8B86-11D0-B3C6-00A0C90AEA82}\TypeLib\Version = "1.0" ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{67397AA3-7FB1-11D0-B148-00A0C922E820}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7C0FFAB3-CD84-11D0-949A-00A0C91110ED}\ProxyStubClsid32 ._cache_语音投影圣经无声版.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{67397AA2-7FB1-11D0-B148-00A0C922E820}\TypeLib ._cache_语音投影圣经无声版.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
._cache_语音投影圣经无声版.exepid Process 2384 ._cache_语音投影圣经无声版.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
320B
MD566081ad2f8f169ae6fe3768a66645a2a
SHA1126edae9eaa5e859563766f8581987c8168985aa
SHA2567a950b809ad7d2236d8f6b062050b6579806cf717b1b7d8c731c5a84e1565a80
SHA51231a61eb2ebd0cb650ec98680b617956829f71f17986c67d3c12a4db08a47e965913036d2780b07ea20aeea488732159146ba5ef5ac769b3c6a6fa74dccfec140