Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
03-12-2024 16:17
General
-
Target
7c22f4061c00377c6e54ab94e1f5b7876df986f6e7cdcb1d1ed5bed17f06e91f.exe
-
Size
124KB
-
MD5
ef65a75d19fa8016413c0515c66e12d9
-
SHA1
fab426294b85631970932ab3ed8cf1d9793c6958
-
SHA256
7c22f4061c00377c6e54ab94e1f5b7876df986f6e7cdcb1d1ed5bed17f06e91f
-
SHA512
7e1eeebd32edfb8f7b318626e0df9d4efaabc17a36bf20e819574bc9bb757bde7a55c04cecc24b24eace5a744b52cc619a7e1e149deaaff5ffa14dc96505e8d8
-
SSDEEP
1536:Nlszi5YjhRO/N69BH3OoGa+FLHjKceRgrkOSoINeGUmc:3GQYjhkFoN3Oo1+FvfSS
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 37 IoCs
-
Executes dropped EXE 37 IoCs
-
Loads dropped DLL 64 IoCs
-
Adds Run key to start application 2 TTPs 37 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 38 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 37 IoCs
-
Suspicious use of SetWindowsHookEx 38 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7c22f4061c00377c6e54ab94e1f5b7876df986f6e7cdcb1d1ed5bed17f06e91f.exe"C:\Users\Admin\AppData\Local\Temp\7c22f4061c00377c6e54ab94e1f5b7876df986f6e7cdcb1d1ed5bed17f06e91f.exe"1⤵
- Modifies visiblity of hidden/system files in Explorer
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\saaoxo.exe"C:\Users\Admin\saaoxo.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\zaukuw.exe"C:\Users\Admin\zaukuw.exe"3⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\kiusig.exe"C:\Users\Admin\kiusig.exe"4⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\zgyuog.exe"C:\Users\Admin\zgyuog.exe"5⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\wimis.exe"C:\Users\Admin\wimis.exe"6⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\quuehu.exe"C:\Users\Admin\quuehu.exe"7⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\zefuc.exe"C:\Users\Admin\zefuc.exe"8⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\geeorus.exe"C:\Users\Admin\geeorus.exe"9⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\znzez.exe"C:\Users\Admin\znzez.exe"10⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\wiiawuh.exe"C:\Users\Admin\wiiawuh.exe"11⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\wuisex.exe"C:\Users\Admin\wuisex.exe"12⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\quaoci.exe"C:\Users\Admin\quaoci.exe"13⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\seaig.exe"C:\Users\Admin\seaig.exe"14⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\qiaotod.exe"C:\Users\Admin\qiaotod.exe"15⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\yaezi.exe"C:\Users\Admin\yaezi.exe"16⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\hiesuet.exe"C:\Users\Admin\hiesuet.exe"17⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\soakiuj.exe"C:\Users\Admin\soakiuj.exe"18⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\cchoaz.exe"C:\Users\Admin\cchoaz.exe"19⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\haooju.exe"C:\Users\Admin\haooju.exe"20⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\muuki.exe"C:\Users\Admin\muuki.exe"21⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\mxheit.exe"C:\Users\Admin\mxheit.exe"22⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\fouuki.exe"C:\Users\Admin\fouuki.exe"23⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\leuowe.exe"C:\Users\Admin\leuowe.exe"24⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\qiigeoz.exe"C:\Users\Admin\qiigeoz.exe"25⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\caoqa.exe"C:\Users\Admin\caoqa.exe"26⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\morek.exe"C:\Users\Admin\morek.exe"27⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\ziamaic.exe"C:\Users\Admin\ziamaic.exe"28⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\goeov.exe"C:\Users\Admin\goeov.exe"29⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\gaaud.exe"C:\Users\Admin\gaaud.exe"30⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\zieyiaq.exe"C:\Users\Admin\zieyiaq.exe"31⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\soeikus.exe"C:\Users\Admin\soeikus.exe"32⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\looaf.exe"C:\Users\Admin\looaf.exe"33⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\midoy.exe"C:\Users\Admin\midoy.exe"34⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\whkous.exe"C:\Users\Admin\whkous.exe"35⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\soadair.exe"C:\Users\Admin\soadair.exe"36⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\dbkiaq.exe"C:\Users\Admin\dbkiaq.exe"37⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\xuail.exe"C:\Users\Admin\xuail.exe"38⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
124KB
MD568a401242f3bc99e2ea32dd689b9a297
SHA186c25118ad81725ad9ab4c47ea3cc9081ee00d42
SHA2569092115f099f377a3d1fc768b92d59a2684a6746b695f96de34e53a2049dfd6f
SHA512b539c0cd00c4d69a6c49c57029795825f9563c5b4404babfd265a79163bc843ebc03a41f60e844d7a59ea22f84f714cf0a43a94b0d81b13e3b36b1b48fb19b0c
-
Filesize
124KB
MD5ec181a2fa5f6015c7c8cfdcaaed7688e
SHA13cf2598964f7bd37909a480d86877811d55ca09d
SHA25669a75818bad8f0a2110bbf5f620614328a934f73d9e518d30d0f1feacd1e76b6
SHA5127077bb8a68df2c63175b8fe9922a15740fb0aff26ed48d2cfaace56db1c084f631b1bacc9f6b5e37c34eae551b41127ad9ffa75fdd09043885ed293ca2887f28
-
Filesize
124KB
MD532571719165510c32145894ad66010f3
SHA17151a22d2a2a59b47d1678f635d7441dd47ea26f
SHA256023eeb7cc24cec8a71a626d1c9fa371728172604505c6c1b3b2e5baeee1de349
SHA51250017f79a8c5d979e2182090c316101ebf51e85a37eb8dfa8179afe9e94ad2f5ee28a7725184b11964c5df3b75695e326a0b2c1495d8ffe56a1ad063875c325b
-
Filesize
124KB
MD5bcb0179c16758c0d091fafe3000b70e1
SHA1ff667336cb90eedd5d79d2cd64b0087a529cf749
SHA2560bd01f8d07e56e48c816698ba645d38b26d50bf4fc2ca0d97a9d7f9d5fba0345
SHA5126cb7c2e63a004e6f7f7078ec9da30f1bb169ffb4a89d6099163132db53ed0a8af1f249422bed1307b6b6613b708920a03d9ac085f7e91ef8ad039a8057de479b
-
Filesize
124KB
MD598e40b23dcdf5bc61c15f7c9ba92b6bd
SHA1ef741e4f2fe868b37fb39ed3073b8c3bf9c3b494
SHA256392d1ca28d59d410e98a5c803494e048c50c6c48de8d863ca6301c54d47b09b7
SHA512573e8b2d5344336fc88156a439af6c88c594b41f4a131b91317812c5c2d04e57b58c33d7f212610c38638a4107ac39cb1b5d8f7a796893edf9d0dba31e6470e5
-
Filesize
124KB
MD576e694f5d8cf4a52ecfe529e4d8c6447
SHA1f8ac413bafbf4f77a8e60bcdd565584fb536850e
SHA2568b4c9d1abcfbfd90878be38da671cff5f46f08fa91f06ef2947c2eadc19e91e2
SHA5122b29b1fb533d938662711416d94ba4e3456343f28e85b6844fadcced6061165392e850e8f2ced292e89f1fcecb8f281419eb651815921d0c675dd076c6da5cb5
-
Filesize
124KB
MD57d51e9758b78b9c25600776f6e6f2717
SHA1a3788c9688c39d3ef317bddaab131153b8df66be
SHA25638e39ea740ead900370226026e70eecfa616c98c0251c5d45021225d1746ca13
SHA512e523ef884ac6d3b25aaf5e514a5b86320af5cbdbbef50604816bed259579546b1e353b199562aaaedc98cfa5c7ece47b2f4e2017a155c7acb84886941087aa93
-
Filesize
124KB
MD5b841b45a586b4b3c73b5ff7198dd61c1
SHA1da6011c83267d9e551e411d580bb8ee4945e0871
SHA256a1db583081e7d424ba2cd0a615219f91a23f54dffacf6b008c8589d079b973fd
SHA512d669401d661fa64b4cb4b28e2987a2b550a1b0203ec738c8edff8801ca5bc6584c45e3f0edeff2def7a5a114d7a9de7052df8af5d3fc7edf0abef224acd88606
-
Filesize
124KB
MD51d8e0fe74684ed0bf5bf1b9570f86906
SHA1265ab8d198faadc477d619994e44bf22b015475f
SHA256942be1a8f983b81cda445894485f8df686193a8153d478845c1e158843e48205
SHA512a4cf6c1d9558b82b91b87336799d2ae2bb84f5859fbda8deb362389b9145834df78e75a429b9fdb328da972a3fe2e4af826df12d6e52e28ee328ea12cff944e1
-
Filesize
124KB
MD5ba2eed58682cc9ec70ba03891134a338
SHA1fe17631bf03795f3b531d5cfd4daa5f51a1184ab
SHA25624d8835bfdf1975af7b4ad8a5862c7205e99a6d79fd2581ce3f444054ff8c9c1
SHA512174c030b4d17686b023f61666f045d31cfb0eae85546fb70da1e7a35d739fb78463c90394073f13ea3d3667c47057463cba279364add1ecd36673ee93b19b760
-
Filesize
124KB
MD5a7f87f35ee37aecf9dc17365c6fbc37d
SHA17eb6177e12a4edcaa81653bdc67e28cd6f2aeaa4
SHA25624a1ac49ca0aa2d2ba7cb0387c45b7ae867eb1ed0c86e77887272fde292a49a3
SHA512f37ace5aab79dc308d260ed7ddafdaaf21146d68f10f9a9f41a3e1956b2635f2fe6ba00eda9659e3e41b049a4dd41ad6394c2be601ac36d01f91d74cb12658f1
-
Filesize
124KB
MD58b58bf279ec2eababc916064f5f5ab6b
SHA1fa0ea1638ded2e85b329565cb0770b64454b33ef
SHA256289d751c7e044520e72a073b2b5996ce6903746e31987c48b1b55d21e6062475
SHA512d673b3d36f1468b93ceb8300cf482d5b5889a0cdb7f0229781c3581728e29634eac180af79e75f7193b7a1bea48f89c6337d0dd679e2bc2be0b1aa15cdd55928
-
Filesize
124KB
MD5e4f1cf5950bd3719c82e0577d88323b5
SHA1210999cb415477b536244d4afa6acec8931f66c7
SHA256c96734fc301b0c5f7f2664f4303f848270b11bcf6d35a545bce071e1c6b048cc
SHA512f35347df92108723cb4a40d42d977c578e5afbc28fe0868e6fbc9945c9883c07b0843705b743215fa5bf90be9857d7c63acc912010d9f97b5f790f51753834d7
-
Filesize
124KB
MD5412e3ac619d1cb65fd136fcafc09f1fd
SHA1d279ad059f74b4ab6c8290aa309f685249f353ee
SHA256751b4b941915c88fb31501d30d5d37c507d2090f3d1e267e5c36d34d715e0ec5
SHA512211004fc1d125e1ff854d485782841486ea340f317c3b7f3e05636a4a6b035e8530af020c4719c1ad28a3891ba1dbb9070f59891373343253cd6a27b898fe4e6
-
Filesize
124KB
MD52800362e240c8812c668d5b7d0bfe442
SHA184091368029bd91ea1dab88de04a6d15c0d2e526
SHA2562ec0354a98e829fd7c42f91afedbd34d1dad085295e71eb64c9db43e5784fba7
SHA5129cc9460d36b25c896bc480a40211e0739952cd633c97e79e2b1b2474701a85ee4a05af3eb5118c087736a8362eed9ec181f5c3bc0c3663bd565c84d49583c3a5
-
Filesize
124KB
MD5ba4d8e0ab1a5decdd16f184af643e775
SHA15a563cdb482ccf4f203187fe6352091cf323ab25
SHA256e40c6c536ffd07f219d70457357e3028dbdfa5a737a8a78503f4662408532ea8
SHA512905a4c582d526993c2617c4c59b907bd6b4e8b2604a8efcee3639858d38d91219caf4a130dd1a55ff50f28b49b046fc0431b85dc4b5dcc07386b67e1bb8d812a