Resubmissions
05/12/2024, 17:09
241205-vpetjatmdw 1005/12/2024, 16:16
241205-tq9vmayjgj 1005/12/2024, 16:13
241205-tpazxayjap 305/12/2024, 16:09
241205-tlxdqs1rbx 3Analysis
-
max time kernel
180s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
05/12/2024, 16:09
Static task
static1
Behavioral task
behavioral1
Sample
32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf.exe
Resource
win10v2004-20241007-en
General
-
Target
32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf.exe
-
Size
3.6MB
-
MD5
d5dcd28612f4d6ffca0cfeaefd606bcf
-
SHA1
cf60fa60d2f461dddfdfcebf16368e6b539cd9ba
-
SHA256
32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf
-
SHA512
dbfcf464c3211b7454c406a9f9532c416910ac24ea862d7061e3503f294d690b4957020dcc703984449e0934c7a595cf9061412fa25383850dd86235648ac23b
-
SSDEEP
98304:whqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3R:whqPe1Cxcxk3ZAEUadzR8yc4gB
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf.exe -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Suspicious behavior: EnumeratesProcesses 34 IoCs
pid Process 2652 msedge.exe 2652 msedge.exe 4592 msedge.exe 4592 msedge.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 4472 taskmgr.exe Token: SeSystemProfilePrivilege 4472 taskmgr.exe Token: SeCreateGlobalPrivilege 4472 taskmgr.exe Token: 33 4472 taskmgr.exe Token: SeIncBasePriorityPrivilege 4472 taskmgr.exe -
Suspicious use of FindShellTrayWindow 56 IoCs
pid Process 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe -
Suspicious use of SendNotifyMessage 56 IoCs
pid Process 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe 4472 taskmgr.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4456 wrote to memory of 1956 4456 msedge.exe 107 PID 4456 wrote to memory of 1956 4456 msedge.exe 107 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 4352 4456 msedge.exe 108 PID 4456 wrote to memory of 2652 4456 msedge.exe 109 PID 4456 wrote to memory of 2652 4456 msedge.exe 109 PID 4456 wrote to memory of 3080 4456 msedge.exe 110 PID 4456 wrote to memory of 3080 4456 msedge.exe 110 PID 4456 wrote to memory of 3080 4456 msedge.exe 110 PID 4456 wrote to memory of 3080 4456 msedge.exe 110 PID 4456 wrote to memory of 3080 4456 msedge.exe 110 PID 4456 wrote to memory of 3080 4456 msedge.exe 110 PID 4456 wrote to memory of 3080 4456 msedge.exe 110 PID 4456 wrote to memory of 3080 4456 msedge.exe 110 PID 4456 wrote to memory of 3080 4456 msedge.exe 110 PID 4456 wrote to memory of 3080 4456 msedge.exe 110 PID 4456 wrote to memory of 3080 4456 msedge.exe 110 PID 4456 wrote to memory of 3080 4456 msedge.exe 110 PID 4456 wrote to memory of 3080 4456 msedge.exe 110 PID 4456 wrote to memory of 3080 4456 msedge.exe 110 PID 4456 wrote to memory of 3080 4456 msedge.exe 110 PID 4456 wrote to memory of 3080 4456 msedge.exe 110 PID 4456 wrote to memory of 3080 4456 msedge.exe 110 PID 4456 wrote to memory of 3080 4456 msedge.exe 110 PID 4456 wrote to memory of 3080 4456 msedge.exe 110 PID 4456 wrote to memory of 3080 4456 msedge.exe 110
Processes
-
C:\Users\Admin\AppData\Local\Temp\32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf.exe"C:\Users\Admin\AppData\Local\Temp\32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf.exe"1⤵
- System Location Discovery: System Language Discovery
PID:2196
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault7829f54ah64e8h4076h92afhb4937be2874f1⤵
- Suspicious use of WriteProcessMemory
PID:4456 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff996a446f8,0x7ff996a44708,0x7ff996a447182⤵PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,8532937380322926735,6416401094765195766,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:22⤵PID:4352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,8532937380322926735,6416401094765195766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,8532937380322926735,6416401094765195766,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:82⤵PID:3080
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4624
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1020
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault0e2f8b79h2f3bh453eh9c2dh8a1bad96ab191⤵PID:4988
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff996a446f8,0x7ff996a44708,0x7ff996a447182⤵PID:1368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,17382053860093930751,3186889828510207620,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:2372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,17382053860093930751,3186889828510207620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,17382053860093930751,3186889828510207620,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:82⤵PID:4176
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1208
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4924
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4472
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3132
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1010da169e15457c25bd80ef02d76a940c1210301
SHA2566e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c
-
Filesize
152B
MD585ba073d7015b6ce7da19235a275f6da
SHA1a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA2565ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3
-
Filesize
331B
MD5a156adcaa3f942b3ce91174a1bd6146c
SHA1632f9559f888e1bb66efe44ff2a7236fb48c403f
SHA25690d82879ea34a29f989d5da3bcc4abd82a573977ac8a02fe38e187f9f5062bb3
SHA5122e6e6ec6212b9d5d78000989d8ee63fbfda383c1a2682e1dd17a6574cb3b7fe0cb64efdbcdfc0cf95c029b31260b8920c8226b315512589507210dff58ee12d1
-
Filesize
5KB
MD573091b5746005a86749f2c3954defc72
SHA1b7a2354578911f1de77f51254e185bb7abba026a
SHA256bc9e09863caef38e888c93b70217bf6283fe2e802f3a07c1cd9be2a637bb975d
SHA5123eb979c6c521354c841b1be090fe3a0dc2777424c9cbd08a627b3a1fa018a7793f1d83f667466d90b1c29355e949c31f1f38eb88c0b210162473b2996d2bad41
-
Filesize
347B
MD5eac9e601889b404fde52de1fd14d6eaa
SHA1597e80a94312aeaf78bb07619b2bf80c852cc109
SHA256a4daf03abc5dd9f85727ed51f99f048d34a731c1c10136c3797b5be4202e6ab6
SHA512066708664ab9b770d0047456fbe9f82dc8c270b3bc4eac30f63bc0e437891d51ad319dbe9bf6e15003769fc5edd88fa7244695070349f8f58a495e4bdd1bdd87
-
Filesize
323B
MD51c23b0e6eb11d3fb846852542831dfbb
SHA15c597f1c7d126e138a2fc6c95533b5242040f4e1
SHA25621b8918d3b9a890b8dcdbfd54134ae343400b9272ef776880343cd07b464dc80
SHA512b8fb8600db7f2546f2852823d0d3556ca07a9b2e57ea62b5ff9804d36880ea17559c8cc34c02d1f61c3abeefcab9b934bbe841d9223a290b8e0bb761be213fdf
-
Filesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
Filesize
8KB
MD5899e649d108c10758b2333cf4c7ea49f
SHA19ac57f612bcb98ff336f24058dbd32ee7582275c
SHA256efb164f570a92ac9f9257fbb1854df48404faf94563792bda55954343b9c4c28
SHA512ae9697e33f03b1c17d4f0d4218b2bcee7bc04facb7dca04ed9758068665e40e22a52dd178c63006cc5e32a823962f905dd7a0d2b072a7d105bfe78a31c2fe64c
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58