analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://go.cloudplatformonline.com/dc/I9bA9FdQfZoMOERShMVXdZ4hMzU-SacfCp1Rs5RDZLvbitdKLwCB6bUgdHWrYcW914UoMobsEl9uPf5avX7Pd92MmZ8pNyDVosIruqwc52FV0OeguW-6SuGO6VKl-JOdLm2H_ThPgBL-9AhHMMW1156hTl1IwjhFAEbfjdNzhneGs50fyCC2oNqxhdtTMRJWF3V76XxCScewYhNt_oX1kFxsgrMA_nW05ZbRUemE4o0raNiCBu-QMZPtkcEBPYoRuPMz8or-yGBmHfuiFj6YKZvJhVNuMWOsMTbuKXyazLoS0fUFyauX-6B4mGqEKopBS4F9F-7vFG_Cfj4g3hrpbrJj0BScmRexvpH-QMIViAo=/ODA4LUdKVy0zMTQAAAGCK5Oi2_3OmtKhGB7xrGSjV5Hd2V_7z0HiF1CMgqxl_9BeqJJ2xnK2pYrM2pvgCjtSDKkaW-I=

Full analysis: https://app.any.run/tasks/587b4bdb-83b5-4b02-9b62-6fd5c821ec89
Verdict: Malicious activity
Analysis date: January 24, 2022, 22:30:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

5154E2ADE4E834DB785D370788CE202D

SHA1:

CC41DA4FF7451FE407AF69312D79349DBDC5A3A4

SHA256:

3ABF7A47073FC2CB9EF07523DB5EACEA28C2E2F0731DCCCA015C5994AA9C3352

SSDEEP:

12:2uFMDpW5wsRcL8tg1lqg7ngeCFq7felXm/l/5jK:2uFWW2PL8KHqI1v+m/lBW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 2204)

  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 2204)
      • iexplore.exe (PID: 1404)
      • AcroRd32.exe (PID: 3484)
      • AcroRd32.exe (PID: 3708)
      • RdrCEF.exe (PID: 3492)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2204)
      • iexplore.exe (PID: 1404)
      • AcroRd32.exe (PID: 3484)
      • RdrCEF.exe (PID: 3492)

    • Checks supported languages

      • iexplore.exe (PID: 1404)
      • iexplore.exe (PID: 2204)
      • AcroRd32.exe (PID: 3484)
      • RdrCEF.exe (PID: 2504)
      • AcroRd32.exe (PID: 3708)
      • RdrCEF.exe (PID: 3492)
      • RdrCEF.exe (PID: 3808)
      • RdrCEF.exe (PID: 3672)
      • RdrCEF.exe (PID: 2792)
      • RdrCEF.exe (PID: 508)
      • RdrCEF.exe (PID: 760)

    • Changes settings of System certificates

      • iexplore.exe (PID: 1404)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 1404)

    • Creates files in the user directory

      • iexplore.exe (PID: 2204)
      • iexplore.exe (PID: 1404)

    • Checks Windows Trust Settings

      • iexplore.exe (PID: 2204)
      • iexplore.exe (PID: 1404)
      • AcroRd32.exe (PID: 3484)

    • Application launched itself

      • iexplore.exe (PID: 1404)
      • AcroRd32.exe (PID: 3484)
      • RdrCEF.exe (PID: 3492)

    • Changes internet zones settings

      • iexplore.exe (PID: 1404)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2204)

    • Reads CPU info

      • AcroRd32.exe (PID: 3708)

    • Searches for installed software

      • AcroRd32.exe (PID: 3484)
      • AcroRd32.exe (PID: 3708)

    • Reads the hosts file

      • RdrCEF.exe (PID: 3492)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
48
Monitored processes
12
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe acrord32.exe no specs acrord32.exe acrord32.exe no specs rdrcef.exe rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1404"C:\Program Files\Internet Explorer\iexplore.exe" "https://go.cloudplatformonline.com/dc/I9bA9FdQfZoMOERShMVXdZ4hMzU-SacfCp1Rs5RDZLvbitdKLwCB6bUgdHWrYcW914UoMobsEl9uPf5avX7Pd92MmZ8pNyDVosIruqwc52FV0OeguW-6SuGO6VKl-JOdLm2H_ThPgBL-9AhHMMW1156hTl1IwjhFAEbfjdNzhneGs50fyCC2oNqxhdtTMRJWF3V76XxCScewYhNt_oX1kFxsgrMA_nW05ZbRUemE4o0raNiCBu-QMZPtkcEBPYoRuPMz8or-yGBmHfuiFj6YKZvJhVNuMWOsMTbuKXyazLoS0fUFyauX-6B4mGqEKopBS4F9F-7vFG_Cfj4g3hrpbrJj0BScmRexvpH-QMIViAo=/ODA4LUdKVy0zMTQAAAGCK5Oi2_3OmtKhGB7xrGSjV5Hd2V_7z0HiF1CMgqxl_9BeqJJ2xnK2pYrM2pvgCjtSDKkaW-I="C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2204"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1404 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3132"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" /o /eo /l /b /id 2204C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeiexplore.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe Acrobat Reader DC
Exit code:
0
Version:
20.13.20064.405839
3484"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" /o /eo /l /b /id 2204C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
iexplore.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe Acrobat Reader DC
Version:
20.13.20064.405839
3708"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer /o /eo /l /b /id 2204C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeAcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe Acrobat Reader DC
Version:
20.13.20064.405839
3492"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
AcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
20.13.20064.405839
2792"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1172,14016979856695041089,15490836517861468709,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12211085806721434904 --renderer-client-id=2 --mojo-platform-channel-handle=1180 --allow-no-sandbox-job /prefetch:1C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
20.13.20064.405839
3672"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1172,14016979856695041089,15490836517861468709,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=6662343693924202040 --mojo-platform-channel-handle=1216 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
3808"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1172,14016979856695041089,15490836517861468709,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=10592643615040108339 --mojo-platform-channel-handle=1200 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
2504"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1172,14016979856695041089,15490836517861468709,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=5010874836353703756 --mojo-platform-channel-handle=1472 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Exit code:
1
Version:
20.13.20064.405839
Total events
24 529
Read events
24 359
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
110
Text files
12
Unknown types
8

Dropped files

PID
Process
Filename
Type
2204iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAder
MD5:0213524244EAF6A7E638BB1910432065
SHA256:2CCB09AE116851A6DFF4849062A18092D522A05897CECB74DFCA383AA2DEA296
1404iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\ZBSCIOD9.txttext
MD5:D7E1B880AA754DC1A6FA977975326B79
SHA256:D9B394F60603894B8CD26F2E079AED5E6A39E22905F2BF22F7E806C75A6272D9
1404iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:FC990EAA7247546FB67C18916A4CAC9B
SHA256:294F5BE9159C87842AD3173FE7CDA168C9F2010C6D428085A8AC30EF436CA993
2204iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\TarF810.tmpcat
MD5:D99661D0893A52A0700B8AE68457351A
SHA256:BDD5111162A6FA25682E18FA74E37E676D49CAFCB5B7207E98E5256D1EF0D003
2204iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\7VX24I3N.txttext
MD5:EC1922805E9D9C0E8BB1D2376B4F2427
SHA256:7F9DBE242664BEDC220D57E23AD73262E390088C4B532D06B0729F0CAB58E93E
2204iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13der
MD5:34615E035F22E0F62ABB877EF4E65B52
SHA256:77DA562E421B1004406EBDA1A1E2576B3B04D6D6E62BBDFF40B8C67E0A3C6486
2204iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13binary
MD5:40694685722A6AFCDA2D18A8EF1ED1CF
SHA256:8811F9DFD2520CE112FE1EA43619B85929A35A4B59CEF67BC341BA8CC64CEF46
2204iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:C04CC4D66D614213933B71D8436F0B46
SHA256:4ACD4397DE6BC8EA15B014AA7056ECBE25258DA1752C7652A756E14186D04074
2204iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\google_cloud_global_idg_it_leaders_research_report_es[1].pdfpdf
MD5:F505FCC634DCA58FB1E7AC7934F9C401
SHA256:E1ED3C5BC075276E7F0F7D05DCB59C50ADF641A2C03C2D05F4B16BC98AF42803
2204iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:028AD946333A0FED08D6AFA1BC6C6924
SHA256:632FAFABF39F52F7461C7F973C7B21A78AB589ED86ECDEB0E81816EDDEF3F333
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
29
DNS requests
13
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2204
iexplore.exe
GET
200
142.250.185.163:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIAjrICMzZli2TN25s%3D
US
der
724 b
whitelisted
3484
AcroRd32.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
US
der
471 b
whitelisted
2204
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?4a60cee1206ff0b1
US
compressed
59.9 Kb
whitelisted
2204
iexplore.exe
GET
200
142.250.185.163:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
der
1.41 Kb
whitelisted
2204
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5b810eac8f0d199b
US
compressed
4.70 Kb
whitelisted
1404
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
1404
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1404
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
1404
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2204
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
1404
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2204
iexplore.exe
142.250.185.163:80
ocsp.pki.goog
Google Inc.
US
whitelisted
3492
RdrCEF.exe
2.21.141.61:443
geo2.adobe.com
Telia Company AB
suspicious
2.21.141.61:443
geo2.adobe.com
Telia Company AB
suspicious
2204
iexplore.exe
104.17.74.206:443
go.cloudplatformonline.com
Cloudflare Inc
US
shared
1404
iexplore.exe
104.17.72.206:443
go.cloudplatformonline.com
Cloudflare Inc
US
shared
2204
iexplore.exe
104.17.72.206:443
go.cloudplatformonline.com
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
go.cloudplatformonline.com
  • 104.17.72.206
  • 104.17.74.206
  • 104.17.70.206
  • 104.17.73.206
  • 104.17.71.206
whitelisted
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.pki.goog
  • 142.250.185.163
whitelisted
lp.cloudplatformonline.com
  • 104.17.74.206
  • 104.17.71.206
  • 104.17.70.206
  • 104.17.73.206
  • 104.17.72.206
suspicious
ocsp.digicert.com
  • 93.184.220.29
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
geo2.adobe.com
  • 2.21.141.61
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://go.cloudplatformonline.com/dc/I9bA9FdQfZoMOERShMVXdZ4hMzU-SacfCp1Rs5RDZLvbitdKLwCB6bUgdHWrYcW914UoMobsEl9uPf5avX7Pd92MmZ8pNyDVosIruqwc52FV0OeguW-6SuGO6VKl-JOdLm2H_ThPgBL-9AhHMMW1156hTl1IwjhFAEbfjdNzhneGs50fyCC2oNqxhdtTMRJWF3V76XxCScewYhNt_oX1kFxsgrMA_nW05ZbRUemE4o0raNiCBu-QMZPtkcEBPYoRuPMz8or-yGBmHfuiFj6YKZvJhVNuMWOsMTbuKXyazLoS0fUFyauX-6B4mGqEKopBS4F9F-7vFG_Cfj4g3hrpbrJj0BScmRexvpH-QMIViAo=/ODA4LUdKVy0zMTQAAAGCK5Oi2_3OmtKhGB7xrGSjV5Hd2V_7z0HiF1CMgqxl_9BeqJJ2xnK2pYrM2pvgCjtSDKkaW-I=