{
	"id": "4bd414d0-59d5-497a-894d-b2bd5575a1ca",
	"created_at": "2026-04-10T03:21:11.070766Z",
	"updated_at": "2026-04-10T13:12:05.990683Z",
	"deleted_at": null,
	"sha1_hash": "137263d75e06ee43d7fd29d45813ea6e87dafa9c",
	"title": "Qilin Ransomware-as-a-Service: Threat Analysis and Strategic Outlook",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1096181,
	"plain_text": "Qilin Ransomware-as-a-Service: Threat Analysis and Strategic\r\nOutlook\r\nBy BeGoodToAll\r\nPublished: 2025-08-18 · Archived: 2026-04-10 03:08:01 UTC\r\n11 min read\r\nAug 18, 2025\r\nPress enter or click to view image in full size\r\nhttps://medium.com/@raghavtiresearch/qilin-ransomware-as-a-service-threat-analysis-and-strategic-outlook-daf8bd6808b5\r\nPage 1 of 10\n\nExecutive Summary\r\nQilin ransomware, also known as Agenda, has emerged as one of the most significant and evolving cyber threats\r\nglobally, rapidly ascending to become a top-tier ransomware-as-a-service (RaaS) operation. Since its initial\r\nhttps://medium.com/@raghavtiresearch/qilin-ransomware-as-a-service-threat-analysis-and-strategic-outlook-daf8bd6808b5\r\nPage 2 of 10\n\nappearance in July 2022, Qilin has demonstrated remarkable adaptability and sophistication, consistently refining\r\nits tactics, techniques, and procedures (TTPs) to maximize impact and financial gain. This report provides a\r\ncomprehensive analysis of Qilin’s evolution, operational model, attack methodologies, victimology, and recent\r\nactivities, along with strategic recommendations for defense and future trend forecasts. Its professionalized\r\napproach, including offerings like “legal support” to affiliates, highlights a concerning new phase in the\r\ncybercrime economy.\r\nIntroduction to Qilin Ransomware (Agenda Ransomware)\r\nQilin ransomware, initially observed in July 2022 under the name “Agenda,” operates on a Ransomware-as-a-Service (RaaS) model. This model allows core developers to provide their malicious software and infrastructure\r\nto affiliates in exchange for a percentage of the profits generated from attacks. The name “Qilin” references a\r\nChinese mythological creature symbolizing power and prosperity, a fitting metaphor for the group’s perceived\r\ninfluence and financial objectives. Despite the Chinese name, the group is linked to Russian-speaking\r\ncybercriminals, often recruiting affiliates on Russian-language forums and notably excluding Commonwealth of\r\nIndependent States (CIS) countries from its targets.\r\nEvolution of Qilin Ransomware\r\nQilin has undergone significant technical and operational evolution since its inception.\r\nJuly 2022: First sighted as “Agenda” with code written in Go (Golang).\r\nSeptember-December 2022: Rebranded to “Qilin” and saw a complete redesign in Rust language,\r\nsignificantly improving its portability, efficiency, stealth, and evasion capabilities across Windows, Linux,\r\nand VMware ESXi servers.\r\nLate 2023: Gained popularity through targeted attacks on VMware ESXi infrastructure.\r\n2024: Expanded capabilities to include Chrome Stealer functionality and robust encryption/evasion\r\ntactics. A new, more advanced variant, Qilin.B, emerged, offering enhanced encryption (AES-256-CTR\r\nand ChaCha20) and sophisticated operational tactics.\r\nEarly 2025: Attacks intensified, with over 310 victims claimed by March 2025. By May 2025, public sources\r\nidentified Qilin as the leading ransomware threat overall.\r\nTactics, Techniques, and Procedures (TTPs)\r\nQilin employs sophisticated and adaptive TTPs that follow a structured attack kill chain.\r\n1. Initial Infection Vectors\r\nPhishing and Spear-Phishing: The most common method, involving malicious attachments or links in\r\nconvincing emails.\r\nExploitation of Exposed Applications and Interfaces: This includes Citrix, Remote Desktop Protocol\r\n(RDP), and unpatched vulnerabilities in critical software.\r\nCompromised Credentials: Gaining initial access through leaked or purchased valid credentials.\r\nVulnerability Exploitation: Actively exploiting specific CVEs in widely used products (detailed in\r\nVulnerabilities Exploited and Products/Technologies section).\r\nhttps://medium.com/@raghavtiresearch/qilin-ransomware-as-a-service-threat-analysis-and-strategic-outlook-daf8bd6808b5\r\nPage 3 of 10\n\n2. Execution Flow: Once initial access is gained, Qilin follows a detailed execution sequence to maximize\r\ndamage and evade detection.\r\nPayload Deployment: The ransomware payload (often named w.exe or a .dll variant like stevedore) is\r\ntypically deployed to a temporary directory (e.g., C:\\temp). Execution requires a specific password\r\nprovided as a command-line argument, which is then hashed (SHA-256) and compared against a pre-defined hash in the ransomware’s configuration.\r\nPrivilege Escalation: Qilin seeks to elevate privileges to SYSTEM-level access, often through an\r\nembedded Mimikatz module to steal user tokens from processes like lsass.exe, winlogon.exe, or\r\nwininit.exe. It can also use PowerShell and PsExec for lateral movement.\r\nLateral Movement: Qilin exhibits worm-like propagation capabilities across local networks when the -\r\nspread command-line argument is used. It embeds Sysinternals PsExec (version 2.43) to establish\r\nconnections and move to other domain computers. Domain reconnaissance is performed to identify targets.\r\nEvidence also shows use of VMware vCenter for self-distribution (-spread-vcenter).\r\n3. Defense Evasion: Qilin meticulously neutralizes defensive and recovery mechanisms.\r\nLog Deletion: System logs (including Windows PowerShell and System logs) are systematically deleted to\r\neliminate traces of intrusion and hamper forensic analysis.\r\nSecurity Tool Disabling: It attempts to disable security services like antivirus and intrusion detection\r\nsolutions by terminating specific processes and services (configurable via process_black_list and\r\nwin_services_black_list).\r\nBackup Corruption/Deletion: It corrupts backups by deleting Volume Shadow Copies (VSS), disabling\r\nscheduled backup jobs, removing backup jobs within management consoles, and overwriting free disk\r\nspace with cipher utilities (e.g., cipher /w: “X:\\”).\r\nObfuscation and Anti-Analysis: Qilin uses packed code, control flow modifications, string encryption,\r\nand anti-analysis checks to evade static detection, sandbox, and VM environments.\r\n4. Custom Encryption \u0026 Double Extortion: Qilin is known for its double extortion tactics, encrypting files\r\nand exfiltrating victim data, then threatening to release the stolen data if the ransom is not paid.\r\nEncryption Methods: It employs multiple encryption algorithms, including ChaCha20, AES-256, and\r\nRSA-4096. Encryption keys, nonces, and parameters are RSA-4096 encrypted and appended to the\r\nencrypted file.\r\nCustomization: Affiliates can customize filename extensions of encrypted files and configure encryption\r\nmodes (skip-step, percent, fast, normal). It encrypts a wide range of file types, focusing on critical data.\r\n5. System Shutdown/Reboot: As a final disruptive measure, Qilin often initiates a reboot of compromised\r\nsystems, including backup servers and VPN servers, after encryption to hinder recovery efforts and disrupt\r\noperations. It can also boot systems into Safe Mode to bypass security tools.\r\nRansomware Demand Value\r\nRansom demands typically range from $25,000 to several million, depending on the size of the victim. More\r\nspecific ranges noted are $50,000 to $800,000. The attack on Synnovis, for example, involved a staggering $50\r\nhttps://medium.com/@raghavtiresearch/qilin-ransomware-as-a-service-threat-analysis-and-strategic-outlook-daf8bd6808b5\r\nPage 4 of 10\n\nmillion ransom demand. In 2024 alone, Qilin amassed over $50 million in ransom payments.\r\nTarget Profiles and Geography\r\nQilin ransomware stands out for its opportunistic and indiscriminate approach to target selection, focusing on\r\nvulnerability rather than a specific industry.\r\nTargeted Sectors: Qilin targets large enterprises and high-value organizations. It has particularly focused on\r\nhealthcare and education sectors, but also impacts manufacturing, legal \u0026 professional services, financial\r\nservices, government, critical infrastructure, automotive, publishing, IT, and retail. Critical infrastructure entities\r\nare considered lucrative due to the high cost of downtime.\r\nGeographical Focus: While initially known to focus on Africa and Asia, Qilin’s reach is global. Victims have\r\nbeen identified across 25 countries, including the United States (the most targeted country), United Kingdom,\r\nFrance, Canada, Germany, Japan, Australia, UAE, Brazil, Colombia, Indonesia, Netherlands, Serbia, Saudi Arabia,\r\nSouth Africa, Taiwan, and Thailand. Recent campaigns have shown a focus on Spanish-speaking regions.\r\nAffiliate Recruitment and Operations\r\nQilin operates a highly structured RaaS model with attractive incentives for its affiliates.\r\nProfit-Sharing Structure: Affiliates typically receive between 80% to 85% of ransom payments.\r\nSpecifically, 80% for payments under $3 million and 85% for payments over $3 million. This lucrative\r\nsplit makes it a very appealing option in the RaaS ecosystem.\r\nCustomizable Affiliate Panel: Qilin provides affiliates with a proprietary panel (or builder) divided into\r\nsections for managing and coordinating attacks. Affiliates can configure ransom notes, file extensions,\r\ndirectories to skip or encrypt, processes and services to terminate, and encryption modes.\r\nExclusion of CIS Countries: A common trait among Russian-speaking cybercriminal groups, Qilin’s rules\r\nprohibit attacks on entities in Russia or other CIS countries.\r\nEnhanced Affiliate Services: Qilin is positioned not just as a ransomware group, but as a full-service\r\ncybercrime platform. This includes unique offerings to lure and support affiliates:\r\nLegal Support (“Call Lawyer” feature): Introduced in 2025, this feature within the affiliate panel\r\nsimulates legal engagement to psychologically pressure victims during negotiations, signaling to affiliates\r\nthat Qilin is organized and invested in their success.\r\nSpam Services and In-House Journalists: Qilin offers spam distribution and employs “in-house\r\njournalists”.\r\nPB-scale Data Storage: Provides large-scale data storage for exfiltrated data.\r\nDDoS Option: A DDoS attack capability was introduced in April 2025 to increase pressure on victims.\r\nVulnerabilities Exploited and Products/Technologies\r\nQilin leverages a variety of vulnerabilities, particularly those in public-facing applications and remote access\r\nsolutions.\r\nSpecific CVEs Exploited:\r\nhttps://medium.com/@raghavtiresearch/qilin-ransomware-as-a-service-threat-analysis-and-strategic-outlook-daf8bd6808b5\r\nPage 5 of 10\n\nCVE-2023–27532: A critical vulnerability in Veeam Backup \u0026 Replication software. Exploiting this\r\nallows attackers to retrieve encrypted credentials from the configuration database, bypassing authentication\r\nand facilitating broader network compromise.\r\nCVE-2024–21762 and CVE-2024–55591: Critical vulnerabilities in Fortinet’s FortiGate and\r\nFortiProxy devices, enabling authentication bypass and remote code execution. CVE-2024–21762,\r\npatched in February 2025, remains a major concern with tens of thousands of exposed systems.\r\nCVE-2025–29824: An unpatched Windows CLFS vulnerability exploited by Play ransomware, which is\r\nsometimes associated with broader ransomware ecosystem activities. While not directly attributed to Qilin,\r\nit highlights a pattern of exploiting critical OS vulnerabilities.\r\nCVE-2024–27198: A vulnerability in JetBrains software leveraged by BianLian for data extortion\r\noperations. While not directly Qilin, it shows the types of software vulnerabilities targeted by sophisticated\r\nRaaS groups.\r\nTypes of Products/Technologies Exploited:\r\nFirewall/VPN Solutions: Fortinet devices (FortiGate, FortiProxy), SonicWall SSL VPN.\r\nBackup Solutions: Veeam Backup \u0026 Replication.\r\nRemote Access: RDP and Citrix.\r\nVirtualization Platforms: VMware ESXi, vCenter servers.\r\nFile Transfer Applications: Cleo file transfer (CVE-2024–50623), which are increasingly attractive\r\ntargets.\r\nInteresting Patterns in Vulnerability Exploitation:\r\nRe-use of Vulnerabilities: Qilin, and the broader cybercriminal ecosystem, demonstrate a pattern of\r\nsharing and reusing successful exploitation narratives and vulnerabilities. This is seen with CVE-2024–55591, which was also incorporated by LockBit and SuperBlack ransomware operations.\r\nFocus on Public-Facing Applications and Remote Services: A consistent target for initial access, as\r\nthese offer direct entry points into corporate networks.\r\nExploitation of Older/Unpatched Vulnerabilities: Many vulnerabilities exploited by ransomware are old,\r\ndiscovered between 2010 and 2019. Qilin’s exploitation of CVE-2024–21762, even after it was patched,\r\nindicates a reliance on organizations failing to apply timely updates.\r\nTargeting of Critical Infrastructure Software: The focus on products like Fortinet, Veeam, and VMware\r\nunderscores a strategy to impact critical services that have low tolerance for downtime.\r\nGet BeGoodToAll’s stories in your inbox\r\nJoin Medium for free to get updates from this writer.\r\nRemember me for faster sign in\r\nRecent Activities and Developments (2024–2025)\r\nQilin has been highly active and prominent in 2024 and 2025:\r\nhttps://medium.com/@raghavtiresearch/qilin-ransomware-as-a-service-threat-analysis-and-strategic-outlook-daf8bd6808b5\r\nPage 6 of 10\n\nLeading Ransomware Group: Ranked as the most prevalent ransomware in public threat intelligence\r\nreports by 2025. In June 2025, Qilin emerged as a significant threat, leading with 81 victims. It also led in\r\nclaimed victims for the third time in four months by August 2025, accounting for 17% of total victims in\r\nJuly 2025 with 73 reported incidents.\r\nMajor Campaigns:\r\nSynnovis Attack (June 2024): A high-profile attack on a UK-based pathology services provider, causing\r\n“critical incident” at several London NHS hospitals and disrupting blood transfusions, test processing, and\r\noperations. Qilin demanded $50 million and later leaked approximately 400GB of purported Synnovis\r\ndata. The group unusually claimed it was politically motivated.\r\nYanfeng Automotive Interiors (November 2023): Qilin claimed responsibility for an attack on one of the\r\nworld’s largest automotive parts suppliers.\r\nLee Enterprises (February 2024): Targeted a major U.S. publishing network, disrupting services and\r\nexfiltrating sensitive personal and corporate data (350 GB, 120,000 documents) impacting nearly 40,000\r\nindividuals.\r\nCity of Abilene, Texas (April 2025): Encrypted systems and exfiltrated 477 GB of data, disrupting bus\r\nservices and other operations for roughly a month.\r\nU.S. Financial Advisory Firm (July 2025): Exfiltrated approximately 340 GB of sensitive data.\r\nCobb County, GA (2025): Attacked by Qilin, with over 400,000 files threatened for leak.\r\nMoonstone Sleet Connection: In March 2025, Microsoft revealed that North Korean hacker group\r\nMoonstone Sleet is now using Qilin ransomware in some of their attacks.\r\nQilin.B Variant: Documented in October 2024, this new variant boasts enhanced encryption capabilities\r\nand more sophisticated operational tactics.\r\nInflux of Affiliates: Qilin’s recent spike in activity may be attributed to an influx of affiliates from rival\r\ngroups that have faced disruptions, such as RansomHub, LockBit, ALPHV/BlackCat, Everest, and\r\nBlackLock. Group-IB observed Qilin’s DLS disclosures doubling since February, suggesting migration\r\nfrom RansomHub.\r\nShift in Data Exfiltration Tactics: By August 2024, Qilin was observed to be changing tactics to include\r\ncredential harvesting (specifically Chrome browser credentials) rather than exfiltrating massive\r\namounts of victim-specific data.\r\nRole of Qilin Ransomware in the Ransomware Landscape and its Evaluation\r\nQilin represents the professionalization and evolution of the RaaS model. It’s not merely a ransomware group\r\nbut a full-service cybercrime platform, offering affiliates advanced payloads, customizable features, and\r\nextensive support beyond just encryption. Its adaptability (Rust/Golang variants, multiple encryption modes),\r\naggressive negotiation tactics, and ability to evade detection position it as a formidable and persistent threat.\r\nQilin’s strategic move to offer “legal assistance” and DDoS options marks a new frontier in psychological\r\nextortion, aiming to further gamify and automate negotiation dynamics by exploiting organizational panic. This\r\nstrategic shift suggests Qilin’s ambition to dominate the ransomware landscape by mimicking legitimate enterprise\r\nservice models. Its consistent ranking as a top threat and its ability to absorb affiliates from dismantled groups\r\nsignify its robust operational maturity and significant impact on the overall cyber threat landscape.\r\nhttps://medium.com/@raghavtiresearch/qilin-ransomware-as-a-service-threat-analysis-and-strategic-outlook-daf8bd6808b5\r\nPage 7 of 10\n\nQilin Ransomware Detection Rules (Sigma)\r\nThese rules would aim to detect Qilin’s behaviors and artifacts at various stages of the attack chain.\r\nSigma Rules (Behavioral Detection based on Logs) Sigma rules are generic signatures for SIEM systems,\r\ncorrelating various log sources to detect malicious behaviors.\r\nProcess Creation \u0026 Command-Line Arguments:\r\nDetection of anomalous usage of built-in Windows tools commonly misused by ransomware to inhibit\r\nsystem recovery: bcdedit.exe, fsutil.exe (deletejournal), vssadmin.exe (Delete Shadows /all /quiet),\r\nwbadmin.exe, and wmic.exe (shadowcopy or shadowstorage).\r\nExecution of PowerShell scripts (IPScanner.ps1, ShareFinder.ps1, Get-ADComputer) for reconnaissance,\r\ncredential harvesting, or log clearance (Get-WinEvent -ListLog * | Where-Object {$_.RecordCount} …\r\nClearLog($l)).\r\nExecution of PsExec or cmd.exe with –spread argument for lateral movement, or net stop/start \u003cservice\u003e to\r\ndisable security services.\r\nInstallation or unexpected usage of Remote Monitoring and Management (RMM) software (e.g.,\r\nScreenConnect/ConnectWise, AnyDesk, SimpleHelp) or other remote access tools.\r\nNetwork Activity:\r\nAnomalous VPN device logins or other suspicious logins.\r\nAbnormal amount of data outgoing over any port, or use of common data exfiltration tools (e.g., Rclone,\r\nRsync, WinSCP, FileZilla, MegaSync, FreeFileSync, Chisel, Cloudflared, sftp, ftp).\r\nConnections to known C2 servers, suspicious domains, or TOR traffic.\r\nSigns of enumeration of AD and/or LSASS credentials being dumped (e.g., Mimikatz, NTDSutil.exe).\r\nSystem Modifications:\r\nNewly created AD accounts or accounts with escalated privileges and recent activity related to privileged\r\naccounts (e.g., Domain Admins).\r\nUnexpected scheduled tasks or services created for persistence.\r\nEndpoint modifications that may impair backups, shadow copy, disk journaling, or boot configurations.\r\nChanges to ESXi root passwords or SSH enablement.\r\nLog Integrity: Monitoring for deletion of system logs (Windows Security logs, PowerShell logs, etc.).\r\nStrategic Cyber Foresight: Qilin’s 2025 Ransomware Outlook\r\nHere’s what to expect:\r\nSustained Dominance and Aggressive Growth\r\n◦ Qilin is expected to remain a leading and pervasive ransomware threat globally, having recently ranked as one of\r\nthe most active groups with a significant increase in claimed victims.\r\nhttps://medium.com/@raghavtiresearch/qilin-ransomware-as-a-service-threat-analysis-and-strategic-outlook-daf8bd6808b5\r\nPage 8 of 10\n\n◦ It will likely continue to capitalize on the disruption of other major ransomware groups, attracting experienced\r\naffiliates and expanding its network.\r\nEnhanced Technical Sophistication and Adaptability\r\n◦ Qilin will continue to evolve its Rust-based malware variants, such as Qilin.B, featuring enhanced encryption\r\ncapabilities (AES-256-CTR, ChaCha20, RSA-4096), improved evasion tactics, and more robust defense evasion\r\ntechniques like clearing Windows Event Logs and self-deletion.\r\n◦ Its highly customizable and modular design will ensure its continued adaptability to specific victim\r\nenvironments and attack scenarios.\r\n◦ Expect continued exploitation of both newly disclosed and persistently unpatched vulnerabilities in widely used\r\nenterprise software, including Fortinet devices and Veeam Backup \u0026 Replication. It may also increasingly\r\nautomate exploitation chains.\r\nProfessionalization and Innovative Extortion Tactics\r\n◦ Qilin is redefining the Ransomware-as-a-Service (RaaS) model by expanding its ecosystem of “premium”\r\nservices for affiliates.\r\n◦ This includes unique offerings like “legal assistance” through a “Call Lawyer” feature during ransom\r\nnegotiations, DDoS attack capabilities, automated negotiation tools, PB-scale data storage, and support from “in-house journalists” to create public leak blogs. These services aim to maximize pressure on victims and may\r\nincreasingly leverage AI for more sophisticated psychological extortion.\r\n◦ The group’s primary motivation remains financial profit, and all its innovations are geared towards maximizing\r\nransom collection.\r\nEvolving Victimology and Attack Vectors\r\n◦ While remaining opportunistic across all verticals, Qilin is expected to intensify its strategic targeting of high-value organizations and critical sectors, including healthcare, manufacturing, legal and professional services,\r\nfinancial services, and virtual machine infrastructure.\r\n◦ A significant trend is the shift towards targeting Managed Service Providers (MSPs) through sophisticated\r\nphishing campaigns and credential harvesting (e.g., from Google Chrome), which grants access to multiple\r\ndownstream victims.\r\n◦ The observed use of Qilin by North Korean state-sponsored threat actors (Moonstone Sleet) suggests a continued\r\ndual motivation for both financial gain and espionage, potentially involving sophisticated identity falsification.\r\nConclusion\r\nQilin ransomware is unequivocally establishing itself as a dominant and evolving global threat in the\r\ncybercriminal landscape, indicating its continued prominence in the near future.\r\nhttps://medium.com/@raghavtiresearch/qilin-ransomware-as-a-service-threat-analysis-and-strategic-outlook-daf8bd6808b5\r\nPage 9 of 10\n\nIn the near future, organizations must recognize that Qilin’s sustained activity, driven by its sophisticated\r\noperational model and aggressive recruitment following the disruption of other major groups, necessitates a\r\nproactive, layered, and intelligence-driven defense strategy. This includes robust incident response planning,\r\nimmutable backups, vigilant patching, and advanced detection capabilities to counter its evolving TTPs.\r\nSource: https://medium.com/@raghavtiresearch/qilin-ransomware-as-a-service-threat-analysis-and-strategic-outlook-daf8bd6808b5\r\nhttps://medium.com/@raghavtiresearch/qilin-ransomware-as-a-service-threat-analysis-and-strategic-outlook-daf8bd6808b5\r\nPage 10 of 10\n\n https://medium.com/@raghavtiresearch/qilin-ransomware-as-a-service-threat-analysis-and-strategic-outlook-daf8bd6808b5     \nExecutive Summary      \nQilin ransomware, also known as Agenda, has emerged as one of the most significant and evolving cyber threats\nglobally, rapidly ascending to become a top-tier ransomware-as-a-service (RaaS) operation. Since its initial\n   Page 2 of 10   \n\nRansomware Ransom demands Demand Value typically range from $25,000 to several million, depending on the size of the victim. More\nspecific ranges noted are $50,000 to $800,000. The attack on Synnovis, for example, involved a staggering $50\n    Page 4 of 10",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://medium.com/@raghavtiresearch/qilin-ransomware-as-a-service-threat-analysis-and-strategic-outlook-daf8bd6808b5"
	],
	"report_names": [
		"qilin-ransomware-as-a-service-threat-analysis-and-strategic-outlook-daf8bd6808b5"
	],
	"threat_actors": [],
	"ts_created_at": 1775791271,
	"ts_updated_at": 1775826725,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/137263d75e06ee43d7fd29d45813ea6e87dafa9c.pdf",
		"text": "https://archive.orkl.eu/137263d75e06ee43d7fd29d45813ea6e87dafa9c.txt",
		"img": "https://archive.orkl.eu/137263d75e06ee43d7fd29d45813ea6e87dafa9c.jpg"
	}
}