{
	"id": "a185b3ed-c696-4441-9a89-55a1ff6981b1",
	"created_at": "2026-04-06T00:15:35.440831Z",
	"updated_at": "2026-04-10T03:20:06.273701Z",
	"deleted_at": null,
	"sha1_hash": "da0bf60854bc638e80421e8ee77fe9447d6a3618",
	"title": "Printer company provided infected software downloads for half a year",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 308538,
	"plain_text": "Printer company provided infected software downloads for half a year\r\nBy Karsten Hahn\r\nPublished: 2025-05-16 · Archived: 2026-04-05 21:07:37 UTC\r\nAn antivirus scan reveals signature matches for 39 files, 20 of them with unique hashes. Only two detection names popped\r\nup for these 20 files:  \r\nWin32.Backdoor.XRedRAT.A \r\nMSIL.Trojan-Stealer.CoinStealer.H  \r\nMSIL.Trojan-Stealer.CoinStealer.H designates a .NET based stealer that either exfiltrates cryptocurrency wallets or\r\nreplaces addresses in the clipboard with the attackers’ address. \r\nWin32.Backdoor.XRedRAT.A is a Delphi backdoor. Detection names of other antivirus scanners like\r\nWorm:Win32/AutoRun!atmn indicate USB worm-like behavior. \r\nNotably there was no Floxif in the download section.  \r\nIn the meantime, I got into private contact with Cameron Coward. He asked if he could safely retrieve the Floxif file for\r\nme. We decided that the benefit-risk ratio was not worth it, because I already got malware files from the official\r\nProcolored downloads section. \r\nFor context: An infection with a virus like Floxif is one of the most severe types of infection that damages system files\r\nwithout possibility of proper repair. Whilst disinfection tools exist, they can never restore the files to their original state. It\r\nis also very easy to spread the virus onto different removable media drives and systems.\r\nComeback of XRed Backdoor\r\nI chose the PrintExp.exe sample from VF 11 Pro software downloads for the following analysis with the SHA256:\r\n531d08606455898408672d88513b8a1ac284fdf1fe011019770801b7b46d5434 \r\nOther samples with the detection name Win32.Backdoor.XRedRAT.A are very similar. \r\nOur internal sandbox systems corroborated the identification as XRed backdoor. This backdoor was analyzed in-depth by\r\neSentire in February 2024 and has existed at least since 2019.  \r\nThe PrintExp sample has the very same download URLs as the malware in eSentire’s article:  \r\nhttps://www.gdatasoftware.com/blog/2025/05/38200-printer-infected-software-downloads\r\nPage 1 of 10\n\nfigure 3: PrintExp download strings\r\nThis is notable because the URLs were already offline when eSentire reported on them in 2024—and URLs are typically\r\namong the first elements to change when new variants of a malware appear. \r\nAnother confirmation is the presence of the same XRed version number in the RCDATA/EXEVSNX resource: \r\nfigure 4: Malcat shows XRed version 106 in the RCDATA/EXEVSNX resource\r\nJust like eSentire’s sample, PrintExp.exe features keylogging, allows file downloads, screenshots, provides a cmd.exe\r\nshell if requested, can delete files and list directory or drive contents. \r\nhttps://www.gdatasoftware.com/blog/2025/05/38200-printer-infected-software-downloads\r\nPage 2 of 10\n\nfigure 5: Available C2 commands of backdoor XRed in function 0x495BD4\r\nIt would be futile to analyze the very same malware version again. The only difference to eSentire’s XRed is that our\r\nsample will execute the original PrintExp.exe after running the malware code. \r\nThe original, clean PrintExp.exe software resides in the RCDATA/EXERESX resource at offset 0x30a00. It seems odd at\r\nfirst that the file has an offset within the resource. A second file, detected as MSIL.Trojan-Stealer.CoinStealer.H is present\r\nin the RCDATA/EXERESX resource at offset 0x0. \r\nSnipVex—more than a Clipbanker\r\nThe MSIL.Trojan-Stealer.CoinStealer.H sample has both dull and unexpected aspects. \r\nThe dullness is owing to the simplicity of the sample’s payload: It is a .NET clipbanker consisting of eight lines of code. It\r\nsearches the clipboard for content that resembles a BTC address and replaces it with the attacker’s address, such that\r\ncryptocurrency transactions will be diverted to the attacker.  \r\nhttps://www.gdatasoftware.com/blog/2025/05/38200-printer-infected-software-downloads\r\nPage 3 of 10\n\nfigure 6: Payload of SnipVex consists only of eight lines\r\nThe unexpected part? This clipbanker is a virus that infects .exe files. It has no name yet and I will call it SnipVex\r\nhenceforth. \r\nSnipVex has an infection marker to avoid superinfection: It expects to see 0x0A 0x0B 0x0C in the last three bytes of\r\nalready infected files. \r\nSnipVex does not infect files that reside in the %TEMP% or %APPDATA% directory and it does not infect any files\r\nstarting with a dot. \r\nIt uses the %TEMP% directory to store separate parts of a new file temporarily before assembling them. First it copies its\r\nown body and extracts the icon of the host file to %TEMP%. Then it injects the icon from %TEMP% into the new virus\r\ncopy. Afterwards it appends the host file to the virus body and finally it applies the infection marker sequence 0x0A 0x0B\r\n0x0C.  \r\nThat means by Peter Szor’s virus classification this is a simple prepending virus. It is not encrypted and not polymorphic. \r\nSnipVex then moves the newly built virus infected file to the host file’s original location.  \r\nThe virus monitors for any changes in files with “.exe” extension on all logical drives to find new host files. \r\nhttps://www.gdatasoftware.com/blog/2025/05/38200-printer-infected-software-downloads\r\nPage 4 of 10\n\nfigure 7: Infection routine of SnipVex\r\nNow it makes sense why the clean PrintExp.exe file appears in the XRed resource after a specific offset instead of using a\r\nseparate resource: XRed bundles the virus that has already infected and thus prepended itself to PrintExp.exe.  \r\nThis is called a superinfection—a file or system that has been infected several times. It typically occurs on systems that do\r\nnot have antivirus software. It also fits that Cameron had a warning for Floxif. Systems that have been neglected in terms\r\nof basic security often become hosts to multiple types of self-replicating malware. \r\nThe virus infection also explains why a total of 39 files in the downloads section of Procolored were infected. SnipVex\r\nlikely replicated itself on a developer’s system or the build servers. \r\nIt made a bit of money for the threat actor along the way. Blockchain explorer shows that the threat actor’s BTC address\r\nhas received a total of 9.30857859 BTC—equivalent to approximately $100.000,00 or 90.000,00 EUR today.\r\nProcolored’s response\r\nWhen Cameron first reported the infected software downloads to Procolored, the company's initial response was denial.\r\nInstead, they provided various explanations as to why antivirus programs might misidentify their software as false\r\npositives. Nevertheless they took down the software downloads from their website, which we noticed around 8. of May\r\n2025, and started an internal investigation. The conversation between Procolored and Cameron is documented in\r\nCameron’s article.\r\nhttps://www.gdatasoftware.com/blog/2025/05/38200-printer-infected-software-downloads\r\nPage 5 of 10\n\nAfter the software downloads were taken offline, I contacted Procolored with detailed information about the malware and\r\ninfected files, and requested an official statement in response to several questions regarding the case:\r\n1. How did this happen?\r\n\"The software hosted on our website was initially transferred via USB drives. It is possible that a virus was\r\nintroduced during this process. Additionally, as the PrintEXP software is in Chinese by default, some international\r\noperating systems may incorrectly flag or misinterpret it as malicious, especially if the system does not handle non-English programs well.\"\r\n2. How will you make sure this does not happen again?\r\n\"As a precaution, all software has been temporarily removed from the Procolored official website. We are\r\nconducting a comprehensive malware scan of every file. Only after passing stringent virus and security checks will\r\nthe software be re-uploaded. This is a top priority for us, and we are taking it very seriously.\"\r\n3. Advice for potentially affected customers:\r\n\"For the users who have reported related issues, Procolored engineers have already provided individual support\r\nand solutions. Once all software has been thoroughly reviewed and confirmed safe, we will update the website and\r\nnotify customers through our official channels to download the latest version.\"\r\nProcolored sent us the new software packages that are currently provided to users and we confirmed that they are clean.\r\nAdvice for affected customers\r\nWe recommend checking whether any antivirus exclusions have been set for the printer software files. Given that the\r\nsoftware originated from an official vendor, it is possible that some users have dismissed antivirus warnings, assuming the\r\nfiles were safe. This could have allowed the malware to remain undetected. \r\nBecause of the malware's age, it is highly unlikely that it went undetected by up-to-date antivirus solutions.\r\nThe safest remedy for an infection with file infectors is reformatting of all drives and reinstallation of the operating\r\nsystem.\r\nImpact\r\nA backdoor infection is usually a serious matter. In this case we know that the malware’s command-and-control server has\r\nbeen offline since February 2024. So it is not possible that XRed established a successful remote connection after that\r\ndate.\r\nThe accompanying clipbanker virus SnipVex is still a serious threat. Although transactions to the BTC address stopped at\r\nMarch 3, 2024, the file infection itself damages systems. At least this virus is not that sophisticated and original files can\r\nbe restored by cutting off the first 0x30a00 bytes of an infected file, however, this only works if there is no\r\nsuperinfection.  \r\nWhile some redditors speculate that the trojan was planted on purpose, there is no evidence to support this claim.\r\nOutdated malware with an inactive command-and-control server is not advantageous for any attacker nor does\r\nsuperinfection make sense for this scenario. A far more plausible explanation points to the absence or failure of antivirus\r\nscanning on the systems used to compile and distribute the software packages. Procolored promises to improve this\r\nprocess, so that it cannot happen again.\r\nhttps://www.gdatasoftware.com/blog/2025/05/38200-printer-infected-software-downloads\r\nPage 6 of 10\n\nThe printer review by Cameron Coward, which is the initial reason why this investigation started, has been published on\r\nhackster.io.\r\nIndicators of Compromise\r\nXRed IoCs \r\nXRed backdoor: 531d08606455898408672d88513b8a1ac284fdf1fe011019770801b7b46d5434\r\nSnipVex IoCs \r\nSnipVex virus: 39df537aaefb0aa31019d053a61fabf93ba5f8f3934ad0d543cde6db1e8b35d1\r\nSnipVex BTC wallet: 1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygj \r\nSnipVex Run key: HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ScdBcd \r\nSnipVex Run key: HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ClpBtcn \r\nSnipVex file paths: \r\nDibifu_9\\vshost32.exe \r\nDibifu_9\\IconExtractor.dll \r\nZgokr00.exe  \r\nDownload links on mega.nz\r\nhxxps://mega[.]nz/folder/TNAWTDKL#zR5Atn68a807Qn17FjXFxA \r\nhxxps://mega[.]nz/folder/zBgEiY4K#veoSD-6LgC12yZdqs1G_Ow \r\nhxxps://mega[.]nz/folder/3MBG0Rra#eebBaK_Fu6bJs3ZBIhUFiQ \r\nhxxps://mega[.]nz/folder/yEBVBbwY#0qxlY0S_DXosumSxP38nVg \r\nhxxps://mega[.]nz/folder/zM413Jbb#crz2GQgj2EFAut4vxfS8Ag \r\nhxxps://mega[.]nz/folder/eMxjWAgT#r1YEU0KYupfcoBKQQrenSQ \r\nhxxps://mega[.]nz/folder/TNAWTDKL#zR5Atn68a807Qn17FjXFxA \r\nList of infected files, paths and their SHA256 hashes \r\nF13 Pro\\2.software\\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single.zip →\r\n84ef938a63641cf95a87ceaeb3b4893eb720fb5b42a5f42021c29ba11bda0f39\r\nF13 Pro\\2.software\\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\\PrintExp_X64_V5.7.6.5.77.Single\\.NWReceive.exe →\r\nb14c855ad7600ac9fda2c46b290acac1342d0e08dc1a95901504d8c5aa206606 \r\nF13 Pro\\2.software\\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\\PrintExp_X64_V5.7.6.5.77.Single\\.PrintExp.exe →\r\n4de65f542bc2a144d0e220e93f367c08bf008045fcc1fddbc4e54af62e7da847 \r\nhttps://www.gdatasoftware.com/blog/2025/05/38200-printer-infected-software-downloads\r\nPage 7 of 10\n\nF13\r\nPro\\2.software\\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\\PrintExp_X64_V5.7.6.5.77.Single\\._cache_NWReceive.exe\r\n→ 332deb26f74b6e6633214fe3ca7e95e4c6861d6eac0f9a792c3f2154adea73c7 \r\nF13\r\nPro\\2.software\\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\\PrintExp_X64_V5.7.6.5.77.Single\\._cache_PrintExp.exe →\r\n0f8bf833d6673dcba58347b9bde618969b948268d42fbb17d48f68cbc925109e \r\nF13 Pro\\2.software\\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\\PrintExp_X64_V5.7.6.5.77.Single\\NWReceive.exe →\r\nbfb9d8af2c57f055c1e35effb1f42410238981bc16cee96f045aca50ff495550 \r\nF13 Pro\\2.software\\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\\PrintExp_X64_V5.7.6.5.77.Single\\PrintExp.exe →\r\n531d08606455898408672d88513b8a1ac284fdf1fe011019770801b7b46d5434 \r\nF8\\2.software\\F8 printer drive.zip → 644c045bf502f502bcbf61bc0593dd54949058c4a7837725d1043172925056ba \r\nF8\\2.software\\F8 printer drive\\A4 drive\\A4 drive 64 bit\\epson-l800_drv_x64.exe.vir →\r\n81de4cedda6109eacc9a3903a30e3a11622668ce6af533f94beadad052f591fb \r\nF8\\2.software\\F8 printer drive\\A4 drive\\A4 drives 32 bits\\L800_x86_672HomeExportAsia_MP.exe →\r\n6d86f66c81c2c3e1a524fd8a8598e76d939bdf3cd8f7411036f7d5ca15afe622 \r\nF8\\2.software\\F8 printer drive\\A4 drive\\A4 drives 32\r\nbits\\L800_x86_672HomeExportAsia_MP\\L800_x86_672HomeExportAsia_MP\\WINX86\\SETUP\\DEVICEOP.EXE →\r\n7f9657992c3c6169f629a8a12885eb5468482eba23e5f310d37ef0458ae8f87a \r\nF8\\2.software\\F8 printer drive\\A4 drive\\A4 drives 32\r\nbits\\L800_x86_672HomeExportAsia_MP\\L800_x86_672HomeExportAsia_MP\\WINX86\\SETUP\\SETUP.EXE →\r\n455374fe0f6f4123ecc9282189c67d261c877beba79ea77eb561dfb7a689a546 \r\nF8\\2.software\\F8 printer drive\\A4 drive\\A4 drives 32\r\nbits\\L800_x86_672HomeExportAsia_MP\\L800_x86_672HomeExportAsia_MP\\WINX86\\SETUP\\MEP\\Setup.exe →\r\n995c9822c1803851301b060c4dbfe369e423d694e18fe526e0468150d8a79231 \r\nV11 Pro\\2.software driver\\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single.zip →\r\n84ef938a63641cf95a87ceaeb3b4893eb720fb5b42a5f42021c29ba11bda0f39 \r\nV11 Pro\\2.software\r\ndriver\\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\\PrintExp_X64_V5.7.6.5.77.Single\\.NWReceive.exe →\r\nb14c855ad7600ac9fda2c46b290acac1342d0e08dc1a95901504d8c5aa206606 \r\nV11 Pro\\2.software driver\\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\\PrintExp_X64_V5.7.6.5.77.Single\\.PrintExp.exe\r\n→ 4de65f542bc2a144d0e220e93f367c08bf008045fcc1fddbc4e54af62e7da847 \r\nV11 Pro\\2.software\r\ndriver\\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\\PrintExp_X64_V5.7.6.5.77.Single\\._cache_NWReceive.exe →\r\n332deb26f74b6e6633214fe3ca7e95e4c6861d6eac0f9a792c3f2154adea73c7 \r\nV11 Pro\\2.software\r\ndriver\\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\\PrintExp_X64_V5.7.6.5.77.Single\\._cache_PrintExp.exe →\r\nhttps://www.gdatasoftware.com/blog/2025/05/38200-printer-infected-software-downloads\r\nPage 8 of 10\n\n0f8bf833d6673dcba58347b9bde618969b948268d42fbb17d48f68cbc925109e \r\nV11 Pro\\2.software\r\ndriver\\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\\PrintExp_X64_V5.7.6.5.77.Single\\NWReceive.exe →\r\nbfb9d8af2c57f055c1e35effb1f42410238981bc16cee96f045aca50ff495550 \r\nV11 Pro\\2.software driver\\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\\PrintExp_X64_V5.7.6.5.77.Single\\PrintExp.exe\r\n→ 531d08606455898408672d88513b8a1ac284fdf1fe011019770801b7b46d5434 \r\nV6\\2.software\\A4 drive.zip → 85bae4b38f2bab647546bd4a5193bedaf7f153b23fcdd13e1189e34075c2f792 \r\nV6\\2.software\\A4 drive\\A4 drive 64 bit\\._cache_.._cache_.._cache_.._cache_.._cache_.._cache_.._cache_.epson-l800_drv_x64.exe → 7ae9e8b68f77bf0970feb2fcf80d830cbfaef49dd02828fd0086d4a64b713a64 \r\nV6\\2.software\\A4 drive\\A4 drive 64 bit\\._cache_.._cache_.._cache_.._cache_.._cache_.._cache_.epson-l800_drv_x64.exe\r\n→ 790bb3e769ef33f824015c5c814a29bde7f852c66f76647486d5c5fa3daafc1c \r\nV6\\2.software\\A4 drive\\A4 drive 64 bit\\._cache_.._cache_.._cache_.._cache_.._cache_.epson-l800_drv_x64.exe →\r\n4a4164fb3867e39506f316e2bc038ebaceacc51453e2e98ed132880b3dfe84b6 \r\nV6\\2.software\\A4 drive\\A4 drive 64 bit\\._cache_.._cache_.._cache_.._cache_.epson-l800_drv_x64.exe →\r\n1f44d8ab5cbb8e9a5673c8148367b9b0dd34cb947bb4c8297c03c5febfc8f8ab \r\nV6\\2.software\\A4 drive\\A4 drive 64 bit\\._cache_.._cache_.._cache_.epson-l800_drv_x64.exe →\r\n2114fe34d510894985ed6dd1d737414fcc7ec023a0980469fc6db580698b8ecc \r\nV6\\2.software\\A4 drive\\A4 drive 64 bit\\._cache_.._cache_.epson-l800_drv_x64.exe →\r\neade6f6e514c5c8f079e160538683b30e59e0396f99d7ec38da02ebefac7a104 \r\nV6\\2.software\\A4 drive\\A4 drive 64 bit\\epson-l800_drv_x64.exe →\r\n81de4cedda6109eacc9a3903a30e3a11622668ce6af533f94beadad052f591fb \r\nV6\\2.software\\A4 drive\\A4 drives 32 bits\\L800_x86_672HomeExportAsia_MP.exe →\r\n6d86f66c81c2c3e1a524fd8a8598e76d939bdf3cd8f7411036f7d5ca15afe622 \r\nV6\\2.software\\A4 drive\\A4 drives 32\r\nbits\\L800_x86_672HomeExportAsia_MP\\L800_x86_672HomeExportAsia_MP\\WINX86\\SETUP\\DEVICEOP.EXE →\r\n7f9657992c3c6169f629a8a12885eb5468482eba23e5f310d37ef0458ae8f87a \r\nV6\\2.software\\A4 drive\\A4 drives 32\r\nbits\\L800_x86_672HomeExportAsia_MP\\L800_x86_672HomeExportAsia_MP\\WINX86\\SETUP\\SETUP.EXE →\r\n455374fe0f6f4123ecc9282189c67d261c877beba79ea77eb561dfb7a689a546 \r\nV6\\2.software\\A4 drive\\A4 drives 32\r\nbits\\L800_x86_672HomeExportAsia_MP\\L800_x86_672HomeExportAsia_MP\\WINX86\\SETUP\\MEP\\Setup.exe →\r\n995c9822c1803851301b060c4dbfe369e423d694e18fe526e0468150d8a79231 \r\nVF 13 Pro\\2.software\\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single.zip →\r\n84ef938a63641cf95a87ceaeb3b4893eb720fb5b42a5f42021c29ba11bda0f39 \r\nhttps://www.gdatasoftware.com/blog/2025/05/38200-printer-infected-software-downloads\r\nPage 9 of 10\n\nVF 13\r\nPro\\2.software\\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\\PrintExp_X64_V5.7.6.5.77.Single\\.NWReceive.exe.vir →\r\nb14c855ad7600ac9fda2c46b290acac1342d0e08dc1a95901504d8c5aa206606 \r\nVF 13 Pro\\2.software\\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\\PrintExp_X64_V5.7.6.5.77.Single\\.PrintExp.exe.vir\r\n→ 4de65f542bc2a144d0e220e93f367c08bf008045fcc1fddbc4e54af62e7da847 \r\nVF 13\r\nPro\\2.software\\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\\PrintExp_X64_V5.7.6.5.77.Single\\._cache_NWReceive.exe.vir\r\n→ 332deb26f74b6e6633214fe3ca7e95e4c6861d6eac0f9a792c3f2154adea73c7 \r\nVF 13\r\nPro\\2.software\\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\\PrintExp_X64_V5.7.6.5.77.Single\\._cache_PrintExp.exe.vir\r\n→ 0f8bf833d6673dcba58347b9bde618969b948268d42fbb17d48f68cbc925109e \r\nVF 13\r\nPro\\2.software\\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\\PrintExp_X64_V5.7.6.5.77.Single\\NWReceive.exe.vir →\r\nbfb9d8af2c57f055c1e35effb1f42410238981bc16cee96f045aca50ff495550 \r\nVF 13 Pro\\2.software\\PrintExp_X64_V5.7.6.5.77.2024.06.25.Single\\PrintExp_X64_V5.7.6.5.77.Single\\PrintExp.exe.vir\r\n→ 531d08606455898408672d88513b8a1ac284fdf1fe011019770801b7b46d5434\r\nSource: https://www.gdatasoftware.com/blog/2025/05/38200-printer-infected-software-downloads\r\nhttps://www.gdatasoftware.com/blog/2025/05/38200-printer-infected-software-downloads\r\nPage 10 of 10",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.gdatasoftware.com/blog/2025/05/38200-printer-infected-software-downloads"
	],
	"report_names": [
		"38200-printer-infected-software-downloads"
	],
	"threat_actors": [],
	"ts_created_at": 1775434535,
	"ts_updated_at": 1775791206,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/da0bf60854bc638e80421e8ee77fe9447d6a3618.pdf",
		"text": "https://archive.orkl.eu/da0bf60854bc638e80421e8ee77fe9447d6a3618.txt",
		"img": "https://archive.orkl.eu/da0bf60854bc638e80421e8ee77fe9447d6a3618.jpg"
	}
}