{"@context":"http://iiif.io/api/presentation/3/context.json","id":"https://medex.aviaryplatform.com/iiif/ff3kw5837f/manifest","type":"Manifest","label":{"en":["Medex Product Demonstration - April 28, 2021"]},"logo":"https://d9jk7wjtjpu5g.cloudfront.net/organizations/logo_images/000/000/042/original/Medex_Forensics_Logo_White_2022_%281%29.png?1693506512","metadata":[{"label":{"en":["Date"]},"value":{"en":["2021-04-28 (created)"]}},{"label":{"en":["Agent"]},"value":{"en":["Brandon Epstein (Speaker)"]}},{"label":{"en":["Description"]},"value":{"en":["\u003cp\u003eDemo of and introduction to the Medex software product as part of the 2021 National Cyber Crimes Conference.\u003c/p\u003e"]}},{"label":{"en":["Type"]},"value":{"en":["Demo"]}},{"label":{"en":["Language"]},"value":{"en":["English"]}},{"label":{"en":["Keyword"]},"value":{"en":["NCCC","Demo"]}},{"label":{"en":["Publisher"]},"value":{"en":["Medex Forensics"]}}],"summary":{"en":["\u003cp\u003eDemo of and introduction to the Medex software product as part of the 2021 National Cyber Crimes Conference.\u003c/p\u003e"]},"provider":[{"id":"https://medex.aviaryplatform.com/aboutus","type":"Agent","label":{"en":["Medex Forensics"]},"homepage":[{"id":"https://medex.aviaryplatform.com/","type":"Text","label":{"en":["Medex Forensics"]},"format":"text/html"}],"logo":[{"id":"https://d9jk7wjtjpu5g.cloudfront.net/organizations/logo_images/000/000/042/original/Medex_Forensics_Logo_White_2022_%281%29.png?1693506512","type":"Image"}]}],"thumbnail":[{"id":"https://d9jk7wjtjpu5g.cloudfront.net/collection_resource_files/thumbnails/000/111/887/small/Medex_April_28_2021_Product_Demo-optimized.mp4_1619633927.jpg?1619619531","type":"Image","format":"image/jpeg"}],"items":[{"id":"https://medex.aviaryplatform.com/collections/239/collection_resources/40232/file/111887","type":"Canvas","label":{"en":["Media File 1 of 1 - Medex_April_28_2021_Product_Demo-optimized.mp4"]},"duration":1964.8,"width":640,"height":360,"thumbnail":[{"id":"https://d9jk7wjtjpu5g.cloudfront.net/collection_resource_files/thumbnails/000/111/887/small/Medex_April_28_2021_Product_Demo-optimized.mp4_1619633927.jpg?1619619531","type":"Image","format":"image/jpeg"}],"items":[{"id":"https://medex.aviaryplatform.com/collections/239/collection_resources/40232/file/111887/content/1","type":"AnnotationPage","items":[{"id":"https://medex.aviaryplatform.com/collections/239/collection_resources/40232/file/111887/content/1/annotation/1","type":"Annotation","motivation":"painting","body":{"id":"https://aviary-p-darkhorsepodcast.s3.wasabisys.com/collection_resource_files/resource_files/000/111/887/original/Medex_April_28_2021_Product_Demo-optimized.mp4?1619619526","type":"Video","format":"video/mp4","duration":1964.8,"width":640,"height":360},"target":"https://medex.aviaryplatform.com/collections/239/collection_resources/40232/file/111887","metadata":[]}]}],"annotations":[{"id":"https://medex.aviaryplatform.com/collections/239/collection_resources/40232/file/111887/transcript/24943","type":"AnnotationPage","label":{"en":["AUTO_TRINT_Medex_April_28_2021_Product_Demo-optimized.mp4 [Transcript]"]},"items":[{"id":"https://medex.aviaryplatform.com/collections/239/collection_resources/40232/file/111887/transcript/24943/annotation/1","type":"Annotation","motivation":"transcribing","body":{"type":"TextualBody","value":"\u003cstrong\u003eSpeaker 1:\u003c/strong\u003e Welcome. My name is Brandon Epstein. I'm the director of forensic training at Medic's Forensics, and I'm here today to talk to you about medics. Our flagship product, Medics, is a non content based video source and authentication tool, meaning that it does not rely on the visual content of video files instead on the way that the file is constructed, along with some other binary data within the video to give us some insight into that video as to where it came from and any software that it passed through. Before we dove in, I want to give a second to have the real brains of this operation in virtual lines, have a chance to say hello to everybody. Thanks, Brandon. Hi, everybody. Thanks for being here. Looking forward to sharing this product with you today and a little bit about what it does and maybe even some more about what it will do in the future. But I'm very excited to have you here. Looking forward to Brandon's presentation. Thank you so much. Thanks, but in order to before we jump in, in order to understand what's going on a little bit under the hood, within medics, I think it's best that we do a kind of primer on how a video files constructed at a binary level. So let's take a look here and I'm going to use a little bit of an analogy. To say video files are constructed in what are termed as objects or boxes in this presentation will refer to them as boxes. The analogy that we're going to use is that we're building a brick wall where a brick is going to represent a box and the binary level, the ones and zeros that actually encode a video file. Now, when we go to build this wall or bricks are. Very specific as to what makes up the brick, and this is designed by the specification that encodes where that makes up a brick or in this case, a video file, part of that specification and part of that what makes a valid brick is that we have to identify the brick by a four digit code or four character code that lets us know how big, what kind of data that's encoded in that brick, as well as some other information about it, like how big that actual brick is. So when we go to build our wall, we have to have very stringent requirements that make a valid brick, like in this case, three parts water, four parts cement or five parts clay and or two parts or three parts in four parts clay. Each one of these is built to that specification. So that makes them an actual valid brick. The difference here is, is that now once they have this very stringent constructed brick, I could use that in any order really that I want with a very wide array of order. Or I don't have to use all my bricks. I only have to use specific ones to construct my video file. So as a construct my wall of these bricks, I could start looking and seeing that if I construct this wall, I'm a software or if I'm a builder. I constructed in the same way that every time the layout of these bricks will be recognizable to the way that I build this wall or an encoded device builds a video file. So once we start looking at these walls, we could start to see what type of device or a group of devices or make and model devices are actually encoding this video file based upon the way these bricks are laid out now in terms of video files. These bricks are the specification that we refer to is most likely. And for this presentation will be the ISO based media file format. It's basically the rules that which MP for an employee files and most popular files are recorded. And these lay out the exact specific structure, the exact specifications that we need to make our boxes or make our bricks to make that make them able to be played back across a variety of devices across the world. They also define many of the four character codes that used in this in the boxes and in this wall, which we'll call a structure. So that makes it the actual structure of a video file, those those bricks in those boxes containing those four character codes. So as these these files are encoded, we start looking at these four character codes to get a better understanding of where they are in relation to each other, where these boxes, which ones are present, which ones in which order they're in to get a better understanding about how a structure is actually create. We could then use that information to go ahead and build an actual structural signature. When I say structural signature, I said we're going to go ahead and look at the actual arrangement of these boxes and see that this file has these boxes in a specific order. And we're going to see that they are they are always unique to this file or this group of devices that make this file, I should say. Now, we could compare that signature against a robust reference library to see what other devices exhibit, the same qualities in which they build, build an actual video file. And we're going to take a look at that in a second. There is something else going on under the hood medic's we're going to talk about a little later that helps us drill down a little bit further into how video files are actually created. Now, the interesting thing in all I just talked about in bricks and boxes and structure and how video files are actually created, I did not talk about actual administrative or semantic metadata or approach when we're talking about structural analysis did not depend on metadata. So if the metadata is not present or it's been changed or whatever happens to it, the arrangement of the boxes is a separate examination of that. Again, non content based. So I'm going to show you a little bit around Medic's and exactly how it works to perform the structural analysis. And then we'll get into some other of the functions within Medic's. I'm going to go and login. Medic's is a is a solution. It's hosted on the US gov cloud, which means completely Seija compliant. The other thing that I should mention also is that when you do submit projects and you do submit and create a new project and submit files, that I'm just going to do a quick. That you are sending the files to our server. What happens to them is that they are held on the server passed out. Basically, the analysis is done and then they are deleted from the server. So they're only sent actually stored on the server for maybe seconds to minutes, I would say. And we have a log of that and I'll show you that in a few minutes. But that's a question that usually comes up. But yes, Seijas compliant. We only temporarily hold your files are not actually played back anywhere and we do not actually have access to them. So let's go ahead and look at a project that we that I sent prior to this demonstration. All right. We could see here I sent 12 files to Memex and we have 12 files that were supported and 10 with known signatures. And we start talking a lot more about signatures over the next few minutes here. So when we start looking at the actual signatures and we start looking at the originating device and a generation, we have this file summary page where if I batch these 12 files, I could see really quickly the originating device of them when they reported the last generation, which means the last thing that we know, touch the device or the device or the video file pass through as well as any potential modification. So let's dove right in and we'll start a little bit small here. We'll build from there. Let's take a look at this file. Now, in our medic's analysis and doing a few different things. All right, we're going to look at and we want to try to identify the probably the hardest part of this or especially the files that are transmitted is the originating device is what device? What Kamma created this file. All right. And we do that a number of ways. The first part is reference to exactly what I talked about earlier is that we look at the file signature. So Medic's takes this file that was uploaded from I know because I uploaded it from an iPhone 11 that was never transmitted anywhere. And it runs it through the the reference library. When first it develops the actual signature, it runs it through the reference library and comes up with an actual match to other signatures or to the same signature as it was created. In doing so, it identifies that the same signature from the phone that we the file that we sent, matches we could see here. The brand is an Apple, an iPhone 11 and an iPhone 11. Pro both create the same signature. OK, now. That's pretty understandable, since they're both Apple products, they're both iPhones, they're both very similar models. But now we want to drill down a little bit, a little bit more to identify out of this group, out of these two potential devices. Which one do we really think that it is now? I spoke earlier about how file structure analysis only concentrates on the actual presence or absence of specific boxes and their arrangement. In our other analysis that we're talking that that MEMEX performs is device classification. And this uses some semantic metadata, very specific key values and machine learning, probabilistic classification approach. Basically, it's using file structure analysis plus some metadata to make an informed result as to what brand and model created that device. So even though the file signatures match two devices here, when we go through device classification, we could see that it actually is an Apple iPhone 11. Now, this is just the starting point we're going to build from here. And we could say that this this video, this unknown video file that was presented to us came from an Apple iPhone 11 and was never sent anywhere. When I say never sent anywhere means that nothing that a path through or nothing that it transmitted could have possibly changed the hash value of the device. Or on the file, I should say, now, looking at this a little bit further, we can start looking at some of the data from it or I'm sorry, getting ahead of ourselves here. Generational history, which I just talked about briefly, is that we can see that the generational history here is the vice camera. We'll start seeing some methods of transmission and start gunning breadcrumbs back to originated in the Beiste. However, generational history will start looking at exactly where this video file passed through. We could see that front camera, GPS on rear camera, different variables of it. But the only generational history that we have here is device camera, which we could see two separate devices. This is the total number of files in our reference library, and this is based on video file structure. This means that we see two instances of devices that create this signature that are device camera original, that have never been sent anywhere. And if we look up here, we can see iPhone 11, iPhone 11 proso. It actually correlates. Quick note about file signatures. You could see that it does match this Apple iPhone 11, iPhone 11 pro. So I just want to be very clear here that we have about eighteen thousand files in the reference library right now. This says, that device that I submitted, the unknown video file, matches the signature of an iPhone 11 or an Apple iPhone 11 Perreault. It does not say that we've examined every single device in the wild and every single possible creative device that we don't have in the reference library. While the reference library does have eighteen thousand files and its ever growing, I can't say based upon this. And I looked at every other device to narrow it down, to say it's only possible from the iPhone 11 or iPhone 11 pro, if not probable, that another device created this. That is Samsung's device created, as I could say that or an unknown made overseas cell phone created. But it's highly unlikely but not I can't rule that out as a possibility because we can only reference what we have in the reference library. Going down a little bit here, we have file Medidata Medic's uses a combination of approaches to pass out metadata, including a proprietary or our own metadata sports utility, a passing tool. Now, this is a little different than some of the open source tools and many digital friends, Gallas, forensic video analyst, are using currently to pass out metadata. The way this differs and our approach differs is that as a true forensic tool, we're reporting every bit of metadata that we could find. Now, this and this is a core concept of medic's. And one of the reason that was developed, it is to designed to inspect every bit of the video file and get every possible bit of information out of it, including what we'll see here on the right, this proprietary structural data. All right. So this proprietary structural data is is data that medic's is identified as a valid box, as a valid structure, a part of the file, but it does not automatically decode. We do not know. And we don't automatically I should say, we don't know. So we don't automatically look in this box to see what these 12 bytes mean. We can absolutely go into a hex editor using this information at that offset and then manually decode it. And we could do that for all these files. The difference is, is that many, if not all open source or commonly used metadata parsing tools will not report the existence of this proprietary structural data. They're just simply not designed to it's not a forensic purpose for their original original design. So this is something that can be used, whether in terms of image authentication or video authentication examinations or just to gain additional insight about everything available to you and all the information and all the data available to you in a video file. In terms of structure, we have two other ways that we're going to be able to visualize structure. One is through this medic's file signature we could see here click to view signature details. This is the actual structure of the signature that we're looking at. OK, so this is a representation of every single member. We talked about those bricks or those boxes, those four character codes that make them up, that identify them. This is the exact order of them in the this file. And perhaps during my initial explanation, in the effort of time, I may have oversimplify this, saying that the bricks are all in order, as we can see here, that we actually have boxes that are nested inside of other boxes. So the structure does have some depth to it. The percentage you see here next to it is because it is essentially is how unique this signature is. And this is looking at every other life type of file that is in the reference library and looks at this F.T. File type based upon the empty for file format. It has to appear first. So you see it in one hundred percent or all the file types. However, this wide eyed it appears second is only present in zero point zero seven percent of those files in the reference library saying that this is pretty unique to see that. Furthermore, we can look at and we can see this is handler Dawlat here at zero percent. This is the only signature that has this force. You see this, this entry in that exact position showing areas of uniqueness. This is beneficial when we start looking at manual verification where we want to manually look at the structure and compare one to one, an unknown to a known when we have to make informed decisions or author opinion page report. I'm going to come back to advanced analysis in a minute, and I'm going to look at our open structured report. So this structural report is an interactive visualization of this box structure and this objects that occur within the video file. You could see this, Phillipi, this is our master, our first box entry here. And we can see that we actually have the payload, which is the information present in this box so we can verify them if look at the offset and see what the actual information is. And we can go down and we can start looking at some information, like in the movie header box, which has a lot of information for creation time, modification time. So that could be used in looking at authenticity examinations, one of the many places that we could easily visualize how our data is stored within a video file to make some really informed decisions about what is actually being reported. Or we can actually look at. We go back to the results and let's kick this up a notch. Let's take a look at a file that has actually been transmitted. Oops. Let's take a look at. An Android file this time. So here we could see already or landing page looks slightly different. We can see this originating device information here is where we're going to look at first or already we could say it's a suspected non camera regional file alerting us that this structure does not actually match a structure that is the same as something that you would find as a camera original file. Structure, although it does match as the source device, Samsung Galaxy Note nine or eight plus, based upon the structural analysis, we start looking at brand class or device classification. We can that's when we have the structural approach, plus the associated metadata you start looking and seeing. And we can narrow it down that this is a Samsung and Samsung Galaxy Note nine using that extra step classification with our metadata values or specific metadata values along with structural analysis. Generational history is where we can identify how this file was transmitted and why it is camera original and looking at it, we could see that the device, camera and original. They're the first generation of us, and we could see that the second generation, it was actually sent through WhatsApp. This is, again, based upon structure, so we talked about that box arrangement, the the BRIC arrangement, the Samsung Galaxy Note nine displays its structure in a specific way. And then when it goes through WhatsApp, the WhatsApp utility, the WhatsApp service then has its own signature, its own structure that employs when it's sharing the files that we're able to identify based upon the reference library. To look at it again, we can look at our proprietary structural data. And we could see that these two entries here, which I could tell you, are very distinct to Samsung devices that those actually maintained in the structure, even though WhatsApp did its work on it, those those entries were still maintain. Again, we could see a failed modification test for the first time now we see fail modification test, that does not automatically mean that the file is absolutely modified. What it does is allows us to go and see exactly one modification test that it failed. In this case, there's a host of modification tests that are run. And this one actually is because a specific box identifies to have 19 bytes, but actually contains nine. Now, this could be an encoding error or this could be some kind of malicious attempt or could have been an attempt to alter metadata when we start talking about modification. This is different than looking at originating device classification and generational history. That originating device and generational history will identify content based manipulation by like an editing tool. It's not going to tell you that the file was edited at frame three hundred and sixty two, but it will tell you and we'll see in a second that this file path through Adobe Premiere April now. The modification testing is different, and this is specifically targeting someone that is going in with a hex editor at a bite level to make modifications to a video file. There's a host of tests that are leveraging the knowledge that we have about video files that most or say many people that are attempting to manipulate them do not and saying that these values are so dependent on each other or appear in so many locations within the file that we're on, that somebody that makes a change, let's say to a timestamp, doesn't realize that there are five, six, eight other time stamps that they would need to change in that file to make it a valid file and pass the modification test. All of this without changing the exact order of the byte length in that file before it is detected. So that is one simple transmission, it's just a Samsung Galaxy Note nine through WhatsApp. Let's take a look at something a little bit more complex. Let's take a look at something that was sent to tick tock. Now we start dealing with social media. We start increasing the difficulty level of source device detection as well as transmission. Again, looking at here in Mendax, we could see this is a suspected noncom original file right now, structural analysis. Now we have a larger range of brands and models that match this particular structure, the structural signature. OK, so it could have been any one of three brands and any one of its eight or 10 devices that will identify as the same signature. However, we start looking at the classification we the device classification into it, we can narrow it down to a Samsung Galaxy eight, 10, eight. Now, you're not going to have the same result all the time from every social media site. And we'll see that in a second year when it looks like when we don't have such a strong result. But we could say that we know generational history wise that this structure is appears through seven different devices that were captured on its original device camera and then sent to tick tock and then downloaded. Immediately authenticating or identifying the source of that originating device, even though was transmitted through social media. Let's take a look at the deep fake real quick. Excuse me. Now, this or a defeat that I grabbed off the Internet, now when we look at it, we could see suspected non original file, but we also see partial structural match here. In our previous entries, we saw a structural match and that showed up and now we see partial structural match. And what does that mean? I mentioned it earlier that we had nested boxes and this really drill down to death to a file structure. And we make up the signature. The partial match matches the signature on a high level, but it doesn't match every single structure. And the concept we will want to start thinking about and talking about is whether it's a picture of what happened or a painting of what happens. When I see a picture of what happened or what the source devices and structural analysis. I could say that when we think in terms of the picture, we have a nice, crisp, clean edges. We see a very, very accurate and a very detailed representation of what we're viewing in our imagery. And now that would be a complete structural match, striking a partial structural match as a painting. Let's say a painting is still accurate and it is painting a picture of a larger amount of devices, but it doesn't have the specificity or the detail that a picture does. In this case, we can look at our brands and models and we could see it's a really, really long list and we're going to identify why that is in just a second device. Classification identifies the brand, but it does not identify the model. And I should mention this is that when we talk about device classification, since we talk about probabilistic percentages, the result of the device classification won't be returned unless there is 90 percent certainty that that there is a match, that there is a result. So there is a 90 percent or higher certainty that the brand of that created this device is a Samsung. However, the classifier does not have enough certainty to turn result for model. It's not going to take a wild guess at it, only return a result that meets a certain threshold. We'll start looking at generational history again based upon structure, we could see a lot of different generational histories here. Let's look at six hundred and eighty three devices here exhibited the same structure that had this generational history. That was device camera, and it was sent through feedback. For those that are unfamiliar, f MPEG is a very, very common open source, video processing and transcoding and converting to that many, many software packages used to encode or Renco. Their video we could see that is present here in six hundred eighty three files. Let's go to the next one down. Hey, look, last generation FMP. 13 files, generation F MPEG and so on and so forth, here we see device, camera, free video converter, what do we think free video converters using under the hood to re encoded files for all these are using fintech in one way or another to encode or to build this structure. Now, we did not identify specifically aside from the brand as the source device, but knowing this and knowing that this video passed through fanpage and having high confidence, this video pass through FFM Peg gives us a lot when we start talking about authentication because we leverage the information that fanpage we do not see in Tammar original files in the wild. There is no camcorder, there's no cell phone that you're going to find that's using the FMP signature when actually records an original file. So if you were presenting this evidence and somebody is saying that this is original evidence and you can look at it, you can identify this as being transported by FFM and therefore not original evidence, and you could work your investigation from there. Again, we have proprietary structural data we can see here that is pretty indicative of a Samsung device. So the classifier did a good job in actually giving a result of the brand, although not having any results for the device. Now, we also understand that this is pretty complex. This could get a little bit in the weeds to make determinations of. We really have to stake your opinion on the line of what this source device is or is this video authentic as part of the subscription and that you do receive a limited number of advanced forensic analysis requests. And we have options to add on that basically sends the information from this file, the past that information, not the file itself, that to a subject matter expert, the subject matter expert and medics will then evaluate that file and give an opinion as to the authenticity and source and then have availability to write a report and then come testify in court to support those findings. We understand that a lot of times this does get in the weeds and this does get deep and we want to be able to provide that service for you on the really complex cases where you might not be a full time forensic video analyst or forensic video examiner. Or if you are, you might just want a second look at that file. Let's take a look at one more or a couple more here. In terms of ending and identifying authentication through a source identification or editing, now I'm telling you that this iPhone 11 original file was edited by Premier because I edited. What we can look at here is that this is a suspected, noncommercial file and based upon the structure, we do have an Apple iPhone 11 device classifier still wouldn't return a result. However, Adobe premiere pro here. Does return and does have its unique signature specific to Adobe premiere pro and to say specific to Adobe products. We can look at this signature and by using this signature identification of it, and this is totally outside of the visual quality of this video, no matter how good it appears, we could say that this video was through an editing tool or appeared through or touch non-linear Ed was encoded by non-linear editor, therefore raising your index of suspicion that this video actually has been edited. Notice how it didn't pay it, pass all the modification, a validation test, because we're looking for something different here, modification and validation or concern with hex data concerned with manipulating binary data, source identification identifies, hey, this video went through an editing tool. Now. Last one, and then we're going to open up to questions. Let's take a look at something that actually has been modified and where I tried to change the date and time stamp, a very possible thing to happen in the real world. Somebody wants to manipulate the actual date and time that a video file was created or remove the date and time the video file was created. And it's not very difficult to go to some commercial tools to try to do this, to edit metadata. Or if you have a little bit of knowledge with a hex editor, you can do that. However, in trying to do so, if you don't realize all of the skill level and all the tools and all the different ways and time values do appear, you have a track head remodification time, and that is more than 60 seconds later than a creation time. Well, when I did this, I did it down very, really quickly. I changed a couple of values to alter or encoding the date here. You could see. However, I did not catch all the dates and times that are present in this file. So it did fleg as something that is could be not authentic or something that could be manipulated. The fact is, is that this file, I believe this specific one has six different time stamps in it. I would have to go to those six different assets, understand where they were, calculate out from epoch of whatever device created it, and then do the math and insert that next. Not the easiest task to do across six different locations within the file. Now, last thing I'm going to show you, I misspoke a second ago. Is just to reiterate that this is not based upon metadata. This is not based upon semantic metadata. I took one really quickly, went into a Hex editor, and I changed this Apple iPhone. It's an iPhone 11. And I just where it would normally say iPhone 11 in the metadata, I just put it not a Samsung in the process. I broke the file and I failed the validation test. It does not match an Apple iPhone signature no matter how much I want to report that it is. If I'm saying that this was a camera original file from an iPhone and I sent this through FedEx, I can easily say that this is not actually camera original because it does not match any signature that comes from an iPhone, except if you're viewing this recording and have any questions for like more information, I invite you to contact us at the information seen on your screen. Thanks for watching and have a great day.","format":"text/plain"},"target":"https://medex.aviaryplatform.com/collections/239/collection_resources/40232/file/111887#t=5.74,1956.72"}]},{"id":"https://medex.aviaryplatform.com/collections/239/collection_resources/40232/file/111887/transcript/24943","type":"AnnotationPage","label":{"en":["English [Transcript]"]},"items":[{"id":"https://medex.aviaryplatform.com/collections/239/collection_resources/40232/file/111887/transcript/24943/annotation/2","type":"Annotation","motivation":"subtitling","body":{"type":"TextualBody","value":"https://d9jk7wjtjpu5g.cloudfront.net/file_transcripts/associated_files/000/024/943/original/open-uri20210428-31652-12izq3r?1619620874","format":"text/vtt","language":"en"},"target":"https://d9jk7wjtjpu5g.cloudfront.net/file_transcripts/associated_files/000/024/943/original/open-uri20210428-31652-12izq3r?1619620874"}]}]}]}