Analysis
-
max time kernel
149s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06-03-2024 16:19
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://08fvs1vnh7cz53r.blob.core.windows.net/08fvs1vnh7cz53r/url.html
Resource
win10v2004-20240226-en
General
-
Target
https://08fvs1vnh7cz53r.blob.core.windows.net/08fvs1vnh7cz53r/url.html
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4612 msedge.exe 4612 msedge.exe 3080 msedge.exe 3080 msedge.exe 3212 identity_helper.exe 3212 identity_helper.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
Processes:
msedge.exepid process 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3080 wrote to memory of 4384 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4384 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4296 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4612 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4612 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 2740 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 2740 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 2740 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 2740 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 2740 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 2740 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 2740 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 2740 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 2740 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 2740 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 2740 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 2740 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 2740 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 2740 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 2740 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 2740 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 2740 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 2740 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 2740 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 2740 3080 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://08fvs1vnh7cz53r.blob.core.windows.net/08fvs1vnh7cz53r/url.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff983cb46f8,0x7ff983cb4708,0x7ff983cb47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10849863279094780228,14574371409715908420,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,10849863279094780228,14574371409715908420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,10849863279094780228,14574371409715908420,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10849863279094780228,14574371409715908420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10849863279094780228,14574371409715908420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10849863279094780228,14574371409715908420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10849863279094780228,14574371409715908420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10849863279094780228,14574371409715908420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10849863279094780228,14574371409715908420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10849863279094780228,14574371409715908420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10849863279094780228,14574371409715908420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10849863279094780228,14574371409715908420,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10849863279094780228,14574371409715908420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10849863279094780228,14574371409715908420,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10849863279094780228,14574371409715908420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1792 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10849863279094780228,14574371409715908420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10849863279094780228,14574371409715908420,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5fd7944a4ff1be37517983ffaf5700b11
SHA1c4287796d78e00969af85b7e16a2d04230961240
SHA256b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74
SHA51228c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a774512b00820b61a51258335097b2c9
SHA138c28d1ea3907a1af6c0443255ab610dd9285095
SHA25601946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4
SHA512ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD54eb79ade483c545e0a05bc5b8ff7aa96
SHA1e998d080a97c6d285d545265f2dc2fb7b18bfb57
SHA25631702c7986ee1dd0b2452eeb5e4ea5d2cda456d272fb8e963206ac1fa75c78b2
SHA5120a797699c23eca378c11b740e9b10b37d0bb98495037b3f96dfd5305c6aeae3e54dd3941d7708b00c95c031fb84386bf754993f4ae826e6ace4166b971dfbcff
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD501163f4b45b5b3f45d33073715af36a1
SHA1e4497707bceb1cdf9114fe2ca1e0c2d30db439b6
SHA25639fd7cb3316f44105a7c2751c267a32b6a20692b6084a5497d058019bfe988a1
SHA512c740efd48796724b825a64de929dd39458ad152bb1c6d935bfb6e00f096b23082a103f0d19cefd93ba3f462c5a8586787c497b9ee465c4b3076db9e5c249eb97
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5b824524fc298aadabbbb2068678bd3e4
SHA188693a46a8de5112da1187d92bc651cda7653c17
SHA256b16d75ff3e0fa95597a480c3a7e29ca07417b3a6b0ea5c2f9d399f026a68800b
SHA512c94961fef8d0657805638004e662fcc95160bb74d40795dd9b73688f750bba2521e7ea565a177ba0a2f05d8066ee2f2cdeeb30125296396a03f62b5884ecedb0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b2c01ab1-7164-48c8-a9ce-e3e9ff0892cf.tmpFilesize
11KB
MD58c4fbe6e9c68c58499ec5377a9f7d66b
SHA1ab557949a2cbb4f9dc2a3c3e740315d398482af2
SHA256f5969188053eda61400a303c2fc09163168b0b8edd8be5637e8aa32d869d9e6a
SHA512d68f2c9443eb70176bd6917f5a17325e0bcca945b88839a2de61bce69f5ecb7654b2f8934fc742d4bcc7d5f07be862ec43cc74113f186ea93ac35199930624eb
-
\??\pipe\LOCAL\crashpad_3080_WPKDNJXLMVQSAIGOMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e