Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
30s -
max time network
26s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
28/06/2024, 16:00
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/gupr0x4/HWID-Spoofer-for-Fortnite-and-Valorant
Resource
win10v2004-20240611-en
General
-
Target
https://github.com/gupr0x4/HWID-Spoofer-for-Fortnite-and-Valorant
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
pid Process 2044 hwid-spoofer.exe -
resource yara_rule behavioral1/files/0x0009000000023594-174.dat vmprotect behavioral1/memory/2044-211-0x0000000000370000-0x00000000003E4000-memory.dmp vmprotect -
Program crash 1 IoCs
pid pid_target Process procid_target 5280 2044 WerFault.exe 111 -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 228524.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1368 msedge.exe 1368 msedge.exe 1924 msedge.exe 1924 msedge.exe 2012 identity_helper.exe 2012 identity_helper.exe 2044 msedge.exe 2044 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2044 hwid-spoofer.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
pid Process 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1924 wrote to memory of 1472 1924 msedge.exe 82 PID 1924 wrote to memory of 1472 1924 msedge.exe 82 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 3460 1924 msedge.exe 83 PID 1924 wrote to memory of 1368 1924 msedge.exe 84 PID 1924 wrote to memory of 1368 1924 msedge.exe 84 PID 1924 wrote to memory of 2312 1924 msedge.exe 85 PID 1924 wrote to memory of 2312 1924 msedge.exe 85 PID 1924 wrote to memory of 2312 1924 msedge.exe 85 PID 1924 wrote to memory of 2312 1924 msedge.exe 85 PID 1924 wrote to memory of 2312 1924 msedge.exe 85 PID 1924 wrote to memory of 2312 1924 msedge.exe 85 PID 1924 wrote to memory of 2312 1924 msedge.exe 85 PID 1924 wrote to memory of 2312 1924 msedge.exe 85 PID 1924 wrote to memory of 2312 1924 msedge.exe 85 PID 1924 wrote to memory of 2312 1924 msedge.exe 85 PID 1924 wrote to memory of 2312 1924 msedge.exe 85 PID 1924 wrote to memory of 2312 1924 msedge.exe 85 PID 1924 wrote to memory of 2312 1924 msedge.exe 85 PID 1924 wrote to memory of 2312 1924 msedge.exe 85 PID 1924 wrote to memory of 2312 1924 msedge.exe 85 PID 1924 wrote to memory of 2312 1924 msedge.exe 85 PID 1924 wrote to memory of 2312 1924 msedge.exe 85 PID 1924 wrote to memory of 2312 1924 msedge.exe 85 PID 1924 wrote to memory of 2312 1924 msedge.exe 85 PID 1924 wrote to memory of 2312 1924 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/gupr0x4/HWID-Spoofer-for-Fortnite-and-Valorant1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1924 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb7be46f8,0x7fffb7be4708,0x7fffb7be47182⤵PID:1472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,14509059023790771422,17769979810079268956,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:3460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,14509059023790771422,17769979810079268956,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,14509059023790771422,17769979810079268956,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵PID:2312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14509059023790771422,17769979810079268956,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:4136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14509059023790771422,17769979810079268956,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵PID:1964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,14509059023790771422,17769979810079268956,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:82⤵PID:2512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,14509059023790771422,17769979810079268956,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,14509059023790771422,17769979810079268956,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5352 /prefetch:82⤵PID:1032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14509059023790771422,17769979810079268956,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:12⤵PID:3000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,14509059023790771422,17769979810079268956,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6068 /prefetch:82⤵PID:436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,14509059023790771422,17769979810079268956,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2044
-
-
C:\Users\Admin\Downloads\hwid-spoofer.exe"C:\Users\Admin\Downloads\hwid-spoofer.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2044 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 18803⤵
- Program crash
PID:5280
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14509059023790771422,17769979810079268956,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:12⤵PID:5300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14509059023790771422,17769979810079268956,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:12⤵PID:5308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14509059023790771422,17769979810079268956,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵PID:5480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14509059023790771422,17769979810079268956,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:12⤵PID:5488
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3924
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4300
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2044 -ip 20441⤵PID:5256
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5477462b6ad8eaaf8d38f5e3a4daf17b0
SHA186174e670c44767c08a39cc2a53c09c318326201
SHA256e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e
-
Filesize
152B
MD5b704c9ca0493bd4548ac9c69dc4a4f27
SHA1a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA2562ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA51269c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5b6e8b292257dcb00b933dc2b57e2394a
SHA1626f099bbe67426b42fe9b4d3626d4839e67b8a0
SHA2566c85958faf0ac8ee089b5df03aeb30f15172441f1c86f1650ec1e1d941f9543d
SHA5122e469ff1ba5ba9e21c1cdc9f565e5db88b1812e70da0678ba8e79cbd276ef8358fb84f5cb279d66f5525de50d5da7450d5fa3f39b6e670a7cbd0c40eb523be2c
-
Filesize
5KB
MD57a51b65d029ae7d0a1fb56388f0e652a
SHA1c61bc5cbdc8fbbe0c855f274d81791c489888032
SHA2568365ff482a1ae563b9a1425575fd66a7e90a1d7bfecc304aec396efa394cafbc
SHA512dcae6430716a898649a8cad00551d2ed65d6e0bfbcc7571e967def70c450b4c6056d59f71857de3b5e07e7a913f9bc297dac69a9960a099d82b1c75655a4d120
-
Filesize
6KB
MD5f96333e9789dbd0c0eba704868b6502f
SHA1dcc8f912749731c595a54a43ba039033e17c5813
SHA256ac2ed778a0beb7a7df3fc87411b6f650a6f9229783339dcb361d275bc7fa47a6
SHA5126d08bba94c5b364bd3f4c18ea610259bbddfcc7d89b96fa84606ed30a8e91bf3ccec74e9aad08bfbed84b083fa435650ecd133ec4e9977eb93ef66bf48cd3e3b
-
Filesize
6KB
MD51deec2a54ab7054c830633e6617d7af7
SHA14d8992b2084e4faf3ff276265fb77226a462fa24
SHA2564ed324fa088c40f12c6db9c9ab73798d81d8e2f9c489403f2d70d226f08f3939
SHA51217a94b3322f65457752f573de12147f9c8f883d2bae65e4a77cf3634cffeb7b11b6a434a0a48323af0c308c3d2ba01ae82a04ffeb9e1fa25814a6ba933201606
-
Filesize
874B
MD51760e8cc55954db66f192cbfc8cc2ff5
SHA1d0a44149c4552e797df320392f8b221ddc41cd4a
SHA256aff55aef2635ff5a19921070eda05fda67ea437c153ee11e595cac90522483dc
SHA512732ce3737abf2916a00967d5636b04b26806514334dd1ef2bfa9a06561e51749cfdc2388535b4cb568e76971bf54ab13a0afdf9ea5247571ff18ed1c11b7784c
-
Filesize
874B
MD5dbdf7067a3991a25797eba51bc29fe48
SHA165afff87e5f3e3108f2c5dbe10a12164d0a57b1d
SHA2564ed4fbe2911f4b2fc4af5b24875259023638ea05ea92f78379ef648554d8028c
SHA512987bbc5c5638c3d63bad7edeb61159f3b2142ba6e99095bae1b0df3aba8af5fe49123e85bb7f2499b1ee6c1df78d235a6107042471bcaf87559a51e28fa3baf7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5c376fb9289dda77aec02c81625760d07
SHA1a3d5dd6ffffe7703612c074d66cc9cd6c8279263
SHA256a6a58222e018925c6d4becb47c4a361f659fa9937292b7888c4355c36371d52a
SHA512830db6d0f47d3a5e1c57268830cacd175b3172fa9b0a1221980fc33c6ead647d5457c913987c4dd2e3d3e5f15a5c2ec0e7eca8e7116215c9b3f4c46f514dac4c
-
Filesize
266KB
MD5322f7016ccf0835c39375dfc42370222
SHA1701a2e8c1d8976c7b5b6a49d6449a4ff92dba6ee
SHA2569945aca9c51b2d420585e28adcb500631f27e4322e07afc1f13b7b690d177d0c
SHA51282fc8db901bd68ba322635d8a1d7d515f3b61cdf2a65d0c5f132ce7f0a3b74dd4545ed7c762707510a225e0adb91516a468019b264bd7ac625fe24ffc6e6aefb