Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
51s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
25/07/2024, 22:34
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://uploadnow.io/files/CHnFk0s
Resource
win10v2004-20240709-en
General
-
Target
https://uploadnow.io/files/CHnFk0s
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4508 msedge.exe 4508 msedge.exe 3380 msedge.exe 3380 msedge.exe 1088 identity_helper.exe 1088 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe 3380 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3380 wrote to memory of 2400 3380 msedge.exe 86 PID 3380 wrote to memory of 2400 3380 msedge.exe 86 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 3044 3380 msedge.exe 87 PID 3380 wrote to memory of 4508 3380 msedge.exe 88 PID 3380 wrote to memory of 4508 3380 msedge.exe 88 PID 3380 wrote to memory of 4152 3380 msedge.exe 89 PID 3380 wrote to memory of 4152 3380 msedge.exe 89 PID 3380 wrote to memory of 4152 3380 msedge.exe 89 PID 3380 wrote to memory of 4152 3380 msedge.exe 89 PID 3380 wrote to memory of 4152 3380 msedge.exe 89 PID 3380 wrote to memory of 4152 3380 msedge.exe 89 PID 3380 wrote to memory of 4152 3380 msedge.exe 89 PID 3380 wrote to memory of 4152 3380 msedge.exe 89 PID 3380 wrote to memory of 4152 3380 msedge.exe 89 PID 3380 wrote to memory of 4152 3380 msedge.exe 89 PID 3380 wrote to memory of 4152 3380 msedge.exe 89 PID 3380 wrote to memory of 4152 3380 msedge.exe 89 PID 3380 wrote to memory of 4152 3380 msedge.exe 89 PID 3380 wrote to memory of 4152 3380 msedge.exe 89 PID 3380 wrote to memory of 4152 3380 msedge.exe 89 PID 3380 wrote to memory of 4152 3380 msedge.exe 89 PID 3380 wrote to memory of 4152 3380 msedge.exe 89 PID 3380 wrote to memory of 4152 3380 msedge.exe 89 PID 3380 wrote to memory of 4152 3380 msedge.exe 89 PID 3380 wrote to memory of 4152 3380 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://uploadnow.io/files/CHnFk0s1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3380 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f3a846f8,0x7ff9f3a84708,0x7ff9f3a847182⤵PID:2400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,15462772046241502899,11558441903277422216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:3044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,15462772046241502899,11558441903277422216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,15462772046241502899,11558441903277422216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:82⤵PID:4152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15462772046241502899,11558441903277422216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:3656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15462772046241502899,11558441903277422216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:2624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15462772046241502899,11558441903277422216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,15462772046241502899,11558441903277422216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 /prefetch:82⤵PID:3236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,15462772046241502899,11558441903277422216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15462772046241502899,11558441903277422216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵PID:5116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15462772046241502899,11558441903277422216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵PID:412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15462772046241502899,11558441903277422216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:12⤵PID:5564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15462772046241502899,11558441903277422216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵PID:5572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15462772046241502899,11558441903277422216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:12⤵PID:5760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15462772046241502899,11558441903277422216,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:12⤵PID:5768
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1580
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4668
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5584971c8ba88c824fd51a05dddb45a98
SHA1b7c9489b4427652a9cdd754d1c1b6ac4034be421
SHA256e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307
SHA5125dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726
-
Filesize
152B
MD5b28ef7d9f6d74f055cc49876767c886c
SHA1d6b3267f36c340979f8fc3e012fdd02c468740bf
SHA256fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37
SHA512491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75
-
Filesize
52KB
MD52f9984624ad660b3aaef618db6ecc44f
SHA18afced604b2654c9088d2b561229bfda2aaaf21d
SHA2568339f94caf42d4ef9b0d4b0a136f5466eb961406513e56d0d6b8de8f27c38f32
SHA51252f967569ca6e339aec7d6c54c8d854834a984ccf21071aceb849a9ec2e1deb4db05b7b6a18125762b4ffb548727351bc6b5b8e8e52d1c056c93ba62345f1126
-
Filesize
1KB
MD5f8824ba293002dc01eabaca94c5d5791
SHA1d3a763295b29ce2bf80c3823249ede9173c869e6
SHA25693d11e57972a8c0d052c722c5904771a116f86d28751fdc8a3a666d7776cc27a
SHA5120dec98ad8667cbd419752a6f6e6a098a8ed5ea5bc169d0e911475933612d4f9b66b3dc64a219c5dba1066dd7d7c4b2aa952d592a9d231eccdd18476b4efbf517
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD52eec030a279139abba7621fb81ee9fce
SHA1b528fc2205e1c1a39dd3681702ac6a3e2bd3386b
SHA2563bc91e5fbf01243c74a48c6261d4d3b76741561622304b9ad96d2fffc36513cd
SHA512b3a03b6d7a47dac2947ed93ecc792d0d3738ef34052ceb4aa997dba3cde3dd560a2bda47ef6c38e7dbd81da11d06ea920b67d4ed764ed02fede808e364d622b8
-
Filesize
2KB
MD5413abc659df5d2aaee1bf9dcf1c760bd
SHA156430f61e02e58ba670947d367cd9b0c62aeaaa8
SHA2565d4c21ece6855338e0cc9200870355c597df0bb983bdcc7e14b7a0d320964fad
SHA5122f40b9f52e0dc38bd5916912a125fe1470bb64f208e5cf190a37a17239455f19f4924be49f59195a090d57198965574167bcec4d03dbadd309ed4d7a979790b9
-
Filesize
7KB
MD50224889c99bc41b638d73237e7d1dbd7
SHA1785a6786c7d39a11158e4552cb5a2d6855623ace
SHA25671c951ccecf19fc32edd7f09b9dbd5288fe35e94893229701349ec63058a0a36
SHA51227ac6d6ee670199f2ee7d78e013703a8dd944d6c0d841b6b393f661050dc8e2f48ac1c099ca6c5b52ebfe1fceef09b808ff9709cb656db6474f5720e3fbb6131
-
Filesize
5KB
MD57ad663c3cd5cf3feeea9544ffe8733c4
SHA1763197af2ea0bb6385767fae74096cff5464a0a8
SHA256c022c408a0e1fedcb792442fc40f9ee40afde9bdff7a077914318bcbae570700
SHA512412f5ca60acc28b1f3f5f34afbb57176c6c5e10851caffac1cac289e6ffdb2e6bbc90e02c1efb8a2feca1ff3b5556d1c52f3d99d59d0e48380802c91e0bdb30a
-
Filesize
7KB
MD5c28f912c2537fe9aa01f3d5ac1c6c3f5
SHA19e82035c9682ed2823d21c099a7c9567b9dac59b
SHA256e5250f6e456b5b63f30094ced317ccd613c9b9336d0c61ee6a236a7e2bdd30f9
SHA512d899bb5b5a918ca191fb6e85be1bb4c9192a21529bea45c94ffe0e631988cb811321967a4d5c20ff38240cb42e991257529d101feb085312d7cce3828285db72
-
Filesize
538B
MD578906e2a6899026effd3a3e1ec62d316
SHA1d9da547ed1965fe4fe9838777a7c9dda21acd5ac
SHA256292e1919f06f71d05730d2780d84fda98935bd7d193ed85a00ec6b6b9cd99bcb
SHA512f212eed3615f3c5a812126e8a1fad1f564516d3ba57e762227ef9ed102bbf1dfebb43b9b2956e1e5309e74f4a1299a87f36c059c1419921a3cec3a7e782db3ba
-
Filesize
538B
MD565646b1ee0bb60916be8b45974974ce6
SHA106279546c06ea1f4c63c7d316a27d0dd118e33d3
SHA256d35411f5a3be251e2b244ef245792a5f4fe5233732d163ef8e9424c602b21676
SHA512a56e68b8d0d2abc12d30e05f12a0a9ade933abe3318bf00f146c10881edd44a372acf7d5e8358b4ad662e5b9993c6111782f7fce5e38bcba96bb76db1a4649b8
-
Filesize
538B
MD54e6f71b36964b2f7c8eb6fead3b84810
SHA1510d760c3b84e292554b34f915b86d376fd12349
SHA2567ff1b9deaf21aa7d080b659e2b8e06ff6291e3660291c82d12850cb116dd8bcf
SHA512b79ae7fc3de5d5e8518342dfc392cd5973e82654d7e87fbf8bd55be815affd62bc7fc19c7cc6a67f6d1b709709d2a625e89e43cc56ddfebc4794105da5a1a2a8
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD58d32ec8f1d5ddd3da4284749550a71b6
SHA1a57238367e3f0b4c8541ba5ee3c463ba44ed144f
SHA25677ef8f6342598e7e321f2760010b6778d6f6c9786b9c28f464a4c08b25483834
SHA512cd9e6f5fedec7b0709b0fb3ef2fb822263bd9f176f08c1565a2093bf9cbb1056b2a0d2476fb7ea4e2cab473377d5cfa556553fae5a6895f0720681407de65948
-
Filesize
11KB
MD54efec90d461de5c1dae1d15109df45de
SHA18499488cc5c78e57af9957095ac7d80386e5d58b
SHA2568efe78316fde85e9e974c3a2ec1f3b3cf12c70f7e7acb466d6f0b4959bf492c9
SHA5129647d598c1dd328eff7243961f3660e7802640ed73639190ffadc3bc95ea66258574d2455b29c5eb1597da744476401d534f817d06532b9947ea65c58ab17868