Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
14-08-2024 17:38
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4600 msedge.exe 4600 msedge.exe 548 msedge.exe 548 msedge.exe 3228 identity_helper.exe 3228 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe 548 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 548 wrote to memory of 4016 548 msedge.exe 84 PID 548 wrote to memory of 4016 548 msedge.exe 84 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 5004 548 msedge.exe 85 PID 548 wrote to memory of 4600 548 msedge.exe 86 PID 548 wrote to memory of 4600 548 msedge.exe 86 PID 548 wrote to memory of 4408 548 msedge.exe 87 PID 548 wrote to memory of 4408 548 msedge.exe 87 PID 548 wrote to memory of 4408 548 msedge.exe 87 PID 548 wrote to memory of 4408 548 msedge.exe 87 PID 548 wrote to memory of 4408 548 msedge.exe 87 PID 548 wrote to memory of 4408 548 msedge.exe 87 PID 548 wrote to memory of 4408 548 msedge.exe 87 PID 548 wrote to memory of 4408 548 msedge.exe 87 PID 548 wrote to memory of 4408 548 msedge.exe 87 PID 548 wrote to memory of 4408 548 msedge.exe 87 PID 548 wrote to memory of 4408 548 msedge.exe 87 PID 548 wrote to memory of 4408 548 msedge.exe 87 PID 548 wrote to memory of 4408 548 msedge.exe 87 PID 548 wrote to memory of 4408 548 msedge.exe 87 PID 548 wrote to memory of 4408 548 msedge.exe 87 PID 548 wrote to memory of 4408 548 msedge.exe 87 PID 548 wrote to memory of 4408 548 msedge.exe 87 PID 548 wrote to memory of 4408 548 msedge.exe 87 PID 548 wrote to memory of 4408 548 msedge.exe 87 PID 548 wrote to memory of 4408 548 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://clicks.aweber.com/y/ct/?l=18XlE&m=ifkjkEkoo9.0_fP&b=it0xZ48rsSw.ezW5vmtIFg1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:548 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb057346f8,0x7ffb05734708,0x7ffb057347182⤵PID:4016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,12725392267404332726,12203579095969691602,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,12725392267404332726,12203579095969691602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,12725392267404332726,12203579095969691602,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:82⤵PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12725392267404332726,12203579095969691602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12725392267404332726,12203579095969691602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:2484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12725392267404332726,12203579095969691602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:12⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12725392267404332726,12203579095969691602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:12⤵PID:4360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,12725392267404332726,12203579095969691602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:82⤵PID:3104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,12725392267404332726,12203579095969691602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12725392267404332726,12203579095969691602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵PID:1164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12725392267404332726,12203579095969691602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵PID:3092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12725392267404332726,12203579095969691602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:12⤵PID:2828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12725392267404332726,12203579095969691602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:12⤵PID:2088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12725392267404332726,12203579095969691602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:12⤵PID:5508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12725392267404332726,12203579095969691602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵PID:5660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,12725392267404332726,12203579095969691602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:12⤵PID:5736
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:748
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1852
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD539e4e307154857d1789b83ff2180e753
SHA1f81bf3b14003d7839f63d82bb041491c15101c8e
SHA256d77f5b212f75dcbe4b298dd723f38a5b1107b9f22379192da5f3cbf34620fc51
SHA51287e5d1b12d85d8dad7d6027929da4b9e2da51b1787cac2a970de5153174a1db1ea6fbe19b430ee54eb354b1afb7e0e8d27427d385d5b27d8aad59403151a77e9
-
Filesize
2KB
MD5b781ea7c8d1f718dd7aff94f6c87478a
SHA1418ac1705c97574cb1bd0de921dd2e171b1428c5
SHA256230a1b86affa9b00cf4c276d42f0ad84c653c016e450540dd2691ffe6c30ed12
SHA51261a872abe63e1b40e33d640124d90dfd4841c9ec3ab2a1c4ea3604729fb1365b84c35a8c379be9cd9a17beeee7226580f2b76f7d426849b3311d00b0c72de8c7
-
Filesize
6KB
MD5c3877677c7ee1cebb8feabc8e84fbdef
SHA1806f55fb90a4d25f185d09f8807a8602ab1b33dd
SHA256caa02c4cdeb9841c7b881e5291893efb77fcf566acc21f9c2e1d51908c681800
SHA512d6b92c6e2c4f314b5e83c8cebab5a4dbaaaec8d3471b15b9e457a9ec9120190e33afb0f8d0dd57a2dff67ad44f48d27796c0667f2d786b11676b56f9514c284f
-
Filesize
7KB
MD56ef4e0cf6202937266c7650ddd1a6639
SHA16f5ee71c8070862752661d0780da0ffb38a2f50c
SHA25603b861bd74539f3730489e4068edd8bfbafbce5d43c3d4d0ff27866e87377e19
SHA512958bcc5d63ec8cb097804adfd546a2bb83d51b8575e000d30da688ff0fdc7c9f1ada1765de4fdd1a73e787633f8a8455f93ed5c9cc6462738892520ca53beb70
-
Filesize
6KB
MD5a44bc992f652b3f1bc876f23ca2ead1f
SHA1eeffab57d55a63ee7ddb6101dd04f423af494093
SHA2564ff71541de2222a361ef1f3464d57f31654789fce7bdfcaf2f8c374cebb7471d
SHA512104752339944651ff824073a77da4c44e2929c984d35346176d697cafc583f233765e948f48d4dc157e007e3e2c4ddc848618bc7c92c6be9ee6ef39d27861314
-
Filesize
7KB
MD5f4b115576fb96228a9e9a06b586c0118
SHA133abc6eb8ca20c762b4b7355aa0a9870597b9349
SHA2560568fccbcda407342a392a8861242789fec5e5aec2b8ff7d31d6cf7ebd8fae99
SHA512bf527b5102a0cd625ec48ac7079035e211f49a64ab22155449d44ae14e8085ccddcbb89348403f398e1aa202dfa3416a4c295e029e34327481a79a9d3b7bd299
-
Filesize
872B
MD525e7456d7dbe81ec5bdcd00d99a8a4cc
SHA135282322d272c582b328348c9928480ad749ca78
SHA256c2cafc533333d182cb242a785f960016897c7ca21f015e7195e4ff0d4a039d0e
SHA512c302608fa9a6ce61d2e2e09fdebb62edc94f55b323eee01fb4d9399dd0c60f07196e28added5ccf0dbd23703ad49796f0de88156d517e137b3de0cb858fdbfec
-
Filesize
1KB
MD55b8a7ad31a5455776fa6d08cf9b69eb2
SHA1ed5be36b511dd5014c69527a5eb89a075e37fff2
SHA2566ec547e3832183fd8763b6c320a7a90a967f1cf44c2f6cac4b3b0d22da1a44db
SHA5126bb85b4028c11d8c5732861ca825fa7579762ccb7be0b5c3cb0e1b9fe17b92149ddb1b94cd89e05f4ecab92f148c14e9b59227ed8e3c6a520a7c448d46d9a51c
-
Filesize
704B
MD5ad9545797f136c14788015dd6b548f3f
SHA16a72be66c4ef804b038e83e59ac987b340b9eb6f
SHA2561ac9ceae3762164e576532019132357666ac53b757557c026cd4f329c837c362
SHA5122ef8b284e0ed1e6fe080c63647a2908d96f2dd3699927b10566867b124d6bd6da09db93110bec7e7c03f286735b2826014c60dc7ea726c629903a33a8485c1ad
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD518a6d4554c874a568c841f2b50559b74
SHA17a563c247b8eff2f532c174a93c85aaba35fb3d2
SHA25693ee42866ed4f16d8c3dbad8dd1dd8135eee6cfa1718dffaa89132ebe2a826d4
SHA51256d21333d395fbd1aefdd7fe44553d2300b28d7a35c746464718775cb73af695bd02ccdff4752b18e51fb45e88a5aa1055b1b95abd5fefe55af7566a418820e7
-
Filesize
11KB
MD50c5dd236817ed9807ffd89aceed8b8b4
SHA14a421031778cd9cabd875e469cd3e19174da2ec9
SHA25698bbb39e0aaa5c29d0cc9a4905f3fed5acbc39c727ee53e46622c873671944ea
SHA512c5b70face9511fa29f5d9cf86193590616db97071b714f2cc1b037d75ba0e7221c95e9fbd42503f4dbdc7e808c69bbd4f662423b9744447dedb672f5d0da140a