Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
45s -
max time network
34s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
21/08/2024, 16:25
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://track.carrier-tracking.com/track.action?carrierType=PBSHIP&contentType=html&trackingNumber=9400109105459590726280&d0=1&d1=WhC3gSwUHG3IW5q*2fqjSufpHDjqxpjr4I8*2f5TBVwMGf0zy3FmNa*2bfgcK*2bZjLVkiWGZXc4vf62E8HZ0E*2b8HPOnnL6OKj82BznVhNAW5ZP6IP1kru92lIRiWBhvo9W3QBZH9lXPzdQ*2fkjsJaLfjx*2fHKK3wk*2fAFyk2F2NF9zwrhUtUM*3d&d2=U6nWNVGRYURXcBrbtuKePOBlVGZhVZ2cbpPAOHdSwjl2aUdMEH*2fuS*2brOc98WpC45jC3NSXsfEGrnmD1osZPPxzCVObqgfbqDRV30yhV8q6XzTk2DHpXQcfkNN*2fNk9D5tmEVnPnHs3O30jF5Q*2fC*2fC9gp36Yjon*2fKvwpWYQjBOyIo*3d
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
https://track.carrier-tracking.com/track.action?carrierType=PBSHIP&contentType=html&trackingNumber=9400109105459590726280&d0=1&d1=WhC3gSwUHG3IW5q*2fqjSufpHDjqxpjr4I8*2f5TBVwMGf0zy3FmNa*2bfgcK*2bZjLVkiWGZXc4vf62E8HZ0E*2b8HPOnnL6OKj82BznVhNAW5ZP6IP1kru92lIRiWBhvo9W3QBZH9lXPzdQ*2fkjsJaLfjx*2fHKK3wk*2fAFyk2F2NF9zwrhUtUM*3d&d2=U6nWNVGRYURXcBrbtuKePOBlVGZhVZ2cbpPAOHdSwjl2aUdMEH*2fuS*2brOc98WpC45jC3NSXsfEGrnmD1osZPPxzCVObqgfbqDRV30yhV8q6XzTk2DHpXQcfkNN*2fNk9D5tmEVnPnHs3O30jF5Q*2fC*2fC9gp36Yjon*2fKvwpWYQjBOyIo*3d
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133687311872456872" chrome.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe Token: SeShutdownPrivilege 4464 chrome.exe Token: SeCreatePagefilePrivilege 4464 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe 4464 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4464 wrote to memory of 348 4464 chrome.exe 84 PID 4464 wrote to memory of 348 4464 chrome.exe 84 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 3288 4464 chrome.exe 85 PID 4464 wrote to memory of 1044 4464 chrome.exe 86 PID 4464 wrote to memory of 1044 4464 chrome.exe 86 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87 PID 4464 wrote to memory of 492 4464 chrome.exe 87
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://track.carrier-tracking.com/track.action?carrierType=PBSHIP&contentType=html&trackingNumber=9400109105459590726280&d0=1&d1=WhC3gSwUHG3IW5q*2fqjSufpHDjqxpjr4I8*2f5TBVwMGf0zy3FmNa*2bfgcK*2bZjLVkiWGZXc4vf62E8HZ0E*2b8HPOnnL6OKj82BznVhNAW5ZP6IP1kru92lIRiWBhvo9W3QBZH9lXPzdQ*2fkjsJaLfjx*2fHKK3wk*2fAFyk2F2NF9zwrhUtUM*3d&d2=U6nWNVGRYURXcBrbtuKePOBlVGZhVZ2cbpPAOHdSwjl2aUdMEH*2fuS*2brOc98WpC45jC3NSXsfEGrnmD1osZPPxzCVObqgfbqDRV30yhV8q6XzTk2DHpXQcfkNN*2fNk9D5tmEVnPnHs3O30jF5Q*2fC*2fC9gp36Yjon*2fKvwpWYQjBOyIo*3d1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4464 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe899ccc40,0x7ffe899ccc4c,0x7ffe899ccc582⤵PID:348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,7623866322373438115,8920162374268126720,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1936 /prefetch:22⤵PID:3288
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,7623866322373438115,8920162374268126720,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:32⤵PID:1044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,7623866322373438115,8920162374268126720,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2424 /prefetch:82⤵PID:492
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,7623866322373438115,8920162374268126720,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:12⤵PID:3576
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,7623866322373438115,8920162374268126720,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:3596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4480,i,7623866322373438115,8920162374268126720,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4648 /prefetch:82⤵PID:1648
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4712,i,7623866322373438115,8920162374268126720,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3128 /prefetch:12⤵PID:3684
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:556
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:940
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5f5886ca750c79f071fe6548d357df489
SHA10e50233343031749efa2dda73e2cd98d19dce9dd
SHA2568ebf07f67db6b772dec35e2613dab15f0105e95f59f68716be0b17aab2cc36dc
SHA512ea103764903302d1c78621a61815c6f09be1853694a01d8477fa941c3219516b68d6aa43ce6a52c90c7d13ee3ce5677e0128b56224b6ec7a69d0f5be0b970b3c
-
Filesize
960B
MD576306e4a410a5d990a0527c972e3bd3b
SHA1560adb287aa0d0edc75cd44adc5c9df762489367
SHA256c33fac3542bdb8bb0fc82cceba29dfc426f4c947d2e1141617727d1f91f7374e
SHA512e27379c97ab60e11442255bfc67b44b899c9f7c4941f35d6cc44808f7f9a9399bdce0e04eddbdf886a0844e82155adc36ce59cb59c5f0e2faa877e514507dae6
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD531e14cc4fcb80db977fd024c5200defd
SHA16a0fff14eb63841d73bd171da88509d638d611cc
SHA25698696fdacade0418ee44ba7e31beb31b30e0caef7cc47825ef7d832291fd52c1
SHA5129f753961dc8ea6f883a9911835e712de0b88d07d1c5d3430d54f63e6c9352210a417121c3e750e8a0585ff40b741e58b7da7c5f129cd7dc0e1312c1c146b193d
-
Filesize
9KB
MD56ce9e4103ba52e696f166108e59c556c
SHA11e53bfc51d5d20063df0a18fd6bb160475b7c059
SHA256b7ad934c1fe62a2e1229c644a3679dd355ef612943cdeae5fee3f836bedd4177
SHA5125c7efd8a697f872db872fe12445b140048ad5aa7d0cf9724888e4ca15da883c0a4bb290dc9b1234aa9bfb7d0f403b2fb56682bbf1cef926f8e9fb82affa544f0
-
Filesize
9KB
MD5830f57308340ba73a9d107c7851bd8ff
SHA1b6ebb9258906aae88b4c37582a047688584df8d7
SHA25675b489c86005a167a018eb7cbbd56fb9ee001125d59bf3ba9f97b3c23850cc5f
SHA5125cdd4e0ee125e9d371edd6ee95601a6bc93556937cb0168c6e7c4915ef552bd4d260d73b4c12c37d5909d5fc3650d8ef01f6e35b22701f872cf55850e816f1d9
-
Filesize
9KB
MD559482240fbac887eed6910b0b31303ea
SHA188bf3fa1c18e23081e753f646ff1d525737acc4c
SHA25692e0cfd923bfb6e7c6c8aa78f8938ea2f8e4390b929bedfd4ee7df5f9237c558
SHA5128885a8a41e58421e7852c4679d886ef74bd7ee232f85df2024d4330b1a668fb3f84de9ddfd3c8d305c2a7a73ba30c26b60e578cedf8b760a2951c36292ee461b
-
Filesize
99KB
MD54b34bbc3aba1ceb17928f942f51b769f
SHA1fb2682b8b894135d4c229bce33780c6c4c84a7a5
SHA2566275f5e92d460dac3851c2333f82069285bfef825089dfbb2eddecba6da9f8b4
SHA5126095c719af588edaebf24cc40371bfc8e10f5d1ed539e4faa328ac6a83683ef60f79d0452177b79f8539c65d0b5208a9de1bfd882eadc32567ccd5794f411248
-
Filesize
99KB
MD547179ed35a689340d55014f74f4c1716
SHA1f0c626349a88424665cddd87c2f438b1079d29b0
SHA25653c350f02c1261fa2d1f93308b4ca6673d528bf360a0d3971acae9d522873d51
SHA512b53e50e4121920d990c5ca956a707ef6d86624176e386abad2bef07162773aa59f8dd6d1a8f641005945136930a1e6e9b7e7760f4b05ebd81e6558cf8de907e1