Resubmissions

05-09-2024 03:39

240905-d7txqsscpn 10

05-09-2024 03:35

240905-d5ttysscnj 10

05-09-2024 03:31

240905-d3ks9stbrb 10

Analysis

  • max time kernel
    71s
  • max time network
    75s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-09-2024 03:39

General

  • Target

    https://www.roblox.com.ml/users/8652821950/profile

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.ml/users/8652821950/profile
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1360
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffddaaa46f8,0x7ffddaaa4708,0x7ffddaaa4718
      2⤵
        PID:952
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
        2⤵
          PID:1124
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2528
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
          2⤵
            PID:4816
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
            2⤵
              PID:376
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
              2⤵
                PID:1580
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
                2⤵
                  PID:3600
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
                  2⤵
                    PID:2372
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2240
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
                    2⤵
                      PID:1240
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
                      2⤵
                        PID:1592
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
                        2⤵
                          PID:2184
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
                          2⤵
                            PID:2544
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
                            2⤵
                              PID:1156
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:1
                              2⤵
                                PID:4960
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
                                2⤵
                                  PID:1800
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:3716
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:2780

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                    Filesize

                                    152B

                                    MD5

                                    9e3fc58a8fb86c93d19e1500b873ef6f

                                    SHA1

                                    c6aae5f4e26f5570db5e14bba8d5061867a33b56

                                    SHA256

                                    828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

                                    SHA512

                                    e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                    Filesize

                                    152B

                                    MD5

                                    27304926d60324abe74d7a4b571c35ea

                                    SHA1

                                    78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

                                    SHA256

                                    7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

                                    SHA512

                                    f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

                                    Filesize

                                    51KB

                                    MD5

                                    588ee33c26fe83cb97ca65e3c66b2e87

                                    SHA1

                                    842429b803132c3e7827af42fe4dc7a66e736b37

                                    SHA256

                                    bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

                                    SHA512

                                    6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

                                    Filesize

                                    100KB

                                    MD5

                                    2e52bee929ab7d56b2622ae84962e0dd

                                    SHA1

                                    7fd648bb1fb1f069578e992972d7f22ef1bfb36b

                                    SHA256

                                    58a0ed06b38f7886418d565ea4cdb15345b40a1d29e635e167870f45fe14ed4b

                                    SHA512

                                    c53ceaa60c9591ad0e61e82ebc1b5c6dd46a7b4a1b7ac303aeced0f4a0611e4af2b7a5e1febda5fb10041d0a9c76202ed05bc3e344bb6ac6cc35529e127e9d8c

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    3KB

                                    MD5

                                    7908c85dae7cdae1889103d4db97cd7f

                                    SHA1

                                    35e6a69546d15d3bd03b0a0a74566903ed8314e5

                                    SHA256

                                    34a6c6cfbb3ff235c889c2fe2a9ef7c63c7fa339c8837e124c1b183f7b8dc84b

                                    SHA512

                                    f1f8b6b017e5e891a7ffe12013a46a11a11be483dc22bad4ac9a81ba7480bc87d41a179bca3ac4453e7bf8728cd6ef288697523d1f44594f0cc354b18277d1c6

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    7KB

                                    MD5

                                    bbff4085ae07caae1fb4e7c9c8147be0

                                    SHA1

                                    18bedb76ffc79c7a83007df0f67ad9ed6b697968

                                    SHA256

                                    d88b07215921e7a4147decefab42f3984d0b39761cfacbd1f95278f714dace02

                                    SHA512

                                    3735ab37f89f704f70a0c281847c951a42f28659bdc855b465959a1ec6f83bd5db30a72ed68554b5ad31ea894f310371aee18936f7fb928a79e8c2e69bd42ffe

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    6d24994111586cc8cc046350a32cfab2

                                    SHA1

                                    a55e1110ff92dd74683c4a7720afd1847a0afafd

                                    SHA256

                                    970deeb6df49e30e025df4b82c573e57994a703e34bf11163c94d6edb011084d

                                    SHA512

                                    716fa2b428fabfe12e67512d8b01d1fba7ae641d165e5bd9e7c39b0c8757c1a1fe78b81c0c16c8a1c99e74c33874d0a93a63520fec6b921ec1838ea044f586d2

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    52eae065f209f0ba125cccefffe47d8a

                                    SHA1

                                    51d41c367c0ba1a85b8891f901ba0b9393964ba7

                                    SHA256

                                    a75bf2b7ed264de389a46653cbe85d962f7caa105212e9154472ebd832d670fe

                                    SHA512

                                    8bbc720fdd8e2a287f1be74074a169e02e7a74c81204ebfc5c50fc178cfb6abbedc757d1cab879aff135a4ee37f63924cee1df97462138a0792d3760e4edfbf9

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    7KB

                                    MD5

                                    10a8c139eee7727e633f62451783d7ec

                                    SHA1

                                    28418ed12379c06604204d34c756c10c0f108f5d

                                    SHA256

                                    6f64fb575435c2c6bdcbb34b656967f534a4b1214021bef1cb8a97ae26c79c3c

                                    SHA512

                                    21afe4760aa24378ed497f04f2d2eadae3816b02883f6b60a13c04f227f0957a40102d5e2f529f50af845998523000540c21b352dc443f63df57cd1030eace50

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    c4e395642540116b1d78918eb7dbcb0d

                                    SHA1

                                    33abf29695f853fb7007b6461cfa6152d0064b8e

                                    SHA256

                                    422cfae1175bc17a7d12937246f3bc12a1f35c24ec4d28906e57b2f3d5b3b0e3

                                    SHA512

                                    dcec61e220803756392c367d9e7e7124f5bee9750eb9500aea71bcf4f14828bbeff3de143be146510243c15518ed2056243d6696c78163306c150b19b3553898

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    233c418bd30d8ebee65f6566e230997b

                                    SHA1

                                    fd387c997495f072d8754b270247a06039b1d67d

                                    SHA256

                                    ef55c4cecf532b222cc60272321eafe99eb543f44f734a96a2915660503f9551

                                    SHA512

                                    c16ce8c53c64a282ec3240a9aa4abc352b09a3e6317d85744953dc8d21ef53dfa4c35a5e71514f5c6bfd8f105ef901ad69eb3d840b424f211c1da0fd835b7070

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    8571cf17b2ed759afe58726363e9d338

                                    SHA1

                                    07ec0bd875d183d8e604c77823aed9f96968c744

                                    SHA256

                                    d2465845a2d4a08a7cb255142a706b84ef9ec273b348d1c8b6384488eb5839af

                                    SHA512

                                    d205e885db75223f387b3d50cabd2de632128f35d3d87c7068b9b82c0d2bfb7339d3a37a5d6daa95d94dcb959ee551cff79a46edb794c7d98c718348fee7831f

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    28c2d13cca4db806476c36d5d3ee3651

                                    SHA1

                                    efe3bd1e9efe1f58f1bbbfa215be03179f839985

                                    SHA256

                                    739ddc4264a53cf838dcdda95bf9edb621b84d2169c86e0f9c0ccfb2b3aee657

                                    SHA512

                                    ac0fb95757efdf39dfbfe87990d9398b758d2a0481077c87aa93bb5c0730b171fcee6f956670860e5314d23adb257867819e3a0ddbf468b75677ae817481a53a

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5811dd.TMP

                                    Filesize

                                    1KB

                                    MD5

                                    83d0e3ba840a2450d19ac8204b1b4105

                                    SHA1

                                    c0b4b65e2b245ef510183eef55a3065cea5e9bdd

                                    SHA256

                                    4a6aa99e4eab2a8a18fc79de38d432b0037f1c9675676d9e1e4741d5ecfc99a5

                                    SHA512

                                    ca11f00e6ac4ddf5e9413f5d590e3e7de5cffd29e8104a4797b47c29aa46f0d6c1c3096c3a1fb5eabf654dd0955f9c98f13d7a17349ab09714e823e093dd1a51

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e70a0c1c-4c34-4c91-9dcb-5e9eb905aa74.tmp

                                    Filesize

                                    3KB

                                    MD5

                                    a7a6aaed48a7613c55daa67a2523abc5

                                    SHA1

                                    7062edaf3e06a23a5d81cc39d7302c5b88d3c090

                                    SHA256

                                    a97ce15659f2234cc2c25c88ec60100ac6606e5ddaf5d808b07e1762d9432dbe

                                    SHA512

                                    290b379901183267bbd0d9a24dd69abeb724c8cd997249e966d109a0c6cb872029363982426c1177675ad896aae6c974fcdf7b3e82b6e81162e10b220874d8b0

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                    Filesize

                                    10KB

                                    MD5

                                    4def58d3a88969307ad80cb63fc59d31

                                    SHA1

                                    f1e7b4b82a79975e32792e6c3ec16124ca7fa94d

                                    SHA256

                                    2847a42244d538d1c55b65ee6ec32e2800c3fb52c6469943768077f9bf41c249

                                    SHA512

                                    7271499b6efa7a6a6fe8363e4a04470c32f4d07787ba49654f3036080b5e5257aa049e9df561cbfc4739ee955f7978f2522c47532d9941f7a080a7933eab6c9a

                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                    Filesize

                                    2B

                                    MD5

                                    f3b25701fe362ec84616a93a45ce9998

                                    SHA1

                                    d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                    SHA256

                                    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                    SHA512

                                    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                  • \??\pipe\LOCAL\crashpad_1360_HMTYYOUWMUTONPLI

                                    MD5

                                    d41d8cd98f00b204e9800998ecf8427e

                                    SHA1

                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                    SHA256

                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                    SHA512

                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e