Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
06-11-2024 14:02
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2220 msedge.exe 2220 msedge.exe 2952 msedge.exe 2952 msedge.exe 1828 identity_helper.exe 1828 identity_helper.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
Processes:
msedge.exepid process 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe 2952 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2952 wrote to memory of 3956 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 3956 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2236 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2220 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 2220 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 3900 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 3900 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 3900 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 3900 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 3900 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 3900 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 3900 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 3900 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 3900 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 3900 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 3900 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 3900 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 3900 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 3900 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 3900 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 3900 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 3900 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 3900 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 3900 2952 msedge.exe msedge.exe PID 2952 wrote to memory of 3900 2952 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://link.edgepilot.com/s/f39f501f/BGfumo-m2EKXBsA69YsBMA?u=https://mtahomes.com.au/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2952 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff27a446f8,0x7fff27a44708,0x7fff27a447182⤵PID:3956
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15565630366255404075,16743328471023504150,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:2236
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,15565630366255404075,16743328471023504150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2220 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,15565630366255404075,16743328471023504150,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:82⤵PID:3900
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15565630366255404075,16743328471023504150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:2364
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15565630366255404075,16743328471023504150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:1960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15565630366255404075,16743328471023504150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵PID:2112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15565630366255404075,16743328471023504150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:12⤵PID:3708
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15565630366255404075,16743328471023504150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:82⤵PID:2620
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15565630366255404075,16743328471023504150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1828 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15565630366255404075,16743328471023504150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:12⤵PID:3052
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15565630366255404075,16743328471023504150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵PID:720
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15565630366255404075,16743328471023504150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:12⤵PID:2960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15565630366255404075,16743328471023504150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵PID:3304
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15565630366255404075,16743328471023504150,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4832
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1176
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3608
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD56960857d16aadfa79d36df8ebbf0e423
SHA1e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA5126deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe
-
Filesize
152B
MD5f426165d1e5f7df1b7a3758c306cd4ae
SHA159ef728fbbb5c4197600f61daec48556fec651c1
SHA256b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA5128d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6
-
Filesize
215KB
MD575835062e88449cf484abc227462ed5d
SHA1c5c8a396694588df46d1a1bc6121a8c31b9f1802
SHA2566d3c90c3d210e037228afd88a1953438bd683175f9d5f8fe294aaf6233c071b2
SHA512c13cc21016316931f9290422a3a3876cfc21711e29a26f3557f72e240eef27216f429a228d9f17bcc2324ee1e0148f198615febc1fffe5a71f74cd9eecdbf265
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize600B
MD5170aa68eac4d46228b695047d64d65b8
SHA17d4ef6c44adfc52e5d93624f930b741c608af7f6
SHA2563566ae1bcee6ef1fb247a9fa27b2ce3f1d75ec366f983c24cedc95a61e9448f6
SHA512287de68a444211aaaf046cedd3fe3736630bc5feee783c224ca852ccb64bd42dfedd973d7260ccca9af656f9b3036503afb271aea80276bafa7d3e0ea19a4118
-
Filesize
1KB
MD547680f035a049644030bb3a89427b887
SHA18605bd1a243a7172eed398623e5e1604e14ff3d5
SHA2567d2beb1897090982475ce591a28818e84132d06bd39e7fecd98c3318591d054d
SHA5127dc95fb826fe2732236e723d1bf67a506fc68349549a83b3db3e013df9a6fa8c160e4f9242239e03656b1ea85fba3727e42c5efb21658a0c9db95e5ecd53bfbe
-
Filesize
1KB
MD569d0c9fd5241c5b4e845c6332f13c180
SHA18cc008985a75f1ecaf8a8d939fa873ff4a484508
SHA256d9f2a1bd94db9d7882adf45a2978d31fa4e324d8e5611d44f4a950b87565984e
SHA5121539f416c32bad37aa70d450aade3cd80d328d7dddcb759a68b923482b10e6a687340bc53e95a4a31299ed449cb523b7ed6abd2f32eb202460a1f2fc7a88b2f8
-
Filesize
5KB
MD5e97d4a6eb1d39dd411f9915ad1932278
SHA1d8bc6509a0e8ae0ae6759335b02113f9817a8d29
SHA25651304eca4a3fbe4a7ba429f2a9eb67fc9b86c9ec9385afa4f5de3970446859c9
SHA512bab098b114ee3e64e4aab20ccc69f5ea5a60cb4c38eba2e302e803d604194c055d53c125afe8c594d31682f49fa4e2e5ca0f938fe66288c2230f7a2663bbab94
-
Filesize
7KB
MD5cd49f08ab6541c9a1829354b2b3f4c67
SHA1e1aa57a89496ce95938685e7bf9054cc9c070f73
SHA256cab53d7c8b978f75262d4c442c0b8cb339cef4479a59f3aa958b626445f55e07
SHA5127ef1d1d115f8014939e6016f81b69b30df3094633e80a3c13b75d19408e6211bf7e0e6a1062b66e4f5e43693d456a54a6d98e201df788daeeca857aa79352bb4
-
Filesize
871B
MD5cc084e3b8b0c8a72685f3f14f9badb9c
SHA11227f1553913271d7bb10da9d72ec49b3d00fa67
SHA2560deb1c31fe6d0e1712bd0f34902de6e79b7e1d07388b7ba3b533fb96bc7a4a06
SHA512acea8d86c54e31a43f029b28d1ca6f2ada7706f5572d9997ad5e5de43b4b44725f8118187b5cb6fec0ccaaeab7fd24e0f83842c657c304541d88441e667fce94
-
Filesize
871B
MD5bd37bbade888d056b565e09c02fc3d52
SHA17e11631ef192b52336a5c14a2355171ba823d41c
SHA2564839b6d75e039113951ee185b67662df902b2d70c2355524d4d22a61f324d592
SHA512b234b79ecd44ba3417266ce36044a89e8f52a5eb299c4057d1fc06f39de6269bc7c715ff4bdd910a2a9d38fcbc390696f1eba769b8a79b079e11fad22c0fc14c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5c4d6b5a2527e7e9ac3421d67f4203974
SHA141f4b8b530e1d3abf31753c45571e94bc775da56
SHA2561401657f001ea2360f40f5ddce0fecba3cdf4413a52d47095c9815c46c8439c9
SHA51274feaa96142e1d6d8ad3d1e879c9a59e29e17df7bd536b95a0c3998b1508ecd46100149959bbd5cd40eb6f209891ca124c3e46a63b8b2d680573c23f6600b8c2
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e