Analysis
-
max time kernel
524s -
max time network
525s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
22-12-2024 21:55
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://drive.google.com/file/d/1WepAqepJlAM2bDiE4Xhv15hAVLgUtkd1/view
Resource
win10v2004-20241007-en
General
-
Target
https://drive.google.com/file/d/1WepAqepJlAM2bDiE4Xhv15hAVLgUtkd1/view
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 6 drive.google.com 11 drive.google.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3604 msedge.exe 3604 msedge.exe 4676 msedge.exe 4676 msedge.exe 2524 identity_helper.exe 2524 identity_helper.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe 4676 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4676 wrote to memory of 3564 4676 msedge.exe 83 PID 4676 wrote to memory of 3564 4676 msedge.exe 83 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 1812 4676 msedge.exe 84 PID 4676 wrote to memory of 3604 4676 msedge.exe 85 PID 4676 wrote to memory of 3604 4676 msedge.exe 85 PID 4676 wrote to memory of 1108 4676 msedge.exe 86 PID 4676 wrote to memory of 1108 4676 msedge.exe 86 PID 4676 wrote to memory of 1108 4676 msedge.exe 86 PID 4676 wrote to memory of 1108 4676 msedge.exe 86 PID 4676 wrote to memory of 1108 4676 msedge.exe 86 PID 4676 wrote to memory of 1108 4676 msedge.exe 86 PID 4676 wrote to memory of 1108 4676 msedge.exe 86 PID 4676 wrote to memory of 1108 4676 msedge.exe 86 PID 4676 wrote to memory of 1108 4676 msedge.exe 86 PID 4676 wrote to memory of 1108 4676 msedge.exe 86 PID 4676 wrote to memory of 1108 4676 msedge.exe 86 PID 4676 wrote to memory of 1108 4676 msedge.exe 86 PID 4676 wrote to memory of 1108 4676 msedge.exe 86 PID 4676 wrote to memory of 1108 4676 msedge.exe 86 PID 4676 wrote to memory of 1108 4676 msedge.exe 86 PID 4676 wrote to memory of 1108 4676 msedge.exe 86 PID 4676 wrote to memory of 1108 4676 msedge.exe 86 PID 4676 wrote to memory of 1108 4676 msedge.exe 86 PID 4676 wrote to memory of 1108 4676 msedge.exe 86 PID 4676 wrote to memory of 1108 4676 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1WepAqepJlAM2bDiE4Xhv15hAVLgUtkd1/view1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4676 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8df6046f8,0x7ff8df604708,0x7ff8df6047182⤵PID:3564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10041408218995361901,17835831806951564165,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:1812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,10041408218995361901,17835831806951564165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,10041408218995361901,17835831806951564165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:82⤵PID:1108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10041408218995361901,17835831806951564165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:1476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10041408218995361901,17835831806951564165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:2328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10041408218995361901,17835831806951564165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:12⤵PID:2248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,10041408218995361901,17835831806951564165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:82⤵PID:1044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,10041408218995361901,17835831806951564165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10041408218995361901,17835831806951564165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:12⤵PID:2424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10041408218995361901,17835831806951564165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:12⤵PID:1440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10041408218995361901,17835831806951564165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:12⤵PID:5116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10041408218995361901,17835831806951564165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:12⤵PID:5064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10041408218995361901,17835831806951564165,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3148
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1632
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1656
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD5906106437968809339de1e2b80fb292a
SHA1b2db414ffef38ed2be1d3671824a84eecb41b16f
SHA2565ee51e55eb3c174ea4d0603ab27ae442c0b5fd1c66de32fae4f002969149e7eb
SHA5128ab5dcb9c461857c6f32973f2a88ea5a8502f7ea633cb11defb89b13b5556f00671b5278b087b33ff205ab0e9fd956bf927539701f6983c847ae1ca9cb141168
-
Filesize
152B
MD5bffcefacce25cd03f3d5c9446ddb903d
SHA18923f84aa86db316d2f5c122fe3874bbe26f3bab
SHA25623e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405
SHA512761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7
-
Filesize
152B
MD5d22073dea53e79d9b824f27ac5e9813e
SHA16d8a7281241248431a1571e6ddc55798b01fa961
SHA25686713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6
SHA51297152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize480B
MD5a5c5f2a145eb71fff7cc40391f8e67cc
SHA115d82f8ad7c4290de9c930206fcc68fd42bb932f
SHA256ea3b3ce89b16da98181f2aaf22622b5f678db5aa238741be908443efccf1fbb8
SHA5127d3620199c9210ebb01f39b8bf384a221a96e5c60cf0c03be486344e4e4204ec5d5126cd435643fbf360cd64d33aee2869f7f60da12700928d188c1dc05aef63
-
Filesize
3KB
MD5010514f3a22ed6bc39732582bc19ec70
SHA18cc52a7f82f8f6734b6ff6dc315ad2a894b49c23
SHA256e1bbdbd6f18a21bef147d68633d30f11824119540c3c6256934ffb47dbf4c3cb
SHA512719e8b2af858cee8021457801b7d11368ced97967bd0f88b4735d23616c5776667441169809d2e0b30a41ac4f0e326ed8e3549f65466713702fb8081a5bb2516
-
Filesize
3KB
MD5672b50425639247f2f007e39d9f6b9d7
SHA119eb9ffc9d1c6dc01c28f93e14204a128940a0ae
SHA2560cb3c390639e30fd21936ac1aec51f615e9886a081c5990f75316aebfe25a66b
SHA51298d4c447608eb99b2533dd65bbbc611781c33dbc69da14d67f8b47180a5b1b0a6ca72a9e72991323c30da84bde04a13a8316d10656a17fdabb2cfe3309bb84e0
-
Filesize
3KB
MD5703cf1e4644d793544ba7588ea9783a4
SHA160cce429268d4016e8a519549428e94e4f2345d6
SHA25621fa5d076e16fbbc6f114e04d9af7d71698456e5afafcfa5b48672f962889aab
SHA51231b457bea420d8e2bb1c1ff8ed92cf1df4a15477fc1e11b9d7d68d7dd03250c35362f5f6842f81b784c276b8c7aef80c7e2c714eeed532e7aab45999016ad225
-
Filesize
3KB
MD5069be3c30423abb9d16332ae260df080
SHA16d5af98f4d409db95755ef2955dfc92cc2009ba4
SHA2560e0ab278ac4842bdbdb6f05ba9c32a3d7d39576e200c31670e21b3b414ad3c1b
SHA512a2c2bc7d11b8323d03aa01ca29d12c4ff8951f7c786c44b5a102080f71ca2d65d463c877ab43981673956a793bb698748973d29aaf85e45a900bf663b93bb527
-
Filesize
3KB
MD5b0e1f83b0d3fb76a388b27f4a11da493
SHA1f92ee1da54f63b18269225b7aa91ac1d8cbbea47
SHA2566466d0a26822a586dbdaf1b459b4da193494340139d0eea95ac693ebdac43654
SHA512b83d37edc14b8acd3feb5d12eaeb6bbbe7d5b42acd4180b7e3b1abb73ae545365a526b6a882ed0d662090c0307621466c5fe32e16a19c423e5b1256e435f98a4
-
Filesize
3KB
MD5c9acfb79e29652450e1cdea91f522cf8
SHA16cc491f8231b064492c783d8cce5fae6f5443c7d
SHA25671625fbee108ec685f15075cd5a0669fc3baf8540d54902a4772cf58a4a6de29
SHA512ff0eabbf1846af9e75917a0898d9dd4176229cff4393a872b35721e39d271c27936167543c0ef8cc9fbac3bb26fafe7d61eb5083b2d49d8328430db992010e72
-
Filesize
3KB
MD5fa131ec009e4cf07efaf1a606a908bd9
SHA1970ccb8a6218c09dafc6d6ac9c2bf81205db8f6e
SHA256ece9ed7b9d6075bfbf36950335816444d98997ee6d0f68703c818a3b44e01668
SHA5121dcc99227a87d28a5b83bf796585b13bf7c731f032636f88d5995524b79a3d8925f38b33271a76e642224fe89458a791b9beb2e088288aa7ab454e08a95bbaa5
-
Filesize
5KB
MD5385ae42863f178e3fcc832f93863a9dc
SHA1b73177820c5f61854be95917380f6077fea7fcfa
SHA2569afa93da3a9ea71de7d3a67c8a2224f06344f48727077a951d78b583634a9619
SHA512ebf234deebd06008b175477cbf76348beb222c34f07d6527e2a8f7d608285a387a4b10a68985c2a5e83343e437b111c4a25b2d911482d4afd0dc9c999ca021e3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a3220a09-dd21-4425-a3b6-b7ccf254c2cd.tmp
Filesize6KB
MD5a452a6152edc7ee9597b31aced7447f5
SHA197171a38c836b96537edae01dc5bcf153bde30cb
SHA2564d1c73599f9257fe19193eb8ad7ee4c07cf5a409b4705e7109a6bfa9a13a957d
SHA5124f80e0c20a070382fd32fc775f733e72f56c3e85a6109b2d5a332fedf1d1e3605863f3f678786c9366c7d670e73ee8f8281f7ccf42884acbb3dfa8c1b711bfa2
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389