Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
24/10/2023, 11:15
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.abnamro.nl/en/personal/overabnamro/secure-banking/recognising-fraud/fraud-by-phone.html?ext=reply_valse_email_telefonische_oplichting
Resource
win10v2004-20231023-en
General
-
Target
https://www.abnamro.nl/en/personal/overabnamro/secure-banking/recognising-fraud/fraud-by-phone.html?ext=reply_valse_email_telefonische_oplichting
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4984 msedge.exe 4984 msedge.exe 4448 msedge.exe 4448 msedge.exe 1020 identity_helper.exe 1020 identity_helper.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4448 wrote to memory of 1740 4448 msedge.exe 83 PID 4448 wrote to memory of 1740 4448 msedge.exe 83 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4524 4448 msedge.exe 85 PID 4448 wrote to memory of 4984 4448 msedge.exe 84 PID 4448 wrote to memory of 4984 4448 msedge.exe 84 PID 4448 wrote to memory of 636 4448 msedge.exe 86 PID 4448 wrote to memory of 636 4448 msedge.exe 86 PID 4448 wrote to memory of 636 4448 msedge.exe 86 PID 4448 wrote to memory of 636 4448 msedge.exe 86 PID 4448 wrote to memory of 636 4448 msedge.exe 86 PID 4448 wrote to memory of 636 4448 msedge.exe 86 PID 4448 wrote to memory of 636 4448 msedge.exe 86 PID 4448 wrote to memory of 636 4448 msedge.exe 86 PID 4448 wrote to memory of 636 4448 msedge.exe 86 PID 4448 wrote to memory of 636 4448 msedge.exe 86 PID 4448 wrote to memory of 636 4448 msedge.exe 86 PID 4448 wrote to memory of 636 4448 msedge.exe 86 PID 4448 wrote to memory of 636 4448 msedge.exe 86 PID 4448 wrote to memory of 636 4448 msedge.exe 86 PID 4448 wrote to memory of 636 4448 msedge.exe 86 PID 4448 wrote to memory of 636 4448 msedge.exe 86 PID 4448 wrote to memory of 636 4448 msedge.exe 86 PID 4448 wrote to memory of 636 4448 msedge.exe 86 PID 4448 wrote to memory of 636 4448 msedge.exe 86 PID 4448 wrote to memory of 636 4448 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.abnamro.nl/en/personal/overabnamro/secure-banking/recognising-fraud/fraud-by-phone.html?ext=reply_valse_email_telefonische_oplichting1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4448 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe69af46f8,0x7ffe69af4708,0x7ffe69af47182⤵PID:1740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:4524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:82⤵PID:636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:12⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:12⤵PID:2876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵PID:4404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:82⤵PID:2924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:12⤵PID:1908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:12⤵PID:1364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵PID:896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12229658678985424916,9843646967780804481,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4080
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4588
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1908
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f4787679d96bf7263d9a34ce31dea7e4
SHA1ebbade52b0a07d888ae0221ad89081902e6e7f1b
SHA256bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87
SHA512de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize984B
MD551b169a46d90d414afd03f8b4f02a298
SHA1b6526cefdf1fce4acd8e363f802dd37586e8331d
SHA256d6a38280727c88324ea67ef0165f2a26c1561af984c7dca06ae08999f733fe7a
SHA512681584fbebc02a198bafea9b926ed0f632604afa64a53d3db39e52af664a4e55ce9592b658b5c86a1cf4faebb3dc23bf3ef9080d124bbd54c71061f1a199a13d
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
1KB
MD5b3293d74f9bfe3b546e19c3886135397
SHA1810402d4808a10d971e3adeb02f27bc64f2cc391
SHA25660818a9f7954963b7d4954295e59196666786f2300147c65755e49518c51de67
SHA51265eb6bf5b0d6f014f6c53bcac89006fe3f4039f1b1ba91911b20b6ff7ec08d8e3a2d62e4f22e5d702cc9c1c3f441a65fa7807d4904df3856315f986d3915552b
-
Filesize
6KB
MD5b3824bcc552f4aa10952c9ba714740fc
SHA1010ff18c76d1d73c7540683c1ea6fd1bdf79f6b6
SHA256c275fbc11b3baf4e6d86194521c9022721c958ca49b547b2b400009469ad2503
SHA512075d779146b2ac5d1f399f3014991da51d9b1c83d98794b3111857e24ba5ec08f83ef93275e656ef585bfc1f9fab1f9bd6c4cd6d79937cac33461a53e3562874
-
Filesize
5KB
MD5a1dff0932bf0edbb26a9f00f70f46d0f
SHA1dc521a23e4f3e52e8db1e7eb1b17e11f548ab3e2
SHA256ad45c62a9bc45956884cf4920e7d3b79c431edbac5493fd19db644b882e87037
SHA5128d9adf4dd2acad01baa7521995c0275e63cad29835adb1a735cdba8b9eac16c2d0a4593ee9bd5b5b88555f7838025548acb360c808b98ea5b3ab2b046e82ac6f
-
Filesize
6KB
MD51b5149680f6c7814d134996f77f1ba71
SHA1f808694c47b2e78857529ed56c877a9c23fcbfb0
SHA2566ac9aa9d07fa09763bf50bba8d6ab591ddcc1cdc71ff6cfed28906abbd5807af
SHA5129dff36792ea09fdafcba6bd81100a2e78aa629b71e3cf45278e3612434e137ecc531f29562828a2ed2aff866eef2ccb5d7cd26723bc36588cbf8b39b86060dbf
-
Filesize
24KB
MD53a748249c8b0e04e77ad0d6723e564ff
SHA15c4cc0e5453c13ffc91f259ccb36acfb3d3fa729
SHA256f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed
SHA51253254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2
-
Filesize
1KB
MD5ec156c807fd679e554872e32a4a257ad
SHA149a1ee7c2ea2f18ae7f220740a119e3264326fed
SHA2562d1e11d927c8641a1284d3bdbd9ae173e14b6d1626d75e32e0253bba1b0db409
SHA5129ac32052499907883eec6c1e3afca878690607887d4fd9fc95ba7a230e8ca8e9c5c1becbd357a9579220b6e4ae142df51736874f04a1eee760ef9571db3ca87e
-
Filesize
1KB
MD504befbc10cfc3aa361e8447f7a1c0f34
SHA10384a5536190a1966035bbe789147dfdfe954d32
SHA256b1e20a0dece9b8e8e4677995a55d4dd5d1dd664a64e198c7683a012ce115e8d2
SHA512c21dd6a9694d53cc0c936fc13d8bc77586e677c2131e33f0cc1cceaed0968f9424146d53573a79290dc43f66f596df8ba89f94db85310d9dbea660790ae9dc28
-
Filesize
872B
MD527a8f8f5b5f6e2cd7e54529758256a34
SHA1373a281d2521c65f42c1088fe73aedcde70e907d
SHA256b57e1b43dd81321c873658636878a3117b6d0e7d6866c3c968f2a1a7d7df5d00
SHA512b8acc75512bfc811f77a41b9b6f7bb515ad05b4e3eb84cc48dc4b14b09aa05e71375139d4d27297587262e7749cdc656d442938417e5867b0caeb6f8274182b2
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5b9b79e2be434f1dd9357d3de682f38e8
SHA1b31e1c230a4833ee7fb7348dff630ee7c87ec327
SHA2563f9bb965894dbae577948a9071dcf5863e590ead4ad44e12f7c88617b1d2343e
SHA51241629e4807cb779c228d04e06d06a8b1a38463148c204f9dc2fb1f386e453547f2789170322c4a47dca5747bd36e9a03a017e81e34592e72a3f45457202e1b42