Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1169s -
max time network
1170s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
13/03/2024, 13:41
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://play.blooket.com/play?hwId=65f1080fba8517a4a966e149
Resource
win10v2004-20231215-en
General
-
Target
https://play.blooket.com/play?hwId=65f1080fba8517a4a966e149
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2668 msedge.exe 2668 msedge.exe 2160 msedge.exe 2160 msedge.exe 668 identity_helper.exe 668 identity_helper.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe 1368 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe 2160 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2160 wrote to memory of 4956 2160 msedge.exe 84 PID 2160 wrote to memory of 4956 2160 msedge.exe 84 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 4536 2160 msedge.exe 85 PID 2160 wrote to memory of 2668 2160 msedge.exe 86 PID 2160 wrote to memory of 2668 2160 msedge.exe 86 PID 2160 wrote to memory of 2908 2160 msedge.exe 87 PID 2160 wrote to memory of 2908 2160 msedge.exe 87 PID 2160 wrote to memory of 2908 2160 msedge.exe 87 PID 2160 wrote to memory of 2908 2160 msedge.exe 87 PID 2160 wrote to memory of 2908 2160 msedge.exe 87 PID 2160 wrote to memory of 2908 2160 msedge.exe 87 PID 2160 wrote to memory of 2908 2160 msedge.exe 87 PID 2160 wrote to memory of 2908 2160 msedge.exe 87 PID 2160 wrote to memory of 2908 2160 msedge.exe 87 PID 2160 wrote to memory of 2908 2160 msedge.exe 87 PID 2160 wrote to memory of 2908 2160 msedge.exe 87 PID 2160 wrote to memory of 2908 2160 msedge.exe 87 PID 2160 wrote to memory of 2908 2160 msedge.exe 87 PID 2160 wrote to memory of 2908 2160 msedge.exe 87 PID 2160 wrote to memory of 2908 2160 msedge.exe 87 PID 2160 wrote to memory of 2908 2160 msedge.exe 87 PID 2160 wrote to memory of 2908 2160 msedge.exe 87 PID 2160 wrote to memory of 2908 2160 msedge.exe 87 PID 2160 wrote to memory of 2908 2160 msedge.exe 87 PID 2160 wrote to memory of 2908 2160 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://play.blooket.com/play?hwId=65f1080fba8517a4a966e1491⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2160 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd491746f8,0x7ffd49174708,0x7ffd491747182⤵PID:4956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:22⤵PID:4536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵PID:2908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵PID:2772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:12⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵PID:2452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:82⤵PID:3976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:12⤵PID:2912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:12⤵PID:2616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:2276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:12⤵PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2332 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1368
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4756
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4300
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54d6e17218d9a99976d1a14c6f6944c96
SHA19e54a19d6c61d99ac8759c5f07b2f0d5faab447f
SHA25632e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93
SHA5123fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3438071e-6017-4e7e-94b7-fd8ff0e5c5e3.tmp
Filesize5KB
MD50374ded90243b347c6076c0d1b95a45c
SHA1b25ee8acd0677591d8007cfab91f5b7cea2d3c2a
SHA256604f79f44b9fb169d36a398a2fd43cdbddd95a4db7217cdc3743dd958e0fc4b1
SHA51248b2987afd16a4310559254988b41c2739bd10925dd55508a0449516a1c3fc87e278e308211761ba3b4874091ee44b015a98356abd4cf95856f42389b438dfe2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5f798646-25c3-4d10-9867-0050ad2570c3.tmp
Filesize24KB
MD5c2ef1d773c3f6f230cedf469f7e34059
SHA1e410764405adcfead3338c8d0b29371fd1a3f292
SHA256185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521
SHA5122ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549
-
Filesize
96B
MD5390b4df1b29329b0e973fdae040b8465
SHA1c7bc4640b282dc02c6f15ce062997b3715286006
SHA256d765d241c6bf140b920141fd422be1957326880bb6b80c527166336fdb08f0f0
SHA512e50dc90f092b87bad0739fe5f278fa9dcee1f0b3274da85c6b4aaf72963f5661638e808219860035b7159efd4aaca394674d73bef3609f7cffc8690168767710
-
Filesize
1KB
MD569a092b3092a8ce0349b287642159475
SHA136ecc1cadfeee9bcf41aec20658b03137ccd053d
SHA2562c5e91e2c3035150dd169304df1c0cb43483d257f33b20eff57c954ac93a0239
SHA5120a129e87a96aa9a47c2268240b7eb00efb22368f5a7e8a89bd185ca72d2a60cdb060e78526b9de8dcec2300a79116cdde1dfcee49b11dee4044414179bfc9836
-
Filesize
1KB
MD5cc840722cb65a4023028c2fd9cb93ddf
SHA1d438612595333d0ecc649c9bf32321603ae96ee0
SHA256edc6ed0c805616ab96fa2e12bb76fbd769a90e4c31c722ea0aca3cd3e7ce12a8
SHA512b02ff476c5a57866b2ddbef567c6a8dbc7d79309c6e65134e595b0c071d50c3d85a141b0188f63da335db5f78617e081d027c64abdf3d2897589e8df04ee6f88
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD576fec688c85f348fae57655f2becfcbf
SHA10b6b7a753a549736c2b234ec57574c8c369790d2
SHA256307d69a5bdc83fd53f8aaae60ceeced7ac38f1c8acace35e6d35b27787c66963
SHA512e06e988cedb306f8e3fb53dcbca82debe9ff3126f6aadf373d12dc50b8326ff5fd9b2aff5f7ce9fb38acc3037fee520813c64c239042b3da817ec91d415f038e
-
Filesize
5KB
MD5718e29e63a833d4f9a72eefe36fc55a6
SHA156a7908b9801a8185b1b1c6120550243bc6a9aa6
SHA2566fc9c481009eb8c3f3ba38495a1b504545c0e94628f446914f5a2d92b3db631b
SHA5125324999faad6baa151af71a1a564c5278661cef8e03e6342659bad0551c8407ac9a01e192b9ac561d54d867198c51736c983680f0135e3d6ae55588fd0c01a62
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5bf6c95fc250489ffa39cee8cf0d007f5
SHA1566e5c015a0c65a6dd00dda9e284c107da6acf20
SHA256c4ded0d1244f332a5ce80df3eadef2d0e8069e0ce566f2fc06ad352d750b0e1b
SHA512f8d6f102484d92c3a18e5f8aa9458d1e1158a7adbbaddf8a8c607ea714bec5eeb24e6308bf7f14817b1b810c239d16492db25011c697dca36c4e15560f59c3d4
-
Filesize
10KB
MD50e2a449be309ecd2ffa492c4e8c7572b
SHA10dfa4dea33f345e26243c9a023e83c82ab8248a2
SHA256ae6a57af05d0d8d743451eabb5970b4641681b00c8a205729ba1c095412ea9a9
SHA512d317748b41bd99bedd2d338f730619c100c7bb2bec1a30bc7d9c9252a49da7834ab9b9c51179f2653e4efd44d7fdd0cadb85bd703a669974e4a8a1cd8418746b
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84