Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
134s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23/05/2024, 12:03
Static task
static1
Behavioral task
behavioral1
Sample
Cheat Lab 2.7.2.msi
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Cheat Lab 2.7.2.msi
Resource
win10v2004-20240508-en
General
-
Target
Cheat Lab 2.7.2.msi
-
Size
2.4MB
-
MD5
f97903fac84172871545926d6e553eb9
-
SHA1
e6e027b77df4823f4ff37656867e8f40d4ebd732
-
SHA256
35cee7837f460d9e1141e375af8438e868a9e6b8d923ed2673a980fcadfd4774
-
SHA512
5d82d62399079a10d36f5c32b091592cff640c40f593140138a1c741fbc92c579925186a2dd40820cef9bb04a5a7680486508896e6032caa4909d49a95e3fd75
-
SSDEEP
49152:zjfedtZKumZrEq4Fb6HXr1iWnYs4ntHurpllQ6aduxtZB6DXDNvu8S:+VKwFnWnwux567DNG8S
Malware Config
Signatures
-
Blocklisted process makes network request 5 IoCs
flow pid Process 81 4468 rundll32.exe 83 4468 rundll32.exe 84 4468 rundll32.exe 90 4468 rundll32.exe 91 4468 rundll32.exe -
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\J: msiexec.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 58 pastebin.com 59 pastebin.com -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 43 ip-api.com -
Drops file in Program Files directory 3 IoCs
description ioc Process File created C:\Program Files\Cheat Lab Inc\Cheat Lab\compiler.exe msiexec.exe File created C:\Program Files\Cheat Lab Inc\Cheat Lab\readme.txt msiexec.exe File created C:\Program Files\Cheat Lab Inc\Cheat Lab\lua51.dll msiexec.exe -
Drops file in Windows directory 14 IoCs
description ioc Process File opened for modification C:\Windows\Installer\e57ee67.msi msiexec.exe File opened for modification C:\Windows\Installer\MSIEF72.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIF020.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIF0EC.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIF226.tmp msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File opened for modification C:\Windows\Installer\MSIEEE4.tmp msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File opened for modification C:\Windows\Installer\MSIF350.tmp msiexec.exe File created C:\Windows\Installer\e57ee67.msi msiexec.exe File opened for modification C:\Windows\Installer\MSIEFB1.tmp msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File created C:\Windows\Installer\SourceHash{E0E46653-343B-4459-B5BD-ED25C554CD5C} msiexec.exe File opened for modification C:\Windows\Installer\MSIF0FC.tmp msiexec.exe -
Executes dropped EXE 1 IoCs
pid Process 3232 compiler.exe -
Loads dropped DLL 22 IoCs
pid Process 764 MsiExec.exe 764 MsiExec.exe 764 MsiExec.exe 764 MsiExec.exe 764 MsiExec.exe 764 MsiExec.exe 764 MsiExec.exe 764 MsiExec.exe 764 MsiExec.exe 764 MsiExec.exe 3160 MsiExec.exe 3160 MsiExec.exe 3160 MsiExec.exe 3160 MsiExec.exe 3160 MsiExec.exe 3560 MsiExec.exe 3160 MsiExec.exe 764 MsiExec.exe 764 MsiExec.exe 3232 compiler.exe 4468 rundll32.exe 4468 rundll32.exe -
Modifies data under HKEY_USERS 3 IoCs
description ioc Process Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E msiexec.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 764 MsiExec.exe 764 MsiExec.exe 3160 MsiExec.exe 3160 MsiExec.exe 4420 msiexec.exe 4420 msiexec.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4864 msiexec.exe Token: SeIncreaseQuotaPrivilege 4864 msiexec.exe Token: SeSecurityPrivilege 4420 msiexec.exe Token: SeCreateTokenPrivilege 4864 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 4864 msiexec.exe Token: SeLockMemoryPrivilege 4864 msiexec.exe Token: SeIncreaseQuotaPrivilege 4864 msiexec.exe Token: SeMachineAccountPrivilege 4864 msiexec.exe Token: SeTcbPrivilege 4864 msiexec.exe Token: SeSecurityPrivilege 4864 msiexec.exe Token: SeTakeOwnershipPrivilege 4864 msiexec.exe Token: SeLoadDriverPrivilege 4864 msiexec.exe Token: SeSystemProfilePrivilege 4864 msiexec.exe Token: SeSystemtimePrivilege 4864 msiexec.exe Token: SeProfSingleProcessPrivilege 4864 msiexec.exe Token: SeIncBasePriorityPrivilege 4864 msiexec.exe Token: SeCreatePagefilePrivilege 4864 msiexec.exe Token: SeCreatePermanentPrivilege 4864 msiexec.exe Token: SeBackupPrivilege 4864 msiexec.exe Token: SeRestorePrivilege 4864 msiexec.exe Token: SeShutdownPrivilege 4864 msiexec.exe Token: SeDebugPrivilege 4864 msiexec.exe Token: SeAuditPrivilege 4864 msiexec.exe Token: SeSystemEnvironmentPrivilege 4864 msiexec.exe Token: SeChangeNotifyPrivilege 4864 msiexec.exe Token: SeRemoteShutdownPrivilege 4864 msiexec.exe Token: SeUndockPrivilege 4864 msiexec.exe Token: SeSyncAgentPrivilege 4864 msiexec.exe Token: SeEnableDelegationPrivilege 4864 msiexec.exe Token: SeManageVolumePrivilege 4864 msiexec.exe Token: SeImpersonatePrivilege 4864 msiexec.exe Token: SeCreateGlobalPrivilege 4864 msiexec.exe Token: SeCreateTokenPrivilege 4864 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 4864 msiexec.exe Token: SeLockMemoryPrivilege 4864 msiexec.exe Token: SeIncreaseQuotaPrivilege 4864 msiexec.exe Token: SeMachineAccountPrivilege 4864 msiexec.exe Token: SeTcbPrivilege 4864 msiexec.exe Token: SeSecurityPrivilege 4864 msiexec.exe Token: SeTakeOwnershipPrivilege 4864 msiexec.exe Token: SeLoadDriverPrivilege 4864 msiexec.exe Token: SeSystemProfilePrivilege 4864 msiexec.exe Token: SeSystemtimePrivilege 4864 msiexec.exe Token: SeProfSingleProcessPrivilege 4864 msiexec.exe Token: SeIncBasePriorityPrivilege 4864 msiexec.exe Token: SeCreatePagefilePrivilege 4864 msiexec.exe Token: SeCreatePermanentPrivilege 4864 msiexec.exe Token: SeBackupPrivilege 4864 msiexec.exe Token: SeRestorePrivilege 4864 msiexec.exe Token: SeShutdownPrivilege 4864 msiexec.exe Token: SeDebugPrivilege 4864 msiexec.exe Token: SeAuditPrivilege 4864 msiexec.exe Token: SeSystemEnvironmentPrivilege 4864 msiexec.exe Token: SeChangeNotifyPrivilege 4864 msiexec.exe Token: SeRemoteShutdownPrivilege 4864 msiexec.exe Token: SeUndockPrivilege 4864 msiexec.exe Token: SeSyncAgentPrivilege 4864 msiexec.exe Token: SeEnableDelegationPrivilege 4864 msiexec.exe Token: SeManageVolumePrivilege 4864 msiexec.exe Token: SeImpersonatePrivilege 4864 msiexec.exe Token: SeCreateGlobalPrivilege 4864 msiexec.exe Token: SeCreateTokenPrivilege 4864 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 4864 msiexec.exe Token: SeLockMemoryPrivilege 4864 msiexec.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 4864 msiexec.exe 4864 msiexec.exe -
Suspicious use of WriteProcessMemory 13 IoCs
description pid Process procid_target PID 4420 wrote to memory of 764 4420 msiexec.exe 85 PID 4420 wrote to memory of 764 4420 msiexec.exe 85 PID 4420 wrote to memory of 764 4420 msiexec.exe 85 PID 4420 wrote to memory of 3160 4420 msiexec.exe 102 PID 4420 wrote to memory of 3160 4420 msiexec.exe 102 PID 4420 wrote to memory of 3160 4420 msiexec.exe 102 PID 4420 wrote to memory of 3560 4420 msiexec.exe 103 PID 4420 wrote to memory of 3560 4420 msiexec.exe 103 PID 4420 wrote to memory of 3560 4420 msiexec.exe 103 PID 764 wrote to memory of 3232 764 MsiExec.exe 104 PID 764 wrote to memory of 3232 764 MsiExec.exe 104 PID 3232 wrote to memory of 4468 3232 compiler.exe 106 PID 3232 wrote to memory of 4468 3232 compiler.exe 106
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\Cheat Lab 2.7.2.msi"1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4864
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4420 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding D5F87B4BE9EDADA7E111C682A70E885D C2⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:764 -
C:\Program Files\Cheat Lab Inc\Cheat Lab\compiler.exe"C:\Program Files\Cheat Lab Inc\Cheat Lab\compiler.exe" "C:\Program Files\Cheat Lab Inc\Cheat Lab\readme.txt"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3232 -
C:\Windows\SYSTEM32\rundll32.exerundll32 "C:\Users\Admin\AppData\Roaming\Lua\bin\lua.dll", init4⤵
- Blocklisted process makes network request
- Loads dropped DLL
PID:4468
-
-
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding D3A27E1EF0A0D32B27328EBB7D8B69762⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3160
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 11ABD7F86AAD0B81742CD9E61C20AAE5 E Global\MSI00002⤵
- Loads dropped DLL
PID:3560
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
188KB
MD53a33160e5568ed2218842a82f6f5d281
SHA1bfd4a3d6fd68f721848ad49c3b1b81152d7bec7d
SHA2566beb41b966cb3f9e355ebf6f7e3a06692e0d2a6bd6a0bb6ae3c3d0540e8b49cd
SHA51275a565a62e7526573db771f1770ba332c842d07eeed0766a2bee043160727fc212f805d8164c0d2ba6041eb57bdd2e54e7e6f986f27585c22e8e119b3151a850
-
Filesize
261KB
MD5f33e239a228ad29b22f40a503db1dd60
SHA18b56571cd8c39978c657818f2ff6b05753c9fd94
SHA256dfbf23697cfd9d35f263af7a455351480920a95bfc642f3254ee8452ce20655a
SHA512e161d6b8b5df6da2d3f7fbd4f68ac05ba9ebd479404c502b45a126758e21cc7b918ab038688d3abfbb50e25216bb39dae30efa2d306dbc76e6216461520e2c2d
-
Filesize
484KB
MD575d539df595217555d98c59af85edab1
SHA1a67b14c2ddfda8f770cfeef0d3b676b433df500c
SHA256873aa2e88dbc2efa089e6efd1c8a5370e04c9f5749d7631f2912bcb640439997
SHA512e2b47f2733d2f439af53b12fddd9efa044b832871be2e064d236d6581a3d81e57d7ff4ae123b6f82fd00c752e33d51ae8fd403cee49b628a6d0c2d46de04ce6e
-
Filesize
188KB
MD5da93380e27ef93a7b46af81a3b8c0f13
SHA1620c61603dfd44074133b20ae15f2b1a7478be9a
SHA256751f97824cd211ae710655e60a26885cd79974f0f0a5e4e582e3b635492b4cad
SHA512e9dc7ab3447cf523b9f895ea3ae2b3a8d52fae8b3cbaab14dc256d9a9cf3b79ce770bb665591ad5e9bf1bd216948b131c1003a16b6b3a19f4e1aa6a0e944b550
-
Filesize
281B
MD52db5345850c203829dc2d4c66b441ac6
SHA125e5cbaffdfe0456301188b304106baea4750535
SHA2562716710828b2390a73099b978e2ca941a8bce3fdc275fa58d511be7177e150ca
SHA512c36e197ca81a2d9786d822d1058e1817600e82763c2027213ea67abbc0eb1257d48893163550cb6d46205e282c101efdfee9388d1457e30e78dee34e5b1e0ac5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
Filesize1KB
MD572d4880bc5c5e75d2c69ea85932f6015
SHA1ac33593f45a034fef778aa22b0b93dd29a6c7366
SHA2567e576ce866607f8e6802355e09db9431853bd6568fc239ff4e3308b4edc06b6d
SHA512ba0976e2b8652d3dc71558e669ab450b793c49a61aa01a1b0b4dfe9a6c8bf0ab065548a314bad955104be5d5ef6948d959569433c40c69b01dd8b3ac09fa36e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
Filesize979B
MD5bc90511177a4597118c0cd5572567295
SHA1ab38408b2f638d16ee748aae07dea098071f7aed
SHA256eacd1a0ba09bb02dc47fa6e150be8a7d27ac8d082f33a3549e12be8161765784
SHA512126d34d1095e69c89fff418e21cb72ed71d63977cc30a1202d7c5ebd80b6c4d960db4964ef7d1972a370f561205def244e33628632c44226ad1cb30f6c0dd1f3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
Filesize471B
MD56fe86f61844682b66eb0e8e5ffedb9db
SHA1ee01554a31c29ea6cf581c2728d1d0ecc5a5c720
SHA25619e5c432c12c7f17a681f54cc75b5a88b2f374360e1ecb086bf21447a0fd830a
SHA51293dc92d22b193ba9a6db17cfdd191985ad989a1fc71a6049f361a5e9132ec8381480064b03923a93785bf1dc194b3ccc5a1320e97f55cac93783ddaa16df6abe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A66A8DB907BADC9D16AD67B2FBFFDD5C
Filesize480B
MD5e27fc4ee85e73ecb194891596fc73c59
SHA1dea32adb2daae722d9f923bb6eccf15dc618cf12
SHA256168a9548d7ebe1beab6c8658e1bed4f38a5123dc5557abf5aa381f108ac96e95
SHA5122952624f4b3610d75759ecad779791b09d3f1927c0c9207eea78442902343b5faa5c323181d60bfeab23d71c10a374546613a7783688a06daf26f832627b1f50
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
Filesize482B
MD58bfb1f03848f07a8fb5dd8967423506e
SHA1089ad1fe516fed56f948a43a024e6283efafc4bd
SHA25647bdaa989ffec3599abad9fa98f4daac460e58a5f6edb55c68e1e39f841b3935
SHA512c85099d0ba449ca382d3bafe138d913462e1c69dc343e4d50275ed6efade13fc596588ae57b75f51ca8f0a935443231e3fc7350616da06727a7eb3220db10cd8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
Filesize480B
MD5c09d58453aef6780fe5e3e293fd7bb75
SHA1433cd6ec1ac85c12d8cfec7a549c35af62454468
SHA256ffea233fae4209ccc2ce4f2a79aadf8c4ae2f0cfce2c903d82dfe8ec6e62cf69
SHA5124aaf719cbd4b7e41c2a211966524cb20d406b0acc3f77ee9e21fa4ac4ab3b92814ef635ec3e414dc6ef9a1043d561d79b9f0c79f0e197cea2dc02b718211510e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
Filesize412B
MD58c8b4be201c5956948ee8ba390151410
SHA15914ea0d1b5d6f4fba7263cf00c7a879686d9ab8
SHA2568697b8040a537864eb184ce960f1ca2a9f66bd4e0b18e396b88d72e24a1c1413
SHA5126030704c377ccfea6b53e0a207217aec3c6157ae5a1f78788877f45a3d68d71737bd75246b6c647ca68b3d635779c6497c935a6d8cc5dc8f962edeb6038eccdb
-
Filesize
4.1MB
MD50ffd3bd05a9281981db2330e5a7291c1
SHA1fabbfea6c072f68692b81571d38e8eab72de1362
SHA256286dca4423a65cbd5d23e9bf002e584ec16a88c0a5edf4cfdc6b639d982593ad
SHA51254ff1df237207e4fe70808583b96a07d0366887ed7e3389527eaadb6c3e045c19c4ba1621a47e24fa661f52b504274b46af91acd1b562bc15b1e51518846c333
-
Filesize
436KB
MD5475d20c0ea477a35660e3f67ecf0a1df
SHA167340739f51e1134ae8f0ffc5ae9dd710e8e3a08
SHA256426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd
SHA51299525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e
-
Filesize
897KB
MD56189cdcb92ab9ddbffd95facd0b631fa
SHA1b74c72cefcb5808e2c9ae4ba976fa916ba57190d
SHA256519f7ac72beba9d5d7dcf71fcac15546f5cfd3bcfc37a5129e63b4e0be91a783
SHA512ee9ce27628e7a07849cd9717609688ca4229d47579b69e3d3b5b2e7c2433369de9557ef6a13fa59964f57fb213cd8ca205b35f5791ea126bde5a4e00f6a11caf
-
Filesize
1KB
MD50685f628f7b26462640a2d8647a9db08
SHA1dfd04f884ca8ef1074a28153d0d9754462693a2d
SHA2564d2490dfccac8fff703222d3d3b82d3c390b4b9458c3e3e305dc4a29389b5e39
SHA5127fe7549f120349ccaf39719595d1bd338882b8191f85f5f4d3f6a2e7688b1e442db2eda6db2fc8ac5b09a2e7574fbfd2bdaf72946e587fce2de610bcaaf723ec
-
Filesize
187KB
MD5f11e8ec00dfd2d1344d8a222e65fea09
SHA1235ed90cc729c50eb6b8a36ebcd2cf044a2d8b20
SHA256775037d6d7de214796f2f5850440257ae7f04952b73538da2b55db45f3b26e93
SHA5126163dd8fd18b4520d7fda0986a80f2e424fe55f5d65d67f5a3519a366e53049f902a08164ea5669476100b71bb2f0c085327b7c362174cb7a051d268f10872d3