Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
128s -
platform
windows11-21h2_x64 -
resource
win11-20250207-en -
resource tags
arch:x64arch:x86image:win11-20250207-enlocale:en-usos:windows11-21h2-x64system -
submitted
08/02/2025, 13:57
Behavioral task
behavioral1
Sample
agg.exe
Resource
win11-20250207-en
General
-
Target
agg.exe
-
Size
543KB
-
MD5
4dbf422d243020b7c8dbf7f186e9f405
-
SHA1
4e2e3ee0214f1d20817efc248d10faea235cc4b5
-
SHA256
9f0a14be6b3437eb09cca475a3fdcc22bfe51af31abeed95c57be0f61fbffd35
-
SHA512
8b903fae347f8b4576720307b03abfcb2b19ff00a6c29cb2199d911531bc90dff1d438449072d64ab8bd75fa735f05953e95dc04455139e9e4622249ee4f57b9
-
SSDEEP
12288:HLV6BtpmkUliOEyfOR4BLij8f4McGz0esfr:rApfUIOEyfjA8AMeesfr
Malware Config
Signatures
-
Nanocore family
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DPI Service = "C:\\Program Files\\DPI Service\\dpisvc.exe" agg.exe -
Checks whether UAC is enabled 1 TTPs 1 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA agg.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files\DPI Service\dpisvc.exe agg.exe File opened for modification C:\Program Files\DPI Service\dpisvc.exe agg.exe -
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wermgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 2240 MicrosoftEdgeUpdate.exe 4988 MicrosoftEdgeUpdate.exe 5056 MicrosoftEdgeUpdate.exe -
Checks processor information in registry 2 TTPs 7 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier wermgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 wermgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision wermgr.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 wermgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz wermgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString wermgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier wermgr.exe -
Enumerates system info in registry 2 TTPs 2 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS wermgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU wermgr.exe -
Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 3288 schtasks.exe 4336 schtasks.exe -
Suspicious behavior: EnumeratesProcesses 22 IoCs
pid Process 1528 agg.exe 1528 agg.exe 1528 agg.exe 1528 agg.exe 1528 agg.exe 1528 agg.exe 1528 agg.exe 1528 agg.exe 1528 agg.exe 1528 agg.exe 1528 agg.exe 1528 agg.exe 1528 agg.exe 1528 agg.exe 1528 agg.exe 1528 agg.exe 1528 agg.exe 1528 agg.exe 1496 MicrosoftEdgeUpdate.exe 1496 MicrosoftEdgeUpdate.exe 1496 MicrosoftEdgeUpdate.exe 1496 MicrosoftEdgeUpdate.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1528 agg.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 1528 agg.exe Token: SeDebugPrivilege 1496 MicrosoftEdgeUpdate.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1528 wrote to memory of 3288 1528 agg.exe 88 PID 1528 wrote to memory of 3288 1528 agg.exe 88 PID 1528 wrote to memory of 4336 1528 agg.exe 90 PID 1528 wrote to memory of 4336 1528 agg.exe 90 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\agg.exe"C:\Users\Admin\AppData\Local\Temp\agg.exe"1⤵
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1528 -
C:\Windows\SYSTEM32\schtasks.exe"schtasks.exe" /create /f /tn "DPI Service" /xml "C:\Users\Admin\AppData\Local\Temp\tmpF5AA.tmp"2⤵
- Scheduled Task/Job: Scheduled Task
PID:3288
-
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks.exe" /create /f /tn "DPI Service Task" /xml "C:\Users\Admin\AppData\Local\Temp\tmpF5DA.tmp"2⤵
- Scheduled Task/Job: Scheduled Task
PID:4336
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MEMwRkM3QzEtNjEwNS00RUI3LTlBMEQtRjNDRUE5REE2MjM0fSIgdXNlcmlkPSJ7NkVDQjE1MzItN0EzNS00MkM5LTg1OTMtMjVDQUREQzRDOUFFfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NTUzMkVBRkYtQThGQy00NkE0LUEwNUUtOTM2ODUxNDcwNTc5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RSt4YkF6Nlk2c1UxMjg5YlM2cWw0VlJMYmtqZkJVR1RNSnNqckhyNDRpST0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRldGltZT0iMTczODk1NjQ2OSIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzgzNDI5MTM1MzQ4MDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ5OTM2MzQyOTciLz48L2FwcD48L3JlcXVlc3Q-1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:4988
-
C:\Windows\SysWOW64\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "0" "3508" "1252" "1256" "1264" "0" "0" "0" "0" "0" "0" "0" "0"1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
PID:4900
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MEMwRkM3QzEtNjEwNS00RUI3LTlBMEQtRjNDRUE5REE2MjM0fSIgdXNlcmlkPSJ7NkVDQjE1MzItN0EzNS00MkM5LTg1OTMtMjVDQUREQzRDOUFFfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntBMjI2OEUyRi1GMzJFLTQyRjgtQTU5MC04RTVBNUQ2ODQzNUZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSIxMzMuMC4zMDY1LjUxIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGV0aW1lPSIxNzM4OTU1OTg2Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTAwMjA3MTg0OCIvPjwvYXBwPjwvcmVxdWVzdD41⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:5056
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MEMwRkM3QzEtNjEwNS00RUI3LTlBMEQtRjNDRUE5REE2MjM0fSIgdXNlcmlkPSJ7NkVDQjE1MzItN0EzNS00MkM5LTg1OTMtMjVDQUREQzRDOUFFfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InszMDQwNUJBQS1FNDk1LTREMDMtOTk1NS03MEI3NUQwMkU1RER9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjQzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgY29ob3J0PSJycmZAMC42MCI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSIxIiByZD0iNjYxMiIgcGluZ19mcmVzaG5lc3M9IntFRTgzQjkzNS0yMTBGLTRFNzktOTg3OS02MTAzNjcwMTFGRTV9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjEzMy4wLjMwNjUuNTEiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCIgY29ob3J0PSJycmZAMC4wMSIgb29iZV9pbnN0YWxsX3RpbWU9IjE4NDQ2NzQ0MDczNzA5NTUxNjA2IiB1cGRhdGVfY291bnQ9IjEiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM4MzQzMjQ0MzE3NTYzMjAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSIxIiByPSIxIiBhZD0iNjYxMiIgcmQ9IjY2MTIiIHBpbmdfZnJlc2huZXNzPSJ7MUJEQjBFOUUtOUMzQy00MDMwLTlEMjEtNkNDREQxMTlEMkFBfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMzIuMC4yOTU3LjE0MCIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGNvaG9ydD0icnJmQDAuNDMiIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSIxIiByZD0iNjYxMiIgcGluZ19mcmVzaG5lc3M9InswNzM0NEQxMi1BNEY0LTQ4OTQtQkM3My00QkZEQzBFNkJDQzF9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:2240
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=3836,i,4562100277163084989,990114372951809185,262144 --variations-seed-version --mojo-platform-channel-handle=3148 /prefetch:141⤵PID:4996
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=4572,i,4562100277163084989,990114372951809185,262144 --variations-seed-version --mojo-platform-channel-handle=5248 /prefetch:141⤵PID:1516
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1496
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=5244,i,4562100277163084989,990114372951809185,262144 --variations-seed-version --mojo-platform-channel-handle=3852 /prefetch:141⤵PID:4892
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
352KB
MD5e69c7a7885c04f11c117a12a8e728a86
SHA1696399c0ac6c32da090cbe0961fba44364ddda67
SHA256b3c87091d4a05f5c9f84fed5508bb3ce802ff49c7a9bdfb6df4f2c6037a56dcb
SHA512f02bfd955ed937e025533ee0c51a3c6200f350de0b91828a9884a7079bc450f89b85e55d5f952b47d510a96e1d30195c029112ae475bce6dfe65d8ff817f211a
-
Filesize
371KB
MD50303a56d611229d94cdb90a015934915
SHA16593d5de926bc32db722cb821fb9eb89f6ffce3c
SHA256f859d8cc50fd5e3502f690dca1cda68f81cb8ee85d02d1cbd3c601db8edb5d83
SHA51273bb3154d7a96afd3cf881fc2f579d6ecdad4a6e2268f9442577b394acaf0aa73e6ac10ca86c38f4de744ceaf4e62684ac5b0ce71bb950745b26b40315ee65db
-
Filesize
389KB
MD59e6151d969b8a74370baa0abc6c3f26c
SHA1f627449b5d5155488d774af8eab81abff22c296c
SHA256c9d975e30aff677d41e6dc016078222c883a4b0f496b66e4c76a732f6bb72d58
SHA512b957510c83a4a6aa486d0e500add199f094566606f6f0cc7123b30fe15aa795969a36996560a14d09979a122bfa5128509fbe808e431a9460c522a5a9d7e022e
-
Filesize
1KB
MD5d6157234b2b6ca8f8d1e697731927364
SHA1a245df0c0de55ee1aa7c167f2884bbb0b9f479c8
SHA2560061aab09024753d113b25378f07345ef3b1c4b17db4bb1dcb0a9420486d01e5
SHA5128c97b01c425a76d7865960febc04ee5196f34d71693f91e75b26bfdfa444ce45e5e1a22f4922894cc0087f1aa68cc6de9c4cd5edfa7454c48c5712b73e8403ad
-
Filesize
1KB
MD576e1a07bde338933fc57a7e25da0cc19
SHA1822715f71870cb706f79bf20f98df752a2972997
SHA256b94ef1069d565601332eb75d54530db3521182453d40e2d2ba357f9d48b9a252
SHA5123ed0c46e9792ff5c4612b44167e19c7219709d97a24e091e68ea7cc9d08dfe638dbcaee6e6e92c8e829e272f3cbd7a25c4b3068186478dea1848ad82fed4c335