Overview
overview
10Static
static
30930b4b48c...18.exe
windows7-x64
100930b4b48c...18.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3begin_pass...1.html
windows7-x64
1begin_pass...1.html
windows10-2004-x64
1policies48...0.html
windows7-x64
1policies48...0.html
windows10-2004-x64
1tweet1845418885.html
windows7-x64
1tweet1845418885.html
windows10-2004-x64
1uninstall.exe
windows7-x64
7uninstall.exe
windows10-2004-x64
7vitamin-c-...t.html
windows7-x64
1vitamin-c-...t.html
windows10-2004-x64
1zoo.html
windows7-x64
1zoo.html
windows10-2004-x64
1Analysis
-
max time kernel
145s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
30-04-2024 06:03
Static task
static1
Behavioral task
behavioral1
Sample
0930b4b48c0b81a15cf832743da7f70d_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0930b4b48c0b81a15cf832743da7f70d_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
begin_password_reset1850795531.html
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
begin_password_reset1850795531.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
policies484632680.html
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
policies484632680.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
tweet1845418885.html
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
tweet1845418885.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
uninstall.exe
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
uninstall.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
vitamin-c-pink-grapefruit.html
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
vitamin-c-pink-grapefruit.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral17
Sample
zoo.html
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
zoo.html
Resource
win10v2004-20240419-en
General
-
Target
vitamin-c-pink-grapefruit.html
-
Size
24KB
-
MD5
e42eb4f2ffa46a31b84728fc4f59948a
-
SHA1
6d48c9691dec1790336e36eced5bb93789a8294b
-
SHA256
739c32b0da18bca3ce2b7b284fd19e99ec59e8252002c08ffd6ddf154354bace
-
SHA512
0f0ca67e1029d1425ea6499495d79a4627b4609fcf68d9fbc73bb418168dd690df7de351b633dae8d27d8a0b6feb30373260b03922e6dba271a85ce94ce051a3
-
SSDEEP
384:XXQd00gJp5EYKSc3H3jnnKSZ3W32gKSFxKSb9CbTKSHiYfKSO10DL2bdrp2CUind:XXTTPJrpNnzjcOXfAq57JMMCw
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 5096 msedge.exe 5096 msedge.exe 4684 msedge.exe 4684 msedge.exe 4624 identity_helper.exe 4624 identity_helper.exe 4688 msedge.exe 4688 msedge.exe 4688 msedge.exe 4688 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4684 wrote to memory of 2460 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 2460 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 4876 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 5096 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 5096 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 2944 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 2944 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 2944 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 2944 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 2944 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 2944 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 2944 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 2944 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 2944 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 2944 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 2944 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 2944 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 2944 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 2944 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 2944 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 2944 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 2944 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 2944 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 2944 4684 msedge.exe msedge.exe PID 4684 wrote to memory of 2944 4684 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\vitamin-c-pink-grapefruit.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85f1746f8,0x7ff85f174708,0x7ff85f1747182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8407471865624133941,11718240463986555259,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,8407471865624133941,11718240463986555259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,8407471865624133941,11718240463986555259,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8407471865624133941,11718240463986555259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8407471865624133941,11718240463986555259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8407471865624133941,11718240463986555259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8407471865624133941,11718240463986555259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8407471865624133941,11718240463986555259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8407471865624133941,11718240463986555259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8407471865624133941,11718240463986555259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8407471865624133941,11718240463986555259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8407471865624133941,11718240463986555259,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD52a70f1bd4da893a67660d6432970788d
SHA1ddf4047e0d468f56ea0c0d8ff078a86a0bb62873
SHA256c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561
SHA51226b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5fbe1ce4d182aaffb80de94263be1dd35
SHA1bc6c9827aa35a136a7d79be9e606ff359e2ac3ea
SHA2560021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51
SHA5123fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5caa56cb957253c719560ef62b24da054
SHA1885281bf281c7baaf0c7b62ad7e316199ae797d5
SHA256038abdc9509ab40d7f133fa3b7ce77a7e0ddf1124e9ac5db078713d738c076b5
SHA5122b4c1d24be879a1062c89dd44f5c7e2a07c16533f35a19c182ab94a86253876dae2d5100b2caf540a2dc304060a380de84a50ce21b74e1279c4de8bf1e3d2a65
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD58dcb68f8fe0b06acce7e7e1bd1dd126b
SHA15f938c240316d3a9b9241455d4aaed18539eeb98
SHA256f29b610da2b922b9ccbf55f823cd2625ac8ce5a177f34789d93a42912f74f266
SHA512d305ae00f7798861f966492802c8a997c225416f19eba1663733912405e3466580b2061bcf3b8c0d278984bf789db94fb60d96f4da996a062534b112484fe570
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD52a44e60b846bbb8e298a211e5071e9c7
SHA131953b11f7a58fd9eccc2a85e4a7c056c1626235
SHA25689d0a0b1eee391008c531411c01e558cad70ca1f22f375afafd434d6535532f6
SHA5122c64c644c389a4a09c25e00d501a83fa6a91d24c878063c82a3500d09df5fcf1209a1a40b22a0b4cf94034131d5e1cbc76d026e96053187e1a7cc3d99fd333a1
-
\??\pipe\LOCAL\crashpad_4684_RASFZLSQIPBLMEXIMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e