Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
02/05/2024, 00:07
Static task
static1
Behavioral task
behavioral1
Sample
0cf000c6293522b3cd30a59931ba3db2_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0cf000c6293522b3cd30a59931ba3db2_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
0cf000c6293522b3cd30a59931ba3db2_JaffaCakes118.html
-
Size
175KB
-
MD5
0cf000c6293522b3cd30a59931ba3db2
-
SHA1
3ee56c82da5c85ece376d213af6d75f6272d047e
-
SHA256
9a45a5a5e5dbab5004bbcb3c44705695a736bbfb13c3a30c753d2d1112ae5cd0
-
SHA512
b9183bdbed5d25ce45c89d717b2a5439d07144f1ca6384e46542ca320d5c4596658b938140693e225efad94b4775d4552e6d58276276599e9e88e5ad035e24c0
-
SSDEEP
1536:Sqt58gd8Wu8pI8Cd8hd8dQgbH//WoS3iGNkF9YfBCJiZu+aeTH+WK/Lf1/hpnVSV:SHCT3i/F4BCJiJB
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3936 msedge.exe 3936 msedge.exe 4916 msedge.exe 4916 msedge.exe 4612 identity_helper.exe 4612 identity_helper.exe 6112 msedge.exe 6112 msedge.exe 6112 msedge.exe 6112 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4916 wrote to memory of 412 4916 msedge.exe 83 PID 4916 wrote to memory of 412 4916 msedge.exe 83 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3208 4916 msedge.exe 84 PID 4916 wrote to memory of 3936 4916 msedge.exe 85 PID 4916 wrote to memory of 3936 4916 msedge.exe 85 PID 4916 wrote to memory of 3032 4916 msedge.exe 86 PID 4916 wrote to memory of 3032 4916 msedge.exe 86 PID 4916 wrote to memory of 3032 4916 msedge.exe 86 PID 4916 wrote to memory of 3032 4916 msedge.exe 86 PID 4916 wrote to memory of 3032 4916 msedge.exe 86 PID 4916 wrote to memory of 3032 4916 msedge.exe 86 PID 4916 wrote to memory of 3032 4916 msedge.exe 86 PID 4916 wrote to memory of 3032 4916 msedge.exe 86 PID 4916 wrote to memory of 3032 4916 msedge.exe 86 PID 4916 wrote to memory of 3032 4916 msedge.exe 86 PID 4916 wrote to memory of 3032 4916 msedge.exe 86 PID 4916 wrote to memory of 3032 4916 msedge.exe 86 PID 4916 wrote to memory of 3032 4916 msedge.exe 86 PID 4916 wrote to memory of 3032 4916 msedge.exe 86 PID 4916 wrote to memory of 3032 4916 msedge.exe 86 PID 4916 wrote to memory of 3032 4916 msedge.exe 86 PID 4916 wrote to memory of 3032 4916 msedge.exe 86 PID 4916 wrote to memory of 3032 4916 msedge.exe 86 PID 4916 wrote to memory of 3032 4916 msedge.exe 86 PID 4916 wrote to memory of 3032 4916 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0cf000c6293522b3cd30a59931ba3db2_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4916 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb83dd46f8,0x7ffb83dd4708,0x7ffb83dd47182⤵PID:412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,12202470248055491827,18432783973815225772,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:22⤵PID:3208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,12202470248055491827,18432783973815225772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,12202470248055491827,18432783973815225772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:82⤵PID:3032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,12202470248055491827,18432783973815225772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:3444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,12202470248055491827,18432783973815225772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:1028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,12202470248055491827,18432783973815225772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:12⤵PID:3220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,12202470248055491827,18432783973815225772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:12⤵PID:1532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,12202470248055491827,18432783973815225772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵PID:2900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,12202470248055491827,18432783973815225772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:12⤵PID:2372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,12202470248055491827,18432783973815225772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:12⤵PID:2396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,12202470248055491827,18432783973815225772,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵PID:2068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,12202470248055491827,18432783973815225772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:82⤵PID:680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,12202470248055491827,18432783973815225772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,12202470248055491827,18432783973815225772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:3280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,12202470248055491827,18432783973815225772,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:12⤵PID:4728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,12202470248055491827,18432783973815225772,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:6112
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2004
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4500
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4136
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dbac49e66219979194c79f1cf1cb3dd1
SHA14ef87804a04d51ae1fac358f92382548b27f62f2
SHA256f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562
SHA512bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1
-
Filesize
152B
MD5a9e55f5864d6e2afd2fd84e25a3bc228
SHA1a5efcff9e3df6252c7fe8535d505235f82aab276
SHA2560f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452
SHA51212f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize408B
MD53571cdd0c997a6e9e3ebf06faee2114a
SHA1922b90a8366d4bfbb3e1b0afe4a7888a7be96f09
SHA25653360064ea23b4476617272c167a8f61c6be6380ed56a0280daed89e523acb88
SHA5127cc09e41d66ad294e201ec4fa11383f637f1edf565a5bd1cf80ecf9b3ab00cdd436df788e4c39d7639d97864f928106c8d850ba642a9dbbd9c2f9cdbe758345b
-
Filesize
2KB
MD50e6d301005dc47a731501bedd13e05a1
SHA15c7993a1ea4147f6542c7c26c60251351f22b30f
SHA256bd9a777100a754f98f1e595e8ad7e6e82fe6a3c08ff3e5bf6605bbed2916525e
SHA5122294a6fae4a4fe58c063dbeb5bf0202ba1e3711e05222b67939fab4561edfe92dc747683fe1a6d81a4498985119dd7c1d1906764fcdb38655f07b0feebd2d6e4
-
Filesize
2KB
MD5e38d33d904dd0d65cd6f0e26a2c1aa75
SHA1b9d5f61b0af94c1e26e02bed25ec81ac9547d2e1
SHA25657bd0ded92099eadf6f60c3abfcf0c631cc80d2fa4f3d70df545623a669cc43f
SHA51245208894cc7ff432af56073a754ae591a8b25926ccfd721bc2d7c80b6646b90706a1eaffd6b0086b2b186947306d824e3859bc1893803c94e8ba40d46faf3f5e
-
Filesize
5KB
MD5a6b0f297fe29a40485d3dad8094bc8c6
SHA1fe33e65ea013a306e1e41900a5354d1572d9ef9c
SHA2561ee4b83a9c88240883ceccfd15509427c85df23e8416b2cc480bcf7f4d07c759
SHA5120677208595ab4ea6132de2ff4578fbabf481838f7058b2f240440ef43391a7c395cff541a7835868edf6e731ecc7ce51eab95253686383cec80dc03c698884d6
-
Filesize
7KB
MD53d169c752a817bbdfede89bd29ad9d59
SHA174a55caec89a6b67ab24862f75019edc7708c3fd
SHA25649b19e6eaed6a5d24bd69165751981d95beb4ffe5b4c18a439884df7e924fd1d
SHA512e56dc1a00a2dcef36c4d8a6440e88ac1d617aaf35f3289fde3471d9698fbb9e6109506bee81905c3a325be74ab13ad5983f7b47cbe28c751d31886773cd6330e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD591cddf2282cc6455e413d6557299d2d8
SHA17009e3bf5ddc03407a2fcc96345e0b495f388b2e
SHA256e1bbc4bba9097a18717d872f998508cca8789fcafe6ee9011e8ce333bc2faa9a
SHA51211cbc48dbc2a92dd4bb76460e0a26365822437dc3a466d68ebdb6f828e58f86cafc34e3fa66043e2d5e2c9446a3aed2fb7fcea91b64ee1cad5bcc879f7852f59