Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
04/05/2024, 03:17
Static task
static1
Behavioral task
behavioral1
Sample
11583505c789c8c63747ad8ec1486e74_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
11583505c789c8c63747ad8ec1486e74_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
11583505c789c8c63747ad8ec1486e74_JaffaCakes118.html
-
Size
175KB
-
MD5
11583505c789c8c63747ad8ec1486e74
-
SHA1
506bb6dc028996e1a183367c82ca3e5700970673
-
SHA256
51264bc4ff5f03d073cebd8dd43408f0ae2b7a9bc5e6409f190c6dc38431da8f
-
SHA512
1a35eaab7a7cd6dbd129f773a386c71aca36d7a0927414f82ba07d7e37aa53f45ebb610f9d2aa0b8642ab63d87824e2a76508820d4827bbd728f4a73902f585c
-
SSDEEP
1536:Sqtz8hd8Wu8pI8Cd8hd8dQg0H//3oS3bGNkFtYfBCJisd+aeTH+WK/Lf1/hmnVSV:SOoT3b/FoBCJiVm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4580 msedge.exe 4580 msedge.exe 3076 msedge.exe 3076 msedge.exe 2160 identity_helper.exe 2160 identity_helper.exe 6096 msedge.exe 6096 msedge.exe 6096 msedge.exe 6096 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe 3076 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3076 wrote to memory of 4284 3076 msedge.exe 83 PID 3076 wrote to memory of 4284 3076 msedge.exe 83 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4056 3076 msedge.exe 84 PID 3076 wrote to memory of 4580 3076 msedge.exe 85 PID 3076 wrote to memory of 4580 3076 msedge.exe 85 PID 3076 wrote to memory of 3004 3076 msedge.exe 86 PID 3076 wrote to memory of 3004 3076 msedge.exe 86 PID 3076 wrote to memory of 3004 3076 msedge.exe 86 PID 3076 wrote to memory of 3004 3076 msedge.exe 86 PID 3076 wrote to memory of 3004 3076 msedge.exe 86 PID 3076 wrote to memory of 3004 3076 msedge.exe 86 PID 3076 wrote to memory of 3004 3076 msedge.exe 86 PID 3076 wrote to memory of 3004 3076 msedge.exe 86 PID 3076 wrote to memory of 3004 3076 msedge.exe 86 PID 3076 wrote to memory of 3004 3076 msedge.exe 86 PID 3076 wrote to memory of 3004 3076 msedge.exe 86 PID 3076 wrote to memory of 3004 3076 msedge.exe 86 PID 3076 wrote to memory of 3004 3076 msedge.exe 86 PID 3076 wrote to memory of 3004 3076 msedge.exe 86 PID 3076 wrote to memory of 3004 3076 msedge.exe 86 PID 3076 wrote to memory of 3004 3076 msedge.exe 86 PID 3076 wrote to memory of 3004 3076 msedge.exe 86 PID 3076 wrote to memory of 3004 3076 msedge.exe 86 PID 3076 wrote to memory of 3004 3076 msedge.exe 86 PID 3076 wrote to memory of 3004 3076 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\11583505c789c8c63747ad8ec1486e74_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3076 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe39fc46f8,0x7ffe39fc4708,0x7ffe39fc47182⤵PID:4284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,13956260415413715851,4450915012225381053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:22⤵PID:4056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,13956260415413715851,4450915012225381053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,13956260415413715851,4450915012225381053,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵PID:3004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13956260415413715851,4450915012225381053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13956260415413715851,4450915012225381053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:4744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13956260415413715851,4450915012225381053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:12⤵PID:2316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13956260415413715851,4450915012225381053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:12⤵PID:2464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13956260415413715851,4450915012225381053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵PID:1000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13956260415413715851,4450915012225381053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:12⤵PID:3612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,13956260415413715851,4450915012225381053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:82⤵PID:1208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,13956260415413715851,4450915012225381053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13956260415413715851,4450915012225381053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:12⤵PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13956260415413715851,4450915012225381053,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵PID:3320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13956260415413715851,4450915012225381053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵PID:2824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13956260415413715851,4450915012225381053,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵PID:2508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,13956260415413715851,4450915012225381053,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3124 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:6096
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2440
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:868
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4628
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58b2290ca03b4ca5fe52d82550c7e7d69
SHA120583a7851a906444204ce8ba4fa51153e6cd494
SHA256f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2
SHA512704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d
-
Filesize
152B
MD5919c29d42fb6034fee2f5de14d573c63
SHA124a2e1042347b3853344157239bde3ed699047a8
SHA25617cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141
SHA512bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize336B
MD5032445ffa78f78862eb8a2a017b13e69
SHA1c14064076e2eb3dc6c94874ce4f21937166402fc
SHA25669065636f340b0e9322bb5e0026386c5719d416edb64690a524916113e94dda5
SHA512693b14e180f3b57d9bc52995895d51186d2e1f841212b07ae73560209d39f69c3769ba4a29bfc2d2bb42f4d99479e715c5f7cc5193eef49dbf79f71142ecb962
-
Filesize
2KB
MD5e270e62a74ddd97251a94d304b3f9001
SHA17fdb79ca71bffc3736942fb31d2ff315fe718d2d
SHA256400ef192c762f2806d1699fa478736d356b81f300d59981ab757092dd3d2e6ab
SHA512c822be89a90b86d4d9ceac4a95795982e606cf3d876b10fe7c11e852db3b4c47a757328a8c089dc36cf6f7a771c7d22883ad37582b8dd8ba57262eb78a326e3d
-
Filesize
2KB
MD58feca3119cfce03fc14c58868cc4cd03
SHA151b32848ef5512aa902a9a15da752adf52f83e88
SHA256fe4c3b0b37c3ac9b79f3a5ede182def06b11e9bbc98fce1b653c81bd67af2153
SHA51205f400666059189b1441848b01091d502d1b3485aa231af7892d773ae490903e9fc04843c89f4a1885ccbe0169f08d02059af1854932aa2687e22aebc88424aa
-
Filesize
5KB
MD5ac316f3cd362067f85f86a34d08639d8
SHA1111eb4797208089b686b1a1b69f8e42781ec457a
SHA256e3452f4bc17d1a25e7bfff5d3b64fe03058c26d350cc676eb401cabb021757ee
SHA512695ffa617f94c78bba0fe5e604b474788ab155e4093f3300b224787f05be5a00772d37350e1dfa5e4bf049deffe4ddfaa9039ae85c98e02365353df6e17651f2
-
Filesize
7KB
MD5592a053bf0b3bbbaaca863d9cd0fff50
SHA11058a8d9f8b61c0985a1ab41bdddbeccd40f2de9
SHA2561b96de785986fab9989a904323d944c6de88d0f8fd22a6896bcdda61c1eb375c
SHA512bf8ec77ccf8511f05cc7d72ec4ac0aaf6d4077602e4320112775a61665c0ee713cafa96d1b08f906be0dc5ba7d1ea332845b6feeafeeee680b389299fd687787
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD542b953c36f3c4b553dbce2c3b53d23ae
SHA1ab5e7e7dacf403f2dc9d4746804198caa73c5cab
SHA256c2c0b837af56baa9349aad9785e8ced322cfeea8e10e28c0317b7c8bde39789e
SHA51233487bb94e1db2489483ecc4425ecf076ec8c83f96c5be90b3f0328e37e4f7b85a0a7bb3a19adf7d814c3413b9d89a128d266f58ae292fdd414f9b6b3801e92a