Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
12/05/2024, 13:13
Static task
static1
Behavioral task
behavioral1
Sample
3a48907e5480e73de42b66e5e493eae8_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
3a48907e5480e73de42b66e5e493eae8_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
3a48907e5480e73de42b66e5e493eae8_JaffaCakes118.html
-
Size
175KB
-
MD5
3a48907e5480e73de42b66e5e493eae8
-
SHA1
015b8d44cc142e2a60fd12db8b9e1e7ff87f235a
-
SHA256
834a628b2f55969e360b8b1c948706493c52c38889ff906c195f05071f364315
-
SHA512
8c428c78d436534d4a9356dde0c296a6f3089109294d00471cb488989929f66a4a5b7856d9d177b226e8e5d3b9afcfb38e54d27879d311a8e7b564a3fe6c4e8d
-
SSDEEP
1536:Sqt58hd8Wu8pI8Cd8hd8dQg0H//3oS37GNkFWYfBCJisZ+aeTH+WK/Lf1/hmnVSV:SOoT37/FfBCJiFm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4608 msedge.exe 4608 msedge.exe 3932 msedge.exe 3932 msedge.exe 1444 identity_helper.exe 1444 identity_helper.exe 6140 msedge.exe 6140 msedge.exe 6140 msedge.exe 6140 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe 3932 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3932 wrote to memory of 1908 3932 msedge.exe 82 PID 3932 wrote to memory of 1908 3932 msedge.exe 82 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 3132 3932 msedge.exe 83 PID 3932 wrote to memory of 4608 3932 msedge.exe 84 PID 3932 wrote to memory of 4608 3932 msedge.exe 84 PID 3932 wrote to memory of 1872 3932 msedge.exe 85 PID 3932 wrote to memory of 1872 3932 msedge.exe 85 PID 3932 wrote to memory of 1872 3932 msedge.exe 85 PID 3932 wrote to memory of 1872 3932 msedge.exe 85 PID 3932 wrote to memory of 1872 3932 msedge.exe 85 PID 3932 wrote to memory of 1872 3932 msedge.exe 85 PID 3932 wrote to memory of 1872 3932 msedge.exe 85 PID 3932 wrote to memory of 1872 3932 msedge.exe 85 PID 3932 wrote to memory of 1872 3932 msedge.exe 85 PID 3932 wrote to memory of 1872 3932 msedge.exe 85 PID 3932 wrote to memory of 1872 3932 msedge.exe 85 PID 3932 wrote to memory of 1872 3932 msedge.exe 85 PID 3932 wrote to memory of 1872 3932 msedge.exe 85 PID 3932 wrote to memory of 1872 3932 msedge.exe 85 PID 3932 wrote to memory of 1872 3932 msedge.exe 85 PID 3932 wrote to memory of 1872 3932 msedge.exe 85 PID 3932 wrote to memory of 1872 3932 msedge.exe 85 PID 3932 wrote to memory of 1872 3932 msedge.exe 85 PID 3932 wrote to memory of 1872 3932 msedge.exe 85 PID 3932 wrote to memory of 1872 3932 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3a48907e5480e73de42b66e5e493eae8_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3932 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb55f646f8,0x7ffb55f64708,0x7ffb55f647182⤵PID:1908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:22⤵PID:3132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:82⤵PID:1872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:3348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵PID:4600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:12⤵PID:4388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:12⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:12⤵PID:3140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:82⤵PID:4656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵PID:1580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:12⤵PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:5336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵PID:5344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,18322672641137311018,8082672850939362409,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2624 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:6140
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4460
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4588
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4576
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize360B
MD55f774ca3d026bbd98a9df7eec2646471
SHA189e9f337f4343122cc06a2e6e527ba52c1f54a2b
SHA256bb4bd9b135ca822c62219bbbe64a26118d9d67d31c8b8d48d199d5797a6a32aa
SHA51298829110ee090b8ebc1504fa8bce6b109a198450f2fd0139d2b1f499019f09a2ee29f0b6c37d5c1f19f59d11973f207fe2ab6529658cecbadfae84ada85eba13
-
Filesize
2KB
MD53aafdb470b1ed0489d31ad6358147d29
SHA16c6508932910d20345c87dca04d1ecf780e23310
SHA256ad301c10dc9057a4e74ca63b6bb02439ab76716d822ef55d34414fc69dd75fe3
SHA51220d71909b63a136527bd67c44dd47dca3d1d1c0aeff03b752ba3bbaac86bd144cec83336769d07f318b8b2a839059d3ee24feaf4f1927bef4eefcf2c63b14726
-
Filesize
2KB
MD594e49fb9ada3e20d7235e44947999ec4
SHA10ae2c4ae8d7926fb9904cdfd93d689f2381d13c9
SHA256a4fa078ac786a3a85fdb62e8dce376f3da359ad321ae81f43f8431b02bb2c7cd
SHA512ab30fde1e99d7d1be98e8de56aded82a7bde2d59a320f8ed91a88a8581f0261e9234606a8cdfe84bb6a2f56428b252f2b7e348ff6d6821f306f280708e5a0f43
-
Filesize
5KB
MD52fdfa04d589287683eacf588e3bdd3fb
SHA17fe945732415d2cea81fddde38077e8189e15668
SHA2561218043be39ee953b4faee8e9b5a7c2f4a1adb9e832a335c89c4106a8c947e5a
SHA5129782c60a3c4ce6ba96f03c423de7fc35fb6777ad92e1c7c2bda8ef319158991f66abdbaa6e650f1084de1045a57d2f874743351de30efc01d863f35b1b7ca12e
-
Filesize
7KB
MD5abef5789db9fe8f7154953d00e78b640
SHA14e2f71d0c92f73a61c141a2f5cf1627d7dd34ffa
SHA256452a35da765da0eab3e6ea080a3f41004f8799092b88b5c497351b99d5e47c27
SHA5122b0dc77a4a4c3eaf571f8a02bf240514ffca42590beb11c2abcdebb6c1dd17dfe3444278fdaa04e9893a9992014aed309220e1f0f5a0159e8e32822ad3d53f14
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD58ffc9db3fa5f2b67319997b42034e105
SHA16ff11c8c108e4d70b369462fd3d4da05ad9581a9
SHA256f31fe4bff5013d037f9fe9e7e4f229b065b9bcc2468934315486c47223e8f885
SHA5125dab0e085a3a943be5e00ea0dd0a6d97042a84a3bd139866bde2881b7bf95650667f919a168b2f39ddd1139129ec476b45026dc72bc5013fb6593c0e0a062173