Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
12-05-2024 15:41
Static task
static1
Behavioral task
behavioral1
Sample
3adb3ba2feb388ddb90ce1b4e60f03cf_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3adb3ba2feb388ddb90ce1b4e60f03cf_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
3adb3ba2feb388ddb90ce1b4e60f03cf_JaffaCakes118.html
-
Size
136KB
-
MD5
3adb3ba2feb388ddb90ce1b4e60f03cf
-
SHA1
04bf37aaa21670b4e47aec3a78107937b18cac9b
-
SHA256
1424af501a0d4acc703e1e6783416a28af8ed29593dec670e2c1f8d5bfd38c4c
-
SHA512
935a9c885c3a09e6ee27d7db0de70e5af50c1e874b571d62d0995547b06691e57a20703ea4565a4d544d4cdcbfeba7d52c4804826f94ad8d993fa14b77866a19
-
SSDEEP
3072:DLe+h+3qN5E8n3YmsbLXyebtvsu9vHf8qAei+USY1k:qaTYmsbzRN
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4828 msedge.exe 4828 msedge.exe 4820 msedge.exe 4820 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4820 msedge.exe 4820 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4820 wrote to memory of 4576 4820 msedge.exe 83 PID 4820 wrote to memory of 4576 4820 msedge.exe 83 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 3864 4820 msedge.exe 84 PID 4820 wrote to memory of 4828 4820 msedge.exe 85 PID 4820 wrote to memory of 4828 4820 msedge.exe 85 PID 4820 wrote to memory of 2744 4820 msedge.exe 86 PID 4820 wrote to memory of 2744 4820 msedge.exe 86 PID 4820 wrote to memory of 2744 4820 msedge.exe 86 PID 4820 wrote to memory of 2744 4820 msedge.exe 86 PID 4820 wrote to memory of 2744 4820 msedge.exe 86 PID 4820 wrote to memory of 2744 4820 msedge.exe 86 PID 4820 wrote to memory of 2744 4820 msedge.exe 86 PID 4820 wrote to memory of 2744 4820 msedge.exe 86 PID 4820 wrote to memory of 2744 4820 msedge.exe 86 PID 4820 wrote to memory of 2744 4820 msedge.exe 86 PID 4820 wrote to memory of 2744 4820 msedge.exe 86 PID 4820 wrote to memory of 2744 4820 msedge.exe 86 PID 4820 wrote to memory of 2744 4820 msedge.exe 86 PID 4820 wrote to memory of 2744 4820 msedge.exe 86 PID 4820 wrote to memory of 2744 4820 msedge.exe 86 PID 4820 wrote to memory of 2744 4820 msedge.exe 86 PID 4820 wrote to memory of 2744 4820 msedge.exe 86 PID 4820 wrote to memory of 2744 4820 msedge.exe 86 PID 4820 wrote to memory of 2744 4820 msedge.exe 86 PID 4820 wrote to memory of 2744 4820 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3adb3ba2feb388ddb90ce1b4e60f03cf_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4820 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb428446f8,0x7ffb42844708,0x7ffb428447182⤵PID:4576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10629763315548890204,7541836562616703780,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:3864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,10629763315548890204,7541836562616703780,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,10629763315548890204,7541836562616703780,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2436 /prefetch:82⤵PID:2744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10629763315548890204,7541836562616703780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:4052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10629763315548890204,7541836562616703780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:1056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10629763315548890204,7541836562616703780,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5696 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1384
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3180
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1616
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD55ea7c53527aa2bbf74d0fdc058ca6553
SHA1a85dbaf45e7f7a9c3b72510ef1ac2afb0f1cadbb
SHA2568a186a4d76dd0cdb617fabe089b706cd48457cd3930ce3ba89b0a836335260fc
SHA5126ea6b9f446830f8123c2cb67add2adbca0dde677000dc0b753d947bda9d1891e60998d24dc30a0afc7bfa6df7b861f229aabbc96aef35e65e6a14b4b87699508
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
69KB
MD5ea87388bc082ef04f1d07987e6154536
SHA10129d02ed85916cc6fbafd9ce0ba656904246b94
SHA256126a78eefeb0731ee4a51a7d7480a1c29800a320aa8a86d1337f9fca414554f8
SHA51285a342a7d4186574ec11499868beff09aca09f319e29962b5ca059a9a1da77d774c2ee87d39339f397fa44ccc9fc3a2be8a869ef9144f62a2076b5a8ddc9c968
-
Filesize
20KB
MD5da9eb63c2ab463de0028c69add0de9c6
SHA1a14e85d87fca1ccc1ffb37c71f22c7b246d220de
SHA256f8b16d05ec88b7ca3408948306f0e3f9cca9b3a7ca5f1780716f466f69d30b6d
SHA51205a151c18aff7ab842f44c939e52f17302f4a4c3b40afe872569c079773df37fcfc07afd67eae3ccf005a5f40d8f60933442684fa696f8e15a3b603b452a9a11
-
Filesize
16KB
MD5fcce44cc390aff976d7bacdc5021df14
SHA178eedb72390fb225b8408d7d7c6e1dc30a214f16
SHA2568a754d1548e6e2765921b1d3264911aa5b8811c3de318fb1b22d948f7fa58300
SHA512e30af7b82350236f9d8a4beb0ee5cf6a399b51f408c3ef20550ab433909d5c997fdf7dcbc02c14137ba71bff3bfba022c01ec922744637471c8fb3746cd72f42
-
Filesize
29KB
MD58cdcb5dbb61c91c7aaca27880a0ec2b9
SHA1aa88017529835cd0a0ba79bd12c776e8350c22b5
SHA25641a887ecc2cfc1ca3aef9aea342fdc6f6fdf9e1a9f7abcbcf8d9c8d199eaa6a3
SHA512dc3f0d0eae6dcbd68d3e10e85704bbb93f6ea20986b0423fbb815b6ae1198ade61c9d1672f9ecdab4fdb31d758e5171cbcab0d08d46f9f4e19ec4de2d9eb62ac
-
Filesize
35KB
MD55d33369af1034bd2a02a8bd49775a595
SHA15b423d365a16dd0c5f686b566306a945f0e216e1
SHA25698988f9ac61fb889e95bfb2f250558e634ef56306bce9513304ea1766077b422
SHA512dd3e68b348a86cb76a9a9f19c47d27aa9f2706198420d5b4d1a075258923dbd80a617bf580896dc5097777bfb3b5b45acbc7d561d6b78ec9d325ec3fd4bd0c74
-
Filesize
25KB
MD59daf0d50e897551e3ce01ac8bf6dd34c
SHA1979de426e84a4814d1e712019ff9b824d402f34f
SHA2562f0558dd217fefebf836e4b3ea44d9f0029122e97b0ac265f15ad7360ccec2d2
SHA512e1f3858d2f03c99497aace2dd4e2cf1c76227079ceb27d651241d53ed8c8f14cf4925495aa653fa2f9fecfdd66deb2dfdd6b06e5a006681129ca1d83342a6b9e
-
Filesize
100KB
MD5aee628443161fd9e48117348ce942bc3
SHA1455d2dee1bed577108b6bb13e844aeb4f562b7fc
SHA256653433561a0e60736fb700370c754896da5f12cff241fa9f52dc86c7f416719d
SHA5129943d1cfe26bfbec31807a40aacecb1e2d38ef59345a926e4a52cec23a2ea573af396bd35fdbe87a1876ac68e330bf7a5b23e0cb3ee9f23e19719a083dbbae04
-
Filesize
35KB
MD521e160632cd32bd413be1869662eacc3
SHA1f5ae08c0194265710a24ca17b4b8beaae077514b
SHA25610f0e08b669e24643d7dad9541e9876ff419336d252b4da128202d3dea11617c
SHA512c746c4c4c6b701f604b1885a0e3ede560d307a78b09239e0cdc16f417a7481b09afd69897e73356c42ff5142990db4d32869f9251a18245f42571b6c0bbd0630
-
Filesize
27KB
MD5646d2ecddbf4580238589430544e9c7a
SHA11b69753323f9826f3ca0a59297fe33605f04343c
SHA2563c0120bc4196fbc69e8fa4e586615e5b864d7799378621c0034af21edf2727a0
SHA51256b691f99a09473aebdb8d13c5803ac8ce119a487e2a4a514138dfd0065917ff8e9ee812e3a65fadf003704076f24a761d00e8e476846104f0d4921ce5572a59
-
Filesize
39KB
MD5e07e55db6b3f65a7ae94958e8e91bb80
SHA1b0ff9f770a956d7384a6af84123fb5b3ee84fee2
SHA2567427670ed27782f7b6fdb9f985074e01ffe0a3849f78a5d0ae04511a1c8fc677
SHA512a05c3215210da778f781f972471a3a29428f2035bc33b107dc62648e8e654e37d45a4c05c3ae0986a3079be5634504d1da4c03a981c328832f3a41f284008bb2
-
Filesize
3.7MB
MD5ded4748bc809d8c73df4e17b595dfa53
SHA1e3a2ef90b4e7ded956ff07691834630dda1aca96
SHA256d9ea74e684f05c38c4479acd20b3e9e81fd787a278c4fcfc528fedc45734eff4
SHA5124027a21951113ff72e9cb6185002685a82a021d2ac3229e439c68d4d6ceb79e9c9aacfdc911afe88a80854812e63b88ec33fc5b1eb0dcdf9f0a208801e9dc4ab
-
Filesize
3.7MB
MD5ba4de8196b85866e2702bfa1def272ec
SHA176ec52c93e4f4f549ba285badcb0376c6eff5924
SHA256266a4901302c98111a64795a37fc9ebb7feca9deef647b8349a4ec43268315c8
SHA5125471dcb254fac85e94d02dab89f03badb05a05eb113aa0bb8e097987ae3a7821ac75312410db361ca7b59d7a2f0ad90f6482268e2f57a19a938c24ec67896856
-
Filesize
3.7MB
MD51d46647604968aaace6cb28ad62cec0e
SHA1732a71e2ee9347b679ce98ca6e23159afdbc6bab
SHA2566294f1dd0a31ff3ec78d66acb9772e4cbb9d8e2f205232269c9ff50012b4c6a2
SHA512ac982562e35ed19d353a8b989f70e962164e3f2a2a67c82559abb2f8f0263d531fc49bfb3167daa9a6ec2c2871795f0e9a9c54c446d47276792eed8310c67bec
-
Filesize
3.7MB
MD526ef1fee7701a8f04fa487d836120a15
SHA14c1793745db9a3e05959fe78a7e1c0867dd10929
SHA2568eb7aa4c66612109f74d11a83b8baa9dbc8c0a6a92949dacb841d704ac427674
SHA512cce115678a3eab4d400bd871c97a90e99349ea0bfb710b33f2fdcf5b947d549ce01e764b3df7f7b3282b8c860d8338d9078e3b4f4ec6f772bbc21efbcafb9912
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
1KB
MD53e233ebb77ef7f8d85b2fd40b649947a
SHA11bc12d91b08c24e4f36e7c4c2f2a39ed3d15e0e8
SHA256f05061bfdd7681ef81fa3ed77bfb0d3326fe831c9a651f0fba81b03026a23907
SHA512d9d995caf480805320dcc1c71d97d575ba2f4537854d651eb71234bbf38221c27ff49f1c1a273d8ee987c4e659c48d483c6daf46bf7e78f6163de9b0ac2c54c1
-
Filesize
6KB
MD5cb94d9dd3dc26073c0bd94f916cafa4f
SHA10d4c9b7926098060c4447a2fb9d96575dcae2577
SHA256418b63742b85acaf99dbcd66d87b0a49708b1b114fcfbf9b22694e48b4e8a838
SHA5126b235ad91cd3ecf269c0323843790225b4c2d1199b5295c4efb2baf7bf84ba85575d9f7c5d491bf9bb5fd7429aea982f21433a449b681e616b68ba4a51073588
-
Filesize
5KB
MD5236955fc8bc0bf53fade1d16482f17f3
SHA1e281bd5443de4af0c6fa534e0b7ca63acc58af3a
SHA256cd2995a878e40089c21fd38a045555d363c735258d6f14f11c942366014f65c9
SHA512f95746afbb0720610d8701a708b39be6f38dd07934249cd504dcda4bc378e7a3de75cd674acff1f5241502ab1f5ac4bfcd4cefd1dc842bda720efab3e744dbad