Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
16/05/2024, 23:10
Static task
static1
Behavioral task
behavioral1
Sample
4d7af560ea23ea4b2003d95d478e661e_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
4d7af560ea23ea4b2003d95d478e661e_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
4d7af560ea23ea4b2003d95d478e661e_JaffaCakes118.html
-
Size
175KB
-
MD5
4d7af560ea23ea4b2003d95d478e661e
-
SHA1
37b6317093865cbc8a7451f100eb196d2305de6b
-
SHA256
42b3c1b8cd5813cf58e01a7575dd9e4656e5bd4714f0148847232d17765a0106
-
SHA512
dd1363d53f7f416071a880b2c3a9771b37d1abcb38a36e1fac9207c8f05c0075f617b9826b3dac5e6df88044c2d25c4cc5dec8a5dba28665d605bf2224668ef7
-
SSDEEP
1536:Sqtd8hd8Wu8pI8Cd8hd8dQg0H//3oS3/GNkFDYfBCJis2+aeTH+WK/Lf1/hmnVSV:S4oT3//FaBCJikm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3472 msedge.exe 3472 msedge.exe 1476 msedge.exe 1476 msedge.exe 404 identity_helper.exe 404 identity_helper.exe 5256 msedge.exe 5256 msedge.exe 5256 msedge.exe 5256 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe 1476 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1476 wrote to memory of 4256 1476 msedge.exe 83 PID 1476 wrote to memory of 4256 1476 msedge.exe 83 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 2988 1476 msedge.exe 84 PID 1476 wrote to memory of 3472 1476 msedge.exe 85 PID 1476 wrote to memory of 3472 1476 msedge.exe 85 PID 1476 wrote to memory of 3800 1476 msedge.exe 86 PID 1476 wrote to memory of 3800 1476 msedge.exe 86 PID 1476 wrote to memory of 3800 1476 msedge.exe 86 PID 1476 wrote to memory of 3800 1476 msedge.exe 86 PID 1476 wrote to memory of 3800 1476 msedge.exe 86 PID 1476 wrote to memory of 3800 1476 msedge.exe 86 PID 1476 wrote to memory of 3800 1476 msedge.exe 86 PID 1476 wrote to memory of 3800 1476 msedge.exe 86 PID 1476 wrote to memory of 3800 1476 msedge.exe 86 PID 1476 wrote to memory of 3800 1476 msedge.exe 86 PID 1476 wrote to memory of 3800 1476 msedge.exe 86 PID 1476 wrote to memory of 3800 1476 msedge.exe 86 PID 1476 wrote to memory of 3800 1476 msedge.exe 86 PID 1476 wrote to memory of 3800 1476 msedge.exe 86 PID 1476 wrote to memory of 3800 1476 msedge.exe 86 PID 1476 wrote to memory of 3800 1476 msedge.exe 86 PID 1476 wrote to memory of 3800 1476 msedge.exe 86 PID 1476 wrote to memory of 3800 1476 msedge.exe 86 PID 1476 wrote to memory of 3800 1476 msedge.exe 86 PID 1476 wrote to memory of 3800 1476 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4d7af560ea23ea4b2003d95d478e661e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1476 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe40aa46f8,0x7ffe40aa4708,0x7ffe40aa47182⤵PID:4256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2921944550107583432,4870828360943361532,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:2988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,2921944550107583432,4870828360943361532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,2921944550107583432,4870828360943361532,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵PID:3800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2921944550107583432,4870828360943361532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:3188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2921944550107583432,4870828360943361532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:1048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2921944550107583432,4870828360943361532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:12⤵PID:3268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2921944550107583432,4870828360943361532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵PID:3696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2921944550107583432,4870828360943361532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵PID:3560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2921944550107583432,4870828360943361532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵PID:1980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2921944550107583432,4870828360943361532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 /prefetch:82⤵PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2921944550107583432,4870828360943361532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2921944550107583432,4870828360943361532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:4672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2921944550107583432,4870828360943361532,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:12⤵PID:4308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2921944550107583432,4870828360943361532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:12⤵PID:1236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2921944550107583432,4870828360943361532,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:12⤵PID:32
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2921944550107583432,4870828360943361532,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5256
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:620
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4216
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4844
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD5e24471d09858238fa8dcf9764b932496
SHA13e261727ae55a71ba5b80dd612382d2b6aa1864a
SHA256d75299a876dd60254f6c4fd257eff6cf4f157a9097e8a78c00afddf9bb9390de
SHA512f4879ab927bf519daf86b6b91386855583b740822d388ccc5fc7e926abb7b344d26033525f839bbe8dc70c0de4f1899a883d3c0256f270bc138aac3b196f48cd
-
Filesize
2KB
MD5f410cd67cf94a409b4fff62d3e4f585a
SHA16a420db33eb36e6993d7286c06eefbcd61099808
SHA2566ead35da7296ca17da93664416e8b55c0bf13e023c0f1fd965624d4b4aa39359
SHA512cd65f90f761ce58e9ce88069ff8a5bfa6d9269f4e993b9c16276170fbfe478c43ecdf2df6cd66fa511d917ad0ed090efc1e4af13767422e429626bce0c4781a7
-
Filesize
2KB
MD590d98d14a7de28650923033e67aca8e7
SHA1c0da4e8c0e809fc0476fa41b31a61c4bf88b40d3
SHA256fe325391045a525d1be115e1e68c7ab95bf08fbeef67986bc71de72ba8e2020f
SHA512e9acc41ae430f66827395f39f162cc2ebd3da1f42e3f007e6c12311a6d3f0794c73d8750d7079ff14c4a0389d22aad99c01999d840aad7645fe3bb0543d15654
-
Filesize
5KB
MD56b89d5e8b4ff0cf9f0a2a526bf716953
SHA14c894dc20582df3394ddc05fb008885317132fb8
SHA25680c0c16279bff1dd00cc2f42b0e7783a1203f03a53a771730a963976bc942c74
SHA51296c74c4ceb1037bb1e4ac3f973a086a68357b6bc44d32eac17a834f38ea996d200cfed742e0b82533e3b1bcb7891d260f63f39ac8f16c7df40c27c7f4ee810c6
-
Filesize
7KB
MD5f5373b4a55e878092a0f1292027d22ff
SHA188d0798b6c9a5eb1b32abcdd8f2365cc626b9e93
SHA256a0da98598741a11603715cfb737e4f7404013c8f620b1f5d6dfc4a6069392ea4
SHA512bc6c8ad257337c7beb70fd9653c150640e77dd6272715837f0596598d03489a927a114a5a282ebee9f3ed89212c8357e4e5dc8bc43b014952baa133f05c19f67
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD59f509e20da0d7aa512fa52e1961f34da
SHA16b9fe8042b3c0ef0ee593e9b646f0fdc3c17b422
SHA256ec1903fdce5eb314e4925775c9cf83ec88b3bedf453b63c3c934a400a63ddacb
SHA5120ca3584e0ae6b0897c36c4499a99b697f94856971c0b0a2649979c91d934fc27cd08733041717d046fd51b8cabcf29efc32da278aa387c24da250a8aba55ffd4