Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
19-05-2024 22:27
Static task
static1
Behavioral task
behavioral1
Sample
5bcef53d6d45ad850b646c7a29c4075a_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5bcef53d6d45ad850b646c7a29c4075a_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
5bcef53d6d45ad850b646c7a29c4075a_JaffaCakes118.html
-
Size
175KB
-
MD5
5bcef53d6d45ad850b646c7a29c4075a
-
SHA1
c071f6f2f07a55dea483d177b38c444cd70b90a5
-
SHA256
b1a213fddca9d9471cf140df83a278b1e48300f1cfee0883f65d3e7ae02aaf29
-
SHA512
c9f4828812d2b08bc46e6f438add034d62901bc3da786373d24ec3d83ec2e3d494a608bc940e84329373818e3c68a90d63f33ac71c87dbbf45533131c2035962
-
SSDEEP
1536:Sqt58gd8Wu8pI8Cd8hd8dQgbH//WoS3EGNkFMYfBCJiZo+aeTH+WK/Lf1/hpnVSV:SHCT3E/FpBCJi/B
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1400 msedge.exe 1400 msedge.exe 2156 msedge.exe 2156 msedge.exe 2020 identity_helper.exe 2020 identity_helper.exe 6116 msedge.exe 6116 msedge.exe 6116 msedge.exe 6116 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe 2156 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2156 wrote to memory of 2616 2156 msedge.exe 82 PID 2156 wrote to memory of 2616 2156 msedge.exe 82 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 3088 2156 msedge.exe 83 PID 2156 wrote to memory of 1400 2156 msedge.exe 84 PID 2156 wrote to memory of 1400 2156 msedge.exe 84 PID 2156 wrote to memory of 3968 2156 msedge.exe 85 PID 2156 wrote to memory of 3968 2156 msedge.exe 85 PID 2156 wrote to memory of 3968 2156 msedge.exe 85 PID 2156 wrote to memory of 3968 2156 msedge.exe 85 PID 2156 wrote to memory of 3968 2156 msedge.exe 85 PID 2156 wrote to memory of 3968 2156 msedge.exe 85 PID 2156 wrote to memory of 3968 2156 msedge.exe 85 PID 2156 wrote to memory of 3968 2156 msedge.exe 85 PID 2156 wrote to memory of 3968 2156 msedge.exe 85 PID 2156 wrote to memory of 3968 2156 msedge.exe 85 PID 2156 wrote to memory of 3968 2156 msedge.exe 85 PID 2156 wrote to memory of 3968 2156 msedge.exe 85 PID 2156 wrote to memory of 3968 2156 msedge.exe 85 PID 2156 wrote to memory of 3968 2156 msedge.exe 85 PID 2156 wrote to memory of 3968 2156 msedge.exe 85 PID 2156 wrote to memory of 3968 2156 msedge.exe 85 PID 2156 wrote to memory of 3968 2156 msedge.exe 85 PID 2156 wrote to memory of 3968 2156 msedge.exe 85 PID 2156 wrote to memory of 3968 2156 msedge.exe 85 PID 2156 wrote to memory of 3968 2156 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5bcef53d6d45ad850b646c7a29c4075a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2156 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffceba246f8,0x7ffceba24708,0x7ffceba247182⤵PID:2616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,18129352986438363498,10036434646801143769,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:3088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,18129352986438363498,10036434646801143769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,18129352986438363498,10036434646801143769,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵PID:3968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18129352986438363498,10036434646801143769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18129352986438363498,10036434646801143769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18129352986438363498,10036434646801143769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:12⤵PID:4468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18129352986438363498,10036434646801143769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:12⤵PID:4012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18129352986438363498,10036434646801143769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵PID:4536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18129352986438363498,10036434646801143769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:12⤵PID:3776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,18129352986438363498,10036434646801143769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:82⤵PID:4372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,18129352986438363498,10036434646801143769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18129352986438363498,10036434646801143769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:12⤵PID:2108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18129352986438363498,10036434646801143769,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:12⤵PID:2736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18129352986438363498,10036434646801143769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵PID:5396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18129352986438363498,10036434646801143769,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵PID:5404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,18129352986438363498,10036434646801143769,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:6116
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5080
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4384
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1916
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
Filesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize360B
MD5dfbda2ddc73b1809bd3285d806619637
SHA123e74d233c7ddea60bc4fd6b71009154be9d89bb
SHA2566034e45c439a5b61c48ea365cf8c04ea5ff911cfef6ea9c75e588cd855ebb7d9
SHA5121956e1b285fdf2a4ce64b90c3e17c92aa6821b41bdbadecfa91409356518864f5caad1160f8c251732fb7509bf6fa3fb2ea2b3f01a212958ded341f11fce7fe0
-
Filesize
2KB
MD5edc15baf7b0d6b6fc6a6e36e8af160cb
SHA183fdbfe067b32ec2f618a58c0392cfae4e3e670f
SHA2564302767b506a725911d3993cb0421380049d52f2a3abe6f0173c74653c7d9737
SHA51213d3745e3e3359d35f0383fd5414c2c72b24f2301177ce7b4fc156e06733e6ed5c0399b9e7a6e1b3230e2afa91b3c55df7f597c511ea6abc79ee77e1a311b6ce
-
Filesize
2KB
MD5b6d9921e38fc3dd94cb3c2cb6c96f3c2
SHA152f6712fb28cf130874b368ffc460795866f0289
SHA2568a7b2516c6f60e985962369987e36236672f6a3134996d5a7e626a485127db4b
SHA512fb8129428f0b1a1befa2f85e223019c8f4e93dc9c4f2a628c18a287af707e1671b18acc502bba3500e71aa66ef08291e47dd42da45e918ccb344317c7de3d8b1
-
Filesize
5KB
MD50a960c91452742366f51c5eda8abece7
SHA17e5777d45ce9767d82084acefaefa25c9d49b383
SHA256f6604b45025a7a4a167207416905c5e88a1a7374631844f30337bbd388da2d44
SHA512b2ad208aa69874ca0f0ad3c4408c4d7e6a1c7612ce8deb82dd9c9912c68d091b40c08662ac061c53fed14de1b3744d58ec37b8ae867d45f7b72a1f0656ef8df1
-
Filesize
7KB
MD5dae7b854bc5426d4a4589f07bcc22ffe
SHA1cc0c97ebdc736c6ecb7303d43a670e09daae94bd
SHA25651b2f660758f1f80b22f24b85220352bf0ce654697a33812b70d74c24a270493
SHA5129fa37c75938d16b3b44a56a60372e8ff70af413ccbc2567e8742b54200d054b477fb2b39dd5fdfc98b4489ae6b14326284faf703aa38ccef92bbbe6e82535834
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD598a04be4e4d5d9cebbcb9dbd833ac039
SHA107fabdb34de1d6f6554fcb832c47ca2aa803ea54
SHA256d02c62a87f77d71a521bd328483efa5c156a16e8007bc7a5639bec414fe14419
SHA5120066750e90e883a13f5a3cc6ce962cadd861f7d70c6f29345dd9e09528d7e777e798beb8d7b6de25af27b381e1b14b4c21b4b370abbf97bb489dbdc5dea0f805