Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
21/05/2024, 20:36
Static task
static1
Behavioral task
behavioral1
Sample
64ad8ca096cacfdd5c4a3a6ca49a7a72_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
64ad8ca096cacfdd5c4a3a6ca49a7a72_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
64ad8ca096cacfdd5c4a3a6ca49a7a72_JaffaCakes118.html
-
Size
175KB
-
MD5
64ad8ca096cacfdd5c4a3a6ca49a7a72
-
SHA1
195e1893d4ac9976a44fd3091e2cc76cce606d60
-
SHA256
8c2a7419cb4e7c88ca3aca07ba5f547460e65d64d0e45be336233bab0da32d16
-
SHA512
1378c1a49002cf976548d104662a997f47d067b78575a91fdba552f75cc2994d93913b7b5ad3ad467b22b93d639581c2ca4e9ca320264fd680d60bc2a14dee27
-
SSDEEP
1536:Sqt58hd8Wu8pI8Cd8hd8dQg0H//3oS3CGNkF9YfBCJisZ+aeTH+WK/Lf1/hmnVSV:SOoT3C/F4BCJiNm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2616 msedge.exe 2616 msedge.exe 1472 msedge.exe 1472 msedge.exe 4360 identity_helper.exe 4360 identity_helper.exe 6108 msedge.exe 6108 msedge.exe 6108 msedge.exe 6108 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe 1472 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1472 wrote to memory of 2536 1472 msedge.exe 82 PID 1472 wrote to memory of 2536 1472 msedge.exe 82 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 332 1472 msedge.exe 83 PID 1472 wrote to memory of 2616 1472 msedge.exe 84 PID 1472 wrote to memory of 2616 1472 msedge.exe 84 PID 1472 wrote to memory of 4920 1472 msedge.exe 85 PID 1472 wrote to memory of 4920 1472 msedge.exe 85 PID 1472 wrote to memory of 4920 1472 msedge.exe 85 PID 1472 wrote to memory of 4920 1472 msedge.exe 85 PID 1472 wrote to memory of 4920 1472 msedge.exe 85 PID 1472 wrote to memory of 4920 1472 msedge.exe 85 PID 1472 wrote to memory of 4920 1472 msedge.exe 85 PID 1472 wrote to memory of 4920 1472 msedge.exe 85 PID 1472 wrote to memory of 4920 1472 msedge.exe 85 PID 1472 wrote to memory of 4920 1472 msedge.exe 85 PID 1472 wrote to memory of 4920 1472 msedge.exe 85 PID 1472 wrote to memory of 4920 1472 msedge.exe 85 PID 1472 wrote to memory of 4920 1472 msedge.exe 85 PID 1472 wrote to memory of 4920 1472 msedge.exe 85 PID 1472 wrote to memory of 4920 1472 msedge.exe 85 PID 1472 wrote to memory of 4920 1472 msedge.exe 85 PID 1472 wrote to memory of 4920 1472 msedge.exe 85 PID 1472 wrote to memory of 4920 1472 msedge.exe 85 PID 1472 wrote to memory of 4920 1472 msedge.exe 85 PID 1472 wrote to memory of 4920 1472 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\64ad8ca096cacfdd5c4a3a6ca49a7a72_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1472 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe986b46f8,0x7ffe986b4708,0x7ffe986b47182⤵PID:2536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3350454199928431525,1639143380109204273,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2384 /prefetch:22⤵PID:332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,3350454199928431525,1639143380109204273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,3350454199928431525,1639143380109204273,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:82⤵PID:4920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3350454199928431525,1639143380109204273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:3124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3350454199928431525,1639143380109204273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:1448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3350454199928431525,1639143380109204273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:12⤵PID:4956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3350454199928431525,1639143380109204273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:12⤵PID:3536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3350454199928431525,1639143380109204273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3350454199928431525,1639143380109204273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:12⤵PID:3884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3350454199928431525,1639143380109204273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵PID:3360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3350454199928431525,1639143380109204273,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:12⤵PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3350454199928431525,1639143380109204273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4160 /prefetch:82⤵PID:4656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3350454199928431525,1639143380109204273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4160 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3350454199928431525,1639143380109204273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:12⤵PID:2864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3350454199928431525,1639143380109204273,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵PID:2788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3350454199928431525,1639143380109204273,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:6108
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1616
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1196
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3412
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize360B
MD5d3cd177b469c925d306c5ad8b961ea78
SHA11e7959cf55cbdbbf9556df303078b53164f6db3c
SHA256dce0864ac13b3ec2ba6723b4db91d96f89c7fd099a295d049c3e120d1b788038
SHA512a113c286e9b315e5f52d9d8a238490d9d413b308d0af593caf9a66c92a9c46b25e93412b97b59126298a80dc9af69328d1059fdf011b3ba2e548aa6c6f199f35
-
Filesize
2KB
MD5f7569518b48baa962500030cd20af2ae
SHA185e8c545ee3a64533419df400cbbd9773ab83501
SHA25624842dab098fa69e856e0668b30c633526ad44cd28916729581f3cb7062e5a36
SHA512a33bd54eab71682e0c1a23e04f7e4fff109d35ec3e3a3b642a03abe31e19d39b9bc28ef82db0d9ce4120528a506655f56d77e61fa3b5d7639742865d77b36a88
-
Filesize
2KB
MD58c1ed5fc30ebb90880ca6de833b9f47a
SHA1d3e9d4ce25c38de463270e0ebf539eb489934734
SHA256deee1a6db110ed1b709a507c492ba986bac7b7820ca14efebb3c59db00733c1e
SHA512c86a66450928e831c60ad933b841a94c4caffcdc43c56f187c22b758bb049a0a9521b7d9ab0d12d86492bff489de7d95cf38b2099318c239f63cd1e3ec64c8a1
-
Filesize
5KB
MD51de56bd0e7536b763b0e13c7c8805a3a
SHA1ec71e175bc67d72b5b374beefe71d6fc5b7ffc29
SHA25622189f7d9499fa21cc52d53b523b3381a241cf8282da1949851b5f522034f98f
SHA5123332d1629ef175f975bdb63208ab3186ce1a8747af6544fc7f9c78d9e21cfe98235f071c76d0fa0edc84ea38780ea9ecc9d748f8c7bff4a5347853f8efce52a9
-
Filesize
7KB
MD553870342dac77afe7d89ea7c0d676c25
SHA13843b1314648129f2e0059621e6bf715da4dceba
SHA256815f34868d66159479fba18184a30d5f1d6246c2a7b14a8d685e4ef8d5b9f08f
SHA512db373422ee6c2f24343112c42e21747559a6848e566e9cb8502478a05121248bfc4e371aef825c6e47a9fddf042d6435b70ad80cd8fca5dfc35b2bdac02ca6bd
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5622d2fdfdf650a6ef284ead1f4a770d9
SHA1be64aece8f5d67697e2919fab74ddf2192335bc3
SHA25659ec7bf954b25d7e8132f25b4a09c87c06d92dc0522fc7f622e6f33458092f97
SHA512964d3fc38dd3db2ab84c11b8d8963a15c84e09ebc9025a8a97d0f4eb3d79f74bcf4d8dd66775f14db615b4cf4540614251a4b1fd4d0087af28f77507015b1c05