Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 00:14
Static task
static1
Behavioral task
behavioral1
Sample
691a9b558789dc0a3e0135bba18e5d07_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
691a9b558789dc0a3e0135bba18e5d07_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
691a9b558789dc0a3e0135bba18e5d07_JaffaCakes118.html
-
Size
19KB
-
MD5
691a9b558789dc0a3e0135bba18e5d07
-
SHA1
111937730ad26f730a50d77d8ae3df451e9e80de
-
SHA256
6df82f03e602666b08e630b137411205b98cddfd3b4ad71f1af0f8c0a07515aa
-
SHA512
ba1f4e71453d420c016d52311251c778c100b31645396b30ac10fd475e2c5711b8d8ed838f4f217a8142060ef2084c94989b05fa77734672ad17f9a469e59aee
-
SSDEEP
384:S68KRSn6sjSvyFDf/zqrFXgO630TTG1DLIi1V3jquXjSh9FdWuWAsR:S68KEnTBD3zO9r63ljqIjaFUuWbR
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2096 msedge.exe 2096 msedge.exe 228 msedge.exe 228 msedge.exe 2268 identity_helper.exe 2268 identity_helper.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
Processes:
msedge.exepid process 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe 228 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 228 wrote to memory of 4556 228 msedge.exe msedge.exe PID 228 wrote to memory of 4556 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 3040 228 msedge.exe msedge.exe PID 228 wrote to memory of 2096 228 msedge.exe msedge.exe PID 228 wrote to memory of 2096 228 msedge.exe msedge.exe PID 228 wrote to memory of 808 228 msedge.exe msedge.exe PID 228 wrote to memory of 808 228 msedge.exe msedge.exe PID 228 wrote to memory of 808 228 msedge.exe msedge.exe PID 228 wrote to memory of 808 228 msedge.exe msedge.exe PID 228 wrote to memory of 808 228 msedge.exe msedge.exe PID 228 wrote to memory of 808 228 msedge.exe msedge.exe PID 228 wrote to memory of 808 228 msedge.exe msedge.exe PID 228 wrote to memory of 808 228 msedge.exe msedge.exe PID 228 wrote to memory of 808 228 msedge.exe msedge.exe PID 228 wrote to memory of 808 228 msedge.exe msedge.exe PID 228 wrote to memory of 808 228 msedge.exe msedge.exe PID 228 wrote to memory of 808 228 msedge.exe msedge.exe PID 228 wrote to memory of 808 228 msedge.exe msedge.exe PID 228 wrote to memory of 808 228 msedge.exe msedge.exe PID 228 wrote to memory of 808 228 msedge.exe msedge.exe PID 228 wrote to memory of 808 228 msedge.exe msedge.exe PID 228 wrote to memory of 808 228 msedge.exe msedge.exe PID 228 wrote to memory of 808 228 msedge.exe msedge.exe PID 228 wrote to memory of 808 228 msedge.exe msedge.exe PID 228 wrote to memory of 808 228 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\691a9b558789dc0a3e0135bba18e5d07_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b7db46f8,0x7ff9b7db4708,0x7ff9b7db47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1156630642158984245,13245569993706390583,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,1156630642158984245,13245569993706390583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,1156630642158984245,13245569993706390583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1156630642158984245,13245569993706390583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1156630642158984245,13245569993706390583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1156630642158984245,13245569993706390583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1156630642158984245,13245569993706390583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,1156630642158984245,13245569993706390583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,1156630642158984245,13245569993706390583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1156630642158984245,13245569993706390583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1156630642158984245,13245569993706390583,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1156630642158984245,13245569993706390583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1156630642158984245,13245569993706390583,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1156630642158984245,13245569993706390583,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1944 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
216B
MD51a694618e8e26dfbf527bd9ab0616ce7
SHA107a85c11748ca6e64ca914bbf82dc82a135e7afe
SHA25614821188a167b306ce9c353d6929c7afbcd1ca054fa84b5dad08c97d3fe4aa2f
SHA512bd670bb744d0284ef8225d66d410fd07c608d2be1d419150df12eb668029f093cdb9d2b23278ade4ab5b96a209495aa245307f246535f2144d2b1ed2e96c532b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD527c92f02ca890ae834ff8775ed645ee1
SHA1f4f85efc9b2a1fcc21b87104eb8b1d0f03460255
SHA2568f24f1860fe301b6822f9927c6d13803eed573d7ad4250a14fbb6fe36808eba6
SHA512aff8918a8dddfa203bb6f3f232e1d7dab713807715e75e61b35d9c26420df99d5587780a247e0820cb4265ebbd98de15577e6f52cc8c57e9525dad01f31972df
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5cb4cd43059eaa4a918fbda9f6ef9ef36
SHA1e084bde8cd4bae8f6117325b7d8dc3b97520e669
SHA256eb337a11419b2cd4fd53c9142a6a781b7fe5fc8a6d26e4cbde47f17020748008
SHA5125cc8a517f3e1f3136b2bbd000da56fa4d714eb1896e986c9c8cf5d553e8d55154c10e8ee700442fe0696906314fb273146230e8f84b8bab9e999a05931790542
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD549c5a330c0e26207a8c3c3adb6052fc4
SHA115d991f4e375911ade734ca961c03c3a60b9c1fe
SHA25674b1d337e00e9d56856329c098363763a1ccc25b8662abd55c7f1ff9a8dd1ba4
SHA512c1e08fe4c987c1737352431cc281006494e59cc18660c9c0d7b0f656e53a6698d76a003ac0c3f05f2b3bb0627b7a0a296ffdf5fd2516954cf33e797a5509785b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5a918e1f0b32b01baf38e13684be63916
SHA103544900189031b44f74c34e95005e1aecf7ffcc
SHA2566792d3ea3485d08c8728521efe3206ff9ebf7cbd1d67fdd55bca37863587799c
SHA512a6bb538ba48a191015312aef6d96733ae2d08b3055327044e037a8ae3e3dab255b17945ab65664c476979e7fc94017190a0a4c5df414c85257b1a10a48324b58
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD529146ec0db42a6299e406ad268c4efe9
SHA11c45799c7891836184f608a71e0e1be09f19ca89
SHA256834d9562a42c3a7e888294d2b5a5151e9d3c9ca7d9bb26455e6a71f92c290235
SHA512a1d57cf16f1af0192cdba5fe09535a26cf6992baf79a0f4db06a0b5a9801ff7b36c15e6435f3ec31d2fd8f7f27a502920936603df7a49d3e8a1f6f280e63fe0d
-
\??\pipe\LOCAL\crashpad_228_NTAYLOCWCTHMNYTFMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e