Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 19:23
Static task
static1
Behavioral task
behavioral1
Sample
768e99b1fbe86c7cee75d8c0c940c17e_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
768e99b1fbe86c7cee75d8c0c940c17e_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
768e99b1fbe86c7cee75d8c0c940c17e_JaffaCakes118.html
-
Size
151KB
-
MD5
768e99b1fbe86c7cee75d8c0c940c17e
-
SHA1
782a85b9c6bc4ede1c85bded69259cc4bd4bc527
-
SHA256
f321de1b3384fadba758fcd48fc2da0e6882dad405ae417b1d0fa71ed3178743
-
SHA512
040e5192d0931119503370c919dd3a63d87bf3f31b1a16f90625b266749d31c04245a5f92e0402d6245fc45773fe575e353265e61b3b7a3a80a95c2deed7b6bf
-
SSDEEP
1536:l4a6zF6eE/TwO/cVjRwzgS+k8KsvyjQr6BNhbxsLlqdisHyoHvSZvJlJEula:lB+wzgdKSyjQOrhbxVivRnEula
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3752 msedge.exe 3752 msedge.exe 1572 msedge.exe 1572 msedge.exe 2400 identity_helper.exe 2400 identity_helper.exe 612 msedge.exe 612 msedge.exe 612 msedge.exe 612 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1572 wrote to memory of 2020 1572 msedge.exe 84 PID 1572 wrote to memory of 2020 1572 msedge.exe 84 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3572 1572 msedge.exe 85 PID 1572 wrote to memory of 3752 1572 msedge.exe 86 PID 1572 wrote to memory of 3752 1572 msedge.exe 86 PID 1572 wrote to memory of 3820 1572 msedge.exe 87 PID 1572 wrote to memory of 3820 1572 msedge.exe 87 PID 1572 wrote to memory of 3820 1572 msedge.exe 87 PID 1572 wrote to memory of 3820 1572 msedge.exe 87 PID 1572 wrote to memory of 3820 1572 msedge.exe 87 PID 1572 wrote to memory of 3820 1572 msedge.exe 87 PID 1572 wrote to memory of 3820 1572 msedge.exe 87 PID 1572 wrote to memory of 3820 1572 msedge.exe 87 PID 1572 wrote to memory of 3820 1572 msedge.exe 87 PID 1572 wrote to memory of 3820 1572 msedge.exe 87 PID 1572 wrote to memory of 3820 1572 msedge.exe 87 PID 1572 wrote to memory of 3820 1572 msedge.exe 87 PID 1572 wrote to memory of 3820 1572 msedge.exe 87 PID 1572 wrote to memory of 3820 1572 msedge.exe 87 PID 1572 wrote to memory of 3820 1572 msedge.exe 87 PID 1572 wrote to memory of 3820 1572 msedge.exe 87 PID 1572 wrote to memory of 3820 1572 msedge.exe 87 PID 1572 wrote to memory of 3820 1572 msedge.exe 87 PID 1572 wrote to memory of 3820 1572 msedge.exe 87 PID 1572 wrote to memory of 3820 1572 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\768e99b1fbe86c7cee75d8c0c940c17e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1572 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5e5c46f8,0x7ffd5e5c4708,0x7ffd5e5c47182⤵PID:2020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,14119074345200347187,8515847675196501908,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:3572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,14119074345200347187,8515847675196501908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,14119074345200347187,8515847675196501908,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:3820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14119074345200347187,8515847675196501908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:1340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14119074345200347187,8515847675196501908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵PID:4824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14119074345200347187,8515847675196501908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:12⤵PID:1232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14119074345200347187,8515847675196501908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:12⤵PID:2632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14119074345200347187,8515847675196501908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵PID:3704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14119074345200347187,8515847675196501908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵PID:4252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,14119074345200347187,8515847675196501908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 /prefetch:82⤵PID:3596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,14119074345200347187,8515847675196501908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14119074345200347187,8515847675196501908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:12⤵PID:2316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14119074345200347187,8515847675196501908,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:12⤵PID:3772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14119074345200347187,8515847675196501908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:12⤵PID:1800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14119074345200347187,8515847675196501908,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,14119074345200347187,8515847675196501908,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:612
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4680
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4696
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
Filesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD51e606ded82edd8f4405f3856c1b24564
SHA1b09a30408f5b46484b341e484317f90fdfcf8bab
SHA2560ad4888386394beb29a110d0c5c862cf38db979e91f68cd20067bf8550641d99
SHA5129b3023e55cd5f7a350168dbb7e2de470ca175a8c1b32b6c53cab61c97c202b3386505d1b1b9e6efd9fcbedd2e13f7a1504ea883799eae4bc15a9aeb566ae9e1f
-
Filesize
1KB
MD541e3c33f32c5cb9880d3b9455b8a8e1f
SHA1a53fcb54817a942aef6d1d137e82c1329ccb9603
SHA256af2cc2c80975e353d45297a38cebc4ab5b0fd937850b60b6fdc08a80a068db25
SHA5124be7b6d940ec54954dd21a571fce5b65b3783981dfa118eac9a74271e08780d4f036a6f2aec41c7b054f3f71b6f01f924a400782490d18825106b4a39ffcd841
-
Filesize
6KB
MD5fc01baef174122d40786d8918f4444cd
SHA1816ba920c044d1d57164651d4c304d543e30f7dc
SHA2561aa443181e8a4f9390634001291498b49230c8259498b17f0406564dae10b6a7
SHA512a6a7f0c28d7ae26d62083e05749241cbee765ba813610bee6a996775fd5ee43d243d0fcbcba5ad02aff444f0ad98a5ba40ee9ac4e2412c030da49de96cdaffc0
-
Filesize
6KB
MD59a880742e18c3cc4b6c2069d9414a62c
SHA1022a9fed57902afbcb5e512435d004107ceede2d
SHA256365367226a982b40eed13679b6d182123f48c0da4bdffbc2d1d29e82a64bfb1d
SHA5128dd6aab3aafd5b1ac567e038deccf1d219b127e8e510f25ff15e791d373ded69673375c77a66402eae0f66b81a032b36823716fafae7dc699323d0c1aca148ca
-
Filesize
6KB
MD5a3fd4d1ee846cd84b158c8b924b09d71
SHA18ca108f8e3ab6da01eccb630aa689530d7383581
SHA256a117cd47dbacbda38b78a5eaefcd9cd72b12be1c563aabb937a449533ce18b5c
SHA51207de7d6089e89b6c9281a060e509115df44f86e1c3cb2d227f9c19195b3c17eb721d2d965da6f82ad073192c6eb246ffeb739e92bfb3c65c522a960a781d03f8
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD547373dc6412328ca3d324ab4c9bbc25e
SHA1578d792857231625ab49f1801e32a32cde51704f
SHA256f66785a8e0f0b5d506364789c47502fb81eedd7466c8b22af2583d06b923f5dc
SHA5124ce24fa56a64f85c55ae95854689c27a42e4f5c27c5a8e76eacbe6a14da678c5a46032cc600a254a655f793566a5e8021f8c770c85c0537c4fe4f20b9829fd94