Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 12:11
Static task
static1
Behavioral task
behavioral1
Sample
791bed6a80e78b0fb5b18a392002c71a_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
791bed6a80e78b0fb5b18a392002c71a_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
791bed6a80e78b0fb5b18a392002c71a_JaffaCakes118.html
-
Size
175KB
-
MD5
791bed6a80e78b0fb5b18a392002c71a
-
SHA1
9219ab64f4da80babf613115aeb9d273452f39a6
-
SHA256
cc9ae2e37cfe4158bc48fa4f33499732f10048fb20389e9f79979cb5f68b70ab
-
SHA512
eecde431e42d948972a1f22a60f311eb5f65cb7594baad4d3457a076f260e854dc717eea65e87b5108cee6e4e35f7c4cbb74b0112d4fef7183cf3f44b394b928
-
SSDEEP
1536:Sqt98gd8Wu8pI8Cd8hd8dQgbH//WoS3VGNkF4YfBCJiZw+aeTH+WK/Lf1/hpnVSV:S9CT3V/FdBCJizB
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1036 msedge.exe 1036 msedge.exe 3216 msedge.exe 3216 msedge.exe 640 identity_helper.exe 640 identity_helper.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe 3216 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3216 wrote to memory of 1644 3216 msedge.exe 82 PID 3216 wrote to memory of 1644 3216 msedge.exe 82 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 2132 3216 msedge.exe 83 PID 3216 wrote to memory of 1036 3216 msedge.exe 84 PID 3216 wrote to memory of 1036 3216 msedge.exe 84 PID 3216 wrote to memory of 1952 3216 msedge.exe 85 PID 3216 wrote to memory of 1952 3216 msedge.exe 85 PID 3216 wrote to memory of 1952 3216 msedge.exe 85 PID 3216 wrote to memory of 1952 3216 msedge.exe 85 PID 3216 wrote to memory of 1952 3216 msedge.exe 85 PID 3216 wrote to memory of 1952 3216 msedge.exe 85 PID 3216 wrote to memory of 1952 3216 msedge.exe 85 PID 3216 wrote to memory of 1952 3216 msedge.exe 85 PID 3216 wrote to memory of 1952 3216 msedge.exe 85 PID 3216 wrote to memory of 1952 3216 msedge.exe 85 PID 3216 wrote to memory of 1952 3216 msedge.exe 85 PID 3216 wrote to memory of 1952 3216 msedge.exe 85 PID 3216 wrote to memory of 1952 3216 msedge.exe 85 PID 3216 wrote to memory of 1952 3216 msedge.exe 85 PID 3216 wrote to memory of 1952 3216 msedge.exe 85 PID 3216 wrote to memory of 1952 3216 msedge.exe 85 PID 3216 wrote to memory of 1952 3216 msedge.exe 85 PID 3216 wrote to memory of 1952 3216 msedge.exe 85 PID 3216 wrote to memory of 1952 3216 msedge.exe 85 PID 3216 wrote to memory of 1952 3216 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\791bed6a80e78b0fb5b18a392002c71a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3216 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0fa346f8,0x7ffd0fa34708,0x7ffd0fa347182⤵PID:1644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:22⤵PID:2132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:82⤵PID:1952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:2880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:12⤵PID:3560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:12⤵PID:1252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:12⤵PID:728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:12⤵PID:784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:82⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:12⤵PID:5068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:12⤵PID:1656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:12⤵PID:2360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:12⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,141219942458790638,8142224183687065395,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2744 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3832
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4876
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3152
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3340
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
Filesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize336B
MD51a16586b8f5d6533152619543eca2286
SHA13a67e4e472a34b7df1764ee4d3ec1642c16c95cc
SHA25679ff16f68f0873783580bafdeb1c82611b6cdb336250dd87409111f553e15626
SHA512e15ebb92ed2bf87f56c679c5c6f0c54d8bdb80f4ae596b604fbfe91f56fc1dfccc9a273264f031dcf7ee33d4a25217b587f3efd621e8daf81f70aee6e127cbf7
-
Filesize
2KB
MD5cde96fed4051210580afaa223303a6a1
SHA13c538c820c74e2cd7043b91448ac09699fca8cbc
SHA256bc41a01578a11694f987bf80f1d6b5fe6d026389d65d693ea8bdcce05b713de4
SHA5125fabd6fbc8d49dbebe5a3f9f12a9f00310044e7056ecb049e76f4450d22599ad8f8138d97a2167d14207544d1c9fa165b8be390bbfb46ef8cbea611ec5f4d7c4
-
Filesize
2KB
MD5832a5b46c801f19e78d6f94e18726e81
SHA152318d95be3f13ba65e93b222469df548214bc87
SHA256e673af0f7e7f4ec3aeac9c0d14887a574e06bcc09b1c58270adc6a7c7db63b1a
SHA51281abcc8d9761c152e70e214c01074b6599db8e18f6e1d32227c1c5c6cd56543aa6c3056ba000b3617f9deccc1fbca726a7e63d604d79cf4fa2eb0a176164210c
-
Filesize
5KB
MD5f3439a42ad117e494f2ec1af3b3df5bb
SHA1b4cfba6a1c56660c2a0d62d96e457d223b4c8780
SHA2567f95f53efa7b12ff7c5f3d8fbe4972dccb84698f072b1421a987ef992db34f6f
SHA51270cfc5aadf4c2da54ce77675fe5d27405403fa1ca6a6d4175c64e43ab45e4ad2aad6ef0e2f60d751e9871b9037f1ebbb012dbba9536ee5b0fba522847582a512
-
Filesize
7KB
MD5cfa89bc8d95b2662d53bbfc18a2b9e65
SHA1d87d77e9b2517d2a896c8025b3b131a225c1a5b9
SHA25661fa859dbb40a7c50e055f38dc644e460ab6cab2f9a8e6a26708365a16bc81eb
SHA5124f1ab4d50af195c6d82e1754ed773c9703404e6e7b1b637c1bdca594ab7345cbcad04db7c4e4b2028ac0acab159ac485715018dca492d50424604d8371db1e06
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD50e4dec2568c8bc34201f4840af4ae102
SHA1b721593fe67af83da9df96a156ce11d1f8e488ac
SHA256651d82b3dab22443d9f732eb608929a1b6109e47107dfd3da61d03218482d942
SHA5127b325d3fe434bb51aeead3eebea8a9a4484617a82297eeab23f6712a600f2189b84f91425253d9d6682b529405f5ad842c38bd46e4d79fa6972bd5cc4ee1b199