Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 07:45
Static task
static1
Behavioral task
behavioral1
Sample
7ffc757222974a80cad092bfac8af168_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7ffc757222974a80cad092bfac8af168_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7ffc757222974a80cad092bfac8af168_JaffaCakes118.html
-
Size
175KB
-
MD5
7ffc757222974a80cad092bfac8af168
-
SHA1
4c559838d262309c4a952ab998afe2cadfbbc0b5
-
SHA256
814c72dd25d78bbfe15c86eb6f4ea581284005ad21a411db2b8851e980c00e21
-
SHA512
f87f5b65a8e100062b1338353bade6ec9ab7c9ffc6673b524f3e70f1b774da08958856a1b6551f864d3a76a5fa90b6cf7bc2ce36a2c552ea03d14b00bfe193ad
-
SSDEEP
1536:Sqtz8hd8Wu8pI8Cd8hd8dQg0H//3oS3lGNkF4YfBCJis/+aeTH+WK/Lf1/hmnVSV:SOoT3l/FdBCJirm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4204 msedge.exe 4204 msedge.exe 920 msedge.exe 920 msedge.exe 4644 identity_helper.exe 4644 identity_helper.exe 2356 msedge.exe 2356 msedge.exe 2356 msedge.exe 2356 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 920 wrote to memory of 4628 920 msedge.exe 82 PID 920 wrote to memory of 4628 920 msedge.exe 82 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 1676 920 msedge.exe 83 PID 920 wrote to memory of 4204 920 msedge.exe 84 PID 920 wrote to memory of 4204 920 msedge.exe 84 PID 920 wrote to memory of 3544 920 msedge.exe 85 PID 920 wrote to memory of 3544 920 msedge.exe 85 PID 920 wrote to memory of 3544 920 msedge.exe 85 PID 920 wrote to memory of 3544 920 msedge.exe 85 PID 920 wrote to memory of 3544 920 msedge.exe 85 PID 920 wrote to memory of 3544 920 msedge.exe 85 PID 920 wrote to memory of 3544 920 msedge.exe 85 PID 920 wrote to memory of 3544 920 msedge.exe 85 PID 920 wrote to memory of 3544 920 msedge.exe 85 PID 920 wrote to memory of 3544 920 msedge.exe 85 PID 920 wrote to memory of 3544 920 msedge.exe 85 PID 920 wrote to memory of 3544 920 msedge.exe 85 PID 920 wrote to memory of 3544 920 msedge.exe 85 PID 920 wrote to memory of 3544 920 msedge.exe 85 PID 920 wrote to memory of 3544 920 msedge.exe 85 PID 920 wrote to memory of 3544 920 msedge.exe 85 PID 920 wrote to memory of 3544 920 msedge.exe 85 PID 920 wrote to memory of 3544 920 msedge.exe 85 PID 920 wrote to memory of 3544 920 msedge.exe 85 PID 920 wrote to memory of 3544 920 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7ffc757222974a80cad092bfac8af168_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:920 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9903a46f8,0x7ff9903a4708,0x7ff9903a47182⤵PID:4628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,17394423260992999238,7616750119265172375,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:22⤵PID:1676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,17394423260992999238,7616750119265172375,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,17394423260992999238,7616750119265172375,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:82⤵PID:3544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17394423260992999238,7616750119265172375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17394423260992999238,7616750119265172375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:1404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17394423260992999238,7616750119265172375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:4192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17394423260992999238,7616750119265172375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:12⤵PID:548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17394423260992999238,7616750119265172375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:4704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17394423260992999238,7616750119265172375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵PID:408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,17394423260992999238,7616750119265172375,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:82⤵PID:4900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,17394423260992999238,7616750119265172375,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17394423260992999238,7616750119265172375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵PID:632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17394423260992999238,7616750119265172375,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:12⤵PID:1496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17394423260992999238,7616750119265172375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:12⤵PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17394423260992999238,7616750119265172375,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:12⤵PID:1584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,17394423260992999238,7616750119265172375,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2356
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3436
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1436
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4652
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize336B
MD527896b69a1ddaa4cdec016a79a4a1c27
SHA1532410430d492ed4f01946d51380f6966ff69e4f
SHA25661136326c9fc4fcfc6111ac5a819aa3a9bc2ece5df7f0bfb7d53301585014aaf
SHA512cc8c371ce221666350dde5c20ae69b7dcf5670d057ee273d4872b5551c970b7a32e58189b3886a3741e0b17451a0a83e34dab2a119ce1e65e7b6b00bbc9bd2a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
Filesize72B
MD54ad310de26007b98cc9314d5e52da018
SHA1e086fbdb50ba2a7d2ebd71be5690bd189bc50c14
SHA256eb53a79b481857a46fb7a1f4aaec6c3ec6bbaf2a7a4e542c4a3f7a87ac8541ac
SHA5126da98a658cb3c4cd0f9bcd24c2358a1c462be83e5eed3dc306a3102237e7c7851832003056f46cadfbd80ebc57994c46d7322a95ed416426e31ecb21ab57ab7a
-
Filesize
2KB
MD5663c36c5418a44a87e71f733d05af539
SHA1ce8cc7002dfcf4b6e62e11d5247bcb14de499c50
SHA2562a0a70750f2f5216a9849a5db67776ccf46ef8ed9cf394f8ea5ba1808acd91c8
SHA512d0fd0c57a4ed9a76bd2f7d74c2ee0c7da843eb1f6837b227c29df1ad982a7ff96fdd58354c08132994a34cfe4373fdf4f13f1aa4dbc41937e0f4015e5dfd5c19
-
Filesize
2KB
MD5af8ed894fc2f9ba5447aece05062ede3
SHA158482709b3006f1b10908b20a20c4608931df414
SHA256bfb34d1bb6152a5b70dadc8d840d04e5217afa3ff6103f0923f2f210b2eeb64c
SHA512671e4ef3fa3b462e629e9f14d64905a36de1391afe4c65d778a4867a22581467f548c1aaff1fb4313db9644ed52e98e37d93d74ed5561d085731ecd8faf6bf85
-
Filesize
5KB
MD532ffb3713c81bc26133e1d4f1b36db2d
SHA1aad9c269c7677215543aef1ec68f4cbe7bb5610c
SHA2564ac656abc028da596fcf316053392fb469a39781ff7c32d0e6ee3a428eab6c27
SHA512801241b85ab45a21e019de80e7311d2ff795211d9325a464bbd487bd4cf93fd42f07df7ce1169a247a6ad23984efe85d06174fc85e0aec51d7e2c3effc20e068
-
Filesize
7KB
MD590929ac762c9c628e4de3836c473fdbe
SHA1b90310dade6d448bba52cc4559f52c9756c590f2
SHA25614d272d46836a020699cede8cb81420e1403abf65d9cd3957c934ac7760b1210
SHA5124d54dadcef5b46fc79f045ab64e0423ca9be1dca84abe823e45b66b6645d9439075a659568b14e8e23cf2dac385eca5d8a4e58273d9ea8e2c9b6a43a54c0d7e5
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a448c6e450cd06a4fdab86eb5019dfc1
SHA1c41b49b42988a9c53ec1a6edb6c5b610841a1a39
SHA256a32d0225923eab846d253db6bf7a1a4ddcb04600e64718a6f2f821361cf74131
SHA51288a9cd3ca319e8b5dcd365b3a5f221a240a2775f0415c73718ffa2934aa6861d7afefd8dcdf02a8576719aa1fe00289c61e793c2d3912d1c00da5178629f63c1