Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
31/05/2024, 18:33
Static task
static1
Behavioral task
behavioral1
Sample
87ef727c90897016e5004a1e82cd8853_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
87ef727c90897016e5004a1e82cd8853_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
87ef727c90897016e5004a1e82cd8853_JaffaCakes118.html
-
Size
51KB
-
MD5
87ef727c90897016e5004a1e82cd8853
-
SHA1
3f687b889354eb08856b1cf870eda5e9e352e2ef
-
SHA256
19373ac43aa4044e635ef8889828090740d92a59e60ff58da96d4db0361d10dd
-
SHA512
4e04500ab65570f162d520a7bbe1a8f44bd8050640b5e0f04f736fe39a8ace55f4421cd67b2b8bee52da351069468a81a87e1b2b3934bcc8c0f9c1d02cb68be8
-
SSDEEP
1536:XPkvnjI0pEz+uq5IfJqXudCYqsbKooqAg2xCcq4LhshwqmEmVWWqc993q03wOqrU:cvnBMDc4FtgL8KEhyeJpViimtjw0
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1524 msedge.exe 1524 msedge.exe 2972 msedge.exe 2972 msedge.exe 4764 identity_helper.exe 4764 identity_helper.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe 4496 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe 2972 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2972 wrote to memory of 4576 2972 msedge.exe 82 PID 2972 wrote to memory of 4576 2972 msedge.exe 82 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 588 2972 msedge.exe 83 PID 2972 wrote to memory of 1524 2972 msedge.exe 84 PID 2972 wrote to memory of 1524 2972 msedge.exe 84 PID 2972 wrote to memory of 1676 2972 msedge.exe 85 PID 2972 wrote to memory of 1676 2972 msedge.exe 85 PID 2972 wrote to memory of 1676 2972 msedge.exe 85 PID 2972 wrote to memory of 1676 2972 msedge.exe 85 PID 2972 wrote to memory of 1676 2972 msedge.exe 85 PID 2972 wrote to memory of 1676 2972 msedge.exe 85 PID 2972 wrote to memory of 1676 2972 msedge.exe 85 PID 2972 wrote to memory of 1676 2972 msedge.exe 85 PID 2972 wrote to memory of 1676 2972 msedge.exe 85 PID 2972 wrote to memory of 1676 2972 msedge.exe 85 PID 2972 wrote to memory of 1676 2972 msedge.exe 85 PID 2972 wrote to memory of 1676 2972 msedge.exe 85 PID 2972 wrote to memory of 1676 2972 msedge.exe 85 PID 2972 wrote to memory of 1676 2972 msedge.exe 85 PID 2972 wrote to memory of 1676 2972 msedge.exe 85 PID 2972 wrote to memory of 1676 2972 msedge.exe 85 PID 2972 wrote to memory of 1676 2972 msedge.exe 85 PID 2972 wrote to memory of 1676 2972 msedge.exe 85 PID 2972 wrote to memory of 1676 2972 msedge.exe 85 PID 2972 wrote to memory of 1676 2972 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\87ef727c90897016e5004a1e82cd8853_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2972 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffc074f46f8,0x7ffc074f4708,0x7ffc074f47182⤵PID:4576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10618577200881807361,10185858565055118171,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:22⤵PID:588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,10618577200881807361,10185858565055118171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,10618577200881807361,10185858565055118171,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵PID:1676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10618577200881807361,10185858565055118171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:4948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10618577200881807361,10185858565055118171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:2840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10618577200881807361,10185858565055118171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:12⤵PID:2176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10618577200881807361,10185858565055118171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵PID:4752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10618577200881807361,10185858565055118171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:82⤵PID:332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10618577200881807361,10185858565055118171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10618577200881807361,10185858565055118171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵PID:736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10618577200881807361,10185858565055118171,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:12⤵PID:1564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10618577200881807361,10185858565055118171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:12⤵PID:2832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10618577200881807361,10185858565055118171,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:12⤵PID:3256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10618577200881807361,10185858565055118171,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5576 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4496
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5040
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4916
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5068
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5d7cd478-3124-48b5-934f-fc82102d93bc.tmp
Filesize2KB
MD516de552c447baa5692e03c6e0b987da3
SHA14b81779125bf49b9cf25e3a24e4d048438b037fe
SHA256a8f721ab63d56f25ec744e28ee359a69f409c3ef77f51d0c6b03be0512f61204
SHA512c2978f2744ad081d8f2f9deca093ccf2db465377eaf6ac63f4c88af65187dcc3ad15612eeeb9c095fe4465a9477bedd4fb3f288c11958a094ee2e7dd27b9b48d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD5eef46b9179225e33875cdb5b87737a6e
SHA1bdaee1a5cef2d5bdd72c41e5ead517744357428d
SHA2561907826d58de6106521d93a13c6dc833d4fd62535e793974f2a13648ccdc88ea
SHA512a91157361452d80d730aeaeadc4557150a9969d412e9d9e76ed4236157aa98b56419c62a5722bd8585154fe09968f8f264493fb2ed2f5cdbc286a1b80897f2f5
-
Filesize
2KB
MD58586bb364641adfca80c78d279ebc8db
SHA1b79d14746479e5e92a2904c1a7ecb9f1427d0299
SHA2560d585f5f790c6c3b3b652faaaa307aadd3d07636d619955915adaa23af84acc5
SHA512a1e3a05f3d7595e4ee76343353940f7d233690ab8a8058844d2a4e41f834cc2990b6059c778158349428d6091beebf1a6f0c2609f514fbc13439a719ef40e65d
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD54769512c2cda6d5c357ffa33c5bc7576
SHA1d0c7b275da41cdddb8316b7c89219a3a70b8eb4e
SHA2566c2f17a232111804704d4d802bc8b37cac7d0f443ca62e9b507120885a49877c
SHA512e2a38e242a3ed69b49a80add067c6f962c5d221f3272ee50e31cc36fce8b04c2987b1b4ff587761f1dee1de3a6a36dfc39cbb53b2c18d7aab4b1438439b684ae
-
Filesize
7KB
MD5d2d87543f2f395e40a012528a899d5df
SHA110a1b91bc23ab4aa76ae92a74ce1cb1159a3ddce
SHA256e1120a6d3e62828ca19b2869b2b44892ab12b526f851fb5f5f61baaea433f013
SHA51211d607df822a345e5b2c38069ec99c6f036bfd487c5eb446656978d9a35f0fb037df3bfec94c676fd5aa2ebbbd73466707839443f4575d6c556df9dacba15b76
-
Filesize
6KB
MD53ce7693b82df999fc21b7ce9f2b3bea4
SHA151cc53c12e2635584c5420ea754d63fa802634f5
SHA2562fd9a2a515ca4f80570cb606efb42e1bd6f56f7ea5a4d9ed8fcb2e8f2a893b29
SHA5122606aa5fd6be3494b5e585ce5ee069db0f311c2eb0dab657a07f4ade14644562547a9467ce87cec776fb8dac9b64445122f1ad644eab9dd5c38a765da93583fe
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5f7108ba14a437a6e07b8298d19d239eb
SHA11a39d7bf0ed77a626cea3580b0f06d8bbb999a4d
SHA2562629039312a98d5bedabc7e9c2bcc035c62cf90e1132202269a334062bc7b33f
SHA51209ba15bc7776cc06010af88d39b7bc8f042f3cbe60dad500984f067625958db2834fcb2b417fd68579601392ed3cb7e4204809ed12d67a86076a8fc129568797