Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01/06/2024, 18:25
Static task
static1
Behavioral task
behavioral1
Sample
8b5b19641036be2585bab7fba94bd131_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8b5b19641036be2585bab7fba94bd131_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8b5b19641036be2585bab7fba94bd131_JaffaCakes118.html
-
Size
50KB
-
MD5
8b5b19641036be2585bab7fba94bd131
-
SHA1
82344ddf1d48560651008716a6841ceba27d7e2d
-
SHA256
e4ad54b72b7cd9dde257f458030d8106764a2db0a44872077c3a71ea02db4a6c
-
SHA512
f16e882a8870f03f53e84c82665ec32168e69c3ea4464370da59b0f2e16e7b49b7c62723bd91a4bc83b993bf517137107e64a13c1d1085cd8db79a2753ea3de0
-
SSDEEP
768:eX8Jrpje0DnLmCQHNeTCINdFRYp1ZsDkDCoYNyL+qD4FE0B3obddD7L0:eipje0tIqdFRYNCjc0B3obdW
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 764 msedge.exe 764 msedge.exe 4828 msedge.exe 4828 msedge.exe 5040 identity_helper.exe 5040 identity_helper.exe 5316 msedge.exe 5316 msedge.exe 5316 msedge.exe 5316 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4828 wrote to memory of 2368 4828 msedge.exe 83 PID 4828 wrote to memory of 2368 4828 msedge.exe 83 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 2568 4828 msedge.exe 84 PID 4828 wrote to memory of 764 4828 msedge.exe 85 PID 4828 wrote to memory of 764 4828 msedge.exe 85 PID 4828 wrote to memory of 1604 4828 msedge.exe 86 PID 4828 wrote to memory of 1604 4828 msedge.exe 86 PID 4828 wrote to memory of 1604 4828 msedge.exe 86 PID 4828 wrote to memory of 1604 4828 msedge.exe 86 PID 4828 wrote to memory of 1604 4828 msedge.exe 86 PID 4828 wrote to memory of 1604 4828 msedge.exe 86 PID 4828 wrote to memory of 1604 4828 msedge.exe 86 PID 4828 wrote to memory of 1604 4828 msedge.exe 86 PID 4828 wrote to memory of 1604 4828 msedge.exe 86 PID 4828 wrote to memory of 1604 4828 msedge.exe 86 PID 4828 wrote to memory of 1604 4828 msedge.exe 86 PID 4828 wrote to memory of 1604 4828 msedge.exe 86 PID 4828 wrote to memory of 1604 4828 msedge.exe 86 PID 4828 wrote to memory of 1604 4828 msedge.exe 86 PID 4828 wrote to memory of 1604 4828 msedge.exe 86 PID 4828 wrote to memory of 1604 4828 msedge.exe 86 PID 4828 wrote to memory of 1604 4828 msedge.exe 86 PID 4828 wrote to memory of 1604 4828 msedge.exe 86 PID 4828 wrote to memory of 1604 4828 msedge.exe 86 PID 4828 wrote to memory of 1604 4828 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b5b19641036be2585bab7fba94bd131_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4828 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa94c146f8,0x7ffa94c14708,0x7ffa94c147182⤵PID:2368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6084989110964383413,9188515788108586806,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:2568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,6084989110964383413,9188515788108586806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,6084989110964383413,9188515788108586806,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2480 /prefetch:82⤵PID:1604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6084989110964383413,9188515788108586806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:1692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6084989110964383413,9188515788108586806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6084989110964383413,9188515788108586806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:12⤵PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6084989110964383413,9188515788108586806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:12⤵PID:3656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6084989110964383413,9188515788108586806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵PID:3324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6084989110964383413,9188515788108586806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 /prefetch:82⤵PID:1196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6084989110964383413,9188515788108586806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6084989110964383413,9188515788108586806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:12⤵PID:2436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6084989110964383413,9188515788108586806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:12⤵PID:5092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6084989110964383413,9188515788108586806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:12⤵PID:920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6084989110964383413,9188515788108586806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:12⤵PID:1736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6084989110964383413,9188515788108586806,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5164 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5316
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5088
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2344
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
44KB
MD523536ccfe05b737ae639fe63ee4cc435
SHA16d2e9822835dc3e6117a4d2addfc8f241fbdbc82
SHA2566ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce
SHA512f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD53b106e2da8a702922f87705709d39eca
SHA11c49db21584bcf3ce6dde8fa42a8c7b5c1bd94a4
SHA256a2ec080e497cde558df7a1a63bfe589edc3c7143f138c65227b61e4ded5ee371
SHA512021a30d17da7dab18adb462a1f18ab8315b4383ef711f03167c74e72faf3dc55c5e61e0cf80dcfc23151944c219e75bd4e85727242deda392feadf2bb45688c9
-
Filesize
2KB
MD523f7f182816fb8ab19a35b291e349978
SHA14cf3b127203f450509a82d4668173770c8c66b76
SHA256e684960fad8f82e159c842aa5f435f4c658eff0c270bb5beacebd775e4974ded
SHA51291568e7853284be1b07b6ef16bc46e16d6315eb17e7b42d8e6ca5b23e1eae774d648f47a6fd317db6a8fb54fa4e71ddfb158a02506aa4887ec597683759c234d
-
Filesize
2KB
MD59c67982d266c404b11e71b1478c79651
SHA1f47c82a820effa78a152611dbe23ab23906972dd
SHA256bcc2477876a0c6f52bfe2247710d121c15c9d12c7ed8fe28bea333f3e2eea6ca
SHA512baf4d8d05e2b402569a935fd624247c6be6d14bcbc48ccd2bd0adfc9646e2a9385238fccd41a785d5d94f0a70f408e2c877af8ecb037e14e38f9bc46b40e8906
-
Filesize
5KB
MD579ed46d44c9863e0d660c4581717764c
SHA18605c38364f03060014af3e59f979bdc2950e796
SHA2561c76406ce232e1778dba883fe0165ae437ddc0932d174087eb73d4e4d2694251
SHA51274ea6d253780fcc99c79c5a3bd2502e2c1c99e965c14b0c12b4a61de4f3b337aaf638fe3043159bd9aa8366e94219e2bd84096980c91810607063e067f11231c
-
Filesize
6KB
MD564c3743832b1de1c53aa82a5e1e86f5f
SHA12c1ef7835cd42b297a062bf94c7bcacefa4c4a8b
SHA256c8d319de1699a13baf15571b71af9f018a8c104bc933be39c3c8110a2da4341e
SHA512f3d21c159105ddc78867f22db33e77d075585c3fba04532888b6f9f6729782cf9330066c059182de1e5dfccbad540bdc2f4f89a05304440d53c4a788782f6c3d
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD52e59e2677ba8dbe79d218ea5acb3c5a4
SHA14f492c3eeee0c3464fd841a75347793b452287b1
SHA2567c60748c47df4246ef86115e5fb8b4d3c602b756302178459cc8f0c2974be9bf
SHA51271bcd2b55964655c8f242ede1c239a6eb479931d352fba7efd1ae0a17159982baa6c64d130ebbb7aaaac7358b0afe51f0d191b32f5b01eefc26e29d038f5ef8c