Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01/06/2024, 20:07
Static task
static1
Behavioral task
behavioral1
Sample
8ba00c2e1b32f56b20384c52cc942106_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
8ba00c2e1b32f56b20384c52cc942106_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8ba00c2e1b32f56b20384c52cc942106_JaffaCakes118.html
-
Size
117KB
-
MD5
8ba00c2e1b32f56b20384c52cc942106
-
SHA1
2c8edb19026c8807eaced823d749a26153209e61
-
SHA256
a52ccc54d631a4e7e8209998b56ddb128f92ee4832ae9003eaa86348f7dd3041
-
SHA512
02324c62233d8930bfa0af7bd95ea2d1c55e221c4dde5a6e4634cdd48041ec4a71c26a803cdbc0f3b70f62a3e76a1c8af428f61ef69061707e9dc87d95390b25
-
SSDEEP
1536:oeORQcr9x23nikxJoKIHIKZlAXDwpZLv0SxEIEXKgxY6I00TkkXghm/V/eIKTEpW:oeORBx2L0HQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 5012 msedge.exe 5012 msedge.exe 5072 msedge.exe 5072 msedge.exe 4600 identity_helper.exe 4600 identity_helper.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5072 wrote to memory of 1780 5072 msedge.exe 83 PID 5072 wrote to memory of 1780 5072 msedge.exe 83 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 3652 5072 msedge.exe 84 PID 5072 wrote to memory of 5012 5072 msedge.exe 85 PID 5072 wrote to memory of 5012 5072 msedge.exe 85 PID 5072 wrote to memory of 2904 5072 msedge.exe 86 PID 5072 wrote to memory of 2904 5072 msedge.exe 86 PID 5072 wrote to memory of 2904 5072 msedge.exe 86 PID 5072 wrote to memory of 2904 5072 msedge.exe 86 PID 5072 wrote to memory of 2904 5072 msedge.exe 86 PID 5072 wrote to memory of 2904 5072 msedge.exe 86 PID 5072 wrote to memory of 2904 5072 msedge.exe 86 PID 5072 wrote to memory of 2904 5072 msedge.exe 86 PID 5072 wrote to memory of 2904 5072 msedge.exe 86 PID 5072 wrote to memory of 2904 5072 msedge.exe 86 PID 5072 wrote to memory of 2904 5072 msedge.exe 86 PID 5072 wrote to memory of 2904 5072 msedge.exe 86 PID 5072 wrote to memory of 2904 5072 msedge.exe 86 PID 5072 wrote to memory of 2904 5072 msedge.exe 86 PID 5072 wrote to memory of 2904 5072 msedge.exe 86 PID 5072 wrote to memory of 2904 5072 msedge.exe 86 PID 5072 wrote to memory of 2904 5072 msedge.exe 86 PID 5072 wrote to memory of 2904 5072 msedge.exe 86 PID 5072 wrote to memory of 2904 5072 msedge.exe 86 PID 5072 wrote to memory of 2904 5072 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8ba00c2e1b32f56b20384c52cc942106_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5072 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea6e846f8,0x7ffea6e84708,0x7ffea6e847182⤵PID:1780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:3652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:82⤵PID:2904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:12⤵PID:680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:12⤵PID:4372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:82⤵PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:12⤵PID:1864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵PID:4960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5056 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1604
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:8
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1748
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
983B
MD542f8529fe545103fdd848980a8647f29
SHA1ca7788c32da1e4b7863a4fb57d00b55ddacbc7f9
SHA256a6cf64dbb4c8d5fd19ce48896068db03b533a8d1336c6256a87d00cbb3def3ea
SHA5121a3994c12d65e9c96b4c4ebcf79e8b291b620177520a7d0482a2b6043dd150a9f2ce1627d130309390e3ac6be98af5f2b50c1993c478976d0c9a9638c46a61bd
-
Filesize
1KB
MD5285ec909c4ab0d2d57f5086b225799aa
SHA1d89e3bd43d5d909b47a18977aa9d5ce36cee184c
SHA25668b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b
SHA5124cf305b95f94c7a9504c53c7f2dc8068e647a326d95976b7f4d80433b2284506fc5e3bb9a80a4e9a9889540bbf92908dd39ee4eb25f2566fe9ab37b4dc9a7c09
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8A4AA6A226E1870F0261713C59F1CB84
Filesize306B
MD55ddba47b2854c2710b86a476f4734a51
SHA1a40731d3351acc42bf96c9745ce568a7db1bf3a8
SHA256add21e8a2b19c7799708557aa7be3402d24861c89bfe0db95aa8f647224a9adf
SHA51204e8b1e678613e0d4ba9a3b9d09f73c8455de5223e3a956e89531b44ff82f5dd0c57bb4448bce5cedcc9581728bb745d3fdc89152672febe97b005e72ebd46f7
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
490B
MD5afe45db9a7e81ee9fc6fdd55b004d1f0
SHA117a76fb57fb230eb8e51bb2d9847b6772eddc0f1
SHA256fdbd8fd1fa40828a8f372c6fcaac7136ad6b67d1bf3c03f1c596b00db2611e2a
SHA512d7501f5d2d9474774a31b73b93260c9dacf1ebad279d7860653fc75c54ebe8a815696ef3b4bf5ac17e1e07040411a4e4c738388f0e81d9d425598e8ad50cded9
-
Filesize
5KB
MD597b233ed6503ddd9d200746e81ddd273
SHA1ea2731e887d2de8740dccb1bf3af3a0c28475ace
SHA256252a5b09a25e7eb2e520470203c073d4ae4e65c0207fbbf139851b6f934ccd9f
SHA512b8a0f428eff16184eec77fef71fd1f3f322e2cb37ad85278f28d7fa7596bef2dbd84d8f1804b33fdc98a2faf01f1e28d689d4918647081e57235779a7d16e99e
-
Filesize
7KB
MD50f8c128e5d8946cea232c7048409b477
SHA1efdc452352a902544febe95f27d0496ff5584ed8
SHA2564c8a529c6c4a0ada9ae17a19a24091dd7c065826790ac1d5eb2fd4cdbca4cfe7
SHA51254ad79f4f10a1b211147791c705be2691132a732cc68313a3b7583af9cc76d75b79a9d4edeb323ec977820bc1671ece31d7d15e099eb1b6d3ccca43513dbefaa
-
Filesize
1KB
MD55472fddc15dc21ec26303a99e36f3393
SHA18f375606af446f12abeceb840353e8ff9af0e7bd
SHA25671bf5e584956e5b59acb9fcab18a5aca1cbfa9fed6b6cafa829ea5afa6810d84
SHA512fe7df0369a9811198ab626c38a6b7fdd43869b8c1401bc02a09077346aaefea7558091d7e60c6adf3dafc638a8d5a4bbd32ce647ffe93e5173cf97bccc07d7a5
-
Filesize
1KB
MD5e9a141eff2921935bf4677dca91c20d2
SHA143c4c6c966a77879d3698cbfc0111198169dff78
SHA256faff5aa8f808b3127a53fb5e3761c5caca2decbcd877e010b9d820b399d202ea
SHA512cbe77992856cea07a11be846e688b8f7437a6ee91a97489c356c032ca7f0f7b5740ad15bfe63eeb75fa6d2938bc8c14729eae7b10b8720eaca835fa01d0796e5
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD52324b954747c9c296b8505e69c63290d
SHA1bbf18c81b82d011cab5a57628535853a3beaf75e
SHA25607b4a5b4944869f130780df9c193c2f196c3aefba35ee54875f94c91396d68f3
SHA512c5411c184d6b205b5e28bd89e28d1ab713105118e5c6890f568aeec2d66f29729d46017d710f3519e2437bb5c2091ea92c34425f09f6297aa746943158a27b56