Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 07:45
Static task
static1
Behavioral task
behavioral1
Sample
90fee0823b3622a8e97993e50695a67d_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
90fee0823b3622a8e97993e50695a67d_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
90fee0823b3622a8e97993e50695a67d_JaffaCakes118.html
-
Size
20KB
-
MD5
90fee0823b3622a8e97993e50695a67d
-
SHA1
411eba883cc76482db7481e4d0b54a6131a62d8e
-
SHA256
7c786998dea9d5ddcf250a24c9b0aba1355c6211031664923fc12945c3d03169
-
SHA512
e9ec9d6f7434afaa9181bd3f1e3458ba407d280849d876c98ce18e4fdba2592aaa5cbdf6176a40baeb30777a6cd82801c917f2bd1767e1d8f37041c00c33e105
-
SSDEEP
384:SxAcV0irovqCUdRKaqtGwnmVkRRa12/IBR0SAsx:Sx7VfsvqCbXtfmVt0SAsx
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3032 msedge.exe 3032 msedge.exe 4980 msedge.exe 4980 msedge.exe 3468 identity_helper.exe 3468 identity_helper.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe 2836 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4980 wrote to memory of 5028 4980 msedge.exe 83 PID 4980 wrote to memory of 5028 4980 msedge.exe 83 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3004 4980 msedge.exe 84 PID 4980 wrote to memory of 3032 4980 msedge.exe 85 PID 4980 wrote to memory of 3032 4980 msedge.exe 85 PID 4980 wrote to memory of 1592 4980 msedge.exe 86 PID 4980 wrote to memory of 1592 4980 msedge.exe 86 PID 4980 wrote to memory of 1592 4980 msedge.exe 86 PID 4980 wrote to memory of 1592 4980 msedge.exe 86 PID 4980 wrote to memory of 1592 4980 msedge.exe 86 PID 4980 wrote to memory of 1592 4980 msedge.exe 86 PID 4980 wrote to memory of 1592 4980 msedge.exe 86 PID 4980 wrote to memory of 1592 4980 msedge.exe 86 PID 4980 wrote to memory of 1592 4980 msedge.exe 86 PID 4980 wrote to memory of 1592 4980 msedge.exe 86 PID 4980 wrote to memory of 1592 4980 msedge.exe 86 PID 4980 wrote to memory of 1592 4980 msedge.exe 86 PID 4980 wrote to memory of 1592 4980 msedge.exe 86 PID 4980 wrote to memory of 1592 4980 msedge.exe 86 PID 4980 wrote to memory of 1592 4980 msedge.exe 86 PID 4980 wrote to memory of 1592 4980 msedge.exe 86 PID 4980 wrote to memory of 1592 4980 msedge.exe 86 PID 4980 wrote to memory of 1592 4980 msedge.exe 86 PID 4980 wrote to memory of 1592 4980 msedge.exe 86 PID 4980 wrote to memory of 1592 4980 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\90fee0823b3622a8e97993e50695a67d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4980 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb166d46f8,0x7ffb166d4708,0x7ffb166d47182⤵PID:5028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:3004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:82⤵PID:1592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:2028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:1720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:12⤵PID:4968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:82⤵PID:216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:12⤵PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:12⤵PID:3988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:12⤵PID:3872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:12⤵PID:3884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,13158453369290446442,3851669479017054825,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5188 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2836
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4116
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2984
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD56628a100e62db8f9ff3cdf75e816d366
SHA174044e3fcfe8a60445a0da5311d9dc71b1627825
SHA2569a84df5fd1b0ae6cbde45d45340de7860e437467fcf4876a1b2b3ec022b43af1
SHA512817e2c617162e86f7ee627d098d763d67f7335d4ae08cf95672e2dc2b46965cb4395cb385a73e3fee31a4ee6c7913a20b075d57989c53c88442bbf9888cd049a
-
Filesize
183B
MD55c1019a2fbbae64fc4028cb6454df74d
SHA1d20fe68f9ce22bfa8c0b745a9766ece9609b58ea
SHA256ff935fcbc416876bcd99dbdb408a834913432c5a18f17d8586f5301874ac6a75
SHA5129eda61ceb453cf16e4aa8654fc73223f4c1c10fcbcc4459449fb4da3d21b452b7c81ca1a3f1a633c18d21894c3e902ea1ed1ab27a4ce2583c28b5ad0562ff48f
-
Filesize
6KB
MD557eb9f09e387676f135e5ceee83676d9
SHA1ce39ee447a068b44d0c121a5c72f026688fd14fd
SHA256d99b80373ac88d74e22e5e325824e7ccbd3848e3f43a27434ba354b8b9bc1e67
SHA512a098504745aadf645d29fc4a904d75f9ce519aa4aabc083149ee6f6ad8d4ba0017aaab22e0c436f331ab36a2356be3d08842f29e005eb762183208c0dc173b63
-
Filesize
5KB
MD58b6d6915c43cd94d8b6f7326dff6b817
SHA1aeb627b7c1d1a7eb3dd8648e79fc0fc31f750691
SHA256e8d637bb02ad32110e0370e1a14018115278bd2cfc8464648b9e1305dda53330
SHA512a69dd24f504d5c2a0ae0970197e87a6f904574129af0eefc4514e9390f2b18d82b8c4bb5bdba42c8a9259d3048dbd84d30cd8fdabc2266f7633c2fe5cfe15a9e
-
Filesize
6KB
MD5b2fd0cbbc8ed5c8be3aca3a9a0d58a77
SHA1177a74cbb32cc23b26475c37174bf08fded9bbb8
SHA2563d53fe204bde7186017174a9e6f7268a7a14cceea610e6aee5ced5831177a480
SHA512ccabd8066ed6c555faafdcb7d249aef65d87dc508457de61931adfe5700dd1146fe8fc6836392f20147b820bf24af9a7c59b7627edf840a230237702ad75cd5f
-
Filesize
537B
MD520dfabf5c9337edd2d9f25339da81dfb
SHA14d2849398c3048edb2ba990c5d73e7b117d280d6
SHA256b5e30500c9c83e7b8cd0c0955c1e3afa7f98ace0cf61cd53573c7a396ce925b0
SHA5129e66ca77b6a45c887f2e0a5e40cd7de34d1e104206883bfbea68296936ec9bb0b0fbb2b05d84586dbe7677445ffc19a0e2e65a22c5e14641f65d37ca9403399c
-
Filesize
537B
MD5ab14b0f292711e4a9c93b75b2ed77871
SHA1657ab65fea7467841726bd13e817ab50268dc807
SHA256da70815ca9aa3d449616ffd25813a6116bc2a8edd5dbf6e65e3d442a65360dd8
SHA5124b8aa8caa3903694cfb675f4b5fef60cca013e2fcad858edda2353137a3d34c8adfc82054f9f7dc7a5461409af6729d9b6fa9189e920c43df93bd23c4a218c23
-
Filesize
203B
MD58bd3b7f10e5d9ee5bed76aaadadc931b
SHA198a9e816ec6c900fa0ed4ad7cadd537a130b87bf
SHA2562e47036a9f22c343a594d2e858d0f213fe1c6ef54b8c31a265be0016979441cc
SHA512ec21bcafb595ee7ec3af76105fc1f6b3fdfffb05c4bca69c8607c1a3eaecb11d986c2a9423db68d685b8a1f3dd32f6b83331c822e7f8ee3b98df5c116892f2de
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD505abe00ae0ed964dcb3c27a2584cc065
SHA15bc98f604deaa9bca95a6e753aec0bd31d7c3556
SHA2560c0004e1db7626023e50d4131a1be972bb38b99c782d4e3d084f81015085cabd
SHA512a9b70d83b4c779d029999b5f87ee502772d4083795b2cc98656e2447ed72fe2745b1aebf5320b2e9e37afef84429b0b5a686d14316d707ce21aa968b5999e67b