Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 10:37
Static task
static1
Behavioral task
behavioral1
Sample
91786440413c414f08b83e5f8fe467dc_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
91786440413c414f08b83e5f8fe467dc_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
91786440413c414f08b83e5f8fe467dc_JaffaCakes118.html
-
Size
175KB
-
MD5
91786440413c414f08b83e5f8fe467dc
-
SHA1
5a2898b3f04e5f9590ac2fa0825fb75a154bd4fd
-
SHA256
61ca18dd75d7e5a3db62b598ed89cfff4673f0af77a9326e72d504dcb57800ea
-
SHA512
86b4d717ff73537222d39751a4c7bec67e90ac3c8e163ca3bba0ec8d6a960d79abf8e40b1e6edb09008dedaf345425ce6ce35ffec9df29ee9dca007aadffa5b1
-
SSDEEP
1536:SqtH8gd8Wu8pI8Cd8hd8dQgbH//WoS3aGNkFUYfBCJiZZ+aeTH+WK/Lf1/hpnVSV:S9CT3a/FBBCJiwB
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4404 msedge.exe 4404 msedge.exe 4556 msedge.exe 4556 msedge.exe 3368 identity_helper.exe 3368 identity_helper.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4556 wrote to memory of 2012 4556 msedge.exe 81 PID 4556 wrote to memory of 2012 4556 msedge.exe 81 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 1160 4556 msedge.exe 82 PID 4556 wrote to memory of 4404 4556 msedge.exe 83 PID 4556 wrote to memory of 4404 4556 msedge.exe 83 PID 4556 wrote to memory of 3136 4556 msedge.exe 84 PID 4556 wrote to memory of 3136 4556 msedge.exe 84 PID 4556 wrote to memory of 3136 4556 msedge.exe 84 PID 4556 wrote to memory of 3136 4556 msedge.exe 84 PID 4556 wrote to memory of 3136 4556 msedge.exe 84 PID 4556 wrote to memory of 3136 4556 msedge.exe 84 PID 4556 wrote to memory of 3136 4556 msedge.exe 84 PID 4556 wrote to memory of 3136 4556 msedge.exe 84 PID 4556 wrote to memory of 3136 4556 msedge.exe 84 PID 4556 wrote to memory of 3136 4556 msedge.exe 84 PID 4556 wrote to memory of 3136 4556 msedge.exe 84 PID 4556 wrote to memory of 3136 4556 msedge.exe 84 PID 4556 wrote to memory of 3136 4556 msedge.exe 84 PID 4556 wrote to memory of 3136 4556 msedge.exe 84 PID 4556 wrote to memory of 3136 4556 msedge.exe 84 PID 4556 wrote to memory of 3136 4556 msedge.exe 84 PID 4556 wrote to memory of 3136 4556 msedge.exe 84 PID 4556 wrote to memory of 3136 4556 msedge.exe 84 PID 4556 wrote to memory of 3136 4556 msedge.exe 84 PID 4556 wrote to memory of 3136 4556 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91786440413c414f08b83e5f8fe467dc_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4556 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd521f46f8,0x7ffd521f4708,0x7ffd521f47182⤵PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:1160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵PID:3136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:1496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:4984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:12⤵PID:3864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:12⤵PID:2168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:12⤵PID:2896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:2708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:82⤵PID:2700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:12⤵PID:3248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:3372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:12⤵PID:1744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5712562589766538741,9620830457236759941,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=180 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4428
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5064
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4828
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1656
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize336B
MD57ede2be8d6a7a2dbe7029292db66fd10
SHA1925019ffbeb0de649bd3ca42ce9edc0607babea7
SHA2564391b3adedc5e2875c8c8e37f3f441ecbacd024569013dc6ef7227e87d76bf81
SHA512917a5798ecf6d23c8bc6f93e50bccb4f6f12232ec12687202714d8004f6dc5062d191ca022d0b0a0e7389e35aae3dffaea23a063d686de561eeb8d7d62f4af6b
-
Filesize
2KB
MD54cf7292838252c36a9c4354ec80e2588
SHA160f9d236b66d11ac453d931ad401de3818dc8283
SHA25651b53aab057470139e50483e6e7622d805d92680c2f761cbcb59c90019ec2a22
SHA5121ec200986c5838dc0af967cacaf440ecb61ce79a1634b18728e6c5999c844e48db773260db56db91403710e273386c8c6100303a3f5b1719b7d99965ae9514f8
-
Filesize
2KB
MD5507257fe3f94406305a91c52880c41a4
SHA1f98a06b1a37be8408cc65ffea614a6dcce4b8086
SHA256f3fa347610309b549e915a39b5393afcb8c96c4229326b6309e66c5168d127b3
SHA51236a446779bd8ebd953b8a7da7bc73c1b21a285c8f14d622b61d03931c86b8e4d90880ffd1c63ea46d8fa63bf88a58a1304ee4838d66cfa73b1695b22a7f90d41
-
Filesize
5KB
MD5c0862094dbfd95e30b24047c455164a8
SHA1abf518ce8b0a1eff347900909fcfcef800f0ae07
SHA256a69441f2914120d9fb9bb6eeb1fd6d7016f7a5890c799c924508171fad5c665e
SHA5122def2f2e09f56842142e6330e3efc361b476616f7ee6ffdc1308f3f8284b0035bd58ac404cfee76f89c813da3c8b5a4fa0b1edd4aa3064ab5ff48d9241de005b
-
Filesize
7KB
MD528059602446b921d17e78d3f7c456fde
SHA1d502595b477c59785292668152bf23b583600c1e
SHA25608a00675b112af741a06565332c3e3e936731a3bca6c97c26d3d29bedf6867e3
SHA5123402d49724fed8945e7b6d942475200a43812bf2242ea3906352037f5b35366a6fa055cd9a6e7e2d7a7eb4dae3ed4ea8a12c7e832dbb4a557f0dd7337a2b4b79
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD51833eed4bad69dd2779da6fcf8c61074
SHA1da0047aa3a4ffb9d5c650b4d1626bdf573c50417
SHA256ea1bb7da1e5486507d31cc7a4ec3af577388c288a9bc57ba9203d65bc277dd87
SHA512dc81f3340d78129310f46bddc3cb4b8e9086a790e31d79ea746605b0f7ad63750011caeb38227de64a0cf52157fdc7bbae385a077e5cc109b3272023c3bca15b