Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
04/06/2024, 10:35
Static task
static1
Behavioral task
behavioral1
Sample
9483d42f6cac62bbb65a179e434d4b0b_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
9483d42f6cac62bbb65a179e434d4b0b_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
9483d42f6cac62bbb65a179e434d4b0b_JaffaCakes118.html
-
Size
71KB
-
MD5
9483d42f6cac62bbb65a179e434d4b0b
-
SHA1
575ac788d1c4e9321e58bbccb0eaa91e14835a57
-
SHA256
179d1bde5d67e321a5120c1ca1b28a1bf79d323c37dd941b743be01c578fa0f3
-
SHA512
25b864229b8a5a251b0c9d76330b39b1d3dfee4aa8de2edaf3195341303f1610f257cf722cb7a837e981d50e08fd9dc9e64d440d8bb20a6963f53d503100b981
-
SSDEEP
1536:fL5PnY46h1ym9FxVpDf9tg6cFWR42zrF3+DEn/czcNW5:2Vxjkp2zFIEn/TA
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3571316656-3665257725-2415531812-1000\{DBAF0ACA-B756-4D99-B470-D89ED65AA691} msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 1260 msedge.exe 1260 msedge.exe 3232 msedge.exe 3232 msedge.exe 968 msedge.exe 968 msedge.exe 2836 identity_helper.exe 2836 identity_helper.exe 3580 msedge.exe 3580 msedge.exe 3580 msedge.exe 3580 msedge.exe -
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 656 Process not Found -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe 3232 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3232 wrote to memory of 3968 3232 msedge.exe 82 PID 3232 wrote to memory of 3968 3232 msedge.exe 82 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 5104 3232 msedge.exe 83 PID 3232 wrote to memory of 1260 3232 msedge.exe 84 PID 3232 wrote to memory of 1260 3232 msedge.exe 84 PID 3232 wrote to memory of 1416 3232 msedge.exe 85 PID 3232 wrote to memory of 1416 3232 msedge.exe 85 PID 3232 wrote to memory of 1416 3232 msedge.exe 85 PID 3232 wrote to memory of 1416 3232 msedge.exe 85 PID 3232 wrote to memory of 1416 3232 msedge.exe 85 PID 3232 wrote to memory of 1416 3232 msedge.exe 85 PID 3232 wrote to memory of 1416 3232 msedge.exe 85 PID 3232 wrote to memory of 1416 3232 msedge.exe 85 PID 3232 wrote to memory of 1416 3232 msedge.exe 85 PID 3232 wrote to memory of 1416 3232 msedge.exe 85 PID 3232 wrote to memory of 1416 3232 msedge.exe 85 PID 3232 wrote to memory of 1416 3232 msedge.exe 85 PID 3232 wrote to memory of 1416 3232 msedge.exe 85 PID 3232 wrote to memory of 1416 3232 msedge.exe 85 PID 3232 wrote to memory of 1416 3232 msedge.exe 85 PID 3232 wrote to memory of 1416 3232 msedge.exe 85 PID 3232 wrote to memory of 1416 3232 msedge.exe 85 PID 3232 wrote to memory of 1416 3232 msedge.exe 85 PID 3232 wrote to memory of 1416 3232 msedge.exe 85 PID 3232 wrote to memory of 1416 3232 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9483d42f6cac62bbb65a179e434d4b0b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3232 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee1a946f8,0x7ffee1a94708,0x7ffee1a947182⤵PID:3968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,13521667839428719639,16806666982659175189,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:22⤵PID:5104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,13521667839428719639,16806666982659175189,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,13521667839428719639,16806666982659175189,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2460 /prefetch:82⤵PID:1416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13521667839428719639,16806666982659175189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:2264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13521667839428719639,16806666982659175189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2020,13521667839428719639,16806666982659175189,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6120 /prefetch:82⤵PID:3596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2020,13521667839428719639,16806666982659175189,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6060 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,13521667839428719639,16806666982659175189,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:82⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,13521667839428719639,16806666982659175189,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13521667839428719639,16806666982659175189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:12⤵PID:4572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13521667839428719639,16806666982659175189,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:12⤵PID:3976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13521667839428719639,16806666982659175189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵PID:1660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13521667839428719639,16806666982659175189,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:12⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,13521667839428719639,16806666982659175189,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3232 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3580
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3456
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2512
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\15089871-1d93-41bd-a87b-6675fef0b2e9.tmp
Filesize6KB
MD5788e6b70f397d02bebb0ba73584d5eb6
SHA1c0a7c52b7db5c474661f555ec575d372370488ec
SHA25630128351354a0d0286b5960022f071d387151ca0cda3a0fef8c3e02429783202
SHA51288d41abe37336a4fd4ef58dce2105582a691fadbc8a7e6b1cc6f55dd7125d071550afe005496042757509ba66bf5c0e811ab60be64b6f231d6771c07fbf73470
-
Filesize
467B
MD5a4ac8d81977eea1be818ae76d7b49dc9
SHA103e6f1f58eff4b61b82b61e1a19cbaf9350051fb
SHA25633940aea02880cce57f3adc7a8871f048e41f77cf16bfdcc5a6d84ec75c6da42
SHA512e7ad7f727efefee567564e16f6b0a76032f30130e1b8d0cf8de2c9b32aacd4889e2fa181c8523916e4855fcc0184ea0f9c1e542137233a4f3a0bf91c9aa512c8
-
Filesize
5KB
MD5e2a978df4d2165c3a95487545277fc57
SHA17bb8e5bed853878c8b24fbcefe2b9ecc3304f8f6
SHA256ede6b87a85f7450d25e103985544b96f62922eb31b89441b1e56f1ef348cc726
SHA5123ff92453414d942d26b40c8f0d32d5d438136b2503493a522614b46f0d12896c4c025b3fb1e99a0edd9edad43ef02ae9ce4200dfee76855736abc568a72ab418
-
Filesize
6KB
MD52dc337e2a1be8bf115a97f0852e0eb27
SHA17ac3e8bb4c4150d83f9b552f527f7431723bf838
SHA256954c18f0929f3287ed38f6888617b579c52f841691bd15e7b5b307232c9335a9
SHA51292e0bb8392d681ab53c88f2ffb018f757ad8e31e368bd8eb0d758c9170387a60b837852c3f188d7c8aa42693460d1103e3c63b4455fcc6f695e24718bc8001aa
-
Filesize
372B
MD5ed421c3a86fe7cadb63cdcd49314a48a
SHA16e4c556fa3f79d43c69152020d9c2404704731bb
SHA2566659a841791a1d00c831d1797b95e888d1a0b4cb3c334a95c5d515c93c8a1c1d
SHA512b5bc3eeae442613ad1f2ab2cd41e61f131eba22d66d401808fbf10b68f055c7c916b254a72c8a6b63f316891681b78d0318edc67f7678b32a4edbf5f5b1c8700
-
Filesize
372B
MD58b61a3a726cf52c4a21244dcc70b443b
SHA12642722a2bc9aea3db5a163d6d66f0a74739047d
SHA256d612ef925487b6507351e3feeb778a47f868fea891524816ee1ace26232b9f7e
SHA512fa808d9e328730d8f56fbe156f8a9d6594922a88b3912791399c3507d0ebb5a848b3dad1767429fb55c613b08c4dba25ea61737fe07a993595ac893b6cd41201
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5da9e93f45a83d2052a4a54f4c9775e83
SHA12af6b6fe894e41ca4c45e3a664cb318ae2a17016
SHA256d1dcd9e69d08f51820b26dfad983cb0462f2515faf53cee03e2111663893a6a6
SHA5120462927a2a860ac91e47ae6a40db103e5dc02ffa66b18f789094c484e5ad2a138e57c2740c6d98b85bd856463cc3a89009d40f9eb42432febbc92c7debe68f51