Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 01:15
Static task
static1
Behavioral task
behavioral1
Sample
a351e5168a2c3159297845c5b43214e6_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a351e5168a2c3159297845c5b43214e6_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a351e5168a2c3159297845c5b43214e6_JaffaCakes118.html
-
Size
175KB
-
MD5
a351e5168a2c3159297845c5b43214e6
-
SHA1
3832955b57c0143c8ab37f66b4e9be0fd907fc8c
-
SHA256
db44f6b58eb550fa46942105d5be2b79e18358d6a3a21d0a90afdd182bbafef1
-
SHA512
3c659604492af1e9127c13d341abdf36fffd72135b0160a1472946115fc52b7039462ef47cfd37d2ac77e7cfffebbe87bd3f7304352b3f7e13c28613da8f41f9
-
SSDEEP
1536:Sqtz8hd8Wu8pI8Cd8hd8dQg0H//3oS3CGNkFMYfBCJis8+aeTH+WK/Lf1/hmnVSV:SOoT3C/FpBCJiOm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3132 msedge.exe 3132 msedge.exe 4128 msedge.exe 4128 msedge.exe 4884 identity_helper.exe 4884 identity_helper.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4128 wrote to memory of 4628 4128 msedge.exe 82 PID 4128 wrote to memory of 4628 4128 msedge.exe 82 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 1644 4128 msedge.exe 84 PID 4128 wrote to memory of 3132 4128 msedge.exe 85 PID 4128 wrote to memory of 3132 4128 msedge.exe 85 PID 4128 wrote to memory of 4736 4128 msedge.exe 86 PID 4128 wrote to memory of 4736 4128 msedge.exe 86 PID 4128 wrote to memory of 4736 4128 msedge.exe 86 PID 4128 wrote to memory of 4736 4128 msedge.exe 86 PID 4128 wrote to memory of 4736 4128 msedge.exe 86 PID 4128 wrote to memory of 4736 4128 msedge.exe 86 PID 4128 wrote to memory of 4736 4128 msedge.exe 86 PID 4128 wrote to memory of 4736 4128 msedge.exe 86 PID 4128 wrote to memory of 4736 4128 msedge.exe 86 PID 4128 wrote to memory of 4736 4128 msedge.exe 86 PID 4128 wrote to memory of 4736 4128 msedge.exe 86 PID 4128 wrote to memory of 4736 4128 msedge.exe 86 PID 4128 wrote to memory of 4736 4128 msedge.exe 86 PID 4128 wrote to memory of 4736 4128 msedge.exe 86 PID 4128 wrote to memory of 4736 4128 msedge.exe 86 PID 4128 wrote to memory of 4736 4128 msedge.exe 86 PID 4128 wrote to memory of 4736 4128 msedge.exe 86 PID 4128 wrote to memory of 4736 4128 msedge.exe 86 PID 4128 wrote to memory of 4736 4128 msedge.exe 86 PID 4128 wrote to memory of 4736 4128 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a351e5168a2c3159297845c5b43214e6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4128 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff94a3546f8,0x7ff94a354708,0x7ff94a3547182⤵PID:4628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,11813820099558973371,17992448565337391902,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:22⤵PID:1644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,11813820099558973371,17992448565337391902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,11813820099558973371,17992448565337391902,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:82⤵PID:4736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11813820099558973371,17992448565337391902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11813820099558973371,17992448565337391902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵PID:2512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11813820099558973371,17992448565337391902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:12⤵PID:1060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11813820099558973371,17992448565337391902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11813820099558973371,17992448565337391902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:12⤵PID:1712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11813820099558973371,17992448565337391902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵PID:1236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,11813820099558973371,17992448565337391902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3308 /prefetch:82⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,11813820099558973371,17992448565337391902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3308 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11813820099558973371,17992448565337391902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵PID:4352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11813820099558973371,17992448565337391902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵PID:3236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11813820099558973371,17992448565337391902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵PID:812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11813820099558973371,17992448565337391902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:12⤵PID:1484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,11813820099558973371,17992448565337391902,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5232 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2676
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4708
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5092
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2492
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD59f840cf0cda6ca0fcee45c04a63727a5
SHA1e15f4412082f08c8249508d30074fb0b75173dd4
SHA2564eecd8050b862ce689b8eba84ce0354b257797cd0601f12a8bbfa689e90a8706
SHA5129580160c61d578f25f47a100b4e529a3582d37d1e95c4c8cf7a594410e0591aa824ede03a727dd04e7b2e5bff1482a5963bc4421ff8dd3a25c9818945e9edc18
-
Filesize
2KB
MD5b92d5ca4ab53de51bdfe49cc799caf04
SHA16da013e318605fe0e17c787a9a7c1c0406e53f9f
SHA256e05eb602843d42dffe00c1807c3ab394cb8d5ed6431dc5fd207dcb4dba62968b
SHA5123b46e31e1426bf2de659b25538fef4641b08925067f90b340e69d3c01c3ee0fee74c9cb2c5846bfbca25acc9e0197ce871f7be24c5fc5b70c15724f52966e96d
-
Filesize
2KB
MD571874ad2284398b7f2d4cd23ade8f370
SHA1ef045b19c46fa6c5e859ffa8bb59bce0b78674ce
SHA25617ee0605b78d316207c7ce72889baf48e452debdad2a99628b59b3a9391b1675
SHA5121fdfa370965b49c9c1820accae85d52958cb1c70cbefdcc7f4a3c77240fe03ac034dd099cfa14d7ea34823650c00e8d81fafdf1ba3310138a315b4390f2f9ade
-
Filesize
7KB
MD57fb0ada2cee5ef6a6103c5b282fdeb99
SHA129ceabe06d495ff5f9108d33b83c1faaebcd711d
SHA256e2b4935a727f63e275d0d3a183859091e5e7f473645ef2e15d83ef18997403fa
SHA512fa30aa8c925f31df4dcdb2f31ec6bccb73151f21a882d04fba072be1597c9399f0b771fb9940af8367baf8032b0d2e27affe14837133fc5769b224ce3a9ded0c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bf52cea9-c7f1-4864-a58e-4d1aced7dabd.tmp
Filesize6KB
MD5f3920b811b5cc22229dedfafa0013d53
SHA10db7f49a158006bd0f9d3d7ac782974a0f4deeda
SHA2562254d6b542b13a1125619041a3313b7a0f8b3c28fe190c80459a1d42ac908999
SHA5129407b6aafcf35cd076d1f5ae551d9ee11f8d876ee889a93ecd0b22b0359ba06f605f475552f7bc219f505912167dfee4c65de3ffcb3912705a4c208fef8844ad
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5b723cc3284dcaefefad7cd6b2d3b9205
SHA1d069d107e0a6a50e9e7d32261ce74b4735d02a8f
SHA256789da45e1dcd1d281fada906a120c38f4771ef2cda45da7d2a3cfd25a0fa9f14
SHA512bb27bddba30b0c07fff17358ad47a20a99f1f8c2dcc2e6dbc0b3400922c8795d0e6409db756159ff5ac89270f3af1c98b8a3e0cd0e117bb031b43c7ec2ae0162