Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 01:18
Static task
static1
Behavioral task
behavioral1
Sample
a354a297a12744a74f8162a9d059fd1e_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
a354a297a12744a74f8162a9d059fd1e_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a354a297a12744a74f8162a9d059fd1e_JaffaCakes118.html
-
Size
175KB
-
MD5
a354a297a12744a74f8162a9d059fd1e
-
SHA1
1189e99bac9d910c18cdef1016af24541937d5de
-
SHA256
a1fae7fb9ff3e3d224bc5bcd9ebc274f84249de4bc82cd90b026ca2d9523737c
-
SHA512
6c62d91bdbc1dfc66f60ba02c4b5566268ca1aaf3db30277afa71e57d91b5689baa4cc7f69c97c6b83e36fd9c2131013cc321c4a5a4fe8900dfb129f57572b0e
-
SSDEEP
1536:SqtO8gd8Wu8pI8Cd8hd8dQgbH//WoS39GNkFyYfBCJiZo+aeTH+WK/Lf1/hpnVSV:SaCT39/FDBCJijB
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 5396 msedge.exe 5396 msedge.exe 5548 msedge.exe 5548 msedge.exe 2204 identity_helper.exe 2204 identity_helper.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe 5548 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5548 wrote to memory of 5540 5548 msedge.exe 81 PID 5548 wrote to memory of 5540 5548 msedge.exe 81 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 4040 5548 msedge.exe 82 PID 5548 wrote to memory of 5396 5548 msedge.exe 83 PID 5548 wrote to memory of 5396 5548 msedge.exe 83 PID 5548 wrote to memory of 2280 5548 msedge.exe 84 PID 5548 wrote to memory of 2280 5548 msedge.exe 84 PID 5548 wrote to memory of 2280 5548 msedge.exe 84 PID 5548 wrote to memory of 2280 5548 msedge.exe 84 PID 5548 wrote to memory of 2280 5548 msedge.exe 84 PID 5548 wrote to memory of 2280 5548 msedge.exe 84 PID 5548 wrote to memory of 2280 5548 msedge.exe 84 PID 5548 wrote to memory of 2280 5548 msedge.exe 84 PID 5548 wrote to memory of 2280 5548 msedge.exe 84 PID 5548 wrote to memory of 2280 5548 msedge.exe 84 PID 5548 wrote to memory of 2280 5548 msedge.exe 84 PID 5548 wrote to memory of 2280 5548 msedge.exe 84 PID 5548 wrote to memory of 2280 5548 msedge.exe 84 PID 5548 wrote to memory of 2280 5548 msedge.exe 84 PID 5548 wrote to memory of 2280 5548 msedge.exe 84 PID 5548 wrote to memory of 2280 5548 msedge.exe 84 PID 5548 wrote to memory of 2280 5548 msedge.exe 84 PID 5548 wrote to memory of 2280 5548 msedge.exe 84 PID 5548 wrote to memory of 2280 5548 msedge.exe 84 PID 5548 wrote to memory of 2280 5548 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a354a297a12744a74f8162a9d059fd1e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5548 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb53f46f8,0x7ffbb53f4708,0x7ffbb53f47182⤵PID:5540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,9820210232494297455,8899798186022843455,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:4040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,9820210232494297455,8899798186022843455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,9820210232494297455,8899798186022843455,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:82⤵PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9820210232494297455,8899798186022843455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:5968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9820210232494297455,8899798186022843455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:2172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9820210232494297455,8899798186022843455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:12⤵PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9820210232494297455,8899798186022843455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:12⤵PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9820210232494297455,8899798186022843455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:2180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9820210232494297455,8899798186022843455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:5724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,9820210232494297455,8899798186022843455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 /prefetch:82⤵PID:3528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,9820210232494297455,8899798186022843455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9820210232494297455,8899798186022843455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵PID:2956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9820210232494297455,8899798186022843455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:12⤵PID:5664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9820210232494297455,8899798186022843455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:12⤵PID:3736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9820210232494297455,8899798186022843455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:12⤵PID:676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,9820210232494297455,8899798186022843455,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1292 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4712
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4808
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2584
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2368
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5477462b6ad8eaaf8d38f5e3a4daf17b0
SHA186174e670c44767c08a39cc2a53c09c318326201
SHA256e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e
-
Filesize
152B
MD5b704c9ca0493bd4548ac9c69dc4a4f27
SHA1a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA2562ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA51269c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD5ff504ead4c99ce6f03f2ffca5a6b1e01
SHA1a6ef3f7fe8d63e4aa587986877f6c760625c03ce
SHA256e76e2b0e5d7cb9029a7ee3cb32d9f01593c7a4ce15acb7a7ea5ac2a6d21a1ee1
SHA5125e66d155f9fdaa2b80cd73da99749bda8b78dca7887f848285ee24bb6a96a728c2baccb87971af735226d36c2f4ebd54da6d84a054b43b33cd52a2b3c6a545d0
-
Filesize
2KB
MD57c8e911b7689bfb2eaa5f6eba1ae0b15
SHA1f414352517c4d0c72a4baccf4bbc945ba551a0d4
SHA2567e8a9267df4e38434d12fb838b606378bb0f9280c14fcdc637bd39460400929d
SHA51222c7f013688f0ee59dbfe8bf2bd5475f5295d180dc302485cf05bada29c9c1bf4281f827572caa14f7d7973f796cbdfc89afeccc4af4e2e6b6ce1a20b411fff6
-
Filesize
2KB
MD539747f6a4576f490ea526d6fc9204e89
SHA1b2977609e89b7eb432ba2d5b1cc8b67f561c0cb0
SHA256ae4ba5ea9d8dddd2d22ac19bb40cadf0a80e08596ec3ae3804fe95967601f280
SHA512321d62cf4f78312f75928c19debdb695fbc11b2bc8b59e14f5d52015559170cdfee80ad6efa929fca7beb5ca6e1df187c1f0fff820d97a94ca4334ac76d53a2f
-
Filesize
7KB
MD55b83f0001b91d5108986d7a9262ed6c9
SHA17f872f843a025b22b2c5bc86f7fad55125a01a16
SHA2564091b3d0274ad9c968331662472b3fb0d354a6abe75151af63bfc814b940b27b
SHA51257f53c3b723de3506442e12b1fab6da39bad7b3897cf1080c48b9c31ca236fa483003b5e4fccf0cd110c2e478525163a25134e59e6b5c38bb78ac8fd73bb5eb5
-
Filesize
6KB
MD574af76acdda99d4d5b4ed82daeecf1ca
SHA1c377997cd08da85c9cb1d80ec1251bb4859b96a6
SHA256a13ab262fb6b840dc39d1e36566ca3b2494837ee816767c886085a9c0ae9baae
SHA512ba7dd9b7f593bc8a4cf1a80bc2cc43b2649fb0530938ad1959d12864548d5b9a7af2b07958fbb4d125dfb69ff975deeb30d6a8c2295af9cc8727babe667a51f8
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD50846516d10bc77322dde87229d191baa
SHA1f64ecab11af72542a4ddc47755b46ad04101fd02
SHA25638fc1380305b93272da7ceac39e7115a59ab359e9767a5088312a793d316cf8c
SHA5125812ca6d3f9442417b61c8639db0dd4cad225cb72c905a8ea60ed8dd5f743102fb84ad1822861f3ce50ee194b469e71fe095b83695a6ff00bcaca8af8280e7f9