Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 02:59
Static task
static1
Behavioral task
behavioral1
Sample
a39bbb00e09f71f0fff7eeb3e3a9dbc3_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a39bbb00e09f71f0fff7eeb3e3a9dbc3_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a39bbb00e09f71f0fff7eeb3e3a9dbc3_JaffaCakes118.html
-
Size
56KB
-
MD5
a39bbb00e09f71f0fff7eeb3e3a9dbc3
-
SHA1
fb703152eb666d4b36148b98d61db0bdb164981f
-
SHA256
fc4c9a3d1bc00c0682d686b90abc3d15c485b36adbac615c28da2d79ef6a6b7c
-
SHA512
317f9f013d426e2c2f4ba02dad758e7664b9f855703e441bda85e75eca28a8dc0522d3190ff8cdbd63fd8e5404f999241531e0bffa274899655c477f2ffb9b3d
-
SSDEEP
1536:tC3HpKWWMA0FLR/LqeFnmFLs474I02GgZaAjZL2Q5p2nR6VxQ06:83HpKWWMA07LaPGgZaAjZL2Q5p2nR6V2
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 40 sites.google.com 48 sites.google.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2064 msedge.exe 2064 msedge.exe 3912 msedge.exe 3912 msedge.exe 4988 identity_helper.exe 4988 identity_helper.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe 3660 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe 3912 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3912 wrote to memory of 3184 3912 msedge.exe 82 PID 3912 wrote to memory of 3184 3912 msedge.exe 82 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 392 3912 msedge.exe 84 PID 3912 wrote to memory of 2064 3912 msedge.exe 85 PID 3912 wrote to memory of 2064 3912 msedge.exe 85 PID 3912 wrote to memory of 2692 3912 msedge.exe 86 PID 3912 wrote to memory of 2692 3912 msedge.exe 86 PID 3912 wrote to memory of 2692 3912 msedge.exe 86 PID 3912 wrote to memory of 2692 3912 msedge.exe 86 PID 3912 wrote to memory of 2692 3912 msedge.exe 86 PID 3912 wrote to memory of 2692 3912 msedge.exe 86 PID 3912 wrote to memory of 2692 3912 msedge.exe 86 PID 3912 wrote to memory of 2692 3912 msedge.exe 86 PID 3912 wrote to memory of 2692 3912 msedge.exe 86 PID 3912 wrote to memory of 2692 3912 msedge.exe 86 PID 3912 wrote to memory of 2692 3912 msedge.exe 86 PID 3912 wrote to memory of 2692 3912 msedge.exe 86 PID 3912 wrote to memory of 2692 3912 msedge.exe 86 PID 3912 wrote to memory of 2692 3912 msedge.exe 86 PID 3912 wrote to memory of 2692 3912 msedge.exe 86 PID 3912 wrote to memory of 2692 3912 msedge.exe 86 PID 3912 wrote to memory of 2692 3912 msedge.exe 86 PID 3912 wrote to memory of 2692 3912 msedge.exe 86 PID 3912 wrote to memory of 2692 3912 msedge.exe 86 PID 3912 wrote to memory of 2692 3912 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a39bbb00e09f71f0fff7eeb3e3a9dbc3_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3912 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcac9d46f8,0x7ffcac9d4708,0x7ffcac9d47182⤵PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,14084859013262618050,2276792230493309347,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,14084859013262618050,2276792230493309347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,14084859013262618050,2276792230493309347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:82⤵PID:2692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14084859013262618050,2276792230493309347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:3308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14084859013262618050,2276792230493309347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:1668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14084859013262618050,2276792230493309347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:12⤵PID:420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14084859013262618050,2276792230493309347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵PID:1384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14084859013262618050,2276792230493309347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:12⤵PID:1312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14084859013262618050,2276792230493309347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:12⤵PID:4788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,14084859013262618050,2276792230493309347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:82⤵PID:2992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,14084859013262618050,2276792230493309347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14084859013262618050,2276792230493309347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:12⤵PID:920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14084859013262618050,2276792230493309347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵PID:2212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14084859013262618050,2276792230493309347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:12⤵PID:1892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14084859013262618050,2276792230493309347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:12⤵PID:1884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,14084859013262618050,2276792230493309347,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3660
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4992
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2724
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5477462b6ad8eaaf8d38f5e3a4daf17b0
SHA186174e670c44767c08a39cc2a53c09c318326201
SHA256e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e
-
Filesize
152B
MD5b704c9ca0493bd4548ac9c69dc4a4f27
SHA1a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA2562ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA51269c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5ee358f194eda90a65786ebee5d044042
SHA1c5ea16f85b162a00fbb2adc2c625a24fc6a6c4f0
SHA256e8204cfa1bceaae46452317a491d90d421edcdc19f3af30a8807a55857ad2b11
SHA5126012b8f89d18388975ef1cfa27d2eeae20267cf4e69c58d2bcc602238a88551e404e09bf65d33e3b21276673b810ac2abb5864c931b49d13689ee0327dae8789
-
Filesize
2KB
MD5c00015dc7608bc1eada92a4c8d397f3a
SHA1c9a85682114e1e54532ac178d9754e8db6383c5a
SHA256a84efacad138c30faffeb1fb23099750080f7bed13774029715efe3e83a5d114
SHA5121258beb4183498ead3189f6369b51f59241b7e7c7fdf4cf708eb06cdf594e7a6e7f8c880b340dc092fdde1e82b27a32e30342868e2f5e94284bf0b95638a81f2
-
Filesize
6KB
MD5283ebd524b88d4e60ba6093d84f37aea
SHA1346c8f097b48225af38f472f6ce2f3f56ceed8e2
SHA256d3164e06581c55838ec37a909ef6a6015a5f18ae55c9a0afeed819869bf3e1dc
SHA512f7a003e89aeee900afaffd1fd684f0ef8c2aacb1f48d83955b19700e59422ab1e414a14b9cf184132ce12a54421bd8d136d6ca9591b2e0dbf8897043bbb45c6b
-
Filesize
7KB
MD53b5548114ec110f878c4309e621d956a
SHA1ae1b051af6a081daf8fc16657d2aeff88c05ddae
SHA256526148bf716e907d94e29eeecd304495179a39b3a386eb41218d2d5d5b477289
SHA512a68a90dff977ab03548a3650687f66576a060c77c05cf07a607cacb05167ffbea368d7b6ddbf9f621b66aa916c3e1a4fecaeec1ed293a64b864219454e12a594
-
Filesize
7KB
MD567fd579e96e7cbfdc27005e3928d4dde
SHA16b2f609f3afdb66cf3c86126bfa573734c9a1eb4
SHA25653c4fdf396cee5aa77eafcc7832c96a81eed0aca38daea77bbd609a97c6ae9a8
SHA5123f844cf89287e125c9c4f39c794b815322a9a9986d44c4fd1dcc4a1da6e3e463c40265ae0717221e7ef7a2f0698415441f4acc31312b376b2c644978aa79a9d3
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD53ee22b4fb6af481c89c11d8f82adcb84
SHA190016a9ca77c02ce1cee20f1d1a556555856ded7
SHA256b2abdf491d415623e95dc646bd083138ef0e82e3711c8285d3bd2782c86bd6a4
SHA5127cfbac17a3fdfa307260cbc5a7e7631c3b891b0819a57a6ba25a5c4426b9ef6f5a5c8301863abc1cdfeb1c749ca6b7fb27b4c2dd7089b8248b62a65a5e60ff92