Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 06:27
Static task
static1
Behavioral task
behavioral1
Sample
a4326baa9fd6fa8e8f726ba14d122a3b_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a4326baa9fd6fa8e8f726ba14d122a3b_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a4326baa9fd6fa8e8f726ba14d122a3b_JaffaCakes118.html
-
Size
175KB
-
MD5
a4326baa9fd6fa8e8f726ba14d122a3b
-
SHA1
23e2fd16c71a8f7b99ef106517c34029969b6eaa
-
SHA256
571fb2742228ec398bc8ae8ae211eaba95807965276206d58dabfd5c4dc3ab56
-
SHA512
1dc8279ffa7936e60e17292d24384d802c04a9b1af98a2ec7ec7bd6488e1cef027aee3331dd0b1804d1e7dd21fc5db12400a660caa803b1b30428f0a2ad4b228
-
SSDEEP
1536:Sqtd8hd8Wu8pI8Cd8hd8dQg0H//3oS3NGNkFGYfBCJis2+aeTH+WK/Lf1/hmnVSV:SCoT3N/FPBCJi0m
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1236 msedge.exe 1236 msedge.exe 4044 msedge.exe 4044 msedge.exe 3048 identity_helper.exe 3048 identity_helper.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe 5036 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe 4044 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4044 wrote to memory of 2876 4044 msedge.exe 83 PID 4044 wrote to memory of 2876 4044 msedge.exe 83 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1208 4044 msedge.exe 85 PID 4044 wrote to memory of 1236 4044 msedge.exe 86 PID 4044 wrote to memory of 1236 4044 msedge.exe 86 PID 4044 wrote to memory of 1484 4044 msedge.exe 87 PID 4044 wrote to memory of 1484 4044 msedge.exe 87 PID 4044 wrote to memory of 1484 4044 msedge.exe 87 PID 4044 wrote to memory of 1484 4044 msedge.exe 87 PID 4044 wrote to memory of 1484 4044 msedge.exe 87 PID 4044 wrote to memory of 1484 4044 msedge.exe 87 PID 4044 wrote to memory of 1484 4044 msedge.exe 87 PID 4044 wrote to memory of 1484 4044 msedge.exe 87 PID 4044 wrote to memory of 1484 4044 msedge.exe 87 PID 4044 wrote to memory of 1484 4044 msedge.exe 87 PID 4044 wrote to memory of 1484 4044 msedge.exe 87 PID 4044 wrote to memory of 1484 4044 msedge.exe 87 PID 4044 wrote to memory of 1484 4044 msedge.exe 87 PID 4044 wrote to memory of 1484 4044 msedge.exe 87 PID 4044 wrote to memory of 1484 4044 msedge.exe 87 PID 4044 wrote to memory of 1484 4044 msedge.exe 87 PID 4044 wrote to memory of 1484 4044 msedge.exe 87 PID 4044 wrote to memory of 1484 4044 msedge.exe 87 PID 4044 wrote to memory of 1484 4044 msedge.exe 87 PID 4044 wrote to memory of 1484 4044 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4326baa9fd6fa8e8f726ba14d122a3b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4044 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa70eb46f8,0x7ffa70eb4708,0x7ffa70eb47182⤵PID:2876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,1496831160638867239,5720509325263641910,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1948 /prefetch:22⤵PID:1208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,1496831160638867239,5720509325263641910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,1496831160638867239,5720509325263641910,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵PID:1484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1496831160638867239,5720509325263641910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:1584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1496831160638867239,5720509325263641910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:2964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1496831160638867239,5720509325263641910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:12⤵PID:5052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1496831160638867239,5720509325263641910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:12⤵PID:1836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1496831160638867239,5720509325263641910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:12⤵PID:1512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1496831160638867239,5720509325263641910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:12⤵PID:3096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,1496831160638867239,5720509325263641910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:82⤵PID:3516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,1496831160638867239,5720509325263641910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1496831160638867239,5720509325263641910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵PID:2452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1496831160638867239,5720509325263641910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵PID:2260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1496831160638867239,5720509325263641910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:12⤵PID:4200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1496831160638867239,5720509325263641910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:12⤵PID:3584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,1496831160638867239,5720509325263641910,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5152 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5036
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:816
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3004
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2612
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5db9081c34e133c32d02f593df88f047a
SHA1a0da007c14fd0591091924edc44bee90456700c6
SHA256c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA51212f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744
-
Filesize
152B
MD53a09f853479af373691d131247040276
SHA11b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD590d71362d82ef17b38e5eff09a7eb287
SHA19f9c44a2d9aac572372a0c93ee0259974e714d10
SHA2569dc2ece44f421766c740aa3e690188e593f6527a9160046013b37b3d1940e389
SHA51201445531dfc58400ef3ff1bf3142538792d8a23d2a06844a1d8a660fb697dd021397df7eba8c1cfeab39f7424c589f2b060c80a32624201370d083416c17928a
-
Filesize
2KB
MD58c9a77ea9aff1303d5e9608dd3b84a44
SHA18f6980f59cea58948347323a23cbc7196c60377b
SHA25648d3520128a03489d3b4829526a67e643ae36e3dc53b75c66c622eef0004ae5e
SHA512129ac2e6c6e11d83c3ae55da7f9945633e3774dd0282077e152d89de1426a9114b37a5ce229b5054a89d46b7bf79d71aafa79dda62fa590beabb428dfee0cc15
-
Filesize
2KB
MD5a3f43f488e003b427f2d3702ab2f522e
SHA1917e023a363b98cb807a98bba31f043b4db09736
SHA256ffd269c06907d1e110437a6c88d9728a9b62e37f761c91ddec569aedafb9c4b4
SHA5120dcc105534e7a671e0f11f59a77acd5e4ff3dd1f6f66ab622f17265802dd9b51987e8fc8c0f34d1cdbde54a4e894d72f84f51ebc6181dfaa79d3bdac595b3714
-
Filesize
7KB
MD5fb36d3e58b8c0defb91c685c44585066
SHA136c01c8fe686e2c8103793d83d1f10237b2544fe
SHA256283a1c1fcf2e15c2d1a5f20ad96ec30bae8ca570ac4fea606f2e9dba95c7c5ff
SHA512e7d3a39980a163471e2ca9f762fb974d6aa1f923a4ecda7e13bb110eab850ed709185de5cc413f7c7908c4c6154b0fc4dbe3ec8e7ebfc97b3f1271a1193c8b80
-
Filesize
6KB
MD5529c288e7f2a6bd35a7b033fe90aafca
SHA1c31e7629d2c11d2f0f248e0d464a7a75e9b82460
SHA25651eb3db700192e112cef0ae5d7424d454c42f74142d55e736c8d043ab0854b94
SHA5122b2504a2c6c9405e78e4496ba7bbe80b12080fa143d7dcf364dbdeec28a6e74bf201afa326d753a357c2db17512573d04bc51c1d7220132d230c3a4b87ad06ee
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5bc5c95b9b1657a62a945a1361155c2ae
SHA128b79bf42d4608e8f80b014a994b89cff3f60964
SHA2564b5e832b94ae3b931b79a00e41b0503ce1087a275da0f81793a17cd289baf6a0
SHA512357c6a968254e24c12175a9d68525fcf7d2cf7baf1182582b28601b12e8833ff24c0ac47f1e1ef4f5d42f7e290dfa3c0277b78e3f6111c18c52cd2d46dbfb712