Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 10:06
Static task
static1
Behavioral task
behavioral1
Sample
a500083a93d243874ec6b431f9b55d59_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a500083a93d243874ec6b431f9b55d59_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a500083a93d243874ec6b431f9b55d59_JaffaCakes118.html
-
Size
175KB
-
MD5
a500083a93d243874ec6b431f9b55d59
-
SHA1
667260b43cb20eddaf0903005fbd348c959060fd
-
SHA256
e331e946acf85ba7d7e81f48cff06ac5c012ea018bfba1caeb26c128d1ef4e03
-
SHA512
ed264ff306b71f32c238745ed95d9a7b0c2dd4e619e9c403f7d918fa654581f515f7b87c5da8b1252a6d450510ffc7b0bbbadb6b285e16393b704f85da8a6ce5
-
SSDEEP
1536:SqtY8hd8Wu8pI8Cd8hd8dQg0H//3oS3xGNkF0YfBCJis6+aeTH+WK/Lf1/hmnVSV:SBoT3x/FhBCJiUm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3624 msedge.exe 3624 msedge.exe 2680 msedge.exe 2680 msedge.exe 2592 identity_helper.exe 2592 identity_helper.exe 1076 msedge.exe 1076 msedge.exe 1076 msedge.exe 1076 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2680 wrote to memory of 2736 2680 msedge.exe 82 PID 2680 wrote to memory of 2736 2680 msedge.exe 82 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 4032 2680 msedge.exe 83 PID 2680 wrote to memory of 3624 2680 msedge.exe 84 PID 2680 wrote to memory of 3624 2680 msedge.exe 84 PID 2680 wrote to memory of 2632 2680 msedge.exe 85 PID 2680 wrote to memory of 2632 2680 msedge.exe 85 PID 2680 wrote to memory of 2632 2680 msedge.exe 85 PID 2680 wrote to memory of 2632 2680 msedge.exe 85 PID 2680 wrote to memory of 2632 2680 msedge.exe 85 PID 2680 wrote to memory of 2632 2680 msedge.exe 85 PID 2680 wrote to memory of 2632 2680 msedge.exe 85 PID 2680 wrote to memory of 2632 2680 msedge.exe 85 PID 2680 wrote to memory of 2632 2680 msedge.exe 85 PID 2680 wrote to memory of 2632 2680 msedge.exe 85 PID 2680 wrote to memory of 2632 2680 msedge.exe 85 PID 2680 wrote to memory of 2632 2680 msedge.exe 85 PID 2680 wrote to memory of 2632 2680 msedge.exe 85 PID 2680 wrote to memory of 2632 2680 msedge.exe 85 PID 2680 wrote to memory of 2632 2680 msedge.exe 85 PID 2680 wrote to memory of 2632 2680 msedge.exe 85 PID 2680 wrote to memory of 2632 2680 msedge.exe 85 PID 2680 wrote to memory of 2632 2680 msedge.exe 85 PID 2680 wrote to memory of 2632 2680 msedge.exe 85 PID 2680 wrote to memory of 2632 2680 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a500083a93d243874ec6b431f9b55d59_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2680 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d18a46f8,0x7ff8d18a4708,0x7ff8d18a47182⤵PID:2736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵PID:4032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:82⤵PID:2632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:1504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵PID:5092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:12⤵PID:744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:12⤵PID:2236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:82⤵PID:2740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵PID:1316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:12⤵PID:1604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵PID:3404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,14047237896113224516,16283830565101571513,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3444 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1076
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5104
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1344
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3096
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5477462b6ad8eaaf8d38f5e3a4daf17b0
SHA186174e670c44767c08a39cc2a53c09c318326201
SHA256e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e
-
Filesize
152B
MD5b704c9ca0493bd4548ac9c69dc4a4f27
SHA1a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA2562ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA51269c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD5c110b77b5e29e880b3780c039cec455f
SHA1e88e13f7a026d3ad146235fb55038682239ff64a
SHA256f83afc95ef8951a011b4a21dad16d45f7f3d809647cfb9176deb254f0dfdfd5c
SHA512afdca0753bb5e95563e31009c74c0146c7256eb98aafe2723adb07f709e66bca98666f9249119472542d2a18cc95dcc9419d2b5df124b0e1d1212643da0c80cf
-
Filesize
2KB
MD5fa25ce6d391b9b9c9d85eda190a3d4e9
SHA1143c7fa9ef4075349d4cac4a59ab68483289846c
SHA256ba08d75a21471205952a3002e663663647f901c45a63540be1609f171bb838dd
SHA5123b9b69c5014480fb1796f0ec246fc071c8e6162a0fe2cba38782bc6c5c40ad4eca7294ec18af4bd850319b0a14de078d60748171f89fe81330ed73300ce1867b
-
Filesize
2KB
MD555839836d82bb387ba078e7135b2c6de
SHA198f1edcb55eb1a95effd2c494ff749894deeda67
SHA25635e4cf0b52fe48eaa0be5f67cd07d88a8c8d5f13af4b0414c1d812ca9753dacb
SHA512ede66cb7a1cd74d8c24b9a8e1b9352b62a8d7db3f4e760503ab7d57fd3bef475c52e987f049576edf51c1e9d289e56e417efbdd96c5ff246c7b0b2c8ecfc74e8
-
Filesize
6KB
MD55c4436b05422837f44b44e26c7845ed9
SHA1ca2ba5d1134cdd51e5b0ab9aaf5cced3995ef7ec
SHA2568ddb324903832f8cc87d0e1b1b3298d0294a8ed075f8a3f7b4a347554e899a42
SHA5128ca44023888b717eff720774a75b665f58ba857d15eabae2d7ca74abc16831990a3defdebf554a473d9abbc4c0edd5dc52790976567c5c7c7c12cb736310b3d0
-
Filesize
7KB
MD5b0a622bf72deb19896ec123a773eb16b
SHA14f389061b84a7dd2ded0922669399aec1adb9017
SHA256fbb14db04a36db946a3acd153a769660188eec70ce988a0af91995608a83eb54
SHA512f16e8ee680d1cbd545a9254affde90729ab201d09ea4a368c2327059da329cee98c0f5b96ecae966018aa8348015c7ef48918a4fc210dda3d4538b84e4bc6389
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD524027052b2c4582f7f84a532a0218aa0
SHA1b4f7f3ea8c6ca2030e3560a2056dbdb5a390b8aa
SHA256600dd578010553d7b213c7c78ce118177d2de87f0888afb7c55cb0c74cc75bfc
SHA512b96e8b3952298da5a111f25433fd5d0ec098c4a109eaabc8fdbb87fac2a5ecdc3fe5a4613949c651158bc35f5fd6c273c467f290cd633997b2089c4cc753acf4