Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
17/06/2024, 11:38
Static task
static1
Behavioral task
behavioral1
Sample
b86a8f441355134c28543c7c276658df_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
b86a8f441355134c28543c7c276658df_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
b86a8f441355134c28543c7c276658df_JaffaCakes118.html
-
Size
15KB
-
MD5
b86a8f441355134c28543c7c276658df
-
SHA1
66850fbec719c43e332a9b107ecafd6a180b63e5
-
SHA256
fc396e5edb30c8e938d2b82d114a81b16aada72e0eaae892404566acfbac6802
-
SHA512
7bdf305b6cceccbcd8888ee5d035cdc50f8297ebf60665b585935ed9a15a19f98392cc03aa34d0fcf6cb48165954f9a5726852eb162652a6539672529e6b7d9f
-
SSDEEP
384:6f7dipoqgFMAGw1nMW/F8xmHz0aPQSmyG8hVwm6ToAG1ImgSVmWsxaF:wQyqgFMAGw1nXLHz0aPQSmyG8hVwm6TE
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1516 msedge.exe 1516 msedge.exe 4312 msedge.exe 4312 msedge.exe 1808 identity_helper.exe 1808 identity_helper.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe 4976 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4312 wrote to memory of 536 4312 msedge.exe 81 PID 4312 wrote to memory of 536 4312 msedge.exe 81 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 4800 4312 msedge.exe 82 PID 4312 wrote to memory of 1516 4312 msedge.exe 83 PID 4312 wrote to memory of 1516 4312 msedge.exe 83 PID 4312 wrote to memory of 4636 4312 msedge.exe 84 PID 4312 wrote to memory of 4636 4312 msedge.exe 84 PID 4312 wrote to memory of 4636 4312 msedge.exe 84 PID 4312 wrote to memory of 4636 4312 msedge.exe 84 PID 4312 wrote to memory of 4636 4312 msedge.exe 84 PID 4312 wrote to memory of 4636 4312 msedge.exe 84 PID 4312 wrote to memory of 4636 4312 msedge.exe 84 PID 4312 wrote to memory of 4636 4312 msedge.exe 84 PID 4312 wrote to memory of 4636 4312 msedge.exe 84 PID 4312 wrote to memory of 4636 4312 msedge.exe 84 PID 4312 wrote to memory of 4636 4312 msedge.exe 84 PID 4312 wrote to memory of 4636 4312 msedge.exe 84 PID 4312 wrote to memory of 4636 4312 msedge.exe 84 PID 4312 wrote to memory of 4636 4312 msedge.exe 84 PID 4312 wrote to memory of 4636 4312 msedge.exe 84 PID 4312 wrote to memory of 4636 4312 msedge.exe 84 PID 4312 wrote to memory of 4636 4312 msedge.exe 84 PID 4312 wrote to memory of 4636 4312 msedge.exe 84 PID 4312 wrote to memory of 4636 4312 msedge.exe 84 PID 4312 wrote to memory of 4636 4312 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b86a8f441355134c28543c7c276658df_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4312 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe11646f8,0x7fffe1164708,0x7fffe11647182⤵PID:536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14714652774962760626,12823572134901242666,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵PID:4800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,14714652774962760626,12823572134901242666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,14714652774962760626,12823572134901242666,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:82⤵PID:4636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14714652774962760626,12823572134901242666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:2980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14714652774962760626,12823572134901242666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:4676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14714652774962760626,12823572134901242666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:12⤵PID:4224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14714652774962760626,12823572134901242666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:12⤵PID:1520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14714652774962760626,12823572134901242666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:12⤵PID:3580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14714652774962760626,12823572134901242666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6476 /prefetch:82⤵PID:1468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14714652774962760626,12823572134901242666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6476 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14714652774962760626,12823572134901242666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:12⤵PID:2620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14714652774962760626,12823572134901242666,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:12⤵PID:2064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14714652774962760626,12823572134901242666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:3236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14714652774962760626,12823572134901242666,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:12⤵PID:996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14714652774962760626,12823572134901242666,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4976
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1988
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1036
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
Filesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5bba402e9f8a7ab430c1117ab893534f1
SHA1d363116f3e14186a40234c946377d9cbf23a7cad
SHA256c5cef5e2e75660781ebdd608cd7903bdb938d99b9371ff3be167bdaf92962898
SHA512f5892ebc211dac94c0682919a52c3fc70e5a11b65ba30b81a1b18993907b5f85fa263fdf80f98a9e43d3dace1fcd1ab3c7c60c21bd1112c5119c7aa2e9b81439
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5bbd5309ef793bbb54fa4f05e39dab752
SHA182f70d5a36476011fe7cc9d4f715fd054c8f820b
SHA256fe26b32af994ea99568f4ddd9806ac1f8a0335085f4b45f1bcfd5ca40437c65e
SHA51237e5064e1ff3933c55b6edc3afb9a0ef51960bd33117ea6b9c5d39e8db5b1d466aac579ffc4f0fc270ab27a8aa6a4199d78b93d740af96e03d27d5e99cd92e0a
-
Filesize
1KB
MD54155cf936ebbd3707ec95640322ba8a0
SHA1b247bf9dcac42d1ee8bae6da79c0f350b3ae70d0
SHA256d5ec4eff7d2c9e8224320bebbd6f3bbda69fd9b592de73f0ba7b123ea01cf248
SHA5129f824b82a59014fe775107aee27b44113d142b04cce87efccdb31a5979a21df1099c6ce810385e3f70813c3b411e93265f8e4deb0e92e2333989d0084bdd8a60
-
Filesize
6KB
MD540bc5f10c3f59f8a3fa743f1c565cc21
SHA1324d8da8086d17564ab00f0b09f4361511300de5
SHA256e55c39f516da9e193b03dd36697c8b8fe9cddad8dd3180d0cedadcde57d566b7
SHA512c542073a4c86a74101a5edbe7f31a713e5b75e58559d4f2c08d69a2a7f13e0665dddbbd7ecd73855137763526906be4413a9367905eaa430930af7c6cb0a0c6f
-
Filesize
7KB
MD56a2e0e4c58d1f16742fbc2614c138ed3
SHA1ca85f0483f29620d06723263c4e7a20265debebf
SHA2568da8ef3e9384097394ce4beec05aa6c9795f8412947dc30482c23866952733c7
SHA5122123fba24c3a211fb0196c645b918d3421eabbe0c47463c2548febe33c611d58987c12091ac90d9ee71611c666844322a1b0d112ccff1bbbd835548cfc95270e
-
Filesize
7KB
MD5535280b62e4749be06dd05b97488fd10
SHA155226a442c4fa0e8fe990d1dbc253edb2b3c4ae3
SHA256b011664b9dedbd24b623a476b50f9c27d63fb992d0e21109877754ce0563a2f7
SHA5124951ef2aee340e41a91e4b63e95a884a0330019fed480e0f5c765cc46dc85fd3023809ade47067f13a73a81430620547479cea4c7f6f5eadb1d5bf5a0165ee88
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a1b482cb2333ccee70e4e97266a83b5d
SHA1334d21507614928de4d5df023177a7582f7a1414
SHA256421dd53c98374bbd7befc9b30327902f9d0c7908ac1b58d27976ff546f658bfb
SHA512f9366a1ad2cccd4f889a6b0a029856ba0b5fab837bd36b45dcf7206c4fdbd4b04c3664d900716cdbc85d82e9d056aa4818a2aa24ade3d4ee6f4959bc2116d8a4