Analysis
-
max time kernel
145s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
10-07-2024 21:09
Static task
static1
Behavioral task
behavioral1
Sample
3664900f0c71adcf89ab68f43c936184_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3664900f0c71adcf89ab68f43c936184_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
3664900f0c71adcf89ab68f43c936184_JaffaCakes118.html
-
Size
81KB
-
MD5
3664900f0c71adcf89ab68f43c936184
-
SHA1
baf8c0cfdba9ef1d734c85103b39add124dfa3a7
-
SHA256
7652780ff48f3be93152785f7535af953f02c8371f5699c0de41ec14d05d4c9f
-
SHA512
1545de87064d525521a8eb01e857069c993d49d714511cc2274b506ba8621d3d1a4b66a4a33d618f69ab01b2e38aa90bba833e3e023cba0003fa0db1a233c57d
-
SSDEEP
1536:yqj8u3KKvbdkuS/2AVSiwepzYtqF2p0X70zHhXLNcYp/BJZ6qR+apSy7wwO743ql:yqj8TKvOu22NlpSmw37MqvROo
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4752 msedge.exe 4752 msedge.exe 3192 msedge.exe 3192 msedge.exe 1444 identity_helper.exe 1444 identity_helper.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3192 wrote to memory of 3224 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 3224 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4452 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4752 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 4752 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 64 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 64 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 64 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 64 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 64 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 64 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 64 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 64 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 64 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 64 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 64 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 64 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 64 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 64 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 64 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 64 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 64 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 64 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 64 3192 msedge.exe msedge.exe PID 3192 wrote to memory of 64 3192 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3664900f0c71adcf89ab68f43c936184_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3192 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff820a46f8,0x7fff820a4708,0x7fff820a47182⤵PID:3224
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3448084035101521010,15680180557043690550,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:4452
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3448084035101521010,15680180557043690550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4752 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,3448084035101521010,15680180557043690550,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:82⤵PID:64
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3448084035101521010,15680180557043690550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:5000
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3448084035101521010,15680180557043690550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:4964
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3448084035101521010,15680180557043690550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:2232
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3448084035101521010,15680180557043690550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:82⤵PID:4788
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3448084035101521010,15680180557043690550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1444 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3448084035101521010,15680180557043690550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:12⤵PID:1172
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3448084035101521010,15680180557043690550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:12⤵PID:1724
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3448084035101521010,15680180557043690550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:2040
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3448084035101521010,15680180557043690550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵PID:4976
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3448084035101521010,15680180557043690550,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2800 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3732
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3276
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2144
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51f9d180c0bcf71b48e7bc8302f85c28f
SHA1ade94a8e51c446383dc0a45edf5aad5fa20edf3c
SHA256a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc
SHA512282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785
-
Filesize
152B
MD560ead4145eb78b972baf6c6270ae6d72
SHA1e71f4507bea5b518d9ee9fb2d523c5a11adea842
SHA256b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7
SHA5128cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize408B
MD504d087549446c4b69d2203a1e31c61d9
SHA13d98506af03cca132294cfa11e71feacd8675f14
SHA2567f965f72015d55b31f5c8460b868626eac4545eb3f5cdbe51e6eca6607a572ce
SHA512dfa88556b5e4790cdf1eb3109719f33dee8c9ba214f84cee90561a7587754210c91f14e9dd6284c3e749aea9c2fd2116dc6e8e62e239fe922bf3878d607a170e
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
1022B
MD5000b1cfad30706698afec33967fbf8ab
SHA1ffd5cc382a3594803eca7fb10e49cdd025d166f8
SHA2561df1013510dfecca52b8ff4734db51e07e13a8219e3da809e1c86fe26893fcbf
SHA512eb557cdd75ce823c413dbdb6fd2c05dc86cd85b3827b08414198dc1a04963cad1c0aad484377d3ff1536ccd696a4cf5fc25f2f29b0bee08331a8896f10921400
-
Filesize
6KB
MD56e8ba14eac33736f6f0cf7eb385fe2c4
SHA120448b95a820172337f5d4765fb77612cecf88c7
SHA256169b1163686f76e90f8a0fdfbf780cc5ebff3a441f76f4384c2048cd37465d72
SHA51210664f07018f765a84e79dc96d12a829ae591e44f2d96adf3565f960d6ba3f449640e6e45eb916943706b1e17b98c04e53faa9466fbf816f83786c236cfc11fc
-
Filesize
6KB
MD50a8db266877c0b46c290ab3d292658be
SHA14a7b8a1e1928eef2c85426fd9f1a78d89421dcc5
SHA2567ba15662029ae0cd44984034a4dd7ab34034c259693ab3c37f5f5f2a472309e8
SHA5128260bdc46aa45b783e10b8004eb6ef2c9c50fe478562c296a47c56b6cea73ff11a5989a1cdec4be79f3a29e6978d4107fccc7fd3f372cebacf5085edb9405518
-
Filesize
539B
MD52facdb5d9024fe1e7c9626657f8d331f
SHA1dc6f1df5c550d2de8df173df16d4961de1014b8f
SHA256728706e7f4d85ef98697aac870aca111d8196443595f1a164f5e3ac7ee6ca1ba
SHA51277e7d3596039be74b6b517b30ed6e725b5d045cf8f9e24386beb3f7060ff13fb712b3b237ee92a5ad3a30f17bba81008bdbbccf2efeda4fb1469f4792abfe83c
-
Filesize
539B
MD51ca8d07489a437730211b936b3fecbb3
SHA195cd370355a65a66ec9c24adb33e59e8d451d4c1
SHA256c43cde20acc4601b1f1c40556b1a92dabde75e99a6e40004ebedbf266c8816e8
SHA51289ab8910c8b05b4364151e1173b5f1ceafb6325a61365f35c4447cb2e2c814bc94686d1b1d9c9bd3b09736f0d656807e47365f2f6d4a720b220c32afcee17b59
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD52febdf8f60427cc5f25c5195d4d6201e
SHA15823f39b4b99b6d6d9353129bdca99b8e5f1d161
SHA2564b0d6ce11b25dbaec67c79f087d820aef5ab6172e05f49df185843c920bbbbae
SHA512ecacc1e84e2a9856d0644ea3fbed742ed338e42fdfd819031dcdbfab4012158ff4ae1bd41d73ce10d527a612ac77877d2417b8e4ee38c7bac1cf427a8aa5eec3