Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
28/08/2024, 20:57
Static task
static1
Behavioral task
behavioral1
Sample
c7a3ab8cd8f1f08ba61989940e27c1c4_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c7a3ab8cd8f1f08ba61989940e27c1c4_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c7a3ab8cd8f1f08ba61989940e27c1c4_JaffaCakes118.html
-
Size
7KB
-
MD5
c7a3ab8cd8f1f08ba61989940e27c1c4
-
SHA1
f2937d2de69fd261c1783f643f46061342eb01cb
-
SHA256
e5be84ffcd14b351dacd8d0c2ea7e79d345fb7146c736cff1c4032f6525fa057
-
SHA512
e76db17c4f13ffe4b548f7083056472686ba89d66736cabc0c47774f36d7f75f0b01de3d6e59f4a484356c8608e01b822fc0d6a4da3d0d623eed3d2f6f544c2a
-
SSDEEP
192:lk2IzUUpEXVg7nVhiBfpIgpCh4W0Cxhnl4sM:lk2WUUpEXVg7nVhiBfp7IhZ0CxhnlRM
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1720 msedge.exe 1720 msedge.exe 4112 msedge.exe 4112 msedge.exe 1848 identity_helper.exe 1848 identity_helper.exe 5656 msedge.exe 5656 msedge.exe 5656 msedge.exe 5656 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe 4112 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4112 wrote to memory of 4056 4112 msedge.exe 86 PID 4112 wrote to memory of 4056 4112 msedge.exe 86 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1756 4112 msedge.exe 87 PID 4112 wrote to memory of 1720 4112 msedge.exe 88 PID 4112 wrote to memory of 1720 4112 msedge.exe 88 PID 4112 wrote to memory of 3664 4112 msedge.exe 89 PID 4112 wrote to memory of 3664 4112 msedge.exe 89 PID 4112 wrote to memory of 3664 4112 msedge.exe 89 PID 4112 wrote to memory of 3664 4112 msedge.exe 89 PID 4112 wrote to memory of 3664 4112 msedge.exe 89 PID 4112 wrote to memory of 3664 4112 msedge.exe 89 PID 4112 wrote to memory of 3664 4112 msedge.exe 89 PID 4112 wrote to memory of 3664 4112 msedge.exe 89 PID 4112 wrote to memory of 3664 4112 msedge.exe 89 PID 4112 wrote to memory of 3664 4112 msedge.exe 89 PID 4112 wrote to memory of 3664 4112 msedge.exe 89 PID 4112 wrote to memory of 3664 4112 msedge.exe 89 PID 4112 wrote to memory of 3664 4112 msedge.exe 89 PID 4112 wrote to memory of 3664 4112 msedge.exe 89 PID 4112 wrote to memory of 3664 4112 msedge.exe 89 PID 4112 wrote to memory of 3664 4112 msedge.exe 89 PID 4112 wrote to memory of 3664 4112 msedge.exe 89 PID 4112 wrote to memory of 3664 4112 msedge.exe 89 PID 4112 wrote to memory of 3664 4112 msedge.exe 89 PID 4112 wrote to memory of 3664 4112 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c7a3ab8cd8f1f08ba61989940e27c1c4_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4112 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3dd746f8,0x7fff3dd74708,0x7fff3dd747182⤵PID:4056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10576533575503853445,8015692702928584101,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:22⤵PID:1756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10576533575503853445,8015692702928584101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,10576533575503853445,8015692702928584101,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2416 /prefetch:82⤵PID:3664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10576533575503853445,8015692702928584101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10576533575503853445,8015692702928584101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:2380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10576533575503853445,8015692702928584101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:12⤵PID:2836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10576533575503853445,8015692702928584101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:12⤵PID:1140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10576533575503853445,8015692702928584101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:12⤵PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10576533575503853445,8015692702928584101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:12⤵PID:3852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10576533575503853445,8015692702928584101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6564 /prefetch:82⤵PID:1148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10576533575503853445,8015692702928584101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6564 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10576533575503853445,8015692702928584101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:12⤵PID:4040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10576533575503853445,8015692702928584101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:12⤵PID:2444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10576533575503853445,8015692702928584101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:12⤵PID:1652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10576533575503853445,8015692702928584101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵PID:1084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10576533575503853445,8015692702928584101,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5164 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5656
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2656
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3600
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD58c843e887f544b9c7fb12416cc403fd8
SHA1fcb74c0cb17bc3eaca08f3948fcb082786af94a8
SHA256077112349b139aa3a8f6160783cf3fe4e41ab08de3848a7d3f413dd86f8d9939
SHA51231942725dc2c0b7f0a24dbb32ca76c98e879cc1f75e792a0b1dbbff0de2599b8059610bb7bb869759b1021b04a68fae7955e7d656b9b074fd8bf3a71da3074dd
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
Filesize
212KB
MD52257803a7e34c3abd90ec6d41fd76a5a
SHA1f7a32e6635d8513f74bd225f55d867ea56ae4803
SHA256af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174
SHA512e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD57b3f7dca6e9b2d600fb3df3f25118b27
SHA17f4702e6d477175ab970c3d0ae8715d4c11c96a1
SHA256cd9ed8c84bb6d584efce28dc2ed1f9a6dde9b4d1f9481a3f55c0146ae53fb4ee
SHA512fecfa66079236f5c246c667c5b518fcc9d394ac212dc6b4e207def91dd425c507b5f0b5755843df59c348c180e95d0cce3731bc1e7cfee74d95f69a67b3fc7b1
-
Filesize
817B
MD5ab524b99a2d3c1c417538ef74ca378df
SHA1a777f1449b921c598dedd8e48fd9f4001ea1a5d2
SHA2564dd76538df4d8c32f7fa91dd4897070891e39eb9b4338b9f0f2feb698772ecc4
SHA51223689966d8e9dba138454d4d01b44395e43c9990d9d0aebf09195c74f242a8d5a94e35a0a98b0d3e106e7cc11852c4d6ba49a859164794e8f0cd812678bb9cba
-
Filesize
6KB
MD5010e4bbc27b2c4cdbf7c113d6a121bbe
SHA13d478a77c434d10b776e3b8857ca4731af61832c
SHA256457fc1ad035a06744cf19b8a874437dfabf65bda71b7c98e373bdbbf952d6a78
SHA51277fa79f88735481fbffb405c9cdece96a4dcdb105eec780d1471187d1f7fef9b27d0decae6de94bc571c96f92a50ef88487412414d47e42614934ece4e45c255
-
Filesize
6KB
MD57e63502c8a0c1083c5a727cbf94101df
SHA1244493e34dd874d9c03cdc64e7620a3c25a7001b
SHA2563f6ae3f0a7853bd8bfbfd012c9a689602e45fa55475e7788479dd8e4196ef119
SHA512d069f36f7ce7da2c29f0cb3fa1fb1f98cff039f690de1c07e6a6676478e5a0d5eac30af20146bf0a3313a35df2df75dd574953c5ec6006394d130dd190162bec
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389