Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29/08/2024, 12:31
Static task
static1
Behavioral task
behavioral1
Sample
c8d241ef911c6fd4fac8adcd19c64253_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
c8d241ef911c6fd4fac8adcd19c64253_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c8d241ef911c6fd4fac8adcd19c64253_JaffaCakes118.html
-
Size
176KB
-
MD5
c8d241ef911c6fd4fac8adcd19c64253
-
SHA1
85a1fc55e013e54be3de68b97b3c9fa58a1a9eef
-
SHA256
67ead16ed79d37a0ceaaf862ec68b4976ec9ab6b6565d90832daf53bfefbad63
-
SHA512
7343ee5b32da3fc1cffeb18758341923ff55bbe8b5d404a2042774b5f23444661658153cc966016b55eb6c40e0b8a97b1bd8c39d17a5f0ba8609199c56df044a
-
SSDEEP
1536:Sqt58gd8Wu8pI8Cd8hd8dQgbH//WoS3GGNkF8YfBCJiZ6+aeTH+WK/Lf1/hpnVSV:SHCT3G/FZBCJixB
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2728 msedge.exe 2728 msedge.exe 1108 msedge.exe 1108 msedge.exe 4524 identity_helper.exe 4524 identity_helper.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe 4844 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe 1108 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1108 wrote to memory of 5000 1108 msedge.exe 84 PID 1108 wrote to memory of 5000 1108 msedge.exe 84 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 4040 1108 msedge.exe 85 PID 1108 wrote to memory of 2728 1108 msedge.exe 86 PID 1108 wrote to memory of 2728 1108 msedge.exe 86 PID 1108 wrote to memory of 1896 1108 msedge.exe 87 PID 1108 wrote to memory of 1896 1108 msedge.exe 87 PID 1108 wrote to memory of 1896 1108 msedge.exe 87 PID 1108 wrote to memory of 1896 1108 msedge.exe 87 PID 1108 wrote to memory of 1896 1108 msedge.exe 87 PID 1108 wrote to memory of 1896 1108 msedge.exe 87 PID 1108 wrote to memory of 1896 1108 msedge.exe 87 PID 1108 wrote to memory of 1896 1108 msedge.exe 87 PID 1108 wrote to memory of 1896 1108 msedge.exe 87 PID 1108 wrote to memory of 1896 1108 msedge.exe 87 PID 1108 wrote to memory of 1896 1108 msedge.exe 87 PID 1108 wrote to memory of 1896 1108 msedge.exe 87 PID 1108 wrote to memory of 1896 1108 msedge.exe 87 PID 1108 wrote to memory of 1896 1108 msedge.exe 87 PID 1108 wrote to memory of 1896 1108 msedge.exe 87 PID 1108 wrote to memory of 1896 1108 msedge.exe 87 PID 1108 wrote to memory of 1896 1108 msedge.exe 87 PID 1108 wrote to memory of 1896 1108 msedge.exe 87 PID 1108 wrote to memory of 1896 1108 msedge.exe 87 PID 1108 wrote to memory of 1896 1108 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c8d241ef911c6fd4fac8adcd19c64253_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1108 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff379446f8,0x7fff37944708,0x7fff379447182⤵PID:5000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,3747820450432729565,1693495738083103653,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:4040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,3747820450432729565,1693495738083103653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,3747820450432729565,1693495738083103653,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:1896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3747820450432729565,1693495738083103653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3747820450432729565,1693495738083103653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:2004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3747820450432729565,1693495738083103653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:12⤵PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3747820450432729565,1693495738083103653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:12⤵PID:1080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3747820450432729565,1693495738083103653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵PID:2260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3747820450432729565,1693495738083103653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:12⤵PID:2424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,3747820450432729565,1693495738083103653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3332 /prefetch:82⤵PID:2072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,3747820450432729565,1693495738083103653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3332 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3747820450432729565,1693495738083103653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:3768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3747820450432729565,1693495738083103653,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵PID:4680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3747820450432729565,1693495738083103653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:12⤵PID:2196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3747820450432729565,1693495738083103653,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:12⤵PID:2888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,3747820450432729565,1693495738083103653,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5496 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4844
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3752
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1784
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2196
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ab8ce148cb7d44f709fb1c460d03e1b0
SHA144d15744015155f3e74580c93317e12d2cc0f859
SHA256014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff
SHA512f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4
-
Filesize
152B
MD538f59a47b777f2fc52088e96ffb2baaf
SHA1267224482588b41a96d813f6d9e9d924867062db
SHA25613569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b
SHA5124657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize384B
MD5a840e2332dd42bb210c081c73439759d
SHA175ccce3fc6a895f251d648d7e2fd39b635d694fc
SHA25684f0c5ccff7827f2cc7533fbbe0c0cfa6c174b8b0b93d223dbb9dec96454ff6e
SHA512ecf02189e5709045ef3e0c3286cd924f5044c19a4e99d745177b2bf054449c1936596475fc5cc1ae3201ebf110d2e8072082600b7f0e11be377978c00725cc40
-
Filesize
2KB
MD57d1738c9599f52d8348ef5048f242435
SHA1976baf5d006a8712630b95b5ccb9082d15ccb671
SHA256e0070bc89e9e1d4401a20b9380390d57af8f3389e7e0ade43a19f46d4b52eae2
SHA5124cd61bf6360fb2af9b4414bf5da8acf7800f97cbb4ba11f8fd0169dc9c94b2b21fc9d2be4ef8f374fc44e51003452be553069192beeb1f359903c5e21dd80432
-
Filesize
2KB
MD5323b47a70ba9b011f792c27bd8923a89
SHA1dfd06279257c4e261f7f0a6da976004d85fbac40
SHA25639edb7124beaf39ce926f0d4d630c902ca10112480df2a55016a422f3fcea8a4
SHA5128ae5b9e51ca278c4a6b7eeedd515702c8119afa7f081eca05a947a129953c0e6dccf0970f88a301b4624460533695e87456184a02ceb220b5928d2add0476d38
-
Filesize
5KB
MD5c3466dd406c23db131a035c1834c0b82
SHA1fa5353e1879399c0b82d9d9d1c6b5de6d138a841
SHA25685f46eb66b274b6c962b10c03ab63fd988782d8184ccb44cf08d3ab9bff20221
SHA512ac1c2dd416d6f9a0d2da92257e64c3e1dca08bf3de02793910ca29f61dc7514980c1f5c6e9ba3e55dfc2b69850d0f8551ac9cf4f868b3163d427e58b5df7134e
-
Filesize
7KB
MD570ad18a0798326ee29e53fdf925d80cc
SHA138916940e29468210bda5efd21a04c706b30820b
SHA256a66d7c280ef03bf286511f1cad08cc2edabf08e901fa916cea25112a81126741
SHA51224799bce1cb60775adc3d9740cad7ff8f25c8ef0faf06abd1b20cef070a5c5ecbb297e51ce6f349bcaeb2b4cc6a644ba1f79b2a6066fab0f9557651d02a1f2f6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD542af51b18b2702db749932d5539bbf1b
SHA1f280ccf761a00ac732002e2a68284a1fa08b6b1e
SHA25642fe47725efcffba450325dcc05846147939fd9a1a499b092d749c3aaa652364
SHA512cb42dd0b2477a143f8c79293c1c62fc8edc6711569a677835225bb12bc3d79b66439078f0aba5ffe4b1e2061c677ea90bf3c7501ae0c0bef40997b034854b043