Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11/09/2024, 04:26
Static task
static1
Behavioral task
behavioral1
Sample
d99bc4f8694ff8fa26a408e7acae473b_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
d99bc4f8694ff8fa26a408e7acae473b_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d99bc4f8694ff8fa26a408e7acae473b_JaffaCakes118.html
-
Size
175KB
-
MD5
d99bc4f8694ff8fa26a408e7acae473b
-
SHA1
136c05a68ba5e223bb5abd83ebd1888f459c61d5
-
SHA256
7ad22879022f991dfe2ccab1a09379044abf7c4bca4952b969f53f269c76f9f8
-
SHA512
0fb14d0f156dc1962a032db9976e103e2d9f46d11a526bb36b357eb5b7f11c6a51487daa0e32e7b8870a5a492196220546ef919300e3bd5748677a0623dbec2e
-
SSDEEP
1536:Sqtz8hd8Wu8pI8Cd8hd8dQg0H//3oS3JGNkFVYfBCJisV+aeTH+WK/Lf1/hmnVSV:SOoT3J/FABCJiZm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1404 msedge.exe 1404 msedge.exe 2632 msedge.exe 2632 msedge.exe 3208 identity_helper.exe 3208 identity_helper.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2632 wrote to memory of 532 2632 msedge.exe 83 PID 2632 wrote to memory of 532 2632 msedge.exe 83 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 4960 2632 msedge.exe 84 PID 2632 wrote to memory of 1404 2632 msedge.exe 85 PID 2632 wrote to memory of 1404 2632 msedge.exe 85 PID 2632 wrote to memory of 3960 2632 msedge.exe 86 PID 2632 wrote to memory of 3960 2632 msedge.exe 86 PID 2632 wrote to memory of 3960 2632 msedge.exe 86 PID 2632 wrote to memory of 3960 2632 msedge.exe 86 PID 2632 wrote to memory of 3960 2632 msedge.exe 86 PID 2632 wrote to memory of 3960 2632 msedge.exe 86 PID 2632 wrote to memory of 3960 2632 msedge.exe 86 PID 2632 wrote to memory of 3960 2632 msedge.exe 86 PID 2632 wrote to memory of 3960 2632 msedge.exe 86 PID 2632 wrote to memory of 3960 2632 msedge.exe 86 PID 2632 wrote to memory of 3960 2632 msedge.exe 86 PID 2632 wrote to memory of 3960 2632 msedge.exe 86 PID 2632 wrote to memory of 3960 2632 msedge.exe 86 PID 2632 wrote to memory of 3960 2632 msedge.exe 86 PID 2632 wrote to memory of 3960 2632 msedge.exe 86 PID 2632 wrote to memory of 3960 2632 msedge.exe 86 PID 2632 wrote to memory of 3960 2632 msedge.exe 86 PID 2632 wrote to memory of 3960 2632 msedge.exe 86 PID 2632 wrote to memory of 3960 2632 msedge.exe 86 PID 2632 wrote to memory of 3960 2632 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d99bc4f8694ff8fa26a408e7acae473b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2632 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd95346f8,0x7ffcd9534708,0x7ffcd95347182⤵PID:532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5737183715339519866,11961742842923331596,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:22⤵PID:4960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,5737183715339519866,11961742842923331596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,5737183715339519866,11961742842923331596,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:82⤵PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5737183715339519866,11961742842923331596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:1412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5737183715339519866,11961742842923331596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5737183715339519866,11961742842923331596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:12⤵PID:452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5737183715339519866,11961742842923331596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:12⤵PID:4852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5737183715339519866,11961742842923331596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:12⤵PID:1180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5737183715339519866,11961742842923331596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵PID:1936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5737183715339519866,11961742842923331596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:82⤵PID:1576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5737183715339519866,11961742842923331596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5737183715339519866,11961742842923331596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:12⤵PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5737183715339519866,11961742842923331596,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:12⤵PID:4480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5737183715339519866,11961742842923331596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:12⤵PID:4284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5737183715339519866,11961742842923331596,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:12⤵PID:1056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5737183715339519866,11961742842923331596,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1864 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:6132
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3740
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3792
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2176
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7114a6cd851f9bf56cf771c37d664a2
SHA1769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA51233bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8
-
Filesize
152B
MD5719923124ee00fb57378e0ebcbe894f7
SHA1cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize480B
MD50fb0f287bf5f91cbeea2f3584c675f95
SHA1485dc7070199e33defb0b6453dc7e6a19ea03844
SHA25690bd2f5600fe595306106c3d5ab2f0c1f8a80ddebd012dd2ac8d5a0b37203a4e
SHA512a94c1f63822560ada767b96995127ac7e8d028a5add5e5e4eb2e8096d477a5c4418dcb6968a8f3b0a6cfc45d37b06fd39d06bd2aa1df9535d311892451c991ef
-
Filesize
2KB
MD5853b084818909d727021b3b432fdabe5
SHA180d99615123f8999ddffde95fbda693efc0521e1
SHA25670d97e1134d65f11da9914b63cf8afbf359faa3d9be74fe1fa0251ce75ac5cb3
SHA51205794a1a6b8fab6befb8397da0e7c21f9eae451dc304c3cef3bf6f041d7ff22d6056c60f62469f6655e8edd7edc25e2d84e8f9440c894940bd8e0b92791884d6
-
Filesize
2KB
MD50929ecdf8c3c8b1fe64344f043278e7e
SHA176c67214239136db2900c17f4cbe7b9c05f49126
SHA2562100b85b3c9a819ea82246129e23c33bd498d9ec44205796483e0c1d5be5b4ca
SHA512faaa73877512c43d5e4037c6c011b22bddae0191b4d20319823b2dee08a24a557b3cec904a0afe0d66062b26ef9ffae0cc105a4b33c58b00861e5e31f2919f2f
-
Filesize
5KB
MD5f1fa19b2fa3063dd3b31ac347ba7b940
SHA13c3f76fdfc833201f37ced7c6eccaed5df7e98b5
SHA256528d03f593620ca1a40f2c8b0c0cf8170ffc872141616cbd793e8c5e406eff34
SHA512854a7e95120d07dcd549a0daeed62c895c66d25f4123c2a753fee0f04c8a6ef486885231b83c82c980bca0b6e9b5182ce7c8aadab4f76a25e63b5bd84a91b104
-
Filesize
7KB
MD54f2a1672703515c8561c8ec8eb72fc85
SHA107005ee99780aa9dab6e3d1298a93dadd128f450
SHA2566a4edd27b461e2df5513a5a44377d9e152677cdabc840ce187848385c47ac532
SHA512514c8bf66b004a8bae7e5fc3443fab798935032a895d78d8dfc465e2943b0b4e823dd70a52f3d4f13efef6a86440788cdd019c1d7d8a30bbbf5361ff3e01d378
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD52cd6f9a5c7b1d7e03842ea5fdeb142bd
SHA18a6cbe5a9bcab17c75d826a53f6072ad062cb67e
SHA256fda184b0515303a7989ae7a6c10b5b9c63ac680a84ac8cf47c3fca24e468f1e5
SHA51267b238fd0263d551437a45d871f908fd699fdb4cbaa31ace2b92e877a2e599b9103a3e728273d54c1377da47871107edfe61d33a97531959b3a3096b19ac1b9a