Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
21/09/2024, 00:39
Static task
static1
Behavioral task
behavioral1
Sample
eebf45640e32d079f5eaa295b6657deb_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
eebf45640e32d079f5eaa295b6657deb_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
eebf45640e32d079f5eaa295b6657deb_JaffaCakes118.html
-
Size
175KB
-
MD5
eebf45640e32d079f5eaa295b6657deb
-
SHA1
aaa6dc60df1639911d602994d2e241ea59485575
-
SHA256
a1bef9cd852a6630175d4ffe2b4f094e7c0f8ac486c81402ba89c63170f7d033
-
SHA512
008e662195bc560d487a2d2fb8f05b8e4ac1ba42c5232bd5527cf9e302d4bb06d08098f4e3c7be8e48847fe87b847e1f65b8911a124f2f759c40f5d0705a0df9
-
SSDEEP
1536:Sqt58gd8Wu8pI8Cd8hd8dQgbH//WoS3uGNkFFYfBCJiZQ+aeTH+WK/Lf1/hpnVSV:SHCT3u/FwBCJi7B
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4864 msedge.exe 4864 msedge.exe 2012 msedge.exe 2012 msedge.exe 2824 identity_helper.exe 2824 identity_helper.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2012 wrote to memory of 2924 2012 msedge.exe 82 PID 2012 wrote to memory of 2924 2012 msedge.exe 82 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 400 2012 msedge.exe 83 PID 2012 wrote to memory of 4864 2012 msedge.exe 84 PID 2012 wrote to memory of 4864 2012 msedge.exe 84 PID 2012 wrote to memory of 1620 2012 msedge.exe 85 PID 2012 wrote to memory of 1620 2012 msedge.exe 85 PID 2012 wrote to memory of 1620 2012 msedge.exe 85 PID 2012 wrote to memory of 1620 2012 msedge.exe 85 PID 2012 wrote to memory of 1620 2012 msedge.exe 85 PID 2012 wrote to memory of 1620 2012 msedge.exe 85 PID 2012 wrote to memory of 1620 2012 msedge.exe 85 PID 2012 wrote to memory of 1620 2012 msedge.exe 85 PID 2012 wrote to memory of 1620 2012 msedge.exe 85 PID 2012 wrote to memory of 1620 2012 msedge.exe 85 PID 2012 wrote to memory of 1620 2012 msedge.exe 85 PID 2012 wrote to memory of 1620 2012 msedge.exe 85 PID 2012 wrote to memory of 1620 2012 msedge.exe 85 PID 2012 wrote to memory of 1620 2012 msedge.exe 85 PID 2012 wrote to memory of 1620 2012 msedge.exe 85 PID 2012 wrote to memory of 1620 2012 msedge.exe 85 PID 2012 wrote to memory of 1620 2012 msedge.exe 85 PID 2012 wrote to memory of 1620 2012 msedge.exe 85 PID 2012 wrote to memory of 1620 2012 msedge.exe 85 PID 2012 wrote to memory of 1620 2012 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eebf45640e32d079f5eaa295b6657deb_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2012 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0b4346f8,0x7ffa0b434708,0x7ffa0b4347182⤵PID:2924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16399806582889405661,14560543065458144527,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,16399806582889405661,14560543065458144527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,16399806582889405661,14560543065458144527,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:82⤵PID:1620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16399806582889405661,14560543065458144527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:3448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16399806582889405661,14560543065458144527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16399806582889405661,14560543065458144527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:12⤵PID:860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16399806582889405661,14560543065458144527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:12⤵PID:3440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16399806582889405661,14560543065458144527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:12⤵PID:1772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16399806582889405661,14560543065458144527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:12⤵PID:4492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,16399806582889405661,14560543065458144527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:82⤵PID:772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,16399806582889405661,14560543065458144527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16399806582889405661,14560543065458144527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵PID:868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16399806582889405661,14560543065458144527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵PID:2960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16399806582889405661,14560543065458144527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:12⤵PID:3156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16399806582889405661,14560543065458144527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:12⤵PID:440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16399806582889405661,14560543065458144527,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1448 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:632
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3736
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2648
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2768
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\83d41492-2f5c-4e08-a707-b568b7620c37.tmp
Filesize7KB
MD52a1597c4d15a27769c146a53b2bd179f
SHA10166125490c6c4fe74f571625fb3bf1c820468a4
SHA256eee7d364c046a30f3517ef6ca63b2b0a45c3b60da1e05e33cd70064f436fd0e9
SHA512e0432f3fda3e862ec2f018d60ac93bcf87a4a5cb590085fbd8020952a1d8a28a4e24eb9194edc26978521da9e6730d551fcb82cbb830082b8d64d2ecc93714d1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize360B
MD5df02d4a2f51c7a46b56fc02cd5082718
SHA133d5f3100145eef657101a65fcfb731bc6c0d68a
SHA256cd25e6e03b9b107549d0fb02658c6d0fcda34bd83b8c611fe16ff280dda817e3
SHA512f8b8a8cef982d82fa9594f6e6ff3331547029235ecc5feae5af69af0a8dde78b49910fda0c8f192cfc063fc9d1e60f420c67683ed087ea3d37f68be2cd0d3824
-
Filesize
2KB
MD5f350927e353021045a600c27d30188a4
SHA1439dbd3b6e1d0ee83425e90dc34037c41a0bc1d1
SHA256037e97405bfab673445a3eaa944f3b9b8fb2f3749e1dd62d7df3763e85de709a
SHA512b189f70be2e13cf75fcac90da67b73a89607bcd5c2c831f54c5204ed6d0ac787dfc312cc80f6d94562adff22f002fbc51a7e6343fef76cf07f1e96496c235556
-
Filesize
2KB
MD58c6c0a17dffdc18524797c6e610ac638
SHA1e7fa390baa87ae34e95cba8d664ea23a0ec4b5d0
SHA256b21a20a57162cbbfead954aad40615be73e8d51a48d8793b6c2b27cbb99ee41f
SHA512f877608bdfe06b374350666e2e0deab15362735b003ab0eb9f1192465190bd92d1394b345da2aa02547871d83fcffa02d88faa0319e97d68db21719ea85e599e
-
Filesize
5KB
MD55da36bb03adb9775676dcc085deaf2f0
SHA104c6fe207ec04151c5bb630e6554299b1385f29a
SHA256bb7c81b45f71d5e3f51e1516d77a806fa68e13718d6d5b82b0ca8a0af8a43bd7
SHA512efa71f88147431fd5d6f3e7131407fcd220388effc925bd2caf153f51ca9c4ab7245df3804cd1c2f61428cfb16ec324126767d07f8035f29cdd3ab891c3f8c48
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD522be072e131ea9ef60e367b72a4165da
SHA123900dc60b44a9aeaa45ada167fd515818289d3d
SHA256f3e037f52a0c21d38402138d8179284928777a257b9c13e1e2ccb2fcc41c65c2
SHA512cf429e01098a22e3aca471b1d7d0d60c7e7a452322df6a6e11a0604adeaaebb7fb08acc5074427c0081722db85b3a2d68b7282785589c4d6048b5aad23ccb8ad