Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
21/09/2024, 10:43
Static task
static1
Behavioral task
behavioral1
Sample
ef9eaf5920e47570cd9483ce36c6633e_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
ef9eaf5920e47570cd9483ce36c6633e_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
ef9eaf5920e47570cd9483ce36c6633e_JaffaCakes118.html
-
Size
68KB
-
MD5
ef9eaf5920e47570cd9483ce36c6633e
-
SHA1
b0db9bd3ecc68653e9a915a006397f62fb9d6aa7
-
SHA256
0ef55b5208822397c9e0d1f5838d74949a6779349c09499fc2efd72af5483822
-
SHA512
685a02cc73f5d48cbe6626cfd07b92b39a1fd70fbf6febe25eefe01765ffb4dc9fca45535a2ea403c797ad7b4dad19e7730bbc89caa763de2f305f278740c6de
-
SSDEEP
1536:1Gw4IakhqCOZyP47jFi4o/LzX+W3tymIV91EArhv/zaW/neLoto8IJrQ:1cIecagtymk91EANv/zaW/neLoto8IJk
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1472 msedge.exe 1472 msedge.exe 2796 msedge.exe 2796 msedge.exe 1548 identity_helper.exe 1548 identity_helper.exe 1292 msedge.exe 1292 msedge.exe 1292 msedge.exe 1292 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe 2796 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2796 wrote to memory of 4412 2796 msedge.exe 83 PID 2796 wrote to memory of 4412 2796 msedge.exe 83 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 2704 2796 msedge.exe 84 PID 2796 wrote to memory of 1472 2796 msedge.exe 85 PID 2796 wrote to memory of 1472 2796 msedge.exe 85 PID 2796 wrote to memory of 4688 2796 msedge.exe 86 PID 2796 wrote to memory of 4688 2796 msedge.exe 86 PID 2796 wrote to memory of 4688 2796 msedge.exe 86 PID 2796 wrote to memory of 4688 2796 msedge.exe 86 PID 2796 wrote to memory of 4688 2796 msedge.exe 86 PID 2796 wrote to memory of 4688 2796 msedge.exe 86 PID 2796 wrote to memory of 4688 2796 msedge.exe 86 PID 2796 wrote to memory of 4688 2796 msedge.exe 86 PID 2796 wrote to memory of 4688 2796 msedge.exe 86 PID 2796 wrote to memory of 4688 2796 msedge.exe 86 PID 2796 wrote to memory of 4688 2796 msedge.exe 86 PID 2796 wrote to memory of 4688 2796 msedge.exe 86 PID 2796 wrote to memory of 4688 2796 msedge.exe 86 PID 2796 wrote to memory of 4688 2796 msedge.exe 86 PID 2796 wrote to memory of 4688 2796 msedge.exe 86 PID 2796 wrote to memory of 4688 2796 msedge.exe 86 PID 2796 wrote to memory of 4688 2796 msedge.exe 86 PID 2796 wrote to memory of 4688 2796 msedge.exe 86 PID 2796 wrote to memory of 4688 2796 msedge.exe 86 PID 2796 wrote to memory of 4688 2796 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ef9eaf5920e47570cd9483ce36c6633e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2796 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd73946f8,0x7ffcd7394708,0x7ffcd73947182⤵PID:4412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8310763107066407153,3255422914031575703,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:22⤵PID:2704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,8310763107066407153,3255422914031575703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,8310763107066407153,3255422914031575703,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:82⤵PID:4688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8310763107066407153,3255422914031575703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:4728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8310763107066407153,3255422914031575703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:4976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8310763107066407153,3255422914031575703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵PID:1932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,8310763107066407153,3255422914031575703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:82⤵PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,8310763107066407153,3255422914031575703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8310763107066407153,3255422914031575703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵PID:1672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8310763107066407153,3255422914031575703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵PID:1428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8310763107066407153,3255422914031575703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:12⤵PID:4916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8310763107066407153,3255422914031575703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵PID:3148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8310763107066407153,3255422914031575703,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1292
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4480
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2388
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ab8ce148cb7d44f709fb1c460d03e1b0
SHA144d15744015155f3e74580c93317e12d2cc0f859
SHA256014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff
SHA512f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4
-
Filesize
152B
MD538f59a47b777f2fc52088e96ffb2baaf
SHA1267224482588b41a96d813f6d9e9d924867062db
SHA25613569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b
SHA5124657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b
-
Filesize
23KB
MD5c897f8479da25ec570027594f1b4db24
SHA181a3ff06cf35a87e697fc4733966dffc270ad06b
SHA2567fd05e325904c9c31e435d5c65b9b4ffa11a9116d1df0282d6cd7c87ef6f1dbc
SHA512b1c1c46810c3bc5c407f7d30a9d74db8242860965d958ffc5bfeed35b1204774843775ae81b8c414ea89322d00d7ab97313965e20cebba588edf13b9b8dcbc10
-
Filesize
45KB
MD5ede70f717200a59b4cb831635de913a1
SHA1d4d6e893ac192b5df087e924ab3356852f8a7bc0
SHA256c63fbcc69de230e4844cf735ccf668eeaf30e42126eeb464da39c2de6b0b0051
SHA512b621bde28b90ba97c122677989d994cb5e88fd0906366af1a23ad3f9d9f3b7f2bbef95873f29100433d4068fbbf7ab798505e68deefc118097fc5f76dfc4b672
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD57d9fcb00d828ce81061b0edb7e763014
SHA1cc571f61b93ccd3caf21b93a114b0adc0f5859a0
SHA256014fcf4ad5170fe7a0ea04bce16334526c358b3eace9ccba0c37f3757ee451ca
SHA512e3b2c114207d869e11b97c9735815f25f4954435b26d7092f79e2e8f87c39b6783087a65b79c2bc70239318b82eb25ae4c14c50a4d62d33c64d89979ccd4abd7
-
Filesize
1KB
MD58ecbbcc6e432cf9aa025a2573d65ecf5
SHA1282ce62389896d18f2accc9be7ec3b940c45caa4
SHA25669905ff9870aa54ff033220616229586670e7c5d56a07d1b611141658b8ea16e
SHA51225cb8e58809222d78dc5b55b6f23116581647c7075bcb9b411bae15de9e6c87ca6d14261ef32822827168b8c38cf63a122e99ad96b208089be368a306228b72f
-
Filesize
1KB
MD5f44b1f29e568d5ad39080adae245be93
SHA16f038540961b91b9831e9eaba435f62c35956182
SHA256ee0af33fa6c5fba92bf6b39e5989937e72dfe04d2ce35a56f5a7f489f9520770
SHA512e17920c52a6f21ed0bfcce912de47c0bbb3a0228cb36496ad57bfcf6b1381f7e633aeb15f8f7d313b5004fa4a5fedb4ac11eb397057a9278c32b129dfdb62f4e
-
Filesize
5KB
MD5ddd1d1367421adb877990aeb784c3163
SHA103bdbed83d39f7f6bb725c5ac4fee4203dc4d791
SHA25611ac1facd26a07f9e145889020e821ee5a2ad21736b9c562504410c32f7ff605
SHA512f59ca0823f6053c289e4b6c7d41c862a3e734cf4884bb28bb8daa9967bbfc40580a807e639283930e13484a784b5ac8eeca72c99c3c6ddd412c3b1aca7035727
-
Filesize
6KB
MD53b910b53348a17042a22eba3096f0e56
SHA185b6343916654bcf2765a1a2e28862780d7f74c6
SHA256115c88720d73de2db06fbbc4b24f65bbd4b1102429d6ac38e49e02bef7866c85
SHA512ba07dae319019843ae5b8fd75bf8edf200515fccee25120b056f35bb4e44c987d2a57e229a5aa1777cd8d877a9b192eb581abe866d913eadaa0031a756c3a8cb
-
Filesize
6KB
MD50009afe4cb5d5aeabb2f29082f905a27
SHA119070aaa6887f46928f86e55d6df93be7e7304d9
SHA25620067aabd60b9d44f137d35349b1c9c9e29435193a27f3bfb7871f9e0b797598
SHA512bd50e3f0b0da05d8a7ceb20e1e054e4fb1f094c754354c4ae912f2c6405f3059e11e3799416cf6dae7a44ee2637d92e9d8ad881fb57717b54b6dcb7fdf524ff6
-
Filesize
6KB
MD5e00ff25e97a1656cf775b846487b3754
SHA16a8424af8f202eab61818b8deed09870eb2e2252
SHA256711aeb4a1bfd974043434a12aabb947b2488e43290e8702508991e9ca87d24db
SHA512fc962eb6b0c29bbfbcfbd1de5eb53067590ba69e7b1efb57c047d130eaa7f09552b819da1a3f6d851df9f3f6a4f9bec789e99ce873dc3d2ef8689558812c0c67
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5108853f2eb70dd7373233c052ab732b0
SHA14158856b11eea3f58c0b87dff5cbb97746d17abb
SHA2560f90cfad526e44f45af59d02e1f9bebab8cba7cf093dfba31bfd422e859c5188
SHA512f4b471b4b1eebbf95f681d2aea3cf450b653a21435f70d29c5096361321c0ce9e2bc5a1b652a2f5e65d307e2b08959ca7aba11fe24207c8ad7db250893b1cc92