Overview
overview
7Static
static
72a60e300c9...18.exe
windows7-x64
32a60e300c9...18.exe
windows10-2004-x64
3$PLUGINSDI...64.dll
windows7-x64
3$PLUGINSDI...64.dll
windows10-2004-x64
3$PLUGINSDI...RL.dll
windows7-x64
3$PLUGINSDI...RL.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...sh.dll
windows7-x64
3$PLUGINSDI...sh.dll
windows10-2004-x64
3$PLUGINSDIR/inetc.dll
windows7-x64
3$PLUGINSDIR/inetc.dll
windows10-2004-x64
3HtmlView.dll
windows7-x64
3HtmlView.dll
windows10-2004-x64
3MCI_CMD.dll
windows7-x64
5MCI_CMD.dll
windows10-2004-x64
5downlib.dll
windows7-x64
3downlib.dll
windows10-2004-x64
3dp1.dll
windows7-x64
3dp1.dll
windows10-2004-x64
3eMMedia.dll
windows7-x64
3eMMedia.dll
windows10-2004-x64
3help.htm
windows7-x64
3help.htm
windows10-2004-x64
3iext.dll
windows7-x64
3iext.dll
windows10-2004-x64
3iext.dll
windows7-x64
3iext.dll
windows10-2004-x64
3iext2.dll
windows7-x64
3iext2.dll
windows10-2004-x64
3Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/10/2024, 03:54
Behavioral task
behavioral1
Sample
2a60e300c9758386b222b91120a89096_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2a60e300c9758386b222b91120a89096_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Base64.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Base64.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/BrandingURL.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/BrandingURL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/blowfish.dll
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/blowfish.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/inetc.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/inetc.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
HtmlView.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
HtmlView.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
MCI_CMD.dll
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
MCI_CMD.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
downlib.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
downlib.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
dp1.dll
Resource
win7-20240704-en
Behavioral task
behavioral22
Sample
dp1.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
eMMedia.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
eMMedia.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
help.htm
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
help.htm
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
iext.dll
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
iext.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
iext.dll
Resource
win7-20240729-en
Behavioral task
behavioral30
Sample
iext.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
iext2.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
iext2.dll
Resource
win10v2004-20241007-en
General
-
Target
help.htm
-
Size
4KB
-
MD5
28f5f621492a0ef19ec2e86602b52286
-
SHA1
cbfd6425e62adda8b67603cb0b35319cd4a784a0
-
SHA256
07ade4682eaac38a7a200af264ed3074cfc3b1df97fa4b75ec8794953df34a02
-
SHA512
aa3254b6d5fecf90331c2c52f33162b021667f3335e774ab2fbfec1a676ef9e0702c8346c6568025ea5c220a91401be697d0186efc2c492a1e60611ab67503f0
-
SSDEEP
96:U7JczgWQtDd1dddddddddKdddddYddd2dddd1dddddddddddddpddddddddddddm:+6TQvtfLKh0
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1928 msedge.exe 1928 msedge.exe 536 msedge.exe 536 msedge.exe 4808 identity_helper.exe 4808 identity_helper.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe 4948 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe 536 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 536 wrote to memory of 3256 536 msedge.exe 84 PID 536 wrote to memory of 3256 536 msedge.exe 84 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 5084 536 msedge.exe 86 PID 536 wrote to memory of 1928 536 msedge.exe 87 PID 536 wrote to memory of 1928 536 msedge.exe 87 PID 536 wrote to memory of 1496 536 msedge.exe 88 PID 536 wrote to memory of 1496 536 msedge.exe 88 PID 536 wrote to memory of 1496 536 msedge.exe 88 PID 536 wrote to memory of 1496 536 msedge.exe 88 PID 536 wrote to memory of 1496 536 msedge.exe 88 PID 536 wrote to memory of 1496 536 msedge.exe 88 PID 536 wrote to memory of 1496 536 msedge.exe 88 PID 536 wrote to memory of 1496 536 msedge.exe 88 PID 536 wrote to memory of 1496 536 msedge.exe 88 PID 536 wrote to memory of 1496 536 msedge.exe 88 PID 536 wrote to memory of 1496 536 msedge.exe 88 PID 536 wrote to memory of 1496 536 msedge.exe 88 PID 536 wrote to memory of 1496 536 msedge.exe 88 PID 536 wrote to memory of 1496 536 msedge.exe 88 PID 536 wrote to memory of 1496 536 msedge.exe 88 PID 536 wrote to memory of 1496 536 msedge.exe 88 PID 536 wrote to memory of 1496 536 msedge.exe 88 PID 536 wrote to memory of 1496 536 msedge.exe 88 PID 536 wrote to memory of 1496 536 msedge.exe 88 PID 536 wrote to memory of 1496 536 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\help.htm1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:536 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc89b46f8,0x7ffcc89b4708,0x7ffcc89b47182⤵PID:3256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,1281415750464090303,14128188974480818778,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:22⤵PID:5084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,1281415750464090303,14128188974480818778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,1281415750464090303,14128188974480818778,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:82⤵PID:1496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,1281415750464090303,14128188974480818778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:3876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,1281415750464090303,14128188974480818778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:3992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,1281415750464090303,14128188974480818778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:82⤵PID:2540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,1281415750464090303,14128188974480818778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,1281415750464090303,14128188974480818778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:12⤵PID:3868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,1281415750464090303,14128188974480818778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,1281415750464090303,14128188974480818778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:12⤵PID:2064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,1281415750464090303,14128188974480818778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:12⤵PID:216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,1281415750464090303,14128188974480818778,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2356 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4948
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2756
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3204
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD585ba073d7015b6ce7da19235a275f6da
SHA1a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA2565ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3
-
Filesize
152B
MD57de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1010da169e15457c25bd80ef02d76a940c1210301
SHA2566e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c
-
Filesize
6KB
MD5953e110dce935cdb40f3746909186745
SHA12e36a21c05a801232c1a39610ddfedbc53e56f31
SHA256d39fc5e5082f27601ba680826801c0e3dd507e244588a3cbc354faa838197b46
SHA5123f7598b43cfbc19f094b69c66abae57d9afb2aff1875f39b686f722f9fabb56b03783c92020631c14267a2a2b2fdfe33e9cc6a9efe8a75426adf8967b38113a7
-
Filesize
6KB
MD56a1f840530285b450000834088fe1408
SHA1b6d599faceba68008e4050e6aee7bc8d90dceaa0
SHA2569a3f02ae8e71b00e6ab4052b70051ed67cf87a4450201f25f4460988f49b8846
SHA5125d8ebcff529d71933892e51dc46a39830d6781975f3fba46ecc982e425676e31d7163dda40287bac021410b0cf95f8587944f911e5c1b44b70adf82fcf15618f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD56d504a361dde0fa8261138c5afc48436
SHA18ea28aabb4877862c18f0537cde1325b17f5ce3a
SHA2568a87ce1739db3c36fda19673929ed5ba40003e596fff93a94995c4de7a6872c5
SHA5129b8d8a6da64699c8c38d273e8e6161bb11385c1d658d7e5727e631b0d2fed285ecdef19f23034d20812a93014b64ba527cf8863f42223b2990ef72bd05c60e32