Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
14/10/2024, 12:45
Static task
static1
Behavioral task
behavioral1
Sample
426a4fa1ea3b6f1460e9bddf6e2618b4_JaffaCakes118.html
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
426a4fa1ea3b6f1460e9bddf6e2618b4_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
426a4fa1ea3b6f1460e9bddf6e2618b4_JaffaCakes118.html
-
Size
15KB
-
MD5
426a4fa1ea3b6f1460e9bddf6e2618b4
-
SHA1
2eb2983b9e1da30280275b8058de79f0f012c77f
-
SHA256
ba99c081d3895861fc00ff934d019605d37308875deeef5fd34e44264e661d27
-
SHA512
dc10b5c47b4f6fe26a6867e33b4665c20e2b6c85607360b0da473a4f2222d712ebf2a97b87b30bccc464b2f9aefd055e8c2760d508d5ccfd4755c338230244df
-
SSDEEP
192:rUhe5jcfrIwyjuzeTlhHSZ5dJwBGxdgobb8S6JgZCRcHAU2Cyuq096lmP3KTAL3N:YSckJuzqS/3P8S5ZCRcHAWjY2V
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4640 msedge.exe 4640 msedge.exe 2216 msedge.exe 2216 msedge.exe 3220 identity_helper.exe 3220 identity_helper.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2216 wrote to memory of 3660 2216 msedge.exe 83 PID 2216 wrote to memory of 3660 2216 msedge.exe 83 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4400 2216 msedge.exe 84 PID 2216 wrote to memory of 4640 2216 msedge.exe 85 PID 2216 wrote to memory of 4640 2216 msedge.exe 85 PID 2216 wrote to memory of 3188 2216 msedge.exe 86 PID 2216 wrote to memory of 3188 2216 msedge.exe 86 PID 2216 wrote to memory of 3188 2216 msedge.exe 86 PID 2216 wrote to memory of 3188 2216 msedge.exe 86 PID 2216 wrote to memory of 3188 2216 msedge.exe 86 PID 2216 wrote to memory of 3188 2216 msedge.exe 86 PID 2216 wrote to memory of 3188 2216 msedge.exe 86 PID 2216 wrote to memory of 3188 2216 msedge.exe 86 PID 2216 wrote to memory of 3188 2216 msedge.exe 86 PID 2216 wrote to memory of 3188 2216 msedge.exe 86 PID 2216 wrote to memory of 3188 2216 msedge.exe 86 PID 2216 wrote to memory of 3188 2216 msedge.exe 86 PID 2216 wrote to memory of 3188 2216 msedge.exe 86 PID 2216 wrote to memory of 3188 2216 msedge.exe 86 PID 2216 wrote to memory of 3188 2216 msedge.exe 86 PID 2216 wrote to memory of 3188 2216 msedge.exe 86 PID 2216 wrote to memory of 3188 2216 msedge.exe 86 PID 2216 wrote to memory of 3188 2216 msedge.exe 86 PID 2216 wrote to memory of 3188 2216 msedge.exe 86 PID 2216 wrote to memory of 3188 2216 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\426a4fa1ea3b6f1460e9bddf6e2618b4_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2216 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5e5b46f8,0x7ffd5e5b4708,0x7ffd5e5b47182⤵PID:3660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16553154321964295940,5673163783683043096,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:4400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,16553154321964295940,5673163783683043096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,16553154321964295940,5673163783683043096,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:82⤵PID:3188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16553154321964295940,5673163783683043096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16553154321964295940,5673163783683043096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:1824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16553154321964295940,5673163783683043096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:12⤵PID:4824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16553154321964295940,5673163783683043096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:2764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16553154321964295940,5673163783683043096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:12⤵PID:4720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16553154321964295940,5673163783683043096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵PID:1936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16553154321964295940,5673163783683043096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:82⤵PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16553154321964295940,5673163783683043096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16553154321964295940,5673163783683043096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵PID:3540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16553154321964295940,5673163783683043096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:12⤵PID:844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16553154321964295940,5673163783683043096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵PID:1952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16553154321964295940,5673163783683043096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2648 /prefetch:12⤵PID:740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16553154321964295940,5673163783683043096,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1116
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3220
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3748
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
Filesize
215KB
MD51585c4c0ffdb55b2a4fdc0b0f5c317be
SHA1aac0e0f12332063c75c690458b2cfe5acb800d0a
SHA25618a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5
SHA5127021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize312B
MD5b636bc7a5d515ab357ded72fe8251fdd
SHA17376ea637ce3639d15ccce7d85a531b07c01dc68
SHA25678c3bed3df6c0bb9b1ebc66726643d5e1369bb632b17747d9ba395b1e3c31839
SHA512060992aea8df95a93b26aa2d5839052b515722a4483f2bd475eab582bc96e22f90a185f321baa9f854757378a2ca73dde3f4bc65b827995de8e00852b76248bb
-
Filesize
1KB
MD56c52e8fc82d1a4740d0fe7ea803baf90
SHA1b19d414e66cadeabc237832504084a34b6ba3212
SHA256d2cae5b7781f48b531d58682595f3fb7e0345bef38da82e81595e21a9c148bc8
SHA512947eee24cac7f6342e77d1b4ca9e58360e92534d0d131e95f9432d42dd01cbf5d5d106589adbec355aaa07dc7973328116d598384d5b19ad544ff782246d8357
-
Filesize
6KB
MD5c67086f3ec815028e18468f6670a8918
SHA1cd7eaf04d921be866ee86ec0b512842220ce59ad
SHA256c046508b0bd735df9fcb5b81e57e806ff01f1009527bb202840e2f23af0603a1
SHA5122f677aedb382656e7d1bff8c7db4eb7ccdeb274a71b465dc44f8aee2a3c764ca42aac2991790bf8c10cdee5d823dbf0c109a515227c3a2b2f6e37d18a9eb3970
-
Filesize
6KB
MD51166fe1b7ec541fec1a82ce91aaa2757
SHA165a5c4b5f5acba5d2eaf86efb8fa31b265965b07
SHA2561a9ed2346b17f37376940772450845d989119f8e115a97122c96650c9cee6787
SHA512c9fcaee55493f22b5ccc09ac5eb368b8863b6cb08d16a40cdd62f98843731d7b60fa31222a81dae7513d74892ea1702b073998e3e1e481de2fc55019c904bd1a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD53f5d8c64ae2bc8d849a54392c16d12b7
SHA1ce9145079bc73a5ca9a951391556dadc43b4a964
SHA256aa23de6f7d33d3fdbd67cec405d3c0978553bfec84d105bfc5a83a458f3044f6
SHA5124157e1f97a3b16d00178108495c2d4717d0ed3fb12e06a3a2f777fc112620db13d365815ba1df196001271605809fcaf50b55552ad531c8c60d22363610a2275