Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
31-12-2024 07:26
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_0acdf21e3226d68d94a8e847082c7518.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_0acdf21e3226d68d94a8e847082c7518.html
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_0acdf21e3226d68d94a8e847082c7518.html
-
Size
73KB
-
MD5
0acdf21e3226d68d94a8e847082c7518
-
SHA1
7fa2295a35a08afde741731f88103646ba4fe2f0
-
SHA256
5fcb6fa2500d8966c034b49b024bc9c30b7f0c9a3d37cad2142ffc79a8953df7
-
SHA512
0739b002d6d7478c2ef75e0d945e7edaf49bdf13d7c56ea85072b043b18870c5d430fc7b9289c736e6c7630bdb0cf21bbdfe8db48104f5beb63e8648f8d753bf
-
SSDEEP
1536:XHvYo3U288BIR5FZqxUvC93IxgdR6TJGv85cGlSeFsa:XHAup8vFZqxUvC93IxgdR6TJdTlSeFsa
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2916 msedge.exe 2916 msedge.exe 4304 msedge.exe 4304 msedge.exe 3412 identity_helper.exe 3412 identity_helper.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4304 wrote to memory of 2304 4304 msedge.exe 83 PID 4304 wrote to memory of 2304 4304 msedge.exe 83 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 4052 4304 msedge.exe 84 PID 4304 wrote to memory of 2916 4304 msedge.exe 85 PID 4304 wrote to memory of 2916 4304 msedge.exe 85 PID 4304 wrote to memory of 3716 4304 msedge.exe 86 PID 4304 wrote to memory of 3716 4304 msedge.exe 86 PID 4304 wrote to memory of 3716 4304 msedge.exe 86 PID 4304 wrote to memory of 3716 4304 msedge.exe 86 PID 4304 wrote to memory of 3716 4304 msedge.exe 86 PID 4304 wrote to memory of 3716 4304 msedge.exe 86 PID 4304 wrote to memory of 3716 4304 msedge.exe 86 PID 4304 wrote to memory of 3716 4304 msedge.exe 86 PID 4304 wrote to memory of 3716 4304 msedge.exe 86 PID 4304 wrote to memory of 3716 4304 msedge.exe 86 PID 4304 wrote to memory of 3716 4304 msedge.exe 86 PID 4304 wrote to memory of 3716 4304 msedge.exe 86 PID 4304 wrote to memory of 3716 4304 msedge.exe 86 PID 4304 wrote to memory of 3716 4304 msedge.exe 86 PID 4304 wrote to memory of 3716 4304 msedge.exe 86 PID 4304 wrote to memory of 3716 4304 msedge.exe 86 PID 4304 wrote to memory of 3716 4304 msedge.exe 86 PID 4304 wrote to memory of 3716 4304 msedge.exe 86 PID 4304 wrote to memory of 3716 4304 msedge.exe 86 PID 4304 wrote to memory of 3716 4304 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0acdf21e3226d68d94a8e847082c7518.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4304 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbc8246f8,0x7fffbc824708,0x7fffbc8247182⤵PID:2304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16689279493488507844,17672174243927492079,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:4052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,16689279493488507844,17672174243927492079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,16689279493488507844,17672174243927492079,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵PID:3716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16689279493488507844,17672174243927492079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16689279493488507844,17672174243927492079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16689279493488507844,17672174243927492079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:12⤵PID:2540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16689279493488507844,17672174243927492079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:12⤵PID:1300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16689279493488507844,17672174243927492079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵PID:3288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16689279493488507844,17672174243927492079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:12⤵PID:924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,16689279493488507844,17672174243927492079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:82⤵PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,16689279493488507844,17672174243927492079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16689279493488507844,17672174243927492079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:12⤵PID:2748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16689279493488507844,17672174243927492079,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵PID:468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16689279493488507844,17672174243927492079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:12⤵PID:2472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16689279493488507844,17672174243927492079,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:12⤵PID:4688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16689279493488507844,17672174243927492079,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1940 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1388
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1364
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3092
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e55832d7cd7e868a2c087c4c73678018
SHA1ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f
-
Filesize
152B
MD5c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA14d16a7e82190f8490a00008bd53d85fb92e379b0
SHA2561e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize288B
MD5d87b421715cdac33509982462c94d3b6
SHA1fc8dd3dbce80948a0efbf6136b58f4d15b5a4422
SHA256f56a1dcd8365ac89b75bccfa5bac1f8defcd3e6b00257ade9277008986a0fc9d
SHA512b13aff82a9f6a6b2d39f08b48c37637672a8cce824d5d21f77b36690392dd616e3d323c9bbd3e66abc5e3896088c43373b62d7f7a11edc9b1cb1551b57428b66
-
Filesize
1KB
MD5ad2b2ea6c2e387ce683cd4a777354a26
SHA18ff92ca0dc1767efe311497dfbfe1453c89a0fd0
SHA256d26efdcbeb0a2423f77077a6752d3544724a6ed175a513882adf84c196dc8656
SHA5129b57535387ded9c00792f09f0f1b1cd355891a4c7e4ef6a537de01def2b2b0750812cd46e635bde0e3d6ff1713985b04c19d50ebe2c7d621bb20e69870b97577
-
Filesize
7KB
MD5d8a2395323ea9e1d56513e0b5060a41b
SHA1abe5fdf5eb410050bf7b1391d396b19ffff77598
SHA256026504e88fc4792766f4863c60faa9c0f02c794eaf246cbe6b55d34905750b4a
SHA5124b8d8b69252f17b701ac1c9f6beac78d581b36481f4891d46bcefef55f4b4fe2fa33467fce205ffca09ba2ea18bb36b30b56e250eb41ac382f91c99258a087d0
-
Filesize
7KB
MD5a6d2633dfbaf10fb99db699540b1ae1c
SHA1a530fff913548dbc8e0f907e502df1b73cf87eea
SHA2565c136a3ab650ba32094e042a8d34227a17b3daed24dc7091c7497e6bca86b1ff
SHA512a98ea70915c59532c807b5d0d51d0856c8b2766a9e30b8163d92a356324433f655c5c8cfaa7324b6f20a04d187882789b013373428c57ad9ce8205762d79596d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bdc14370-f24e-48d2-9a65-c2190125cc7c.tmp
Filesize5KB
MD5526b14ab7e5ed78a9c89f2d7378878ef
SHA1fa2e60d8a07e4b92a077f68236d4b67ae53f37c3
SHA2568253c271b34c1c33bf82031e63cdc861a4a89f788f9edf33cf73f5888293b0f8
SHA5123da50a3acc3ade2710d97ef4d9baaf33e0b03a9998248f7b41967c57a378024e27769a80644df6b75c00cadf4299173367e09e9f8536a167af325a3c29572aed
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5ca53cd58025e853a14778bd2182a512b
SHA1a115ba15e97fbcaf395b8e30e1b10485625d1dde
SHA256407f950152252a586e7b760f771e1b3ffc820fc07df266eabc5c98a82451bc31
SHA512478a5501bd4923d4fc268490db0fed5698e73ab64f7fbe4277d754e9fabdc7dab7a506403321c1535b2ca3e6e271125312b4690facf413801bf430576b8bf36c