Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 08:05
Static task
static1
Behavioral task
behavioral1
Sample
910d32d4a2c87b202d4f8bd476753fc7_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
910d32d4a2c87b202d4f8bd476753fc7_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
910d32d4a2c87b202d4f8bd476753fc7_JaffaCakes118.html
-
Size
50KB
-
MD5
910d32d4a2c87b202d4f8bd476753fc7
-
SHA1
7e623cc2b160ee1e23b1bc523237cf9194b6a334
-
SHA256
76f8df13af1774eb99c289aa0943000f39549639966becbec48a5122f1528ce2
-
SHA512
aaa2fb57fe5ea54d20be3cfb52db386315e2e329bfc356d8332129101572ff6759bcf571cbf8bc89fa58b482ab05ab177a92ba48eb98b50d049c1a20fd8c355b
-
SSDEEP
768:JXgQSz0LFAS9qU1DGpMVuEG8ZvykNk2VArSrR0Fa2SVM3:JXjqU1DGpNEG8Z+w0FF3
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 412 msedge.exe 412 msedge.exe 1396 msedge.exe 1396 msedge.exe 1948 identity_helper.exe 1948 identity_helper.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe 1204 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe 1396 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1396 wrote to memory of 4932 1396 msedge.exe 81 PID 1396 wrote to memory of 4932 1396 msedge.exe 81 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 776 1396 msedge.exe 82 PID 1396 wrote to memory of 412 1396 msedge.exe 83 PID 1396 wrote to memory of 412 1396 msedge.exe 83 PID 1396 wrote to memory of 2700 1396 msedge.exe 84 PID 1396 wrote to memory of 2700 1396 msedge.exe 84 PID 1396 wrote to memory of 2700 1396 msedge.exe 84 PID 1396 wrote to memory of 2700 1396 msedge.exe 84 PID 1396 wrote to memory of 2700 1396 msedge.exe 84 PID 1396 wrote to memory of 2700 1396 msedge.exe 84 PID 1396 wrote to memory of 2700 1396 msedge.exe 84 PID 1396 wrote to memory of 2700 1396 msedge.exe 84 PID 1396 wrote to memory of 2700 1396 msedge.exe 84 PID 1396 wrote to memory of 2700 1396 msedge.exe 84 PID 1396 wrote to memory of 2700 1396 msedge.exe 84 PID 1396 wrote to memory of 2700 1396 msedge.exe 84 PID 1396 wrote to memory of 2700 1396 msedge.exe 84 PID 1396 wrote to memory of 2700 1396 msedge.exe 84 PID 1396 wrote to memory of 2700 1396 msedge.exe 84 PID 1396 wrote to memory of 2700 1396 msedge.exe 84 PID 1396 wrote to memory of 2700 1396 msedge.exe 84 PID 1396 wrote to memory of 2700 1396 msedge.exe 84 PID 1396 wrote to memory of 2700 1396 msedge.exe 84 PID 1396 wrote to memory of 2700 1396 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910d32d4a2c87b202d4f8bd476753fc7_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1396 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb2aa46f8,0x7ffbb2aa4708,0x7ffbb2aa47182⤵PID:4932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,7227991825444382813,7577719835517265166,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,7227991825444382813,7577719835517265166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,7227991825444382813,7577719835517265166,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:82⤵PID:2700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,7227991825444382813,7577719835517265166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:3412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,7227991825444382813,7577719835517265166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:4764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,7227991825444382813,7577719835517265166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵PID:4468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,7227991825444382813,7577719835517265166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:12⤵PID:3596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,7227991825444382813,7577719835517265166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵PID:832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,7227991825444382813,7577719835517265166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:82⤵PID:5088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,7227991825444382813,7577719835517265166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,7227991825444382813,7577719835517265166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:12⤵PID:416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,7227991825444382813,7577719835517265166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:12⤵PID:3396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,7227991825444382813,7577719835517265166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2300 /prefetch:12⤵PID:4564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,7227991825444382813,7577719835517265166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:12⤵PID:4300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,7227991825444382813,7577719835517265166,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5768 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1204
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5012
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4088
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5ee65a72f8b886ef29a267fca46daee69
SHA15c162a7e2083ff24ba458449b3824f80518d2cef
SHA256c542bb245fc7c85896b032d49826d2c232cb9a4f713a92ede643e0a116ec380d
SHA512cd239f33cbec6b63660e76ea5ad6664aedcfda978fb0ae3a08e0a0a90045a596307355d0329a2580057b5fc81a9dd80153cf94cd9c644272398a67fa5d143560
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD51895cd9247fbfea43f00713bc48b5bb9
SHA1e2c7ac27de35259dd971166d21c4468b8b0dbfd6
SHA2569b9f081431f0437bd10441ef33ce4e2d9259f7043ff7821c784d208d44475eb7
SHA5123e54087206de357d0b23fc0be854783d80a4c825bb5f8ffffd8b868fd76cb29dd11bacc0826baeecbbd8433c34a50cd74ba56f4d497e8ef28d3e8c2b44122638
-
Filesize
1KB
MD5a7bfd827fc1da351daabd2615da62a5b
SHA1df3670993d26871d610d278dbf607888d8318cc6
SHA256fe69734b560584555bf2fd92be9dbbe636303c0192e46ceaccafd668e02f6f11
SHA5129c79fd9c8a15f9e8fe84ef5bdc618607ebe405903455c0594c102fc38bd0f847eef458909b59075aa28b702f24a0cd9acabd677da944d9245547c60cfa13a93c
-
Filesize
5KB
MD57df1275f49db464bf6e557b3a2074086
SHA11f4c8499af152b18816e86375695612f0473c0a8
SHA256ed6dfa957212761a7e56f5957ea432a0951b394194bcdb82d77406e5cf63e394
SHA5121bc6aaa75ee0d6eda03b1dd290fd4f4c1f84e50a17192086320947b7526abb8c05f0a57fb4582d77b16feeaeba7a8ad2d5b2abfb5c5a023061b2cd336055f00f
-
Filesize
6KB
MD5e43bd3af6e4c7a91411b7c178ff07a61
SHA17224dd1846e802f67f21900077585b138cb38fb6
SHA256ed7c50c2b5a4ea8ed2f2decea0abeec36d7af263769da3a6ca4f2e9f836ed2c3
SHA51235b1db1b6a71b2573da85ea878a3691664cb2e38176dbb42736f292621566820f1a24f36819fd595aae4d3be777d96b03a8666f0c1fd82f2230673b1f5f55a22
-
Filesize
6KB
MD56023d21db2a9cc7d5a1e680c84c0a898
SHA18a77d9e4e461e91fbb597ca09981693ae25edc1e
SHA256acff1df0b09da610f2823e012759126a6c2d12f62a3439402cd46232233f548c
SHA512d865eeff5f93acb2896c6b50d2cad17cd3809925362bb858ad59115b99bd94bd3a2392c41985193643ff81140a477aa738df7b8824802f544f4ab13c2d564e24
-
Filesize
6KB
MD5180f1a0010a858487a553315fe288325
SHA18ec98579a706c8715c83fa6cd65546120ce0c5ca
SHA256dac643ad2148b81a1fe8f047029fcfd813b14b751044cda6768ec5543cbd6f7c
SHA5120555d0a5c5bdd3992bae1bc7760e63746be0e55dfae778994088be14049d56392a9ee87bfd59592112dc7dbdafc4f2835f53b1946fc59aef2a41f9d0e397e346
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145