Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
11/07/2024, 18:07
Static task
static1
Behavioral task
behavioral1
Sample
3a3470d9ada7a33c2a3bfad7a8f345b1_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3a3470d9ada7a33c2a3bfad7a8f345b1_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
3a3470d9ada7a33c2a3bfad7a8f345b1_JaffaCakes118.html
-
Size
77KB
-
MD5
3a3470d9ada7a33c2a3bfad7a8f345b1
-
SHA1
b773b3461e3817a95b1a9ca20b4cfeb276d83032
-
SHA256
465e6e2907f15ef333f6e4bb04b1f442170308b6cd074b2ba860a884f92a1e32
-
SHA512
f6ae8c80da17957e70b1d2fc42189e4c8bf3fff9cd46856a82185cea9b2fb8a0bddc2507bd20411caf149c33fa4290520bb335c9e46930d03ed442602f394ddd
-
SSDEEP
1536:ftOrm46B5gRVdLPccaw6E6z3K+IMz+5m5EwpoNJxtWdY0ywefYRkHXJ3Tc/y+aqy:UPprSwes5Dc6+ZS
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 996 msedge.exe 996 msedge.exe 2012 msedge.exe 2012 msedge.exe 2956 identity_helper.exe 2956 identity_helper.exe 3200 msedge.exe 3200 msedge.exe 3200 msedge.exe 3200 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe 2012 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2012 wrote to memory of 1332 2012 msedge.exe 83 PID 2012 wrote to memory of 1332 2012 msedge.exe 83 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 2540 2012 msedge.exe 84 PID 2012 wrote to memory of 996 2012 msedge.exe 85 PID 2012 wrote to memory of 996 2012 msedge.exe 85 PID 2012 wrote to memory of 1204 2012 msedge.exe 86 PID 2012 wrote to memory of 1204 2012 msedge.exe 86 PID 2012 wrote to memory of 1204 2012 msedge.exe 86 PID 2012 wrote to memory of 1204 2012 msedge.exe 86 PID 2012 wrote to memory of 1204 2012 msedge.exe 86 PID 2012 wrote to memory of 1204 2012 msedge.exe 86 PID 2012 wrote to memory of 1204 2012 msedge.exe 86 PID 2012 wrote to memory of 1204 2012 msedge.exe 86 PID 2012 wrote to memory of 1204 2012 msedge.exe 86 PID 2012 wrote to memory of 1204 2012 msedge.exe 86 PID 2012 wrote to memory of 1204 2012 msedge.exe 86 PID 2012 wrote to memory of 1204 2012 msedge.exe 86 PID 2012 wrote to memory of 1204 2012 msedge.exe 86 PID 2012 wrote to memory of 1204 2012 msedge.exe 86 PID 2012 wrote to memory of 1204 2012 msedge.exe 86 PID 2012 wrote to memory of 1204 2012 msedge.exe 86 PID 2012 wrote to memory of 1204 2012 msedge.exe 86 PID 2012 wrote to memory of 1204 2012 msedge.exe 86 PID 2012 wrote to memory of 1204 2012 msedge.exe 86 PID 2012 wrote to memory of 1204 2012 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3a3470d9ada7a33c2a3bfad7a8f345b1_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2012 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7fff0b3d46f8,0x7fff0b3d4708,0x7fff0b3d47182⤵PID:1332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,901104401896158562,16446316002062723284,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:22⤵PID:2540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,901104401896158562,16446316002062723284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,901104401896158562,16446316002062723284,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:82⤵PID:1204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,901104401896158562,16446316002062723284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,901104401896158562,16446316002062723284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:4972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,901104401896158562,16446316002062723284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:12⤵PID:1872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,901104401896158562,16446316002062723284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:12⤵PID:4764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,901104401896158562,16446316002062723284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵PID:2944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,901104401896158562,16446316002062723284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 /prefetch:82⤵PID:1604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,901104401896158562,16446316002062723284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,901104401896158562,16446316002062723284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:12⤵PID:4940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,901104401896158562,16446316002062723284,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:12⤵PID:1372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,901104401896158562,16446316002062723284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:12⤵PID:4828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,901104401896158562,16446316002062723284,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:4968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,901104401896158562,16446316002062723284,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4020 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3200
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1464
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3872
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1176
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c00b0d6e0f836dfa596c6df9d3b2f8f2
SHA169ad27d9b4502630728f98917f67307e9dd12a30
SHA256578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1
SHA5120e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da
-
Filesize
152B
MD554f1b76300ce15e44e5cc1a3947f5ca9
SHA1c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7
SHA25643dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24
SHA512ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize384B
MD5cea9c3d0a8d1a6285600bb4271b48a43
SHA19cc72db013145d64a319db12851ffd5139b67ec4
SHA25670acd43c72efdf501da35455a13340dc6d39d625dc2495587cb94cadee15a454
SHA5124cfb8327a7fee8d669482898e0a5fe12424d5ceb6392545b9a2834e15f4089a9542e842136ee97f47dd41e29d22489aaa5be7dd26a519831238a23944502c3d2
-
Filesize
1KB
MD5cd0bc17b4137b756e5f2c48de43d4cd0
SHA1998fb8d345245b53d0c137da2a5202607c3cf8f6
SHA25614374fb805bfde52bea61f60b4ee4178d4516975b5853a1fb34bb210efb989bc
SHA512ab563edb11bd1d7952ca7f7abd82630129fe5f19c51550cec088b18471c21c833cb63a06b6205078660b848eceacf8eff752b82dadcdf87d9e1d08099e559bfe
-
Filesize
1KB
MD5d64c943ffccbf32f6df3529bda53f4a7
SHA103eccfb1b49795f19509b4d9909f3ebdf466afef
SHA2566bd8d9d3e5c8d3a8dddf4465d784a9930cb664cee31b10a45f06dfc9ee18a4ca
SHA512ab4ec3fa721c2de422a0d3c2bd8da4f47be25808c4c364bfedd9e645a0899660559803612f7c6ad1628fcea81da87195fc306bec6c670bc24de3aadb658ee64f
-
Filesize
6KB
MD540f1c3a46d4ccf0d8c490c50cbbbd09d
SHA12df7427ae4a6ea11d3c5ca3cb9011bf5df070383
SHA256c541cf0e908c4e950a76b8e5ca36f637a7d465a3e3fb7d959e5492e89fb6290d
SHA512990cae245232315cb708052f33d7581b3c6fc04e76d55f687a25943a4d68ef3172ef72bb21849ec13f2447024fa05e53b94c24c7759ae183e281920bbbcf2432
-
Filesize
6KB
MD52aa3cf6716893a5e282e160caa67e816
SHA1e697ca3d2d10a9a171b736592f1091f59876b8a6
SHA256708fff1ec23b13e6030b9d1fe061981c650e7b129492f9baf87be3f5bf51c1cb
SHA5120ced70661782f4633114e87e8e05c1fab9e45ba8af55d7a5c09b6b3f8e29698bd4fc40e7ed191dce3953ab87ad25e5606531a780f2e054faf1ad35a8db35d543
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5912b8e9a23e8f9d28395c4bdb823d68d
SHA1910fb52b8d2a994947b3080a26b7c0a572f76b54
SHA256de7613af410e3e892cfd7e3323311664608354af7ad3023a7dc4e1b64265f034
SHA512a5d721f517c3d6b571577fbd58e968954afebd62eeb62e17bd944c8e547cc5f2258274af0c9f51e07b3ecd9262d7023891134a570afdec7573e2a34a0eeb7003