Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
21/08/2024, 18:16
Static task
static1
Behavioral task
behavioral1
Sample
b48353c4659f2dd99b2cab563fcf6265_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
b48353c4659f2dd99b2cab563fcf6265_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
b48353c4659f2dd99b2cab563fcf6265_JaffaCakes118.html
-
Size
14KB
-
MD5
b48353c4659f2dd99b2cab563fcf6265
-
SHA1
8d4ac2aeb0e3572ec23405ed0a3c125642322ac1
-
SHA256
1d7cbeb5cb68cc22a3736ee8f24466904f6e7c8c5dea4f65728e0f8a564c5a9d
-
SHA512
b07d848c2f13413922dc33b5ab8503402d473836b4b5f7275dac08db0b9a9e3ab01a8942b92c62c827cb3127cb14313c5c32112cf1f133c273461c70a36a14a4
-
SSDEEP
192:6/hx5jctRA9KuDcUbbWzY52XcCyJg9SsSprVHCH4Tr8foYrMI6b7tmTlmP3KTALd:ylcabbizYYcSSssViH4kfoYr2Ho2V
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4400 msedge.exe 4400 msedge.exe 1752 msedge.exe 1752 msedge.exe 4812 identity_helper.exe 4812 identity_helper.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe 1752 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1752 wrote to memory of 1228 1752 msedge.exe 83 PID 1752 wrote to memory of 1228 1752 msedge.exe 83 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 1904 1752 msedge.exe 84 PID 1752 wrote to memory of 4400 1752 msedge.exe 85 PID 1752 wrote to memory of 4400 1752 msedge.exe 85 PID 1752 wrote to memory of 2932 1752 msedge.exe 86 PID 1752 wrote to memory of 2932 1752 msedge.exe 86 PID 1752 wrote to memory of 2932 1752 msedge.exe 86 PID 1752 wrote to memory of 2932 1752 msedge.exe 86 PID 1752 wrote to memory of 2932 1752 msedge.exe 86 PID 1752 wrote to memory of 2932 1752 msedge.exe 86 PID 1752 wrote to memory of 2932 1752 msedge.exe 86 PID 1752 wrote to memory of 2932 1752 msedge.exe 86 PID 1752 wrote to memory of 2932 1752 msedge.exe 86 PID 1752 wrote to memory of 2932 1752 msedge.exe 86 PID 1752 wrote to memory of 2932 1752 msedge.exe 86 PID 1752 wrote to memory of 2932 1752 msedge.exe 86 PID 1752 wrote to memory of 2932 1752 msedge.exe 86 PID 1752 wrote to memory of 2932 1752 msedge.exe 86 PID 1752 wrote to memory of 2932 1752 msedge.exe 86 PID 1752 wrote to memory of 2932 1752 msedge.exe 86 PID 1752 wrote to memory of 2932 1752 msedge.exe 86 PID 1752 wrote to memory of 2932 1752 msedge.exe 86 PID 1752 wrote to memory of 2932 1752 msedge.exe 86 PID 1752 wrote to memory of 2932 1752 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b48353c4659f2dd99b2cab563fcf6265_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1752 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe024c46f8,0x7ffe024c4708,0x7ffe024c47182⤵PID:1228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11233360369975273205,10496836427761012337,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:1904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,11233360369975273205,10496836427761012337,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,11233360369975273205,10496836427761012337,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:82⤵PID:2932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11233360369975273205,10496836427761012337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:4188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11233360369975273205,10496836427761012337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:1948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11233360369975273205,10496836427761012337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:12⤵PID:4176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11233360369975273205,10496836427761012337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:12⤵PID:1240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11233360369975273205,10496836427761012337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:1784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11233360369975273205,10496836427761012337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:12⤵PID:4004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11233360369975273205,10496836427761012337,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:82⤵PID:772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11233360369975273205,10496836427761012337,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11233360369975273205,10496836427761012337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:12⤵PID:3516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11233360369975273205,10496836427761012337,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:12⤵PID:3240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11233360369975273205,10496836427761012337,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:12⤵PID:1656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11233360369975273205,10496836427761012337,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:12⤵PID:4856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11233360369975273205,10496836427761012337,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1956 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3636
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4620
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4864
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7114a6cd851f9bf56cf771c37d664a2
SHA1769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA51233bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8
-
Filesize
152B
MD5719923124ee00fb57378e0ebcbe894f7
SHA1cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc
-
Filesize
212KB
MD52257803a7e34c3abd90ec6d41fd76a5a
SHA1f7a32e6635d8513f74bd225f55d867ea56ae4803
SHA256af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174
SHA512e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize312B
MD5b64e330ffeb3f59b2f0078a3aab38236
SHA1397ff53bcf10775e4e659031071d78bafdda4187
SHA25654c00985caa20df9f2278d45ef436abbbc75784c652c0bc686d849cdfcdc4443
SHA5123d5f215d45c21a304577831cd09c4a47770c05fc1c51ac6458fca518415f48bef2ac99f5cc15f5d83038d5d242f5add296587316392b11d60d47999768421241
-
Filesize
1KB
MD5fc15dfbe40c248b7e9fcb41f50fb3a2f
SHA165f742b2827d765156b02213823edc618f5580fc
SHA2568887d28ec3c4b92b4fc2af0e8b68d1386527aa6ca0ae537ef2b68ab022f1e0c0
SHA512c6a5d4999b66d7e33f935b937ffd214f0f6c652921a5756021a41de21396657ed5ae1062e9560eca7ab825bc4e219207d050d777c102ad7a0b0818f936087632
-
Filesize
6KB
MD56d0cc5c4f55c37b8515d686ca2aac78a
SHA16f3399ff84d816a29a34309df419d77bb75841c5
SHA25637b381a07508e237995eb7273e1210267095e6c7ba5da82c0f0125ed400946c0
SHA512140c8ef3161a7b2ecdbfd0eaed3ef55d97cd83153385fe102d5897b4443b2492e47298cc89466d9e1a735c47e983b9c81963e649d7a66f6eb405366d4918e107
-
Filesize
5KB
MD595178b9ae2fea0bab22efa8b5ebbb633
SHA14e27d8225a8554cd761df90d2c390078a04e8295
SHA256d79f0ea8ed3890445d8977310b349497fd69fd5a58d263a0bc449b499c6eb7c3
SHA51267dbbd73c422fcdd2db979fc93acc2401c7185ef2d0325067227d7512d72b666cf3d120480b59f9c4f92bde068cb3996ca1bed30c7af8e0d6eaf8b12eeb0a2e9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5dba3902ffc4ef3d3cf535590b858f924
SHA169ac23f246fbc217a6b828c2cde3b042f4703504
SHA256cebfa321db9e9ae3ac3ad1dd3b26780257ce217a76207c62eb03da3e3cbab62e
SHA512d9c15cc0f9f89d8a409f14cf3d007cc2f043b4ce8a1973b3457090ad6e5e6cb0a8bb32d81f2375013e473fec9df002f1fee32917df62619d462e57c1b318870c