Analysis
-
max time kernel
133s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
26/05/2024, 06:31
Static task
static1
Behavioral task
behavioral1
Sample
749a018ec111af6f5a2ba769eee08f1d_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
749a018ec111af6f5a2ba769eee08f1d_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
749a018ec111af6f5a2ba769eee08f1d_JaffaCakes118.html
-
Size
4KB
-
MD5
749a018ec111af6f5a2ba769eee08f1d
-
SHA1
a634e13128d9db5880f700a37a5107ffca522ba3
-
SHA256
657892b5eec83d5d8423cfc904a7782e4ffc0e425ce175b0abf4d10234f3bb20
-
SHA512
4f4f4f54018acb2c848aaef85b00ab1aba56b151a824e40d29bc35136bcbd49fc1f9fdf866e131e1dd6a08f66d4b74fc1773d6f6da0f966f7e5f2e3135cd745c
-
SSDEEP
96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oY2F9p/b:Pk7yY1aEFHVKtF37sNjtXATIQFM93pD+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{911C9001-1B29-11EF-91AC-F2A35BA0AE8D} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00e5a26536afda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000f4153eb1792cc0b9b8490874d8e54708c95595d42bddb97f8324387739396b1f000000000e8000000002000020000000f917d265069e103ecfcd50d094aaff0370f7e50e9b20b44bb9fa3cce0683e57790000000c70ffcc3e05ed5d623979ef082e3855a020b852c9300d88f544ab2e315dce4b2ea8b03cddec8856220ad8610632b446273ccaf4599d04a0d1161579723b2487520fb505b79432136e546b84aeee62a034bb7e25fe17d25875b06db4730895686f2a1517f7fbb34f0c8e9a49caec3fedd2060f8906946efcb422b76ed7ad129c865b8bf401aa67635eb236c0f5db2a737400000005d59e2fc2b2d1b77b32f2ba7d40953ccfdcfda5383fe61aec42b20f3571bba5c4f6002cb44cad2326824b22dfb4c6d9a05d9ae498c1ddd29a57262fb2db85067 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000331218e957fbc2a42ac1a508dd773a06030a2cb91f54390af80f4c3183796be0000000000e8000000002000020000000f9cb3feb3f432cbe30ef8acab177081c003ae45d66936d2e1c01218c6475c58d200000003677e1075711dfe9dd1ccd7a05f825c8e94768579572b1ceb9dd393adb53f4b8400000008b147a9fe223c69024d527413ba9a0b3017449c5e9a15a7ea284aead89312c92233ce8bec39c1b36d30d49a15a6173006c865dc2fa81a89a0deefba928d028b3 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422866949" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1884 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1884 iexplore.exe 1884 iexplore.exe 2620 IEXPLORE.EXE 2620 IEXPLORE.EXE 2620 IEXPLORE.EXE 2620 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1884 wrote to memory of 2620 1884 iexplore.exe 28 PID 1884 wrote to memory of 2620 1884 iexplore.exe 28 PID 1884 wrote to memory of 2620 1884 iexplore.exe 28 PID 1884 wrote to memory of 2620 1884 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\749a018ec111af6f5a2ba769eee08f1d_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1884 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1884 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2620
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5937e253c2631adcdb5725b2dc8b42c0c
SHA14eee47e9667fe67fec99b0584e100de96a321a23
SHA25660b053ff9bc1d03a83141e1a20cf361d4da06a73f00a949b83da07743ed9d67a
SHA512418f2cb72292d6dc2d5d7458b8f4d47c82d398de36576629715c60f88d2ea815083102e489f805bcb914ce1b10869697521815a21b36b691707322f0c27f5882
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55fb5ab495498d2d738a7fca6f1be8db1
SHA1b5c2b268686496b8035966ad5b7674b8f90d6559
SHA2567d9254b7d399130efe0b209163e4131610238bf83ea548f1fa4c2fed5a9cdb6e
SHA512c1547b0240c5e83c9232ead55e03e652e815983dd2eb867b5404801313498a8ac0ec958c6486fe98123fb442b6f10bd782117dedd897f19ba596c1916eef3ab9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD535b6ed299d71eacf18a91acdcf01e2df
SHA1d49d74f35eda7767c5edc5a4974d652e1c41fe4a
SHA256148dec0c0afeac288b470497468b0b68f51d0b1fb1488232dafca7608fbe1fcf
SHA512c93f0a207cda17ff8ffadda5b5a091d11f44ff046c46d82c75d903a0685bc98b553a7b085c5524780886195c419ee5001d47777e1d8377746add5c96e9f15624
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56e3e070ed6b34b075eb789fbce2f1802
SHA1d1b76f8316a7b36c235e81a00b5832155c7771bf
SHA256bd0eeca2dff08cccf6f235ad25a1ea8e37957cd56c631840606a932e6c09d4ed
SHA512b2860e222d187c10c471c5383c549a295bdd2d88335cfda412357673bc488e76f95bfd35ebe24e967b2de9e5ee2f95ee12105819844afd09b5be2da4d7ad07d0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58bcff0d067e0e10e68b3b07e3f7795f0
SHA111da1ffd520bf9d2aa103d5e3aa63176475f5d17
SHA256e2f8c75f4ab53f78bb01921d2b889cffc042de4c97ee1425cf3f6f4be31be792
SHA512a7f277964ec92d1da791f48036a7a426d83b39acce9c0d9e92bff1911828e76de058d2f00e51c13d05b61e68dfa65fb23a21fd7f05b6f010dedf0da6c5d9eb76
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54b6d45377278e53c1d9f9fee8f20ec7d
SHA16502a616edfb7a8ab1fa2dc59c4592513e7858ee
SHA25641940a531c46388c9a6bdfc864f11c5392e90823e18eca0f457a5745cc4935ab
SHA512f941b38d1f1746035b49b07c819690ebe0bf7cee6fe53cc1ee53606cd0e8caedc036707894a100f777649cd40132edf024ac1266a0e20c9d067910e52d474d1c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56a59fe575a444d00fde8ca74a66cd89d
SHA14925429f08f50133aaf2dca5513f2f7fdf837808
SHA25643003546d019f02d0f0949d8076eebfe68b01df3002faa37ad8cd5dd632b1190
SHA5120cb562ae9dad26b5e0d23fe635bf8256809e31e146bbcd8dfb6ed8fafee6f2db9384febc83247a99c202311bdf0432c58e7dd0e8a15e58ecc0ff472374c2ee53
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a85d4e722702f6d27ddda3ee5d58ac78
SHA12afebaa5abf21adcc03797e2a74400ca7469375f
SHA2567ff386eb6ef5ab4fc11e6d1af2426012ba09fecbc49c1cbaad378e10ab3413ed
SHA512b0a5b3af0cb3f0adcb8020d1dd9a11bed6ee461994df5bb421477f31b00fecb6f36fec1b370042bff1895e66c6697f15a2ef812c443f566367598b8cab3a3af0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50623bc4f3caf40453896aa7094c6fcec
SHA19f4015d40c5050fe4371efcd29f67dda0a09910c
SHA25619925e7bd0bf168414b42b92ed35b7862fe7cc7f69dce4073e077b53bab9a05c
SHA512ebbdcc0f5ec9b37068c8990fa9305c64ae064a6cab22cf34d4e65e93f05b4894edab614a6fd79463c88cbf9c7a46a8b8dfdd3a5bf3d1ed77841c3bf14f11cc19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5057d871bbebc75d13fd2a023f4fa93f5
SHA14cd666ccb5e6876c699303c22deb36eb581ccd01
SHA2562e73243dca36bfa5bd7bb014c8a719722d46670769736e8d21b9c925691af79e
SHA5125188e4f605d9a9bbb0bbbe96bf40debea4f7387c33271c5626a37a46347d18e5bb5a69771c4622c72280e0a59af7083cbcac2d24b6f35b52ec0a7d02fd1f3c1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57d3e916e72d4a08a692007f5b626654e
SHA10e6d44d38c70c5ca8ddaf4e7da8a12cc51742c3a
SHA2563564808f34882318ff6796214c003ccdd83d7aee2c6660fef1c761bdb22ce08b
SHA512db5b55ac17f039912d6359d3d2fa1697234a1af65d8ab3d1965a2c794eb70a52c194b0484b3cb06f3d1535bd1432011750796d8dd6370e69cd79dbefd0727f84
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57b1aa295e53acf61aed54a3d845ad78c
SHA1ec2515e224bfb084bbe9c5a3e889e669489395db
SHA25626578e8010826f95e2976d1e0d2e296802f9485e7ba70389cacfa514febccfb5
SHA51295a2c3832f0873629f6cbb48fccd2f4cf97e10e5d13579a7555501c26dd4b86a61972f13026a4c1290d17b8dbd9a03c0185d85ee12d75038e872d7444a0f115f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ab5c67bd25cc76d00399a4ba2fd42ac8
SHA1aa9e8fbacc72e7ea04606b1b4ce0dde2980063b9
SHA25649deba5e43a3fb6bafaaff4c9bd73e5fc869d3033c26999b3549face3a9233f2
SHA5129ed959c11d924692d681c7c80a469eac2b8849c180a3d7f89ac9cce62af1e60c91a372e2cd2ea19dfc3ec9bf852c4c07ce1c3ef655f8a0fe764d98a379359495
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55e7223ec8aedd61617f7935e2f5b0dd3
SHA1281b086d7de62969c57d29e057a6c8ccc6dbb148
SHA256f9d33855c00724c58ce3b5ca2362ea75b6e6357505972fa59b8b5530b712259b
SHA512e55e497009830e9a4a7103923fe42d7b16ee4747bc53bc7ccaef284b417bb5ef9a6330463a1b680225400a560f5659a21a1775ddb22ca4ba78dc590c9aaca60a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52fe4e35603d6176270ee823c3617f725
SHA193f265d222ced52ca1f5650e7e446c9381850197
SHA256beb5be7cc30a1b517b57ea043d51893fd0f1d65d163d222a8a5ed5fca0d75055
SHA512988de52149430e46816534ca524eddfed79dbe168770cec7c7e7ba87e601c52495eae7f03270672a39557dc68a561421f11ccade0fea4535b0592ee74c5e8cc8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD582f8211e73492969b9005e34a8a0b33e
SHA165a4279b08626473cc485818909f1e7fe4743104
SHA2567660c7d0eb21320fc3b6ffa0b4fd4a66773b4796e457b7a6eb0f463848d0d6df
SHA512414f3d0f436cfbb4a127fd9f4edf78878b5a8682dc76b21a8d3034ab582bf5521e727264432b147f32e6a2a8c19872f2438bfd58163c7ce685f77fa8985e414f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c2cfe165b2324722c74ed59614afa3ce
SHA1c3d242766cd68f8b1ede5ead21aad2e18d4d1990
SHA256c50ef23a892a13a5dba0b6dc179db698ed1b40deeea4d35d9c08d782be70f0a8
SHA5129fc3af74936279677d90b877fe16c42962534fe01bae453f3beb2a5007310c3f43d24953b891f32d9624e8092dbdb67571f49dfa80b2bdc99ac0e69fed5dc7e6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD531cbc9135d25e46d96762044249d11ac
SHA1f2aa95cdd78839b43cab3f5072cf8993f39a30db
SHA256caa1e55709261f7420c3fb1165ca716dd32d1f87a5356e785a1b2a301db5b20c
SHA512d0ff198aca66712238a97de9e713dcbdbed737410543649bb9158dcb75a7b7d907bda4bea06df6e4f37f39e92ee4687669c53ffd3374f2c9a6a318922793c1de
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52e7aaf0808f63996c543f10cc0657622
SHA16216e39be24c71d0c0da6b7e06574a77151c791c
SHA256e63af4d6b58dfd3dae5082875580cf816edfe60f7675ec945e18bc7f1061c177
SHA51213bb3cb880d7627d70f921baf87525539a06e38754c727dd1062a53438a290027d9bc45a9e0623e97c8daf9441b0e24f8306acac67d459adb1f69e437bf04bf1
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a