Analysis
-
max time kernel
133s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 23:02
Static task
static1
Behavioral task
behavioral1
Sample
a2d522141c73036c4e8dd15da2410298_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a2d522141c73036c4e8dd15da2410298_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a2d522141c73036c4e8dd15da2410298_JaffaCakes118.html
-
Size
48KB
-
MD5
a2d522141c73036c4e8dd15da2410298
-
SHA1
e353acfb35800b1edcfd7ca4c270dc6ad8aacea8
-
SHA256
dce7f68cfdd5d5295600818d58108b55eea53d9971043b0508bd4809a4fe49d9
-
SHA512
2329d7eea5993f546037e37e0289598d0cef03feaacb05efe0463c39c0ee54361f304de0acdb37ddf2e523cdaaa49c157fa2957fc2bc971a2d419d761ead169d
-
SSDEEP
1536:bk939pVeZRP+ZJ0IY/q7I5RSW7oDsBaLacf9myIK8Ppnactq89NM9XoT9AP5GyJk:otWeFbXaJtyL5xub8VS95tI0bB2uBhQi
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424395214" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D60D8041-290F-11EF-BCC0-5E4DB530A215} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0649aaa1cbdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000d346c59bce439472f58651523f37defbceb797c567e13f09948f74d1291c30b3000000000e80000000020000200000007ffbb8aed5d7303a5a93d0a61c36ad940807097ab4cf3121265447b09ff877cb90000000cde4fe4c7078425b700fd7643a44c2ba2b626dcdb61bffdadb217e192e84021598d0ed6fc4c7d99c85e4fee0120dbcc6fb78be60ddea3716a5150ca053e49a1f4f8e6c3f5fbb6f7fb2305bc337bb7c9e8fb4251bb2937249674554ab9044a097ed770b513d7f8901dd63081f9359bf60e801ef30b048705da0fc62d8b03246df8e17e6efcc74bc804fafe23f53e5d76e400000009036dd2a97dc76fcdb1eadcda2c19245722362c2654d67a959f8f79d17e01a65beaf84e00b118c10146c0972aec564513c52db83c912ab83250384f2d2ca2190 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000bfa36f21b15ddae1eb9539ac6b42fff60a174f98a1b309adfaacace577f7f65b000000000e8000000002000020000000a22025a891517554b1f7e2497825c53606ab882eedbb09081b88e19c096bd4a42000000043d5e31dab4f34e832f873ff369023a4b20e02d737aa3a55a4467c09f81a8b9140000000500593f12a3f515bb0f21da3a5b7609e9e5e241fb309df15744b10414b38d316f1bfd278f9c0dabbc956bfe657c1723c53d362404438abbbcc4d5a9ca741826b iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2944 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2944 iexplore.exe 2944 iexplore.exe 2776 IEXPLORE.EXE 2776 IEXPLORE.EXE 2776 IEXPLORE.EXE 2776 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2944 wrote to memory of 2776 2944 iexplore.exe 28 PID 2944 wrote to memory of 2776 2944 iexplore.exe 28 PID 2944 wrote to memory of 2776 2944 iexplore.exe 28 PID 2944 wrote to memory of 2776 2944 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d522141c73036c4e8dd15da2410298_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2944 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2944 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2776
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ab3c0d0652f13356c8dbfd99216b8741
SHA1ccd1dd514dd1549abb1221176e28675e89069df9
SHA256eb022d3681650690ba597ee31829a75166afe7cf8d4fb6c4e4ed815eefcc8bd3
SHA512fc8aedb60ffda126dc63ea530198c4d0d2d8e2462aa57149f3102437530528e2a5d0f4aba5bdc0ed5e2375145b82c9dcbc2ab82e8672b331c2f83d70470f00ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54ff8f1966c02e4e894674a609f904371
SHA12d7611b3ff5c7c37e53642c6b5d39a8745a17add
SHA256444a735e37a205f84977a669105d3157f1271b0a7b6883eeb66edb90323c5bb9
SHA512410139c79f4dc5527c4d8aca087d4bda088775e0066c257168416ac8ab79725191e386fa35b5954032f572e6b06531e1a776c439f8a683c40fe5859a5bbdfeaa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5664d9022322a8aa76f3853aff47d9b96
SHA1ba32902290302f0b81c42fad25dd0260f099eef6
SHA2566c59ab6e5f0599cd9ddc1f265ce4a04309ea58784f757e0f6197ae8ac4f2ec30
SHA51245d64594810446ef9d8a0db6015dfbe5299fcd850a5fe293288c7059106593e21de34e7ae5c6c62c4fc2c2d01fd85835540ec8bf83fce7742b32a2b3479bb897
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD521e656b9343e9403074aa9d7c113a4bf
SHA137afce7f148dff3f2e1cfdbadcd8acd67945094a
SHA256e9149661063d917c4f22bb924c8749bdb0419bda3ae3d6890fc892dc5504efe4
SHA512d96eb70750da437f600aed5b788c70c9e52afc34cca3831e1536022b3b4982553f82511d18750bc5652145a681da0450fd9836bb3af8d7918be559c1675dce05
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a2c867938b10a6ed0ec49cc277501fd9
SHA1e0f5d4f6699de1dd612ec84a6ed16efc009a3742
SHA256f2e7f16dcd576a21fc5d27ebeb055c09846d1649d40c7a8956345c5da51d2a34
SHA51248a58b07985bdd336d0c176f2dce380f0fd25b45fa411b5f71bc0fc2cf9aa7a4e23910c9b78e56bb862bdf4fb883dd2b9d8a8e945322d1812f97d4ad2b845626
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54803e6da395d260ba6e9469874db3485
SHA14dd369e28a5e32d6b9aeeddf936f286f107d57ad
SHA2565b41928988e37e9fc8bd1fecb1e575d3cf1324211dc2a80b680f87b6effa831d
SHA512acff2f250d4f5d7b18351a22629be5c01e72b19f0f7f8135cfdfaaf80b0509f075bf4dde954abdb89f70b9d607f4570d8fa5f0e462fd2aeaf19ed0b4487e3cdb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5333ecd02b799d086829085b0ba368814
SHA1a2e587d7fd9c4fc14df42b1cc48d0693861cfd53
SHA256360941300fa5900091a904949e5c5a3a36ec6eea9b93855b6fbc0fc1f9984b91
SHA512ff93d0a482d06d82e423c84dcd80e45403e1331919749d97c1fd9f1131b641fd017fb75256259007cd509caf2aad28be212dc2408c07f1a6e785048893ec5e87
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD543bde2adf1548d4e22cac55c93e17ce2
SHA1ce6aa762d6648f87bfd78dd17571930d3cd65b3d
SHA256ec0ae277f974c51c4776570ad3e591a6553c659b0349ad443bf1a2d8e312a1f7
SHA5129701600e328161288200ce09c2ace02a264c018c9809b8a7895a4fa0e8d902f2dd22c0489de4822e448daeb4f3bff1e7b570b0ddea3c9d952141f896ea55e2fe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57eded5fef1e1154c3e28c6920c79e5db
SHA13fbc855d16eb8a93ba79aa931ccef6005af22381
SHA25634f75d6332168825ead93c939b796457e087d6af4631561da9bef8bd45938d0a
SHA512287c4f131b40e0eaa61750281c959933bfdc83137c49f47b4947f5f7144fa54e56f6ae0ea0bafff93b33f069e22548f6f0e9bc98292ea44f012701f6cb11086e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5413e6b3096453f163596b4f21e6492e2
SHA1d53f0e11897e61a22e1f9ea8d4c596e0b163d4d9
SHA256234806d8ff4d87087dd13b1f6ab1ad173fa9d2d77f96ef8b6491844f49dc6697
SHA51258e62ec1fe0c4999344800ac1af4a1a4bfe99bdad4ab719a22022f97195221508cbfcbf7a30b133ecd7e8969b69e32a3c7f2bc0ca3dcdcf580d17310a9c65d1c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f70efe1052d13531109a1af6fc210ddc
SHA1bfc13b6ea49be6d8268f567d040b7eb85daacb28
SHA2566dfc4c9e0fbb5aba04a213fbf7f35373c8369a1bbfe13f9cb2b0badd43b6b2d3
SHA512a0ee73dc1265c1774cc176c1a3ab644eab1000455857b4dcb3adebb05f27888fa1726b2c70a64e315230d70727a75cb1afe75ee901e1bc660e994df8cd6883eb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56cd1afabf37b6e2ccc45744239d750da
SHA1037c4653bde87fa46d2783df3fdf3583c090c6f5
SHA2566575986816753200c8b466b8908fd2c58b57ca13180982704bc6cf4604b78321
SHA512dd36b92ceeddf2616a14f53862900c1271186005e170b403bb9e3889dd7561021d6db45a06876f7766d5cb5c6074933851236c7297d5135af2a97fa3935194a4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ff350639aa5af52f200f5d63812f5dd6
SHA134d170db8cd44d568268a79bb499fe1936fb7528
SHA256a13b9191356458e349a1b23b5dd2f41277395eae2a430edf4f6245bb214d2876
SHA5122c625583633c78a9c10ff4999575bbda982612e21e9bf933ca9de6f079a14335f90c87c841628c278eb6a31b4b95673fa6f0a93a4035a093a4815b7770064d2c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD577d6638f07fe2efde1aaddd3146abc88
SHA1d1818beea9d463ca9604301a6186e62652af7fa9
SHA2568cb4f6d2c9a9389b59e67bf003c3d370611d0fad072a01d1e3f993fa5f49d185
SHA512489a75f95aa1fd3ddfded20ebd9dffc11c47c0bdaa31a9c1389647d5e6adf14b77212d3244f31315416774ccdafc1bbda87a6530047d14256d97df6bf6b5862e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c216861bae9967fb2bf77cb4e894feba
SHA122f393b51c0cb42bc7c78d0c6f6e255321631869
SHA256f1b95c4fe71d37cbcd3cd1bc038028a47ceb66caf5b9a7199371b51d64359f2a
SHA51254f55c956451a6bdf488325dec5b14df2d0229cb4f83c6bd6d707d81287d80ee8083a343cfd5354873c5dff2f303e59b0851b61d5f7631d6d834607d9d83327f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f853fc0ab86ba18e0948740f28e988fc
SHA184e9a91bbfd4c9302f6f32057e220bb0d88fa6cd
SHA256ef20f638fd6ed84f1769fdf973b8529204a69c230092adbc8dc9c9b37197a6d9
SHA51207cc4a07350b032115fc6ba38198ca1d2109823e96c80503a5e7a5dcf22bbea6bec1f9393e9761ad6c1778955bc38923d6f67f1e0d246bccd492c4d6cb9c32c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e3a785684750ecba1cd6483e7a7128f9
SHA10242820cf9b1bd9c799da1f4a87f2bab0c77d221
SHA25657314edbf3b6ecebc42508e33566850169510a5482f4e4a6ff805cb3c1a02ade
SHA5121bd45e175805dae699fcf7b53c94613343aa34b12a25aa9ff398f5eb07c1cae39c97c3a2214704fd2c5fb76a8c94482cb9a62018282161d8e7977e8d4643ff41
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD556c36f4bad16a702334f25a42dd2648d
SHA12a5f82b9c9e1529fd014d42a553481d6969e277e
SHA256337549d61dba0201bf3e868f1aa25135467284d1d1b5f8306691b43a992e4ed5
SHA5128357bec5c427d21e69025a2c8daa55b42db18fc03f2b6329cbb436d15313e28917fade872c5aafea02c5b1ef70100c4a039b68bcc1c831cae580f8af2aed4c0d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56f986b46a5e5e7c0f8c7a88aa7566944
SHA1ee3ad527b697b8890440296447cae236332ca696
SHA25675f52467ac56ba7dcc65b76dc584ff5fd8162cab36c15c4e4089db0eacbb5d01
SHA51280d8294f1e0b35ca5728fe8324bee2f812321482ba792313553cd29501a4be2bd533357f0c45c9ea750889e0369a9a679b3b658c1f0eb2e35b3547f55dd2239e
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b