Analysis
-
max time kernel
136s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 03:39
Static task
static1
Behavioral task
behavioral1
Sample
a3b35e3946fa0f6f5a91e758a993f045_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a3b35e3946fa0f6f5a91e758a993f045_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a3b35e3946fa0f6f5a91e758a993f045_JaffaCakes118.html
-
Size
70KB
-
MD5
a3b35e3946fa0f6f5a91e758a993f045
-
SHA1
5cf7d8dc3fa0e3048a1a1b8efe237354725aba60
-
SHA256
78742ee95251eacc1794b000c67ee5192e4a649dfce7af15a7b699aa4185bdde
-
SHA512
387b5881f0bddcf59489fff5b0ab36ae27cf8d4ff6d8584f0e45bf3118a3f18c187e470e4c9c5220e5f6cb1df090f5aed0e22d5927faab2d8c25c88770e9d25a
-
SSDEEP
768:JiPgcMiR3sI2PDDnX0g6sz64k6FoTyS1wCZkoTyMdtbBnfBgN8/lboi2hcpQFVGo:JlWTzNen0tbrga94hcuNnQC
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 803bb36343bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424411844" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8ED5B631-2936-11EF-BA09-6ACBDECABE1A} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000004d2f2f8cd9fac20f1dff19759eccfc14070adbaf15a64d56e7a73068d5d8218c000000000e800000000200002000000070492d78004c52bf4676ae7539142e733fe7e2d124239a7c6bc835dad1dd81569000000094e32a48a3ad038ad96033455627bb92d2717e620b6f387bc8ca7dbb9c7c943cbe633a543a14a4341d0a540ec81f55a66459df05e887ec4f4ea675e2849ffe00db8e7e54d06d7d4bb73a6031e7ed991a2469fbe62a798f8a9facb178fbf55c9410bd939978e39078a9273da89de6c6ec18fb18a697a85d7429750c68eb8ca28c956eae16e9b91ed46dbf54da4f57c0b3400000001cda5c5b8b4727872425c0570ffeab678afb564e7a9b2150df94d3cd8ca5747c0b29a667a7723c1f77acb5987b7e6024755c84c46ded1b004dfa05c125cfb9a7 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000006429397b3174a21cb87c291c8e1730bd5ddafc57ef05d14c571362eac6fe6650000000000e8000000002000020000000f63a6b79c6340789ef12767a84a9dcefd1dd45a2b70af3cc2b78c06cb80fb6c020000000843d0562eed9cc98b7ea18466e03477681fc02c59b76fe3dc30ab84bdd349d9540000000b2ca2fe619280c01e47c17645f403c328a75393f847e41d685a7c1d102fa09693c11112a3ea30e6911c215397c2061b42e4ca6fbefe9afac919213737e4e8f0e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2140 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2140 iexplore.exe 2140 iexplore.exe 2236 IEXPLORE.EXE 2236 IEXPLORE.EXE 2236 IEXPLORE.EXE 2236 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2140 wrote to memory of 2236 2140 iexplore.exe 28 PID 2140 wrote to memory of 2236 2140 iexplore.exe 28 PID 2140 wrote to memory of 2236 2140 iexplore.exe 28 PID 2140 wrote to memory of 2236 2140 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3b35e3946fa0f6f5a91e758a993f045_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2140 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2140 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2236
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f9fd7c133af97d1450d59cf221677b86
SHA1168c773721c90fe496bc5f01d9dbb3e05b33d94c
SHA256967f9e9766d1e60d3f8d9a2adf5567c3188717687d69b6be15a5f57d3712652f
SHA512628662ca721bc4f07c3a36593884cb8fe0f3197cd1c844a812783b59dbda4be65881c1956c3b277493c500986b8a0165453ebba9af64db32402685210c2a4a36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5029d22827d1c3ce0ff04f793302238cd
SHA1861f7f1affc19d72e37874085e3b97609a9010b1
SHA25639e09ad6d05280106976c863be9cd299e1d59b9b0ea8b4e72271394d4366c47e
SHA512a2f3d99774aabf9153bdf69ad9e370ac4e29f38cdbeb733e9efc87f415c8976e59a737c1881f1b30df01d3834d1da531dc7c291faf37a01dbc3f525a66332698
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD500b4582f60007ee8ecde1068a47836a3
SHA15002fd87cbb4130112efaca9f256926566caaa40
SHA2569eaac69f773e392444fe13ac2be947535e377513b0551a240609542b5501661c
SHA512a01aea07ef25612240eff5df01f8198fa6ce6a007570cfc42209c294f1b9f499b561954039cbd36b2da18ea97fe95e3aea705da9a2190514e692073b846bc30a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD507b925345f7ed50007155af893e85393
SHA1d3c10e4dd3e0f1e9ecc5d742a9154e2b33d1219c
SHA2560ffac36fc22906cf41effd9db1ef703673668583f4762668f73e5380860747a1
SHA5126b424618df8696385d0e1b46b7f37c06a69d460e4b60db3459c58e57bd9af4e86aa9693a7a94597e60cd5e948cce40fb31eea31b89e3b0f9042b11266f768201
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ae9bd0044b10d90c2fee97e392a905a1
SHA1b9daeadfd938ff39277502675b25ffae2a567ec2
SHA25622ea69b75bbb9c34ef627d18176e022fc268dc2bdf03d0964732410a6beb320c
SHA5127b2e46f4c8c9397ac3e181288a42d76e6e142bf7b650f383c9acda57ccd71df6cd04ccce6a4e350eff3ce32f6af9be8429378a2771be3be87c9227c294a226ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54f6f4da79f29435e02d6e3b0767ea3ff
SHA1aadca3244c9f97c5dd14cc8e3da834746c6cf8e9
SHA25699aeb8da71de96df797e84623d6bb4790f2d4205f8c14059e6af6d9820a30780
SHA5120c444175dd6ca9fd2470f787e758c8a6390351705a52a25fe4ccb563bb085daac5ed68afb82f8d1fedc855df1d815e152831a75d7acba8902d82e95b94cf59eb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD588f2c7524176ecce0c10783fc8905505
SHA132047a8a4575be79c0b7175ccbd6564efb73d507
SHA25679ab4b1ca7a1548cf7a624f598547a701f9fa8416f74dc772c445860709417c8
SHA512f6e2041708268a9d8c2c2689ceff15ae1952e291ac67b20ccd40db0ae7ddca14e7ec217bd1edd0cfe8440665bad05739c0b750d3877d91df394f3cdfc343d1c2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a3c52789cd084d631ec7fce58ff7c84b
SHA1071dbce07616d61fbaddaf459e8253f5f39a2e3e
SHA2564767c7049bab0df64972a958c4c8bd8830c1f3dc18352d41145aa3911542fc4e
SHA5129cf73ab84eb3768b57acdb69353861bbbf7d556cc0d366e53510d3e9223547f025c36268f029d6e9dab700e326aabdc3fa729bfce49748f99bfaee82d7aa4b43
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5046b05e843aa0fb60c2c47b864fd1185
SHA12a49f1c12630e1107d6313f02eb10f385c464c4a
SHA256dd69096ac007b8b6ec490c275b1af2133a42898078a4c9c10b892420f95b17c8
SHA512658ad34d5a1d36fe3c0f84bcf886d6ce27785e4c636db4d998b10695fd4b9d03e4d59c858b348560c28f4e86a3c9c433d08d7f252c779a8ae33274c2acf952fa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5598a3b6c55be89e914ae136b50e40140
SHA1c7c67a77563f279194759b4eb5a443e72c23ed94
SHA256996063ce3aae2d608b275538a8b7f30e61fddb8138593be21d5e8fee780ba52f
SHA51255841f3b623f2dbaff00fa6d1ec1aa82c61c1e74451f6bb3543c9f0b5b6476e40954ec0dc492bb8e0e354ac63395db01e77a58fcd574d448164b8f82f5c3a4c4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dde1a4ed8fb3f7ff1aa6141facd8b281
SHA1a7e73c8b63c5e1cce869fd8a78f821d7311b96c3
SHA2567841641700bb505baaabfe772b4d6d966d63a67e84e7fa37549aaf5786bb4d8c
SHA5122bd179eca24ca677b4189a4f6de6f48ad9edb97fab7c0e7dd74b36a741e5e96f1114209795591db792f850d1103841a7039c594e5eda9aecb75b6ae0d83f01da
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5774ee0561ce06c0f5ab76dd2d59c4a27
SHA100f30c49c574f1b871054bc2836b67aeda45e800
SHA25601a6f4a4b96c27bbf103f4457803473e7ccf82253ad786c685a889f27ebc923b
SHA512e070d8424fd21c622b46fac772ed5d4c0004352afc4fef94f7c494a79d7daf4be38d36de62cb1ead666e033d2e672001a7624aba22cef0229965b799951b59a4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD590faa8e52a8b3080563a2b3811a32df3
SHA18ea914bea4847f83e934c50f5fe86888575bf0cc
SHA256570b20a7c533dd7f650bb5eaf57f7943ff7d8f95f3e63974b813b4cf3a14bf80
SHA5122fcf0f2491170237878b0038fd141e2c6a661c0c6c4388539052a05028ff8bbb184bd80c7b74c1ee3defb3f883600e7fb719195e241245b0c2996e57ed62428f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52f19b70669234d46a36442b6caf6a769
SHA14f0ac3a870a77c7e524b464f7eb689c8596d7d6a
SHA256487fee15c8712a1a11714a5b068d94ed51dc68f2ebc4f59ad749daa580573f11
SHA512d7048a93dbfdebe8052779b9e959692c81f95b343e00e65f9247faad13c799ae232f0c8d2db9501586f0c16962a20141f217839e083864599ea9bd0f8a0cce3b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56fd4974f6dbf7b4873f1afd2df3778a9
SHA12d2108b2375a2d7ef058991b550c32ec25804b23
SHA2561da08114c9a58296662171040617670abe826644eb8ab00e8db57a95fa7a6d68
SHA51261c04a6bd7e02603295e56fbea12ba0ad8cdea6eeef83603e0e3767f8ba9c08bcbfca2d3a7819656f86e39d3e93d555a8b49fc42fdd62847e9062975f5542caa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5052db53a0aeb1860963b8bebdec15e63
SHA19b99503b5b6ca37f615bf6d69fa506c45c102b7d
SHA256ab9d3fdc48b3d74bf806f8b0c3693ece373a7e31f7cbd6cf4e4713b32932afe8
SHA5123b442fd56293e5e472f140dab43a369783c1f20a0b94c3550e16ce47cc722cf1ea4ed78753cb8f1114fb23cce9085bbfcf32a2b6495305b059f4dfd7c98836f2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5308c2a3301bfbbcf72ccd2fc2eca7ec8
SHA17058556b4ea8e101950ea38d15bf59fb50bd6800
SHA25606ba0fa142c087ecc282a2cb727f382b24a73cf786d83f415763e31cc2a2988f
SHA51237029e6e45497100bb4f51bee2c3ae6d4c699527cc0876af87dd0993455587bbe63ef6107a6b606e8eaad9e0f43bad19ef8675147e6043fb645a0c9f02047b88
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD515c84d58264afca2ddb4672e052cedc7
SHA1cf77e41ee3649959f320b3f215fd467b0cb1d0d4
SHA256fa6817a8776c86de4c3aad237ffb68cb5ecd6dbe0534850b850700210b1f8f5b
SHA512eb3eb94f7991a47e7536c87621a8f143342160515bc2931e2d07cff5ef90c644f9031d6363a928b8ec9f5e5f9f351df795aa9e00f7bf1b0fa378263a57116338
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dfb3b01e31e70be855e88743a94cb9c4
SHA12699684aad4b09fda09ff49396584de20f237e96
SHA2564c3b0235320fea0bee7925f881f7e1bef73c8916a714fda1ff1474489b3024ed
SHA5124f09c99ef70431533b23164b1e434fdda5fabee7a19a769e79c2ff0d469d3bdb24d6a52df600745b8990dc3de390f44e4d8e67cb0db369a87bc489490cc29805
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b