Analysis
-
max time kernel
119s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 10:04
Static task
static1
Behavioral task
behavioral1
Sample
a4fe091a9b86d4e439ff74edc78753e2_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a4fe091a9b86d4e439ff74edc78753e2_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a4fe091a9b86d4e439ff74edc78753e2_JaffaCakes118.html
-
Size
461KB
-
MD5
a4fe091a9b86d4e439ff74edc78753e2
-
SHA1
f12745ae080764349d6c1ae183755a018f503a67
-
SHA256
beb47ee8d645c794f8bad2632fea9878cac5bb33d091ed993887fe674ea95485
-
SHA512
f47b6492f619965a50be825a8210916333e64b6b0b7e90ac07746630322661c50f895fb72b62d6d19b4439899c67bb2a60786b5f618df9d689ab4bf3305c8e9b
-
SSDEEP
6144:SEsMYod+X3oI+YF2sMYod+X3oI+Y4sMYod+X3oI+YLsMYod+X3oI+YQ:p5d+X3PU5d+X3Y5d+X315d+X3+
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0096f43e79bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000402fb99fbd7200d596eca00ba28551b194123a768f1a17b438e9e66697a6d5ad000000000e8000000002000020000000c4de22f40ef14ca8a5fc0c02c61b8961b967d46a854fd37ae215012c8171525e20000000999a0f74005d1007a67a0f269ace974424f2d70a77688fafe2e7de2a16b4e3004000000004a7f5dfdc1e3a2992a1edb77b9889c8fbd0964d17b9219732291565df0a92a30d3d4d4cab34d4992f8e264ae6632a1b6ae78512a4ebf58db7f4b4dd144eeca4 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424434969" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000993671284eb76770c416fed6ca6f471c402211669c314c72104a7a4d9104f90a000000000e8000000002000020000000eee16105c3b069920a59e9e0b967e553a96d8c089e5bb8fc18ee296fceac4ed0900000007e930ee2bbd2bf66ea496e9665ac6f1fcf3b3886d078bdd4c06fa07db94296b4534d3147485df5f8f7d1a5498fabc1b75592d9cbed6b47f248ecabe7ee481b3608f2049ed0e48cf07a168c6c60cea8df5079f55f32afe64848948e09ebe60675b7583c7beedd157d88f0dd4a78953937c3b17972e6d9c2451277e4a89be9f8fde5621f34769b9644ea9a0d7cbc3ed42e400000005912a009e77e22c4538d5e2bc1cd99926c87fc7893091b72bcb71207fcd10c2863987cabac719bc6c2601045e8eb22b18c98d17a8f175d9740c9593c2b2371f9 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6668B681-296C-11EF-A1B3-D2ACEE0A983D} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2368 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2368 iexplore.exe 2368 iexplore.exe 2948 IEXPLORE.EXE 2948 IEXPLORE.EXE 2948 IEXPLORE.EXE 2948 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2368 wrote to memory of 2948 2368 iexplore.exe 28 PID 2368 wrote to memory of 2948 2368 iexplore.exe 28 PID 2368 wrote to memory of 2948 2368 iexplore.exe 28 PID 2368 wrote to memory of 2948 2368 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4fe091a9b86d4e439ff74edc78753e2_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2368 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2948
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD509e03067c5620d1cedb1cd7d1023a424
SHA15bfcd429791350bb0cbc3890493f0b05058072c2
SHA256bfb70bcdcc1bd8553f9c4a22eb4f14d0dc78bddfacc105664a43875343b44bf2
SHA51290716b493a228bb2e9c742d99bbf25ab666338f3966b96db126bd58e36f67570ee7d2163203a2d4c799c474c6e72631bcc35c1422152a077eb78301143e7e07e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cf48bfd9aedeb1ef14a5172b61be502c
SHA1552ae9c066f6ed0159d5dd4e1799d9946c328847
SHA25667c76c3783bad99c3d74440eaf4ab6d438684a0b9f3939e765643a4f2464e00b
SHA5120b754890753ab68db1d9de461e9de008c7b493b00858864a9c492abff6c5a31e7b05d4f70e62a5640576ecb9e8fe8966d6078a4cc061a9227dc632618e7cb146
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5da1b63f36bc399455ff8357e158678ce
SHA11a9fd0b69181669da65ef751d6a9ead863f68161
SHA25607bf9a09593506c6f0625030a4f5fdd0cf55c8c8b55d45f7e95617dfdce2b08b
SHA5123c1cd973cbf2871ba5101eea3482fa4235c4d676c39d0b9c6cd582f3f8459722ddfd62f5fb622d368ccb248c7759ca7959a89816a2d174a2bd4a6b983d2a12cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e4d955fea72973323c7b075947371ea4
SHA1aeb6a3e744de3366757dda0d0b7905591857bab4
SHA25671f74f4435bbd4c4a7295ac41b830e6c7f8034cb788229db24f40f4cd58a3172
SHA512706b47d34ada7f283a315e2756f577ef6223379136b99f998e0bf97f8145f96c1cf7ce1e34e923d2e69aa455f933b5746ebc6bde4e9c64d0f9b0471c64f3ff9f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD570b59db0abd1511f9788aa100c2345ce
SHA1ada5a398ac494c0dd1adde380b2755d23c2369c4
SHA2563f7978cfa39c18e8f7a38d965addef933d30132873972e9187062e6089d0408b
SHA512a6f86958a9c51bb442610581bbf512fcfaeb6cf9c13ab487454cb914f674f347fcbdd959ba177385ed1cb6cf507a303f8acc223a189a453b968c190e2df8d5d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58be1cb5ae77bbb93c7a705485548e0d3
SHA1f7fca45bffb3790cb7f4a5c1e62d655ed4b54a64
SHA256f8c83b7467f3c5be7156d2455f691b5c6a3910b177d3b502f3abb80574fe84cf
SHA512eabba91c2bde68399fd7e79e03b654b15a4aee5927f2f82705b84d2e1115b1d3f76261208dfccd1616ace3320c3e2d4bafccf77fbf66d32cb1e121bb848f72c1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53eb5cd322a3cbe42f56407fd1671557f
SHA1c69fa588256fe82a53d5e6179612b256b0d19522
SHA25609b8a6c6815bdf56b5c81b582c8725e9a965f734211fe5b6827f23d9b2b7e4bd
SHA5128a9c4fe04f4e5fdf974e638a60084d7db61b91e65d3a0a0bdad6c863915fa5343565bf455a4e771af5958609f7fffd4d3ee136367c2cc9b0ae5bdc8bffde425c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57b66d0d5d304101818ae03a7bf4dd5d6
SHA16c482ea2c5dbb42653742db2a00e069b1089806e
SHA2566f1490cb3aad8248556ac12323ef670877255dbc2f9b62066f91c94ab791dd90
SHA51204bb45a7360e842d9500247e81bcf59a4ddca3d8ffd7b872dda7fda2d37ac8097beea808557e700415420a54d3861da3d4bd99b9d213768348e342efbdb09fde
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57b21e6cc57d3cca0ac474ff650f83c9b
SHA17bffd56e2cac3cf8635d359eaee20c99775cfaa5
SHA256ffaf8696de09c032c0f4438c05a0a4a2b58c5949cd8c7b07b140e71f2dd57ce0
SHA51283f77661b1cacea1b4e9dca55281778ff9508579dfffe7ad3af2d0e258b83a2715dc328917462fa74d094d2b082a18a78a0b23ace4e694d95694653ed707d6c3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a4d3ebe9c80557b5bc13625de4e1d20a
SHA1fd41f2d85cb2e2bf64ba0b8544f1638735bb0525
SHA25672e505219e85cb2c478e49b4efaa01eb2e1d69425eb5b5cb36a4ff10a7139ada
SHA512c5e7d24848d70661c9208b37e32d9fa51de225d20fcfe3f003c92a118244b5940ef7986543574ad4e07e8894b515048e39f2ba1a4a363d62b1c60739e757d736
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c04d39fd312e45ca0630903f8262ad9a
SHA18272ecdfb40346bf1f4e40ba2b7278cea0cd4612
SHA2563173f2ea8caf0283c3b1bd422dcab29e007b72fe4f3fef9f28dc32e6eb3022f9
SHA512d65101e3bbc6c8f473195ca8b623e6e48f828da36695a3731ce26c7e8c85f8ed3c3ac50b99ecfbc2a2b0ab14512d7afdae570c1c4454ba825663b876a54c153a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5677ead543fca1bb6305f331000a71709
SHA12aa2352938693d49cdbc69c7cff5b64fa30bd676
SHA2564a6ff24d19c26dc5f3a1da3160d372b14b07fd694d6deeaa2084ab93d39b48b6
SHA5121890f81bfd9c5354fdb61bd32fdf132fc9cfc6be98cd8be4193fad4f54b9a118a6deaad45d2580105e9502a43fca34671ad7fb2d7b540dc83d4f9d37983d2665
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD568f0c4fb27b9672294fd773e36bad29d
SHA186b2f74c369ab5e4aad1b98df5ad400c7f25680a
SHA256592ea2ac6aeed0b9b7f669d31877cc149c1b63cd05001bb73392940c68ff7d2b
SHA512f98dda03ab6bd54316fea302fe63ddc4543365d7f4de7a46a1b2b22d3e3f8a9d06f57d4db62b2f450aab3a09a927f9bfa3bf7022ec49f7723e25b7d24fc5b92a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d75ff00e57ceff172e2b6197f5964d23
SHA1c730d8fa8455cfd562c6ec633d6a23031d67445b
SHA256ca501c1f4fd1343de9f5412f31783e4ac46c6948bc65c797ee001e215a2cb49c
SHA5122056a8597374e77bfe1ffedb106fe3b4d96533106b224c61793b38f8d765cdb527454750ece87c6023a90d54cf0969268e3d2e0f4ae789627b1503a22dd4eb85
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54e7ef3e309ea98b9dd666af67b0d4e65
SHA1a774157783d813ac327d91ce484e31a092d68943
SHA2566643e94cb130f8b49ce43215e941a8d0d8f1450d3bc0992c167ebe3a5cb2af40
SHA51253161538438e29a9767e4d31724ea7b2bc0fbf58ba84f75e678611a6daf4fbec1de60efefe5c78e7c59c2db276f87384fd08d217d12a731823f6dc86df4d54b8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56307bd3ad8fd86135146840d13ea857e
SHA165e259a1cdb5e36dba7f1c257e05218abcbf6390
SHA256032d1133f4df5a23f7ea13eddd17695143be2aab2dc4492d31abead088780320
SHA512a124246afedc17c6e15e868037883dc1573a679411c47e909f3d140324df8eb7e9b3a0284efe87912226874b91593e1ed7d1535b23e509cb304aff2b9f86a488
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53c140954de59ef1617fcad92efcb82a7
SHA10fa85b1cfb00a5defa764b8cfd79edf9237cd59e
SHA25657314bd04d5fa26368149afa8de620acc18eab1283762ce74fa8e37e5dcdc67a
SHA5121736317575265e34bf01ea554063ea6d0e35a9d9bd3dfe326a055909036eda4bff862f96916ae59297d4df2d8e272c2d3a61edcca4bed7ad34c46fe058d75b2a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5871cf9b5073cc02ec130826ef5c39d49
SHA179b51c084f8ecac4e4aa9abcdebfc525e8c7461c
SHA2561dc579dcf82a1ae50037575e121743dd528fc97c29a87917902dc5040d6e6982
SHA51237f7332e521aee59c2b5c82f821d62172b1e42e2ad43e2b87bb2ec4f8614e54c34393e316275297e35f8dfde8d855f2a62663c062c77d2afb80196c6a3eb4226
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58b6cf7809303f7ac210a2776ec510ba3
SHA1f0f0ff9800fb19263b5f6fbc4e63727d2e96af0d
SHA2569662038cef429b556069b9add28b69623fc9a26a7119b34998181e04457d2151
SHA512af3dfa8bb6fc422eed8fc2d59d81eb2780da44439f167796b426dacbdf5aa414f23bbc5b9889b8c9f68308a08ee91d9a7bf1fad3a45da2764203523e20af1013
-
Filesize
67KB
MD52d3dcf90f6c99f47e7593ea250c9e749
SHA151be82be4a272669983313565b4940d4b1385237
SHA2568714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA5129c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5
-
Filesize
160KB
MD57186ad693b8ad9444401bd9bcd2217c2
SHA15c28ca10a650f6026b0df4737078fa4197f3bac1
SHA2569a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b