Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
05/08/2024, 18:22
General
-
Target
bec64165dc35dda50d80845270f7d3b0N.exe
-
Size
124KB
-
MD5
bec64165dc35dda50d80845270f7d3b0
-
SHA1
32480416f34d574b94134d91f9ce1d271ec33092
-
SHA256
bfe706715ff9115db60a4ea5d01a3812223d8497c554cea0a1c56d283f2620ec
-
SHA512
52326f12babafd59f7780cb623bdb8a7fecb5c60c1590b0cfa7029dd7d3ac0b450fbe7afb173720702ca22460e6c027a6860592e1ad435fe1f04661696ff9b8f
-
SSDEEP
1536:g2szt5YOckhhRO/N69BH3OoGa+FL9jKceRgrkjSo:1G7YOckhhkFoN3Oo1+F92S
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 37 IoCs
-
Executes dropped EXE 37 IoCs
-
Loads dropped DLL 64 IoCs
-
Adds Run key to start application 2 TTPs 37 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 38 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 37 IoCs
-
Suspicious use of SetWindowsHookEx 38 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bec64165dc35dda50d80845270f7d3b0N.exe"C:\Users\Admin\AppData\Local\Temp\bec64165dc35dda50d80845270f7d3b0N.exe"1⤵
- Modifies visiblity of hidden/system files in Explorer
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\duufe.exe"C:\Users\Admin\duufe.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\kaugo.exe"C:\Users\Admin\kaugo.exe"3⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\nnmaum.exe"C:\Users\Admin\nnmaum.exe"4⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\puoase.exe"C:\Users\Admin\puoase.exe"5⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\dxfoiz.exe"C:\Users\Admin\dxfoiz.exe"6⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\kexoz.exe"C:\Users\Admin\kexoz.exe"7⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\haavav.exe"C:\Users\Admin\haavav.exe"8⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\gaookik.exe"C:\Users\Admin\gaookik.exe"9⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\cauoj.exe"C:\Users\Admin\cauoj.exe"10⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\pycow.exe"C:\Users\Admin\pycow.exe"11⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\fklioc.exe"C:\Users\Admin\fklioc.exe"12⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\laaezex.exe"C:\Users\Admin\laaezex.exe"13⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\wvhij.exe"C:\Users\Admin\wvhij.exe"14⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\yecen.exe"C:\Users\Admin\yecen.exe"15⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\dooke.exe"C:\Users\Admin\dooke.exe"16⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\meexau.exe"C:\Users\Admin\meexau.exe"17⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\deidae.exe"C:\Users\Admin\deidae.exe"18⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\yeeyed.exe"C:\Users\Admin\yeeyed.exe"19⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\zueer.exe"C:\Users\Admin\zueer.exe"20⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\jaeorif.exe"C:\Users\Admin\jaeorif.exe"21⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\faixou.exe"C:\Users\Admin\faixou.exe"22⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\nnsiit.exe"C:\Users\Admin\nnsiit.exe"23⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\vuusuj.exe"C:\Users\Admin\vuusuj.exe"24⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\rmtiel.exe"C:\Users\Admin\rmtiel.exe"25⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\qeaix.exe"C:\Users\Admin\qeaix.exe"26⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\kvkeac.exe"C:\Users\Admin\kvkeac.exe"27⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\xiuuw.exe"C:\Users\Admin\xiuuw.exe"28⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\jaeeva.exe"C:\Users\Admin\jaeeva.exe"29⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\zioaso.exe"C:\Users\Admin\zioaso.exe"30⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\naida.exe"C:\Users\Admin\naida.exe"31⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\peuseo.exe"C:\Users\Admin\peuseo.exe"32⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\qoakaix.exe"C:\Users\Admin\qoakaix.exe"33⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\dtsuay.exe"C:\Users\Admin\dtsuay.exe"34⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\ceanej.exe"C:\Users\Admin\ceanej.exe"35⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\roihim.exe"C:\Users\Admin\roihim.exe"36⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\bioupoq.exe"C:\Users\Admin\bioupoq.exe"37⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\waaoz.exe"C:\Users\Admin\waaoz.exe"38⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
124KB
MD5cb0468aaf27306653e3b242adc5947f1
SHA18cdc724b82892cedf3cf45cf2db5b34ec8f90a48
SHA25650b7bf789a7bf85a93cf3b2ed4db89d1f4070bd852c7773f00491523e5653773
SHA512af66bdfd233b2d24bb096846b691ec5ed265c4e0097ed1791ef9aa21b519cc0211bf676c20fc42186f43f5aa68a3ad9e4044d116d85a670457cf2598eddb113a
-
Filesize
124KB
MD57714d341c18e53c0590f62c9c90a2cc6
SHA193aad1b7e95fe211bd2af6bb32deebdae2b9648b
SHA2566ea303cd73be5c7d43d57166ac9aba979a7235fc8502cfec90be8bf35c9e11bb
SHA5129954f85dd5184f02212e7593a9893e30f760ca70097bfbe54cb8867a7ddd6c7765dd496cbe67ebda051087d5034e296be2ac10e8f7d8225036430d1eed76bb3c
-
Filesize
124KB
MD5fe9a333976ca624d1229cc5b89937357
SHA1332895bfbb316e80d3ddfd2362037fa9c0039080
SHA25688797208030f5aade23fe6439317083314c8aea5a1e657d1f4c7f93d17f3ae80
SHA5127d83a6c054cc767e45c9e827bac7d91c473df080a6b71375bd50a7829a60e75bebe8183e83a38d08ca48066a9767f446e138c473e3cfa18e62f466e434e444b7
-
Filesize
124KB
MD58f924504a38c7e1654e673452a196a43
SHA196182a31b123365c13519da7adf796d3e95b2a40
SHA256edeee47282c0ce5a54d86306a321a620e763e64387f80418c7a06429de267e08
SHA512a998d96071a4adf5e7278ee847f4b6c182be63d0b6fccea210d3dd6f6989d89db08919093650aeb0e937b923fdd6fcb6acc28256f7bcaf8ef31fdec15038e772
-
Filesize
124KB
MD55b14b5e22d4ac43f7af95a27745a83bf
SHA148fd0720e86796bd5d654ae78f55a325d984f22d
SHA256b739a10186c30ba42c4350a271c181154fb3ae0c658dd684f1e92a7ccf435c50
SHA51295fe1606e4e68facd0dc2285c53274ad698eac72b27692cae2543f13724b0e79c879869ef8612148cdd4ca69dee255440d23d11144217a2f5596cc4f8f1187b6
-
Filesize
124KB
MD571f53a0e7d1cd2c844c0242b636cefa8
SHA1bd577133a622e54f9b9c6391168b899f211fb6c4
SHA256934aa700a9e71a8c591053fc7d808d895826e4976e4573907a1bd98ea0c6201f
SHA512909eedac6ce26ff4501184354280bbc7106fc366d9b9f02950b1c9c8d313a4a6f8b5b9dc6b2fbdaad8f25ff1c24ed52de1e6b54d2799db260e11cbd37b098d06
-
Filesize
124KB
MD5c4cb9a8e91d36714b17cdb77a571a563
SHA1f94333de630796b2cf4d049acbb5fc5c9c46e164
SHA256d0c8cf58fe5f62cf4378ca90496984f827272c3e13191fee539d24db4b1f5e3f
SHA5121b16efcf695e634756d0670f004829b93e9c001a0bdc638b967bc434a3c3d89a14a496a9bb4703eaa5c0c4d6e10b9f0067a3c16b852bf2b3ea216167a1b5073f
-
Filesize
124KB
MD5531d2fdc2a468a2684291602cfd65c93
SHA1650a59784d1159a5815550d9c324988f2f26471c
SHA2568fd32acd8d1e3d65c783aa0f2949bc5f81205474ec6c837dd65b8efb902e0bdb
SHA51289d780bed0aae571cb428208903427106cceaae96d3fcf1c009aba9dcfa56ed9632d2748f112ec4cec73ea1f8220c461f56644c9146710915fe530125c65ea99
-
Filesize
124KB
MD5bd107770410bc45c7bcfff7385516006
SHA17fed48bfcd648093d14ffd1af036c8d37e25d963
SHA2561c16d2701f7b6af59ffc283efcb3d2117209cb9b6488fda8300face44d8b6f3a
SHA512d6fa9fd737072a7715556bb6c0a56b72c7f792215811c9d860827c1a2ef0593c62ba87331589088ea8c96bdc9799cb640cc56397b272ab05fc5fdd98764390a0
-
Filesize
124KB
MD5b80e8f9e1d500dc4370c293906358d0c
SHA115adf420d019c36cf57a87712fd55f8cbfca11ba
SHA2568827e65a3dc13c2a5467050e2222469f7d6496207994abf2c1053c2192653eb5
SHA51247273e076c1d884ca9a7dbd8a444638cf24cb489fd56e9a2c8e985c780f00294a05ad049374ea554562f3f1b3557598ec986306ab2cece273ed7e2d164071204
-
Filesize
124KB
MD5ba5b5ad53f378ae9eb5a7bc6f0d957cc
SHA15a96fda63fb8a6702b4a97381a9363e14f92ac42
SHA256522c7387b2a988891b3e1bbe0415a9a6532e65667a2f4947a1934d786b75e387
SHA512ad24020b54bc5c8d5002807aafbb21a11e9216c05b4587e9120e19f5baf9ee0a4b9de2a26290a2f29729a9cd4d741f8216532dfab41c8a686c03a3c4ef50ce42
-
Filesize
124KB
MD50950ec8b791688e29e8bbb851547379f
SHA1f09e842527b702f37bfb1f535650e3811905be0b
SHA256a2e8d5a5fb81d1924debaaab900ebb136e1688e8a0860a989f6b186f355188ef
SHA512b03ef83505bf24e03826b9c01f1aabc96b8fbe87dd49945315db0ef8765e963b4fcd0d0847dd23e8d7db7ba3979ecf9afc20be5c32eb77d4911924e6e13e430c
-
Filesize
124KB
MD52fb15ce3bdfb99d5b2849bd4f88e2064
SHA1a8e10f19631f57a3b1712577b0a99e8f2c70c5f2
SHA2560f46e7a2ea097e694174d1168aef6757f7468beb09e32551ddd0ce8e47b058be
SHA5123aae16307fc53bfb403f9b2364af4ef88c7ff830e3a0f6a9b3820b0079f3c4cb5246f6f5105624a40c0dd5316fcabaa808907476f0ff771b4bd77710d2ca46ec
-
Filesize
124KB
MD5d948b2cc724c261abe954362116030c3
SHA1a9c2482d84b65ce2f68d629dd478ea1dd159bfdb
SHA256aeb1fb065aa517316db1bc03fd12ebd155b74c0b8b542fc9eaa76aea823ce64b
SHA51223959dd8771b55a21250a263ca3de6de6e57511c9fa647e53db79ef3b2f44271847397844f0b02504e70950190b95afd4323e2aa421cb7e500c40cfa9408a77a
-
Filesize
124KB
MD5c5e6e005415e466579fa04e6ebebbad3
SHA1a6ae038c4ede8dbb3ee5a8b7e5163803aa89e2d6
SHA25645018c05cc7b2dd273eaaab789debdb75a539075aae4a418e0d246ddad2bd913
SHA512309ef42214f522ed7506e853e3742f221eaf44c9167d6e7ac6fe067fda84f01079003ba7ab0297e332b1c7e39b40cf4e5eee63a0740147434c2b77093e43fa7a
-
Filesize
124KB
MD578940aa92dcdb8de8d93233e0e620e3d
SHA1edb55461845adb3e2d450d1b9cd0de32402b665e
SHA256fd3c674f589e41199528fdc202d589871c25789a0f0080281577b8fc2a544573
SHA512e82e28c0a5476d8176545c5ff06a3a2b1b10c211925956b6ac98d51345649b0be29e5329af4ff1b6b5ee6f7679cf9c24df6a8b096355ff4413c8d07243c3bcaf