Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
31/05/2024, 17:28
Static task
static1
Behavioral task
behavioral1
Sample
87c2d725a660cf57075cf48dd55c0ac5_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
87c2d725a660cf57075cf48dd55c0ac5_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
87c2d725a660cf57075cf48dd55c0ac5_JaffaCakes118.html
-
Size
233KB
-
MD5
87c2d725a660cf57075cf48dd55c0ac5
-
SHA1
4fe58bffa1ec8bdad9f5b7e3da33756b3de95c3f
-
SHA256
6d2325e2fdd292ed63d9d31ab0696d4930bb6bc52f6e72b626a2cc36e949d17d
-
SHA512
b0ea9309a1175aa0b268b3eb1b5033cd036661ac8aa89337d06524732d09ca0f881c37e2d5abc565d1fb7b80edd774a423403f30e1b3281ba10ba4d159c5c411
-
SSDEEP
3072:3hyfkMY+BES09JXAnyrZalI+Yv5QMc94yfkMY+BES09JXAnyrZalI+YW:3ksMYod+X3oI+Yv5QXsMYod+X3oI+YW
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4252 msedge.exe 4252 msedge.exe 2140 msedge.exe 2140 msedge.exe 4040 identity_helper.exe 4040 identity_helper.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe 2140 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2140 wrote to memory of 5068 2140 msedge.exe 84 PID 2140 wrote to memory of 5068 2140 msedge.exe 84 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4296 2140 msedge.exe 85 PID 2140 wrote to memory of 4252 2140 msedge.exe 86 PID 2140 wrote to memory of 4252 2140 msedge.exe 86 PID 2140 wrote to memory of 1528 2140 msedge.exe 87 PID 2140 wrote to memory of 1528 2140 msedge.exe 87 PID 2140 wrote to memory of 1528 2140 msedge.exe 87 PID 2140 wrote to memory of 1528 2140 msedge.exe 87 PID 2140 wrote to memory of 1528 2140 msedge.exe 87 PID 2140 wrote to memory of 1528 2140 msedge.exe 87 PID 2140 wrote to memory of 1528 2140 msedge.exe 87 PID 2140 wrote to memory of 1528 2140 msedge.exe 87 PID 2140 wrote to memory of 1528 2140 msedge.exe 87 PID 2140 wrote to memory of 1528 2140 msedge.exe 87 PID 2140 wrote to memory of 1528 2140 msedge.exe 87 PID 2140 wrote to memory of 1528 2140 msedge.exe 87 PID 2140 wrote to memory of 1528 2140 msedge.exe 87 PID 2140 wrote to memory of 1528 2140 msedge.exe 87 PID 2140 wrote to memory of 1528 2140 msedge.exe 87 PID 2140 wrote to memory of 1528 2140 msedge.exe 87 PID 2140 wrote to memory of 1528 2140 msedge.exe 87 PID 2140 wrote to memory of 1528 2140 msedge.exe 87 PID 2140 wrote to memory of 1528 2140 msedge.exe 87 PID 2140 wrote to memory of 1528 2140 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\87c2d725a660cf57075cf48dd55c0ac5_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2140 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaef7f46f8,0x7ffaef7f4708,0x7ffaef7f47182⤵PID:5068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,8794387710118408632,14529409459491124225,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵PID:4296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,8794387710118408632,14529409459491124225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,8794387710118408632,14529409459491124225,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:82⤵PID:1528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8794387710118408632,14529409459491124225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵PID:1784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8794387710118408632,14529409459491124225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:2676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8794387710118408632,14529409459491124225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵PID:3728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8794387710118408632,14529409459491124225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:12⤵PID:436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,8794387710118408632,14529409459491124225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3036 /prefetch:82⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,8794387710118408632,14529409459491124225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3036 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8794387710118408632,14529409459491124225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵PID:4916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8794387710118408632,14529409459491124225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8794387710118408632,14529409459491124225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:1620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8794387710118408632,14529409459491124225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:12⤵PID:4636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,8794387710118408632,14529409459491124225,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1976
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2152
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4616
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
Filesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5a82781dc482098b8991b3a9fe12d9808
SHA12edab6b7f3063e9850ab377e1128e514b700b26e
SHA2560295a1065c377cba48ee307fd56525958ce4d5027352040e112c40b02a58ed5c
SHA5121885e177a3baa7fab4032204fc55edfc3b67891577290390c4d828c5b746dfabfea09dd53baee11b79440793060c59f2637632db5fe4495c8d70f8924d6e808b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize408B
MD5081716eb99de765bdc0fadfad8764559
SHA148cc65ce3e0eaf88c25a9291656e8ccd7382e508
SHA2565334f7591f4236ad4b37fc5452631def630eb87f8e18d0d1d3e8a4dfd7095cdc
SHA512976f8bbac2ae2e2a86fd5431e1e587ffae00077c615921176d4464291d8024af82103213b1bcfb7e8a632816e4e67bb0dd2652ec4395ab771eace4200cf8140a
-
Filesize
1KB
MD5199f6ec58d7e45e528f70e7429111e49
SHA142373d4e958ffb1b87d6ef334a81744c10e64e44
SHA2563c3a091f030ac64efe5b4e714da7abc7c905bc41ea8cc27173e8893ea059461f
SHA51299b394a0b501bcb6d1544c28e2716f466e02ae81a2c39880a7224a2c1af0b9ff1f8d73036f83aab9006ca13b07bd9390d584cb4ce8beb4c2f1941c451faff342
-
Filesize
6KB
MD584f924e514e852de03e4293af2101e96
SHA1fb6df93b452288b9f50ef2a50a5e4615aca530cc
SHA256a03f618b35854d718b3b057e5b5d9dd4b70aee499ac9fc95af428626df539c12
SHA512ff36235ae2001d377c64a90762870060706e5812037c8dc61c6fcb1167cb6ae4d47808381b58fe1923ae4fdfdfcbade4962f26ffe26f902167497601974f911e
-
Filesize
6KB
MD53d50e30cd37bd2e7fafec88569af289b
SHA1fb3ff08685d7e56a26194a7024d1d98415292286
SHA256ed58514c114147d18db1ae09fb51be4737d8bc95016dd0dcf93969f556a75bb4
SHA512e2eb1962b2c8a47a04494c2e645dfb1abf24f21a017899a12f9e35ba50b2a0f78d145520b74890416b698fefaa097cae4ed2be061a68c35401ccbda4611c2225
-
Filesize
6KB
MD55c68cc67e61be7c0f5d2eda0cc17209e
SHA1876fb634f357df4d30e9d35de07d451fe059d365
SHA2566cc50e7a4abfa8ec98cd80bcadadbd13585e367a40fac4f22fc16a9d0ee72b47
SHA51294ed441046ac7574445df216fcf5361b9e1db28a3e2d1f9294fb2288d1217f12db55363ffc4393dab058ee2ad6abddc7c1e8b9df44097c4df7adc6c85e3c7738
-
Filesize
6KB
MD56128d3d47fe3a63b72d8d4d4603331a2
SHA170d9ff4b333086d467eaf9f91ef228af3f7456a7
SHA256de2636573930622fb4f0974219aee36185c5d15c92be499b1e9256ab1663b148
SHA512b830835827d8e792362c6303dc9867c8c6289d07bc18bc6e0e4ee456c54c0e3ebbec33da6b281793a3c6241d6996f573e67d8b279d385b287dd2d4902d8f54a8
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD51d3aa8a9f9fd575952fc2b63d9b8a541
SHA102467c092fa6ea1599ddf5dde77b83d6eb4fde18
SHA256d713258e27956a5ac7b24040d49de9774b0ca1fed9b050b266a4e96d76611f25
SHA5123303b5af1e38f71472856cadcdc60b1fbec31d7c06cd0ca7fa6bbc09308e110b1ff763b0c48a344bbe4109ea3309a61184de8944e303da8943c08f9c54f531ee