Analysis Overview
SHA256
3b4623f7813464d8666a5874816fc23bf6549c9b4cbb8577a99f47a7acd5066d
Threat Level: Likely benign
The file 9b49f3e67e2247215a88f6abea6fd7e1_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Command and Scripting Interpreter: JavaScript
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-10 16:20
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-10 16:20
Reported
2024-06-10 16:23
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Editwebmall1\inde.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ff92b3a46f8,0x7ff92b3a4708,0x7ff92b3a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,15132679429290049023,616948595377597500,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,15132679429290049023,616948595377597500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,15132679429290049023,616948595377597500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15132679429290049023,616948595377597500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15132679429290049023,616948595377597500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,15132679429290049023,616948595377597500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,15132679429290049023,616948595377597500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15132679429290049023,616948595377597500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15132679429290049023,616948595377597500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15132679429290049023,616948595377597500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,15132679429290049023,616948595377597500,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,15132679429290049023,616948595377597500,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5064 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f53207a5ca2ef5c7e976cbb3cb26d870 |
| SHA1 | 49a8cc44f53da77bb3dfb36fc7676ed54675db43 |
| SHA256 | 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23 |
| SHA512 | be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499 |
\??\pipe\LOCAL\crashpad_4580_AJUXBQSWRSGVNAOS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ae54e9db2e89f2c54da8cc0bfcbd26bd |
| SHA1 | a88af6c673609ecbc51a1a60dfbc8577830d2b5d |
| SHA256 | 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af |
| SHA512 | e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 15318ff69daebfdfa79867c8a9dfedfd |
| SHA1 | 9153f55c76a3c019f04b58f7936bf1dffc6f1d99 |
| SHA256 | b30fba01490c442fe65fbf80e60d6ea3687706de4d9d0a06ea103a9b7255a244 |
| SHA512 | f563a3ecb772489a84e36db3d27e7021c59d0804369bfe4962a8909656e5a0d282a4209afadc36920ff1d647590611cf10ecaac9331e9c8ca6c8f415b516e463 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8b2f72f1ad8dbc4fcffbe47006f0684c |
| SHA1 | 51f6f16200baa5507bd6e26edb7e0b7d542eaf04 |
| SHA256 | 856ae2cc1af800f4a2553e5c585f29560995629991856650a8967d83df9ce0fd |
| SHA512 | f4e15d0dd0b396c139e0dab44f15ca1cbe2f27e41c89ee833a3736c945295ba1fcdc4573da90809dd21365750ae93165ba0d81d67239bcb35e4a099ac3ab4daf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b38dd3bf5ed2917fe949bb1d2e13102f |
| SHA1 | e2e7b54497fb03d9011c8255e7d692ad42bf79dc |
| SHA256 | 2b4ef07d0aa244c9a5c706f201033041179c3ebd923a6f68e280bf6cc92300dc |
| SHA512 | 48bd6fcba6553218e59afec21e4a471d192d5cf3712bc93a967e79df8fa1557c12936443f21e24d23cd70a4cb596b7e215ad4ef6563c7e5d72ba2040dbc3e686 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-10 16:20
Reported
2024-06-10 16:23
Platform
win7-20240221-en
Max time kernel
119s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Editwebmall1\jquery.min.js
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-10 16:20
Reported
2024-06-10 16:23
Platform
win10v2004-20240426-en
Max time kernel
95s
Max time network
98s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Editwebmall1\jquery.min.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-10 16:20
Reported
2024-06-10 16:23
Platform
win7-20240508-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Editwebmall1\viewer.js
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-10 16:20
Reported
2024-06-10 16:23
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Editwebmall1\viewer.js
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 16:20
Reported
2024-06-10 16:23
Platform
win7-20240221-en
Max time kernel
119s
Max time network
135s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dbcfdc66756b1b488c32684f41e75de200000000020000000000106600000001000020000000f4bcc8e2cb23494c3e56dbad363c6eecd1616ec8325014c2e60a8d355a1fbe47000000000e8000000002000020000000e23c52fa5ba21cfec2746a52e12ecb7cf33d35061c675f5bf64cc72fa876d6cf2000000085ffa0617dd6adaebe75226cc9f2da046fb76b5a160380f1fa92ba60228957e9400000004a8f90ec5163a13e3350639d2e0225df0175c04e3ea276134ebda2032d86e3ccb13b755dd44cdeb271f705386ee5ab75b6beb18c8ed5e4cf8f052d8f0d259f65 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0c0073a52bbda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{64E52421-2745-11EF-8698-5E73522EB9B5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dbcfdc66756b1b488c32684f41e75de200000000020000000000106600000001000020000000aadc65656e0b460beda2012aa528b58c15ecb6eafd45d02aecce6d28fd4be298000000000e8000000002000020000000fd7e2f3150c88625bd16dbd2b69fd57d029885fd82457aebe1a82e25fdd59d069000000018c5223167cf2df7d56dda916c91c58729777e7c6717845bf78aba67fcf8c11774b920dd2ac5133ded57e6e978bc8d952b07920e897bbcc7c6da74b3ae5237548fb167581f9108294b1e0c441e04371446f30415c017015c6ecf57bcbf08fe93e32788a3b83599de287dd722298eb78be3874dbb7d8eb92993fa849d5f2c984b53214c7fdf78141205a8d82980ef46e3400000008923652443072497e3c3473f62e4a58a52b4215f8f044d915dee914774487f3de94e9e1a527995b68ffe9dc11f9f42503922582dcef9d7ab6aa982e91a32a743 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424198317" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2804 wrote to memory of 1392 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2804 wrote to memory of 1392 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2804 wrote to memory of 1392 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2804 wrote to memory of 1392 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Editwebmall1\inde.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab93AB.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9576.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce039f37bd6d0d364d35883ae2487776 |
| SHA1 | 0ec83c88dd77e70e1dafb16623baed9256a37d21 |
| SHA256 | 081449c2ca234751e9e01470e5e64de7782dd078978115043a481c947dcc3f3f |
| SHA512 | 8534f0331c704cc82b471f572886a29c52dcba2085c4ec5848088ff9b463994bfed3509b26920d5921b9753cef3f3c52d166d5f3206c426fbf8918ba3ef8ccf6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7864e25e2901b4d2ce652791640bf98d |
| SHA1 | a22e20c773bcf02eb5cb289cb794bf85734a0cb9 |
| SHA256 | a45d679cc10b7b7a4fd07493cf35f627e1debe94d14f783e32e59c96a662e379 |
| SHA512 | 25881dfe6c31afdff20726594fb203e21b6e1600b3b55c5d58b5e476a05a274222381b82ec856bdd3b2d27ae3e3db150542e1f493faccc2365251df8737919f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e4ff2fd08daaf2f152637ddcb9b4873 |
| SHA1 | 810b808e63e8771271ffe36bab3fafeccfca56c8 |
| SHA256 | 27e4ab536fcca7b594f821b6eb12e4ba7f746c57d984c235dbcc5c8222b7691b |
| SHA512 | 1a0f93605e35468ae359a3e29043e33c93f415f697f6be1909a04dd82a728c9e9501117136ca0e079ddccdb92037cd86a2a19d2f597d30fcaf98ffdc9171bae5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e73938f40b6ef2b440553b03ea0427b1 |
| SHA1 | a6f6cb00caea36f2d82bb8ad7681d01d8a752cc6 |
| SHA256 | d867ae89a145b4a78c339baa29b197e558ec447ade7bd6744d7e4ecd49863e60 |
| SHA512 | 9c9c653f8a812780e479b743adf4d1abc10820a614a86eb73c395910fdafe290d3db2f549e3ff949f11b7fbe6b6c4028b27e9fde21fd336a1bbf17237a40c599 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe8041e3d7d617d4fd6b4d79ffc49666 |
| SHA1 | 099f3cdd6a98252c5e866e69976de2a0da650e12 |
| SHA256 | 2270ae786c3eeedc63703752a17009805afc9df23221fe55577df2703ca0d372 |
| SHA512 | a3f9e0a10801a128026ee1582596e27488dea38507e72d77ac326f5c0b6301df11ff41e9253f42e06d5401793020b923ca24d5032d05fc9ac45291eb6844641d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8a895e3a2bda394745fb9049411a3dc |
| SHA1 | dc008e7486e445f90142fe2f7e6eb62883a23fdb |
| SHA256 | bbcfc11981e9acd5137f41c0b91d64afa12dfb8dc9f051720c2eef89df7c6e85 |
| SHA512 | 7bd3b5d50439e39f80554943cd3249874fa0c804e836df3a68f9ce0fba19ae7fdc25b4e627445697c22f35b974bb97cb703b6075f6164f7cc3a661ce0d60e245 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81183586dc40b8a58470ebc16c1ccb6c |
| SHA1 | b0a0a8baec9a0cd33cefa65869633ebd0be1e75f |
| SHA256 | 6b0cdab7fe83afc925112d361e36ac64b69c9873b1f3c9f0a58dfdde47237d27 |
| SHA512 | 189f63a481c94b6f1884f721220c199a7b9cc277fda445a83ee21aff94a8cae1e084817c736bf7199dc367b942b5f5fc5dfadb8a93cd821f3f1e54e76670218d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a248d439c5a8a0df03c56c9690011c03 |
| SHA1 | d09edfc399e68bd3cf5fb0a409dfbcf4d6666bfe |
| SHA256 | edd62f536cd0437961c084d58fb143899c5ad121e5b96c44b2e4571544e43e70 |
| SHA512 | cae91d2fbb896b70a78b5219a6f9f80a51e126d6c755fa22baff04e1a72e4f94741b989429d705d24d0bd6e357bfbee040561bdf21bdb68d4f7bb804a9638df4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18ae6ac4deb03844f56fad9cd60f66f9 |
| SHA1 | a349373e417df08dcc2bbc28fadddfccb3b87b6e |
| SHA256 | 2716f7f2a6135cb95eec72d5cd1a559986bdfe27ae931388d17b4b01e0a09945 |
| SHA512 | 4f5a7e589ce07eb3eef84e2abdeef6e07d190979dc9ed9cca52a6ee20c2560d694be8376309fec61557948a11bbce4c506a890e2c9a1bf6b94776faf89469c10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efaab421e6980c25f82fe680b95eec6d |
| SHA1 | 79aaebe5611468175f9fbff573eb95463853ba43 |
| SHA256 | e6175ceeb0db39c855e86a1874626b65b25b022249412e7647e8f47bb8146cb1 |
| SHA512 | da17b13016b37ab41f4356a5191fff699ae0980140aa29f81d937caeb88facaa1734e5c32a51309ca47f30422b7f262127138c69897f6a92405a66e231f5235a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b549f399549a227b13d574e6f5dc93ca |
| SHA1 | aa623c95ad08f15b17a90d5720c81db55a8f2eb3 |
| SHA256 | 1aa538c2d644c22079140d0dbcd710257f48f95d65ba946aa5847b706a025ad6 |
| SHA512 | d79d4e3c68f7949664e8e3b5564f42022c09aff868c0983a51ac9e2a8408e3c21e533a93956c963cf154004c12e4e4c7b5ed1998416753fcecfad5dd7d0969ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1bce9e7f6156acb68846343c8776ffda |
| SHA1 | 4132540f808ea0c1f935eae0bcdb1a54c3afece8 |
| SHA256 | 6a7cf5d9c204bcd97faba3c9515c09413e02b60c2e56d8b276fcc5f340faa09f |
| SHA512 | c9b6bc999971ad6fd22e1cc302e40783be99f8f1f6b9055ed9a3cc34487b7c2170a0b14443884aa7b4e9d08b93ba671b28a43f35a75230b4652b78e3eeda32c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 928aa98b5354ca4e1a605fdcd48d62f0 |
| SHA1 | cf777572b7bdcfa0286bf1c690e385f13c082cb2 |
| SHA256 | 179d9ac39514059061f9a6b19f85804cde3a562db0c7e67f2a9ccbe0830af2a2 |
| SHA512 | aa35b408e12ad072b2486a822072aa053db0df7dc092bf73c5c9b2fc92d2f89f3844c890ad130f90e150db1b48cc491606e2e4649e2ca8768ac1398c19875168 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54143a1cf389be18da12a502c42ccf0b |
| SHA1 | 7f38c53476f20e7601ea8b154067f012cc8f9183 |
| SHA256 | 8224eda3e22fe7fd1e6ff241d3a54696ffa23b52a1220abca209010fb57dcc18 |
| SHA512 | b5e7336fe50be562a8ca1a15178529cbf96746663ce7faa5fbc9f72ec75614b6c593520eb4135def4adc2532cbaa8bac257289b9a4861ef79fa65d39296e6f5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7faef2a4853c7b56d54a0c6d3c6766ca |
| SHA1 | 6acafb1ed782e776169d8e8d17d5da9500001310 |
| SHA256 | efb3d3ccde47ad69d9704c056d4082975b34746f616303c1115bc5c6cff225d0 |
| SHA512 | 81473c6c600a29a44f652dce7b355dd4bd44b3cb1aed9ae98135dc377de400dfac4b6310560bff9f6564688b0ddc486dcf9e5bad6c6567ee4ca64879c337334a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf9032bfd5b7a02983480c51c0a54b23 |
| SHA1 | 7c15be7b2f43f058840f4f8d9cfc52ffadc1ad27 |
| SHA256 | bd63d24d25bcf9c40da730d356e733c7dbf71a3e2b363e0d85eac05c228fa93e |
| SHA512 | c6ec870e93569116f0730c0bb35bb95082c5d4f24a1cdf0e09bdb4cfc253ea0c372e539d10d15faf95bfd48ec3d4f65b541e3d7c9b523a132c85994ea94cf2ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a88be791466d441c51776e4b06df599c |
| SHA1 | fad81a7db0af54b3b916e37919729bd9aaad2089 |
| SHA256 | 90088d5aca4955c47903dd2c0052b3a197c8cf8ddcb79c02813c365964766f97 |
| SHA512 | 115ad9473c0ef2344997b7d434708a6a044acc31ae6afb00332d5e56c34c9b611fe6b6398df7403f394dbe62bcec92d74d4667701f54045af81b17ef1e251771 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05bfc7b2cf1b336ef08818cf7ee8aace |
| SHA1 | 8262c1b01b7113689d7033a18f7af41ee417c248 |
| SHA256 | 88b6e3f87ec1abd0dc96b5a3010ade1559eed4b900816fb89d2b554359b9f666 |
| SHA512 | 17e3645b451cdb0965917926e01ba62d9fba65b1917bcfeda44d69cd1d717e4b2b3c8ffb0a03b28d5e1dd8624c8dd58c165707fe6ac3be2a95fcda96c40d92c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adbed862e472586031dae828c2887d43 |
| SHA1 | 5fa582b0f1febfa871c531ca527ee482f5e65ed5 |
| SHA256 | d7df9afe74b90f3076c62273535cb5de2c09c8a18ee7a717cb39ace43d411028 |
| SHA512 | 8337ba4063b53b8b4d0b948e02cf41432560c75ca8e427e6973fdf21b336cb6d798c304ffa0ec1ff9e63cbd87934e9867ac32c53b8df448e96e7674e74e8530b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99368731c4901c228396e1cb0e4cf494 |
| SHA1 | b79293ff9ea46ec9e3906aa29fa4cadcdb9f643b |
| SHA256 | b2bf9d977c5193807aae09fe3e7e146b1f3b17aaa656486fef0b17a085ce2dd9 |
| SHA512 | ad0dd754f3fd56ffb085f841afb2521e3f503882b0c821b33c11c7e73fcdc9a68d276e19ecb2b4310c482bf988e203f39d898ead5f24f29bb0aef97f4b87990c |