Analysis
-
max time kernel
118s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 23:43
Static task
static1
Behavioral task
behavioral1
Sample
a2fbb8ec3e9f34fcee788ce871f2f9dd_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a2fbb8ec3e9f34fcee788ce871f2f9dd_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a2fbb8ec3e9f34fcee788ce871f2f9dd_JaffaCakes118.html
-
Size
934B
-
MD5
a2fbb8ec3e9f34fcee788ce871f2f9dd
-
SHA1
ef493530d594f31ae5e2934b1a50dd55abf48895
-
SHA256
85dd3356b343d5b08b3a8bfe89e2317f77c271af71bdda59d7d825306010ee36
-
SHA512
ecfa4d3716c8df78ccc3d9bb01d7de1753338e520fa9d357c24b9c7b5f11b23600d6ec204f8e9d84194714a170808d34f8e8a89f7b69942109d2bf2a75ff4ac8
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000b228ce6fc5a11579a87ad03162aed2149f8599e552b0809401c670cacf9008d6000000000e8000000002000020000000642c3560674d7f075e082d14d78fbfb8d125e94a206a7435d62aaf39f1e0c0e2900000007c8c403b4aa64a08f16a6cf16362ef59a680e5bbf3300467c9df142010e5d77dbc973e3db97f7c14142e7f1cfda7591fcd407a055bda94e1246019c010923f85460a4d9198acffb8ad6ba3326919c77ebd3ae590fa89972a1cd80f955dc04be5fe5b10c880342bba779f659e620098d73b641b6eaa0b5249c1877bb27cd8dded77f4e283a49783f6fd8a2857cff9bca94000000063642fa3c3515a42288c3d71367f460eb990d8e4bec60a8c61bad49acadf922cae40a53fa66c4c48f74fefc2d7b678113012ecc6e29089f7206bd17943bf0988 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424397697" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9DDC8E41-2915-11EF-B47E-DA79F2D4D836} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000647db4be841884c96e8356d9bc45136bf6c69c2c5313b8a308159b7255b4da11000000000e8000000002000020000000ae915cb5351d017fabf01b2ad6e0dfc0a59b43d186dc02b31c018d9dd6edf50720000000a6a412d1a9ab04cb6f29bc32a9d503413d7c9277a3c8878ff19ea107757fa8ce4000000056c06a2a7130d833232230fc5e1510c5da7c8a6ce439a7a99667f50433d7e910aa31a47348865b9c377122a30682b51fb7825c73cd0e47815754f023b70f5951 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0fadf7222bdda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2412 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2412 iexplore.exe 2412 iexplore.exe 3032 IEXPLORE.EXE 3032 IEXPLORE.EXE 3032 IEXPLORE.EXE 3032 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2412 wrote to memory of 3032 2412 iexplore.exe 28 PID 2412 wrote to memory of 3032 2412 iexplore.exe 28 PID 2412 wrote to memory of 3032 2412 iexplore.exe 28 PID 2412 wrote to memory of 3032 2412 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2fbb8ec3e9f34fcee788ce871f2f9dd_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2412 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2412 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3032
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD511b584e72b598499d08a123fa6bd6332
SHA1cd7e3638a279d9a56835b3f76cb6eaf6f9427515
SHA2566179fcbedcb4093b22f2ce973e8efde7bbe4dbaaaaa11c7047ff0b49aeaa3a14
SHA512f1ca5f84c2d78353bbcb165ce0d7df3bd3bd6ad7a91faaf3bf39c786fd4c2bd3e2731c9c645d0a5aa9c5f4235b7061e8be56ecc9d7fbfdb0e7d2bb35d9ecd2e6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52be3098883732dcdfa32e307dfa76013
SHA141edec4df65a3e47c8aed07a1f7d2102d30f8721
SHA256ca1dff3386fb61cc21d9842b37207112e4679759397d4d38b87347047bc6aadd
SHA5123352735231a42c0862cd386ab1e52b3ad56901eb8e269e0758012d954970d061686c036ff2bee058ee3fd6d5a95370f57599a99328ba0a02099aceeb28c734a7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD531551cf016edc17434940bf5bb350006
SHA1f5a0d5fc48dc744447200c3cb8d25955d426fc60
SHA25678302849ff45842eee2207bbc1aa29902841fe29afbab450a918dce3239643f4
SHA5127837213400d8b3edfee7ccab5a53ec84f79baf338748e60b39677f5960f5c03a39fe8d120033a2be298bc3b1204e286d51ec7fc6d95aef161ea979e05fcf4b23
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56eee11c02804953bef2cc9820c839ee8
SHA105ff26e0f4a16884f136f167cfb32d785689d571
SHA2568c6a852dae1c2da369dc403b78f56ccd1544d65a6ea77316dede6b51eb4b4e38
SHA512bf26a3f8c97b52fa157db68ad9f83048df75b5176bd70832dfdfc4963f806f2f7cf14d2a58a86b236e2a853ed127fd0120edfeaf82abcf9c603cde331254f018
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cb4899a3c2f52d1b358ef86cd4fef4ae
SHA106445fa8c25ebb78b09c3e6c7e6c6ef225e489d2
SHA2566ca02282efab4f6171a72c51b8faefa18452db1fa6366725cd9b06a34e2c015c
SHA512dd2717e813d8e476f2b54c03fc653560c5eb6a5151e7dea9964b07143b83b22c33af56771110130d12684b6db8ecdd8c7a2ab1d9be9121c79e61654447191fa0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fd0d55fb8600d9f18a752caad3307f8c
SHA13541a44a22806b13f5623b2eb07cd7b24a79d95a
SHA256aba35e80d2d494f5f2a2bb9f9c552132c354fb415279d39abe8bfea338ff06e0
SHA512e62c603880d4f80213f5cf0bfa44574fb1132ae17147230a035eb6376bad2bd1351885dab2914f99cd071cb9b4692529ae9a63103717a0e506c8487d68ff9664
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5998ecc2ce9aabd4d4e21f4eb7aae7700
SHA1de6ec402f30ae8ccc10ed3390bb3c0a4a4924925
SHA256a1929bce38875c2cf20256542e52d1177db9dffb97db816d99b8cc761a428d43
SHA512a4c128a23da471f64059de7553212b0aff76dd16d86a2c793f313eba482823c1c5ef563ba2601fc41bfc67d790f512cedd8213029fd3ff0a9013e21f9fd8b75a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58a6b070ad732c7b3983d72dea64a7a38
SHA12dfd6cf3c9307b1e1fd3a2e4bf3b1b2fe089a4c2
SHA2567a8623fd71888db0d8f9553ea6bb50fd58f210ce3de318adae99bce49c40712d
SHA512ccbbe16e88fdaf4043752df9a4e05693cb298dd60e155b478328f73c1e28f2bd89d9b86013b089a031f29c0f7a74cc040a2ce449200595861f97aee966a11aeb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a0a837069a6811f7f137417c48bdfdf6
SHA10eb1f4d1c7fa8e2b283845ba5143391799de0c8a
SHA2565f85ff94a0df3d37b28d55dbf5111be7f2f6d8d70dae335295457ccecbab3997
SHA512c781685810581e9f118390a5d2480d1def50ca45769406526bf5a4c9c228b36317d96ed77bda32d89bdc38bdbf609c0f31407fe846f075230da93c3b807b8c25
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e16884d9f7d4c2403e6e06288bd6a9fc
SHA1042c45670fa8190e6818c275c0d04c74dc2deb27
SHA256cac1177ed5da84aa0874a0b394b900f14d426a46358e3a90f119774810d8b3b4
SHA512f078944235cacd15f7c76708b17cfb78d4768ccb1cb4efddba5c2552c5d0e881bc873eaab158d15ee8350d7c29f5305cc171ffc1e51264bad6e8f0da00e90ad6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD575c5f002bc5b2b9bd421e0313357a2b8
SHA1e9f68c3cf8a460d3d6cc2fa9ba351d3dedbe9000
SHA256d0f2d7c984e77f60a9245b813011671530efe9fe01dc977daae8d6644b64c0fc
SHA51298537516ec85bca51b196ec1b24af1ba6c8a1c2f9a1627f518e6e37954a3d6e90b372d4bd25e2c8e93501d57cbf6811ad2bb6ccf15a734a5345609d4bd6c69a7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c448785f572066e377a51a93379ad0c5
SHA199aec7f2818ed329e34b9dab4d3562e708d138c1
SHA25671c3b9369df1411ff52e078c89fd8aba4cfa35a4c37228835a08aae027e90999
SHA51202f146ebd781f6c44d5fa7454897ae08c503e5fada198181a877b08220bc96e72466493e9e2443835e2e137fda20b645d2a495e60f77caf6f6d32b5ef58bbbbe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD547316a70a981dc020fc62fa700cbb346
SHA13672dd0e0b5f72499a85ef9e146224f1ebd366fc
SHA256208b7fd10f4b8efb9624eb2bd59938d0181407db5795c26953fbdd31167c5973
SHA51276d831defbe4326c2a098a1fa5d7882ff01e0ab51ce3b56985b092aa7483194b437591ec165c84750851cf4c548f46083eaaea0fc2d27048a729dddc60f41e53
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD551b85c740bc732e556d54ad9aa0a4b08
SHA15fe5119210639a19378ca263520ae5055eae10d5
SHA2568a4735d4a9ea6f87030f335ff37ef938d79cfd75ee0ff336c308415c1322d4de
SHA5120a0aff385abf456436642dd85ffeee09ef6b2e5e1fdefc8ded4ae66165279c57f5cd3491069731015bd11f80690a4d8bb5a49b25a17b155777be83880e2d153f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5312d9203fa92257dd622b9087f1b1ee8
SHA19455942e16d05d74f87e0ad750658b0f0e17230b
SHA25653730fc05a749afb2e6d86bd801fe0fb14c09b5b5ac491611839267fce51431a
SHA51220528eaa2d8396504e8a59799caf0b46291ea64eb2ee96775d36d03034148493537b38c12926b9c4b2d68c695ab79df24c6754b2536e85342612fd2a3c833227
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51a7df4f3f5ecc1d48a7955234ee27819
SHA15bc92285bea4d5bac6202ba59ddf465149e115fa
SHA25612723c01e19e7cc86110c5ffe31be0d82c3214070e4d7e625aa043f70f3379e1
SHA512b2761bbf3ee8b2d00ade26853f3378699455ed16500d4eb993f83219e2e76017260c7d4c79cd04e1d7a86af3e27167e1546767c3347c06a3e5b8edb80eee9866
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57b782c3f33e6319b8c8dc04729a6a827
SHA1fcc5071d3fff5180d6bb8f4ca62e3e972b8f6617
SHA256256c0628f7acdb53755a930b5ae08b493048bce2d66c19d7e31d7f637c246cee
SHA512ed2f62615a49ef7edf4e1e646d4d1b7d5c418b6b0f2538bc9c41c7c00e87f212f8d9400e23983c80e6fec211716b0bdcbe55fd235d30f12635b5fd08c49abf6f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD557c9acf7ceca4d7f5aae57e9dc8298b5
SHA13d1bd113149d19e5514420e1afcce0393548bdcb
SHA256b8f194d0741108092901b08d36ad80e6a8c9c42d7bcde5dc013f46fdf14a39f7
SHA512a960a1cb21901d9804af2b2391a8fe5267d7dca42e9ec802af980325d973cbc5f4b893e03395911d6c8be188fe8152592a667bf6ca96c05b995bbf52a7144398
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d9e4bbd067894640e583c6c4fd5ec238
SHA1b79f6f0d3fcf2dc78b1d1919f2d57235173430fb
SHA2567cb0c7d70a5ec55d93adb5f41388f8d18f1091302e9473d8057bd5a9c2fa3c35
SHA512c478867a7891f21858faf64515b53236c8bd1f589f33fe38766a0d717c5ca7e84743101459f361aab80c44263ddf699a40c2362694ebb4460fc221323ffb6668
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5326d1543fb71ed1487d19083d6b52285
SHA1cc3099bc185b5c6ea6c542690ac1898a667f3ecc
SHA256e8fe9a17c0f1e6cff36e6e4acc89c98ba53c12e2dd484093fcfdfa8b077ad4b6
SHA512ec738a1b9e90f775c68d755169470eb2806e2a9f6b3023f58c0d3c385f89e7f77870aea938ca48a668479dfc0ad0833212d3df49cffe160b2d4ef6377e19a2e9
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b