Analysis Overview
SHA256
fca96dbd247fd9188d53e8f3cf50768389c87d430003c3103dfb5b7f8378b6ee
Threat Level: No (potentially) malicious behavior was detected
The file a6aafa63b48e1ed9ef0f269436ef263b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 21:33
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 21:33
Reported
2024-06-13 21:36
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6aafa63b48e1ed9ef0f269436ef263b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff8637f46f8,0x7ff8637f4708,0x7ff8637f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4736 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| US | 8.8.8.8:53 | barbershophound.com | udp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_1988_ULISBKBLEYACOYSQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 23ef5620489abd2672121ae7e0959912 |
| SHA1 | 0db36c200d48582731ca87dae9cb33ebd20fd0bf |
| SHA256 | 79489c7632485111d5c4db04cb52e8ab9f71b39144a977d968afa7b8edd9a5f4 |
| SHA512 | 93b075d3e6ea0263e8bbb1036b0d6857eb2e17008ad6c31248a97bb8a102a15066fbd1fa8f61cee0c8a2b3257ae9e182829e3598ea759fca96b99aa83c11f7d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c8e24edafdd481cb9d6f8dcc1c0f4a1f |
| SHA1 | 0391dc926b1f0da1c52606afe507dc932a057c25 |
| SHA256 | f7637e364d912a07bd38204359f492ac9fa9199a728d222b7f020046a870b60e |
| SHA512 | 0f65154d8b5e2ae8d8f6565b86439fae69892e158820adf5d6484e0e5e1da26ebeadecc4d8925a9f6eb610606f01b167d6495aae8b497732278534b5eca4a0fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1f23a7bf41e7cbdc5492ab914cc1ec81 |
| SHA1 | 589eec901b958a116ce93de5aa2cd5244eab3329 |
| SHA256 | 930035526b13135fd3db0d94eda01b1c27598e0631f9844c73d9655c482b7bee |
| SHA512 | 21aee4eb6246db6e7e8b1e238a6d7a52d51bae02bbf35b231c765c53e09b8ae2989975f9671aff05391183497a51cd7ea6fa5f09016d78042aa8fd28b25d4dbc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a4ccb6bc2f61f3338bfafbe8a563aa4a |
| SHA1 | 2746c0d338737f903e25aa45be6929a5573bcc1e |
| SHA256 | d23755712f2342fb433025bd9c1097a09c686ebe0ed2169d9c7a3eff687caf81 |
| SHA512 | ec50062aff5736e6c68a36a49433b0d8d1427f2ae8d59212f43b6b36b1811f6891e538c91684aec0bc02f4955a32156bc5d6a3d58faaf595a37d1d8fa3e256d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0f60fa42e86fcd0fc2769644dfe932ed |
| SHA1 | 34d59b73683514d3b5465c11ae0cf5fb21329633 |
| SHA256 | dd4b949756caf2f5c10239ea3ca073a21e745c779799f8939f22be817a50abf0 |
| SHA512 | e8f107b6f366ee5a21fdc1bd6f5d2f7564ca6a11ea8a4516a2c1962335db9a58f978bdef254588cd030c2d7fed94f3756a6a284e8585b502b069e0cb27764b28 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 21:33
Reported
2024-06-13 21:35
Platform
win7-20240611-en
Max time kernel
119s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424476273" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000ef0d5c225de29bf20321b035898980551259ef1c2d312cfde7d739a4686a3344000000000e80000000020000200000009a1fdebc312ae1fdf865568d409bb0eefb76f650c991820c27f1c0409d50a3ff200000001ca81aff8a78616d170191aa31f08a658fd599e49073e8242bb65c46f7e9ca5140000000184aecd2d770fc9ba87d3caa4775ff834a51501717acdd30364a1a6feca2a53c8583b73d8916b1161ee36b72ff4da24f880117e77effda1845b89cd1f20fa9b0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7015f665d9bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000d9a3e4e64126894d1d3d246071d670fd8a7eac668c8dfc556e47c8aa24bceeba000000000e800000000200002000000093b3d91abbb5ac02d0f060562f494273f987dc12159c5990628356e2a9397e899000000091336454a4c5a644f49cffdcc022996df32981dc6c3807c98e87a390a6ce15afcf6e3cbd13027a2ee15296908023091e25a70675abf5e7278a3e7261bfc6d4b4df4d799572591bf26183c2897796596837f1dcf087c97ab775479eb69eae75e94c361d7dc0ab4bbd98b88eb76396849b9db0ef2a00ba2e0f991390a9146813f6262f3f92b3bb6a7c79c517da4a0895c9400000001e34405750eb72483f73b21c12af8eb521fe9deaa5ec786735fc46b6b8f515713d18154d2d99f3c243b88e6e64739eaf91601b19a7a3ab4a6ee42eed04699e38 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{90ED0B81-29CC-11EF-94DD-CE80800B5EC6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2184 wrote to memory of 2200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6aafa63b48e1ed9ef0f269436ef263b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 319fcc6806c43ba338e3361e7632d0ad |
| SHA1 | 5bb505ab2089a076712b6a1f603ed2055dd6dd1d |
| SHA256 | 29381e45e7b2555904b5d9f4fbfa0ba3f849330d43b4494a1ea872a4a265e210 |
| SHA512 | 5e4b98dfa41570b1f419f18746a5e4b25d7553322d4ee22cbc678fedf7e7afa0b5a139272ebc32c47c03dced76c9bfea43124794e864fa7c1d3d11d954864a80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | a08991b3b3149042115bebb75a76ccc0 |
| SHA1 | 4f1a11c57b43422713fcb9c7af450a3a547ad11d |
| SHA256 | 827224a17beecdd911e49e0f09ab9665246f781744d1241545d6aefe2e67c788 |
| SHA512 | dc3f8319b0a7ab3e3a37447cdd60b3772bbb5e73cd44e9e58c2ad979dcd68f48f675c8a0a2626e9d3af5d4c664a9dcc52b786b69946236d8f89d12371d987fac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 7f93d9e63ac4389541384cf80e6764ab |
| SHA1 | 8c4296e6bec26100376f018978e55236c511f7bb |
| SHA256 | 08d33e52830c35e938e0ba6535e1afcfe2c32c9fb2f1cc2b576516bc6f7e1bc4 |
| SHA512 | 247cf75d69b6a34999f30b666c9b523d69dfbabffcdf977d7b5849ea41bae95918703340e6a0b1e5ccd1bd82bea6f544693597e1c6c5c3e3b2dd7dba4db0863b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73d249e853f18442160a92df4abda962 |
| SHA1 | 28462ab7a1a14316bf53e6c120449c21cc250a13 |
| SHA256 | 2d0616b6e50994bf0741538d7f928b9aa12812572c87ad52be01b05fa75cbdb7 |
| SHA512 | b0c88206eef4fa5ca6fe5e65174c9ee2f2923223313d902f496bdec9680cd7fbc5356b6dce1089771a55260d707a037855106f133505e19c73dd8ee35b235603 |
C:\Users\Admin\AppData\Local\Temp\Cab3238.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar32FA.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 939248ad34ef5eaa2e6a89f9e9356db7 |
| SHA1 | 345dc68ab8ebe468ed505e69adfdf291adf90104 |
| SHA256 | 1fe6f571518d5f2527bf90b67c24a6e9aa66cde422988bee1602f3a26e2abebf |
| SHA512 | 0c29310b610bc71abe765a605b19866b2d7f161b4d4076fc97213d8fdd217637027a66c9f23c5cb1432a4727a135f581c398a51a44ce15a5b7d9308399d1e7b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa1f86fce0f0e873dbbd560d19f8d43b |
| SHA1 | d9e49be0c68110a354766bd9612e7e534fac7e7e |
| SHA256 | 1998dd65458eb8582b8e654d036a0534d05697f9143fef8973088d6bb79e66c7 |
| SHA512 | 8a4103d82ae3049d8d53d739f13f94daa15bf5ec4d6a5bd80efb6f649e0cda439da57099838110340fb596facdc629c16cebbb84421eb51ca456fe658bcf33de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f363a5bda09e5ddcb8a9abe82b494b4 |
| SHA1 | 864642bd8e6b1a6cd30d6c2c1c43e3408e074c7b |
| SHA256 | 6b93833473202b76bd52fa8c8ba33ea3870838fe6589bbb8051a68d9f21ff0a9 |
| SHA512 | b175468e4b8f8acdf95660bf9a406d588005704c8264abacc27b209f68f278697bca3fa19c371f445f1979090241393d1c9f9db55d8a5e05e5e5c0e97e911325 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9021d506c7e67002b171c68fae9ed81e |
| SHA1 | fe126dda34ae8a5bf4e70685f35a98c4b558d7b7 |
| SHA256 | ca7fb7e4715f363fc2da4a2b68843e643a4c32714d5d2e2b5c9296ec09846397 |
| SHA512 | d0d21990d3a07df451fb046225c6b27b112d24231b231779db1e78cdcb1ea71653efcc3d8b369342075a74a6e09fd0afb61c025fc711be8c6c56e6cc5b8ebd77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5bf21ccd001a1c8708b78fe1c7b7ea0c |
| SHA1 | abf3ff2ffc946b2d945a202ea2494ae2fe13a92f |
| SHA256 | 648c5be602a40f83b03ddb0b38b4f34af5202b2ad96a7c8a31c28b14bad66dbb |
| SHA512 | 3372e4b16723128fe41f5b20a19eb98a88e023ea7cc0f4d415b5d15dec7544dd6f0f420f6bfc8ed1a386029f6ef223664ba9f90eadef3c3c14129b855361d676 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 919f5997d5608720d318ef830c7347a9 |
| SHA1 | daed1083de3b0a52a2ef0b12f8e08499f9eb2501 |
| SHA256 | 432aa2356c0380931c4a6688a16fa2d0c520cdb0879ca02eaf6b6dce908f1ac4 |
| SHA512 | 246847150fc9e161b6593c3469ee6ec51c610396a1131229952cbda527ed4de48e626521b8b428b5a10ae8537dac397836b8ef1bd0329f4df15b2fe041447353 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ec0534598e16b127ca7bb102d5bc430 |
| SHA1 | b40585aed07f0f144e844e5d9472677fe1d257a1 |
| SHA256 | 0e514836e2f0fadeb0d6b56dba3a225573d8a384aa9869c512066f64dd36e437 |
| SHA512 | bb45191324b82dc7573e7fbea4aad5427228fd63ca390891e4ad658f08533600b94144e55ac31288dc6fe8d38906d64a9eb1b423e231b69b2c112cbf4bce4782 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df77523ae64216f56205597d3f47e48e |
| SHA1 | ec56317212038df270a15f6399f268d7ea9937c8 |
| SHA256 | c0c92fdd96c2b6ebc00f230efece7265b3481ef3025c60205ab13039f1cca5fa |
| SHA512 | db70e792b9b6bc5fe69012c0803a5061b640c01f271ef1019bcf04103b84dd41df1e1554040dd22e8b0a74824069842bc8674b85d239a4007ef4c377bd31c79e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 719ec1048b6cc75325303adb7395e5e7 |
| SHA1 | 2970110a218564b4d547afa6a7e99b5cb327ff34 |
| SHA256 | c20394ac3d6a80caa5ae51c75501ef4b42272980f382dd6ba9fecbd8cc03d358 |
| SHA512 | 1386c1b875e48dc92be9d0b2a7dca90f2d235a29ed1d488418067b54ac504454eb7ee1ae734ab321d3e1439de530ad5fb386df8f771a1d8a3df81aa45c21dc97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 018ed6c40971f14e76eea88718f50f27 |
| SHA1 | 0b9f452fe6bdc47a1684bda0b99aabb7f4bca1d7 |
| SHA256 | c1890d8aa2eb8b3a2979b7df8f25dc920f539e641fce3121ea15d8e1dc95fe38 |
| SHA512 | 35999a6dc0cad9a073777007146f6142defa71ccf81519228b588eb3ace2d9fee7e3746b62edfbeb26cf8c15ef77688f25a3cc0477c60c2096292c7ba0e5b01a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a72f62815a5be14ea9eaff096673ab8 |
| SHA1 | 19ad3c2c9b0ca9e9661248303059f978d50f3620 |
| SHA256 | 90a9394233050d4439b19c629a860be2f48d2ce83cc0bad196a9a59d8044e51e |
| SHA512 | a35d723a4bd0b135b3517c7cf48e27de410af3aee501664ad855c89c1981c9b340ff5c5a68ba185a72d5c0323eec98cc5b91f08f4ce55f8b581783be92727228 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29a87bd6f23ae12ca3423ef77b0634b1 |
| SHA1 | 9422334b377730178320dc0e415e2d9a68e271f0 |
| SHA256 | e19c72e9aab036da675235fe73d9d646c4f0d9bccdc5bfef938dad001995c106 |
| SHA512 | c50c24589834fffca8efa42b29cb6ebfdf74365c9225a59d9bd9353c82d7d77fb1743ad0e84efadcb88835249bba58696ed372092f838b0fc7a1347f8a033271 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf4116f59d90a18b7368df9ff94ef074 |
| SHA1 | 8aa3f5627b6a0ab0d067ca57576842f509f4ca3a |
| SHA256 | b7d6d5be11926f1079be0072fa07a7e9c508d6810770f00655adfdd69e13e8a9 |
| SHA512 | 4f065ad6adc4096001d0589e2e577f7967a5a5c5fc1fa3ea3948e5c1e426d4c864974fa69bbcc2c0b1a5bb650230f367840473ccdad24ca5db934c987e687d0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2dd253650f721ac2d2d8bc74ce11ab98 |
| SHA1 | 3012f17947d74a6fd286a791142c53dc3072fcb7 |
| SHA256 | 533728f5ca325d233dd6a0849867339a4ec0169fd4d1fddb83a5e8e8c9986eba |
| SHA512 | 2897893642acc1410b1c3591524b4e79271da253e564c1694ae02b0fe2583bfacd27d5c5ef5b6171575d63df67aed343437436f7a765c714b29e5a36d9d84266 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1e33e5860589634924df9525b281463 |
| SHA1 | 62eda40337f8e5ac53a563873db0f151eba8e1b2 |
| SHA256 | ebdf2934718f7597c548c656bef45f03cbf0e5e45ee1dcbceccf83b1758c6edd |
| SHA512 | 853aaf00ed5b9c620d152d5aa0a4eac305564dc6c640f9f553caa00f9500ed5623f3eadfd1147205a4c185eed6126b8f954a04317c8ff829e06fe4f189a192d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0df514747db68fc44feafbfb490cfe02 |
| SHA1 | 1cddd582da0fc8a5ffd7557ac676329a36a09e6d |
| SHA256 | 599154b2f6de7387d26c7eddcdac4247e6aac084ba5727e885f7cc4f82ab740b |
| SHA512 | 1b5c0625790288335878f881ff28086e4588441c460e4da151cba2d2bec3b2e746d8bfa96ed1390738ac1aefe47439d91f092d80bfd377ba7e4b7a0ab0c928c8 |