Analysis Overview
SHA256
89e9120b61283f3f843616b2d731231895676278447372e2ce6fa6424bfb6301
Threat Level: No (potentially) malicious behavior was detected
The file a4d5a3d97f5fc253d3a386edeadc37d3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:24
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:24
Reported
2024-06-13 09:26
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
137s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d5a3d97f5fc253d3a386edeadc37d3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd08de46f8,0x7ffd08de4708,0x7ffd08de4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17582402610378814606,16680182258336039297,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | inthelorso.narod.ru | udp |
| US | 8.8.8.8:53 | clck.yandex.ru | udp |
| US | 8.8.8.8:53 | info.weather.yandex.net | udp |
| RU | 87.250.251.14:80 | clck.yandex.ru | tcp |
| RU | 193.109.247.229:445 | inthelorso.narod.ru | tcp |
| RU | 213.180.193.146:80 | info.weather.yandex.net | tcp |
| US | 8.8.8.8:53 | s207.ucoz.net | udp |
| RU | 193.109.247.229:80 | s207.ucoz.net | tcp |
| US | 8.8.8.8:53 | 22.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.251.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.193.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | inthelorso.narod.ru | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| RU | 193.109.247.229:139 | inthelorso.narod.ru | tcp |
| US | 8.8.8.8:53 | 229.247.109.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.138:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 138.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | s207.ucoz.net | udp |
| RU | 193.109.247.229:445 | s207.ucoz.net | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.201.204:445 | counter.yadro.ru | tcp |
| RU | 88.212.201.198:445 | counter.yadro.ru | tcp |
| RU | 88.212.202.52:445 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | 187.77.117.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_2168_MVKOWNJSBZJSYWCF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5e6651e29f4929d5e297ef1fa5d0d15b |
| SHA1 | 6b9a4542c841e42e78bc94363fc3a72fa706f85a |
| SHA256 | 5299063acecc068e0048a7c6b02b742f169174ca67d80dc3c8887c40f0de21d9 |
| SHA512 | 3ecffad8d17a41a5d0c340d2508bbe634e126f04f1ed4ef85d12f580b15e934bfbbb3a0d464882984a5679fefb0dc34de42c06456c78d52e4d9e53163285c32c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 97918e5ff443f94499a9674b405c4ce0 |
| SHA1 | 483026f4af0f4f8d422855b5fef8a35505d035a2 |
| SHA256 | 0df4d43a7de2a3aaf6fc5e1c9813f86b699492fce04924cca154d70d4d30dff8 |
| SHA512 | 9d66e9eae85851ce1207b0d689515f8bbad33c82fb440a019b44e56c8f9cb521ecf72906847f8c48a0911539fce3515eebe634726e2d8e7dbc161385fca90e83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ddccbf54ff340f8a9fc2097109d835d3 |
| SHA1 | 8a5f8f6bf8acc29c094f2468a8c736b0f7549691 |
| SHA256 | 79f0ee6172729048551a2c6f4676eae3a6750edb17902930e17ffa713b5134cf |
| SHA512 | cd88e736841a781c2b77bd671b08a3019ac54615f860f3068c00acd4d9a538f29c3d151e6cfd48a8d2ecf333bdabd62111d4824135b7f097513aac949be633a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 91b2b708f327e7e2e72a29087292f937 |
| SHA1 | 754bc4050ee254ba207e70fb7e339bf4e5d1a498 |
| SHA256 | 44a48d0030189475d61c731d3965033e66cd69fcfec9007747aa9b92e297d17e |
| SHA512 | 3fb35c276e2989a148914c9825de9f8f9060fdc51c7321810895884565f413068706f82232a85de52c472a9ca718b8ce6b70c64ef52ca8b77312a8158c5ce5dc |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:24
Reported
2024-06-13 09:26
Platform
win7-20240611-en
Max time kernel
118s
Max time network
143s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432519" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000002f0c2d5babe46edf9ab85fafd8adea72f8be868c609148d58cff6b146d8b81f6000000000e800000000200002000000017420236565f43b637bada41ffc470929315966f8fb2f048af3330d587a4cd25200000007959a2e284303e4b526abbe45daa87193854fa2d0d9c8c44b678b498da2074fc4000000009fcf87a8f3ece1e73138e46ba3a23925efce921671c1ff1112fbf4e27c6c466b4d4647548199dd0b2b117faec815ea750fb17a1a68b666697fdf8af8eef02c6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000482e8cc93713975ebe6e2d4f77655f002e3082c38c35d8fcd150d936389b6c77000000000e800000000200002000000036cce6e8a0bfb92559572d004472d1b2021c0b551c3844be1125c686f653128c9000000012748eb534ed8aec996b802240ab88860e882f582272a89789d2235fe5541e1897e174af46928fd8037835111c4691851c6c043b59fea199fc87d7d7eedbdc6a71cf0a646f1fee7ed33a459dd82b0cfc8feb052949e7c0c2745eee089a099641eaab5eea740af7ffc3c289f98a29435808ad57dcc9b0b6b84535cbb732e35ce6e2d3f7c4f3c21d4eb246da8e54c8322c4000000034f9778471375906f2d98ca1977213f34cb932220134abec6ff73cc05ada3d358fc308f4ad2f30637fe29eb323a40623802d1616af7a6d0f33ba69137cda9c1c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B0B1DC41-2966-11EF-AB87-5E4DB530A215} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0d55f8573bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3000 wrote to memory of 3056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3000 wrote to memory of 3056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3000 wrote to memory of 3056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3000 wrote to memory of 3056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d5a3d97f5fc253d3a386edeadc37d3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | info.weather.yandex.net | udp |
| US | 8.8.8.8:53 | clck.yandex.ru | udp |
| US | 8.8.8.8:53 | s207.ucoz.net | udp |
| RU | 193.109.247.229:80 | s207.ucoz.net | tcp |
| RU | 87.250.251.14:80 | clck.yandex.ru | tcp |
| RU | 87.250.251.14:80 | clck.yandex.ru | tcp |
| RU | 193.109.247.229:80 | s207.ucoz.net | tcp |
| RU | 213.180.193.146:80 | info.weather.yandex.net | tcp |
| RU | 213.180.193.146:80 | info.weather.yandex.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab6FE6.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar7094.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e4f340822c9f133cf807e5f69b1920d |
| SHA1 | 2c5253a8815c5b251453e42af91046fe5bc5f2e5 |
| SHA256 | 93552330d118b6c1f59644626b7e8cdfc148dbdb9873f32cffcdcca1a81af136 |
| SHA512 | 4630c24e70b0f49ebddcc2316c79e7ccf6f8221686b0718832864bb9720b7394d49c27837a27744ea8295ece214d06108dc6afd94698b601ede0440f7ffd59b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db780d874c461ef96fec7ccc7f2c4b77 |
| SHA1 | 817860f7f8c825d339a48ffd56c39a844097bc82 |
| SHA256 | 0038b114b528e24c5d16d28e91e04bb8c831279b9b60458db90f159957609412 |
| SHA512 | 2bdac1bfa6975794cc19d86740d6d46d55c46abb6d9520407f134b79ea7713ff69103897aa8a0a0374423feb7b815188fe26d963e88ea91d120001cb9a745558 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a21a130a94c7938876e37b577f0138c6 |
| SHA1 | d9bf776f2dc14e5552552f0b314696791f641034 |
| SHA256 | ddb0deac2a836b37d0bf94c757db7a7c7f7466a0c14d0616687942697f4ad486 |
| SHA512 | 3db2ee5d6d36c1fd38979ce5d19f8a066fdc9267aef0359cd945c2960b90215493fc2113148a30d15e68e1cc506c73bd9c0043724deb49567ca30027cebb142b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4a15327cd0619ea25bca082ae695e82 |
| SHA1 | 6eb0f6051f3d5928d3f74c9b3aac7da2d6d610ea |
| SHA256 | 5c211c8f33dfebbf11c0ed5fe4e0daca4bfdd5e80ff698fae7445eaadc32621f |
| SHA512 | 1fd5954512d0cbbbd87132590f343d91267d8a59dd3af1000871553302fa1e85b3834371f8c805d13e0ff349f3fde0901162ba19f8c5b21fe0747b4a2c876c16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 093db0265e4de931aacc7ec4c43e3166 |
| SHA1 | b2e4a58ef5c1a99bf1475d0273e9fabae1961181 |
| SHA256 | 041eeac02e5edf8c6e7e48713bb309f10e7f6c872a5fa4bba018127d4699ce1b |
| SHA512 | 6190368f66041b37a4ad4417e260a3a248c840447fa6df9b9d56369921560b9e2a1e7b101a923c78e05f73338e745117fbce68f70f4c94b4308a0f00858eeae8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04011b6b3ce7f0ab205c193d5e09cd65 |
| SHA1 | 9d446b35b004237f16ecc0a606a87beaf07b592f |
| SHA256 | db45bdc81666df758c4bfc705e13df48342d766c7fa9218a1208a4383766e564 |
| SHA512 | cdd3c373dd0e9db8a2ed63eed488a0d681376be72fa989874599609723335ae33a92a43a579858fcf21280299ae983eab236110cf5f4413ebfd5f44487d9877f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10565ba9f92ceffe629363765bed6d47 |
| SHA1 | 79124804e4a065afa5a986c081e0b608a2eff9aa |
| SHA256 | c1ee3e1cf2eb4fea9f227b8e6a8959f78fd2d803bee21af0a2df421c2223263a |
| SHA512 | e77713b4a92d4e2370c90f249a166b81fd80a29f0c853c7e08969932aee099061547d3a0fcd2111f32aec92b0a9d26a19f85a9a92a6c4ecf586978853050c5ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3655e7ad3b4d5965acd60b8f0bb73453 |
| SHA1 | 62e96b9e5ac0d3ffc7fdbbdc73d725c8a80a2d4b |
| SHA256 | a0da6fa316a7ad222790a0f56ae8175ad17426a7b3f0dfaf6a161a5c0bae8038 |
| SHA512 | 8c92bcd83903d1ec5cd59a6ca94c33ed4e685e583a96f79ce017da18ae0c642774b91991bad212da214b8b8491015fc5d9add0ec5c3fc1b1066d45b59d1c6364 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0010627b005f482aea7e37a9aa60b489 |
| SHA1 | e1c3a464317aa0b407d8e47844a1671dd2a5bbea |
| SHA256 | afe805493dd3b792e9d0d9fa3c57d994713e9c09da725503e2ecfa6141820a27 |
| SHA512 | e0b0165078adcf1c1a98ae6e41b34052579edc66a0c5619ad9f61d0ed9923d1842ba477263cdc2459fb9ffeeee1395f3d9c69e710d30378f3e7f88b087b79b29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f8adb7f75d45e306aafa4b5f88b1349 |
| SHA1 | a5803e6ae98008499223e46c826513c010f19e83 |
| SHA256 | 937a7baee0eb4fae254f355295db4ae7d71ef4cf74ea01cafbcf53446ae9e7f7 |
| SHA512 | c446291d073df24866a2833cca7e3b802a735ab28843d82bab21cb7b48f0dd4569cf1375294f409f308d8f44d70f3ebd520374ecafd930d508b2e11f6213ed2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b0bc5115520f6f3535052f1f46acbe6 |
| SHA1 | 723beaa8f3037ea7a3f24055c17780d5ea46cd9f |
| SHA256 | 1dae82f094081d31c94df2fc6f45d6fc626057809b9dbc9dfc3b213921375530 |
| SHA512 | 80b617740a3abb315988bf74be788cc725cbf53af4559f672de3f465beb15811466d1a11e30cab5d4c9d432d493a3d8e4fe8d1b321a72829e2745e8ebfadbc9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4604fc769addd347063d07e54eebe79 |
| SHA1 | 1765161c529af8546a94a538f1624a7d33a02a40 |
| SHA256 | c69108b8d0d79f9bc7c283ef4b77a411d18b4f99687b51f708e1c5797262f4e0 |
| SHA512 | 9753888679f29929ec4e338dba102a59fd229fda88b359730feb90d7a752c3f31a40ea7c77d49bc80cb6fdb2ac99d0c8b7affa5a5d10c2240d251e5fda3dc3c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dda66e0fd4b0ad09a72b512ac4de760f |
| SHA1 | 9212432e20657eec2b5d690300a89299f0f827f6 |
| SHA256 | 631c955af1a60d9e01631bd67b87761aac3174a47f3b5b9862dc34824ff4487b |
| SHA512 | 738c32647929808efdfc780d18904b8952f44062725846702d32706776543dd9dae1f68a852e2dffa003a1b15f782d98bf0b535750c7324f477b127721d53862 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e953782e643d37414a57430f82f488cc |
| SHA1 | ce6ec1baa621b16d82a12efe84ddc13baa711178 |
| SHA256 | 47f446dbeb8392d3509c3d0a487021836c158ea9ca25b1ff43121120eec7e5d6 |
| SHA512 | 73476bf1335ffa019e308d634a993630d25fb5107e5715eabb0c15100aa4ddb436cee3dea8cd45d716abdc7f82e535e17348ac3521c8d53f64ca0c992b4fb404 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5242228a69756ecd252e60c14dbc540c |
| SHA1 | 18016d235d332ad131824f0cdd25ef093daca47a |
| SHA256 | 276537d96a6878d34d620a7dad92be5181bc2ae37c2df11817993dec74f1b577 |
| SHA512 | 2d17ff194f2466e76f8e9dc48940b6ebf1ea1341f1e09950ebc8db5b630937747afd4b477e347e69be5fd283d20e208d3210961508ab9abe9d9c79f7afb02208 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a583371418d8a56695fc628373e0723 |
| SHA1 | 104104ecfafb27e8fb2ee92e3979213b0c0a3dd9 |
| SHA256 | a3bc8431815d087b0a75dfea7938de08f5b331c2fd54464de36f2e58003350f2 |
| SHA512 | 88183a5821c6a23d229b221d3d27c5ba1724c6940b17152360e3abc0cb3b3bfb91ff3a12992b6ffb0e51b25c07132db4a7a4ca65df8862e13200e5457a42669d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43b2b70eded63e8ca55541f6cae2760e |
| SHA1 | 82c916bbd4194f9880f60f5de2a76026ba46dbd5 |
| SHA256 | 1753aa4b5b61ff48d40288ea30ae884767638b260fbe25a5c2057df692217631 |
| SHA512 | 0baaf0bd40eeaf3a4ae5d27e5aa40240e78155e8b53d152f204099a5a00620724a776d8dddba36568f2a9dea6fe11682c39a262ac9310eff3788541639c64b57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9057fd345a9675254bb781c531313c7f |
| SHA1 | bce55e11f81cd951cef6fccb12a1255382f9c20f |
| SHA256 | 495ad2d1ea92c00e888cfa9b1ba8a15fd9aa6370d316ba75f16f2dc2dccaafa7 |
| SHA512 | a7e6acccb310ec742024f9f83f71d72fb67e38afb54f7bbe652e67764fab47905d56bee7c32762a9d9a22a45b894d2ca1eadd93403d15897ba5e9bd42dbbb445 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7889172946636b5a7652bf4cf7f4fd66 |
| SHA1 | 144af6630e0bc991abda8061d89b4549dcd173c7 |
| SHA256 | aed0b071749386e5085086fe403ce5738b09804f16b1f260779bf169c58d0013 |
| SHA512 | 69c0c12be36ced789cb7072d711a6f0ff0e57c213ebe48dfdf6c793fc9334072f08af884322fc660b0915114369c57126362be05333b06ad916de7fb244d225b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8737b8c753e6a285e56f748b0ead5bcd |
| SHA1 | 6424ef20efbe003ed071390a5114f221fda9e336 |
| SHA256 | a73f387b2b1df07fa501c93e5c8a09060425caebc6e4dfbe97b9fcf2d80e58bc |
| SHA512 | 2843741e371e09a21ef6072957028862b363287579ddf4523ff6aceacab037700b50724a615458101ac54da682b3d10855dd43e309e541cfcb70afd0f5dee659 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f93c9fdec06f3e586dc0c9546a96f6df |
| SHA1 | c399a99d7b578bee8980d41c22fa8c5905a2a1a2 |
| SHA256 | ccbd3483a4283c341326114a817e0bed20bc0388205194902bb03a65584c6e43 |
| SHA512 | cbd8147d31a5c56511ec2aab44b26e7fd78923b265b6c5f18be41430392c074d1c6a954de0fbfaf24d14066c133797aa995f1ad9be60ab2df1b9a4272dba9cd7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5166a7a4e6574abb2f780bfa99e411fb |
| SHA1 | 8219916b53614284825ca5e4c8a8ba484f9f40eb |
| SHA256 | 36e0f132e46232d7a6544cda63e1a38a98adf72912b9b2be9751c2b10e6054dd |
| SHA512 | ea4d82f6d8c6445e28fc4f023f8fad501ee275b21f206513ef86c07a4339e6e063c705bba04fbb71a919b0336dfabbd242b67bb21f7274b89615ca4d305f9820 |