| File name: | ScraperDIAN-Setup.exe |
| Full analysis: | https://app.any.run/tasks/68ac4cf5-a866-4b29-b44f-91d0a361738c |
| Verdict: | Malicious activity |
| Analysis date: | April 01, 2025, 19:47:15 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections |
| MD5: | C3E6D0117273A2064033227797FDD45C |
| SHA1: | 8DB1F7B4DAD81F0405A4719C1FCF2A81D0A42173 |
| SHA256: | 3C9DE478174800304E0CB59BE04FEC229EA4F144EC95B0FB63D085BD2C07E21C |
| SSDEEP: | 98304:hb44pa4Gjplv96//1n/CuQBLHqfpMC58+ozRj0TYsTtz8VHHImEdxCpKAWdGEa3Z:Y2oT8n5X6IHBve6P6d/lJMFBkIao+d |
MALICIOUS
Changes the autorun value in the registry
- setup.exe (PID: 5352)
SUSPICIOUS
Creates a software uninstall entry
- ScraperDIAN-Setup.exe (PID: 5736)
- setup.exe (PID: 5352)
There is functionality for taking screenshot (YARA)
- ScraperDIAN-Setup.exe (PID: 5736)
Executable content was dropped or overwritten
- ScraperDIAN-Setup.exe (PID: 5736)
- updater.exe (PID: 516)
- updater.exe (PID: 1676)
- 134.0.6998.178_chrome_installer.exe (PID: 6028)
- setup.exe (PID: 5352)
Application launched itself
- updater.exe (PID: 1676)
- updater.exe (PID: 6080)
- updater.exe (PID: 516)
- setup.exe (PID: 5352)
- setup.exe (PID: 744)
Executes as Windows Service
- updater.exe (PID: 6080)
- updater.exe (PID: 516)
Reads security settings of Internet Explorer
- updater.exe (PID: 1676)
- ScraperDIAN-Setup.exe (PID: 5736)
- msiexec.exe (PID: 812)
- msiexec.exe (PID: 6940)
Searches for installed software
- setup.exe (PID: 5352)
Reads the Windows owner or organization settings
- msiexec.exe (PID: 924)
Uses WEVTUTIL.EXE to install publishers and event logs from the manifest
- wevtutil.exe (PID: 2904)
- msiexec.exe (PID: 6940)
Starts CMD.EXE for commands execution
- ScraperDIAN-Setup.exe (PID: 5736)
INFO
Creates files in the program directory
- ScraperDIAN-Setup.exe (PID: 5736)
- updater.exe (PID: 1676)
- updater.exe (PID: 6132)
- updater.exe (PID: 516)
- updater.exe (PID: 6080)
- setup.exe (PID: 5352)
- setup.exe (PID: 744)
- chrome_installer.exe (PID: 3192)
Checks supported languages
- ScraperDIAN-Setup.exe (PID: 5736)
- updater.exe (PID: 1676)
- updater.exe (PID: 6132)
- updater.exe (PID: 6080)
- updater.exe (PID: 2088)
- updater.exe (PID: 516)
- updater.exe (PID: 6576)
- 134.0.6998.178_chrome_installer.exe (PID: 6028)
- setup.exe (PID: 5176)
- setup.exe (PID: 744)
- setup.exe (PID: 5352)
- setup.exe (PID: 4448)
- msiexec.exe (PID: 924)
- msiexec.exe (PID: 5232)
- msiexec.exe (PID: 812)
- msiexec.exe (PID: 6940)
- chrome_installer.exe (PID: 3192)
- scraper.exe (PID: 5228)
Reads the computer name
- ScraperDIAN-Setup.exe (PID: 5736)
- updater.exe (PID: 1676)
- updater.exe (PID: 516)
- updater.exe (PID: 6080)
- 134.0.6998.178_chrome_installer.exe (PID: 6028)
- setup.exe (PID: 5352)
- setup.exe (PID: 744)
- msiexec.exe (PID: 924)
- msiexec.exe (PID: 5232)
- msiexec.exe (PID: 812)
- msiexec.exe (PID: 6940)
Create files in a temporary directory
- ScraperDIAN-Setup.exe (PID: 5736)
- updater.exe (PID: 1676)
Reads the software policy settings
- ScraperDIAN-Setup.exe (PID: 5736)
- updater.exe (PID: 1676)
- updater.exe (PID: 6080)
- slui.exe (PID: 3304)
- msiexec.exe (PID: 924)
Creates files or folders in the user directory
- ScraperDIAN-Setup.exe (PID: 5736)
- updater.exe (PID: 1676)
- msiexec.exe (PID: 924)
Process checks whether UAC notifications are on
- updater.exe (PID: 1676)
- updater.exe (PID: 516)
- updater.exe (PID: 6080)
The sample compiled with english language support
- updater.exe (PID: 1676)
- updater.exe (PID: 516)
- setup.exe (PID: 5352)
- 134.0.6998.178_chrome_installer.exe (PID: 6028)
- ScraperDIAN-Setup.exe (PID: 5736)
Checks proxy server information
- updater.exe (PID: 1676)
- ScraperDIAN-Setup.exe (PID: 5736)
- slui.exe (PID: 3304)
Reads the machine GUID from the registry
- updater.exe (PID: 1676)
- msiexec.exe (PID: 924)
- ScraperDIAN-Setup.exe (PID: 5736)
Executable content was dropped or overwritten
- msiexec.exe (PID: 924)
Creates a software uninstall entry
- msiexec.exe (PID: 924)
Local mutex for internet shortcut management
- msiexec.exe (PID: 6940)
Application launched itself
- msiexec.exe (PID: 924)
Reads product name
- scraper.exe (PID: 5228)
Manual execution by a user
- scraper.exe (PID: 5228)
- WINWORD.EXE (PID: 6136)
Reads Environment values
- scraper.exe (PID: 5228)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable MS Visual C++ (generic) (67.4) |
|---|---|---|
| .dll | | | Win32 Dynamic Link Library (generic) (14.2) |
| .exe | | | Win32 Executable (generic) (9.7) |
| .exe | | | Generic Win/DOS Executable (4.3) |
| .exe | | | DOS Executable Generic (4.3) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2024:03:30 16:55:23+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 27136 |
| InitializedDataSize: | 184832 |
| UninitializedDataSize: | 2048 |
| EntryPoint: | 0x3552 |
| OSVersion: | 4 |
| ImageVersion: | 6 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
Total processes
167
Monitored processes
29
Malicious processes
2
Suspicious processes
2
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 516 | "C:\Program Files (x86)\Google\GoogleUpdater\136.0.7079.0\updater.exe" --system --windows-service --service=update-internal | C:\Program Files (x86)\Google\GoogleUpdater\136.0.7079.0\updater.exe | services.exe | ||||||||||||
User: SYSTEM Company: Google LLC Integrity Level: SYSTEM Description: Google Updater Exit code: 0 Version: 136.0.7079.0 Modules
| |||||||||||||||
| 744 | "C:\WINDOWS\SystemTemp\chrome_Unpacker_BeginUnzipping6080_852731492\CR_D57CA.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1 | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6080_852731492\CR_D57CA.tmp\setup.exe | — | setup.exe | |||||||||||
User: SYSTEM Company: Google LLC Integrity Level: SYSTEM Description: Google Chrome Installer Exit code: 73 Version: 134.0.6998.178 Modules
| |||||||||||||||
| 812 | C:\Windows\syswow64\MsiExec.exe -Embedding 9DD75B10ABF74FA8989CBA3292900916 | C:\Windows\SysWOW64\msiexec.exe | — | msiexec.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows® installer Exit code: 0 Version: 5.0.19041.3636 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 896 | "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" /fromwow64 | C:\Windows\System32\wevtutil.exe | — | wevtutil.exe | |||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Eventing Command Line Utility Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 924 | C:\WINDOWS\system32\msiexec.exe /V | C:\Windows\System32\msiexec.exe | services.exe | ||||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 1676 | "C:\WINDOWS\SystemTemp\Google3192_42038922\bin\updater.exe" --silent --install --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&browser=0&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&brand=GTPM --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/enterprise_companion/*=2,*/chrome/updater/*=2 | C:\Windows\SystemTemp\Google3192_42038922\bin\updater.exe | chrome_installer.exe | ||||||||||||
User: admin Company: Google LLC Integrity Level: HIGH Description: Google Updater Exit code: 0 Version: 136.0.7079.0 Modules
| |||||||||||||||
| 1748 | "msiexec" /i "C:\Program Files (x86)\ScraperDIAN\nodejs.msi" /qn | C:\Windows\SysWOW64\msiexec.exe | — | ScraperDIAN-Setup.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows® installer Exit code: 0 Version: 5.0.19041.3636 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 2088 | "C:\Program Files (x86)\Google\GoogleUpdater\136.0.7079.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\136.0.7079.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=136.0.7079.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0xbbd810,0xbbd81c,0xbbd828 | C:\Program Files (x86)\Google\GoogleUpdater\136.0.7079.0\updater.exe | — | updater.exe | |||||||||||
User: SYSTEM Company: Google LLC Integrity Level: SYSTEM Description: Google Updater Exit code: 0 Version: 136.0.7079.0 Modules
| |||||||||||||||
| 2904 | "wevtutil.exe" im "C:\Program Files\nodejs\node_etw_provider.man" | C:\Windows\SysWOW64\wevtutil.exe | — | msiexec.exe | |||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Eventing Command Line Utility Exit code: 0 Version: 10.0.19041.3636 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 2908 | cmd /C cd "C:\Program Files (x86)\ScraperDIAN" && npm install puppeteer-real-browser | C:\Windows\SysWOW64\cmd.exe | — | ScraperDIAN-Setup.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 1 Version: 10.0.19041.3636 (WinBuild.160101.0800) Modules
| |||||||||||||||
Total events
20 711
Read events
17 216
Write events
3 443
Delete events
52
Modification events
| (PID) Process: | (5736) ScraperDIAN-Setup.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ScraperDIAN |
| Operation: | write | Name: | DisplayName |
Value: ScraperDIAN | |||
| (PID) Process: | (5736) ScraperDIAN-Setup.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ScraperDIAN |
| Operation: | write | Name: | UninstallString |
Value: "C:\Program Files (x86)\ScraperDIAN\uninstall.exe" | |||
| (PID) Process: | (5736) ScraperDIAN-Setup.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ScraperDIAN |
| Operation: | write | Name: | DisplayVersion |
Value: 1.0 | |||
| (PID) Process: | (5736) ScraperDIAN-Setup.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ScraperDIAN |
| Operation: | write | Name: | Publisher |
Value: ukudala.co | |||
| (PID) Process: | (5736) ScraperDIAN-Setup.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (5736) ScraperDIAN-Setup.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (5736) ScraperDIAN-Setup.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (1676) updater.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\Clients\{44fc7fe2-65ce-487c-93f4-edee46eeaaab} |
| Operation: | write | Name: | pv |
Value: 136.0.7079.0 | |||
| (PID) Process: | (516) updater.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82} |
| Operation: | delete key | Name: | (default) |
Value: | |||
| (PID) Process: | (516) updater.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8018F647-BF07-55BB-82BE-A2D7049F7CE4} |
| Operation: | write | Name: | AppID |
Value: {8018F647-BF07-55BB-82BE-A2D7049F7CE4} | |||
Executable files
40
Suspicious files
1 704
Text files
729
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 5736 | ScraperDIAN-Setup.exe | C:\Program Files (x86)\ScraperDIAN\scraper.exe | — | |
MD5:— | SHA256:— | |||
| 3192 | chrome_installer.exe | C:\Windows\SystemTemp\Google3192_505731056\UPDATER.PACKED.7Z | — | |
MD5:— | SHA256:— | |||
| 5736 | ScraperDIAN-Setup.exe | C:\Program Files (x86)\ScraperDIAN\scraper.js | binary | |
MD5:1BECF7C84A7F2659E10FCE774EA537A8 | SHA256:6F8EC4F49201BF6979E939992816C488133F5A1ABF29507B382F3ACC22614C25 | |||
| 5736 | ScraperDIAN-Setup.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12 | binary | |
MD5:40E858B09279B3B35E9EDC1E10FB6526 | SHA256:47DB7EFDCD81669C0D43258B924FDFC5DC99C48D580AC7D26D24EF856C6626C7 | |||
| 1676 | updater.exe | C:\Program Files (x86)\Google\GoogleUpdater\updater.log | text | |
MD5:7AE2316E52654FF66CF849606298705B | SHA256:759016F978F2AE031E1E3EC2C7BE88DCEFFF356E7E60EF891FE2CBC78A0573FB | |||
| 5736 | ScraperDIAN-Setup.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\chrome_installer[1].htm | html | |
MD5:473E276E100276E7DB2165B17CCEFA23 | SHA256:9E5ACB361B18ABC2725C09201567E56F3D6A9B8CC4854A31DA5047B820835F9B | |||
| 516 | updater.exe | C:\Windows\SystemTemp\Google516_1457449248\scoped_dir516_1612031348\GoogleUpdate.exe | executable | |
MD5:3AA2C853D6BC7AF7F2F9B8A934943EFD | SHA256:07034876B9EC0B59432B96FEDB7E10E332440159F9802FAAD5F5B99F01885F6B | |||
| 5736 | ScraperDIAN-Setup.exe | C:\Users\admin\AppData\Local\Temp\nsm667.tmp\INetC.dll | executable | |
MD5:40D7ECA32B2F4D29DB98715DD45BFAC5 | SHA256:85E03805F90F72257DD41BFDAA186237218BBB0EC410AD3B6576A88EA11DCCB9 | |||
| 5736 | ScraperDIAN-Setup.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12 | binary | |
MD5:C9BE626E9715952E9B70F92F912B9787 | SHA256:C13E8D22800C200915F87F71C31185053E4E60CA25DE2E41E160E09CD2D815D4 | |||
| 516 | updater.exe | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe | executable | |
MD5:4777717D98E9145355128FA96B40D0FC | SHA256:73206C19E6281013335B6C46219FCFBB29E95745225B4345126809BDABF4E3BD | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
38
DNS requests
30
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
5496 | MoUsoCoreWorker.exe | GET | 200 | 23.48.23.161:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | DE | binary | 825 b | whitelisted |
5736 | ScraperDIAN-Setup.exe | GET | 200 | 142.250.184.227:80 | http://c.pki.goog/r/gsr1.crl | US | binary | 1.70 Kb | whitelisted |
6544 | svchost.exe | GET | 200 | 2.17.190.73:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | DE | binary | 471 b | whitelisted |
5736 | ScraperDIAN-Setup.exe | GET | 200 | 142.250.185.99:80 | http://o.pki.goog/we2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTuMJxAT2trYla0jia%2F5EUSmLrk3QQUdb7Ed66J9kQ3fc%2BxaB8dGuvcNFkCEQCaWeNpIFSBzAkvnnFNzwtC | US | binary | 281 b | whitelisted |
5736 | ScraperDIAN-Setup.exe | GET | 200 | 142.250.184.227:80 | http://c.pki.goog/r/r4.crl | US | binary | 436 b | whitelisted |
924 | msiexec.exe | GET | 200 | 2.17.190.73:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D | DE | binary | 471 b | whitelisted |
6080 | updater.exe | GET | 200 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome/acc52ihxqvxsgjvubnr2fdybwita_134.0.6998.178/-8a69d345-d564-463c-aff1-a69d9e530f96-_134.0.6998.178_all_jokgxrnp5esicq6ypegro2gjq4.crx3 | US | binary | 114 Mb | whitelisted |
5212 | SIHClient.exe | GET | 200 | 95.101.149.131:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | NL | binary | 419 b | whitelisted |
5736 | ScraperDIAN-Setup.exe | GET | 200 | 104.18.38.233:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D | unknown | binary | 1.42 Kb | whitelisted |
5212 | SIHClient.exe | GET | 200 | 95.101.149.131:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | NL | binary | 407 b | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
2104 | svchost.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
5212 | RUXIMICS.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
5496 | MoUsoCoreWorker.exe | 23.48.23.161:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
3216 | svchost.exe | 20.197.71.89:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | SG | whitelisted |
6544 | svchost.exe | 20.190.160.3:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 2.17.190.73:80 | ocsp.digicert.com | AKAMAI-AS | DE | whitelisted |
5736 | ScraperDIAN-Setup.exe | 142.250.185.206:443 | dl.google.com | GOOGLE | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
dl.google.com |
| whitelisted |
c.pki.goog |
| whitelisted |
o.pki.goog |
| whitelisted |
update.googleapis.com |
| whitelisted |