Analysis
-
max time kernel
153s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
15/07/2023, 18:50
Behavioral task
behavioral1
Sample
Hype Regedit.exe
Resource
win7-20230712-en
General
-
Target
Hype Regedit.exe
-
Size
171.7MB
-
MD5
da1cdcc5ab856cca418521fbc589afba
-
SHA1
0f76841091b15367b0252de66d6d2b5ca3302c0e
-
SHA256
03352db4ea4b1c233237b5124f6b3f0c70c35975057e226469a8d8e0751e5e1e
-
SHA512
d211d7188dd6f3b1d57aa79fb79ac1076bfbf306b0bf8500d222b66ab3c24acc76b6cc84df16fd7b2d85c6ac65a90494dd232c6f928c567a313b305184de272b
-
SSDEEP
786432:k61g2uzRp21g2uzRxDWRO6tvUmYE84cfvSW6YMGPX7WP6/pI+RW/IE8mtDSGOH9g:k66e6TkUmVciJ6hDJEdSNFPgVz06TJ
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ vpxiis.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion vpxiis.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion vpxiis.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Control Panel\International\Geo\Nation Hype Regedit.exe -
Executes dropped EXE 4 IoCs
pid Process 4764 pnl.exe 876 dowb.exe 4724 vpxiis.exe 4812 Hype Regedit.exe -
Obfuscated with Agile.Net obfuscator 4 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
resource yara_rule behavioral2/memory/2256-134-0x0000000000BC0000-0x0000000001BC0000-memory.dmp agile_net behavioral2/files/0x000a000000023321-627.dat agile_net behavioral2/files/0x000a000000023321-626.dat agile_net behavioral2/files/0x000700000002325c-774.dat agile_net -
resource yara_rule behavioral2/files/0x0007000000023255-180.dat themida behavioral2/files/0x0007000000023255-179.dat themida behavioral2/files/0x0007000000023255-171.dat themida behavioral2/memory/4724-192-0x00000000009B0000-0x00000000018C4000-memory.dmp themida behavioral2/memory/4724-193-0x00000000009B0000-0x00000000018C4000-memory.dmp themida behavioral2/memory/4724-198-0x00000000009B0000-0x00000000018C4000-memory.dmp themida -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA vpxiis.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 4724 vpxiis.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 3716 4764 WerFault.exe 90 -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4764 pnl.exe 4764 pnl.exe 4764 pnl.exe 4764 pnl.exe 4764 pnl.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe 876 dowb.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
pid Process 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe -
Suspicious use of AdjustPrivilegeToken 9 IoCs
description pid Process Token: SeDebugPrivilege 2256 Hype Regedit.exe Token: SeDebugPrivilege 4764 pnl.exe Token: SeDebugPrivilege 876 dowb.exe Token: SeDebugPrivilege 4724 vpxiis.exe Token: SeRestorePrivilege 5768 7zG.exe Token: 35 5768 7zG.exe Token: SeSecurityPrivilege 5768 7zG.exe Token: SeSecurityPrivilege 5768 7zG.exe Token: SeDebugPrivilege 4812 Hype Regedit.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 5768 7zG.exe 3220 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2256 wrote to memory of 4764 2256 Hype Regedit.exe 90 PID 2256 wrote to memory of 4764 2256 Hype Regedit.exe 90 PID 2256 wrote to memory of 4764 2256 Hype Regedit.exe 90 PID 2256 wrote to memory of 876 2256 Hype Regedit.exe 91 PID 2256 wrote to memory of 876 2256 Hype Regedit.exe 91 PID 2256 wrote to memory of 876 2256 Hype Regedit.exe 91 PID 2256 wrote to memory of 4724 2256 Hype Regedit.exe 92 PID 2256 wrote to memory of 4724 2256 Hype Regedit.exe 92 PID 2256 wrote to memory of 4724 2256 Hype Regedit.exe 92 PID 4724 wrote to memory of 1320 4724 vpxiis.exe 99 PID 4724 wrote to memory of 1320 4724 vpxiis.exe 99 PID 4724 wrote to memory of 1320 4724 vpxiis.exe 99 PID 3220 wrote to memory of 912 3220 msedge.exe 105 PID 3220 wrote to memory of 912 3220 msedge.exe 105 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 2244 3220 msedge.exe 106 PID 3220 wrote to memory of 3256 3220 msedge.exe 107 PID 3220 wrote to memory of 3256 3220 msedge.exe 107 PID 3220 wrote to memory of 3452 3220 msedge.exe 108 PID 3220 wrote to memory of 3452 3220 msedge.exe 108 PID 3220 wrote to memory of 3452 3220 msedge.exe 108 PID 3220 wrote to memory of 3452 3220 msedge.exe 108 PID 3220 wrote to memory of 3452 3220 msedge.exe 108 PID 3220 wrote to memory of 3452 3220 msedge.exe 108 PID 3220 wrote to memory of 3452 3220 msedge.exe 108 PID 3220 wrote to memory of 3452 3220 msedge.exe 108
Processes
-
C:\Users\Admin\AppData\Local\Temp\Hype Regedit.exe"C:\Users\Admin\AppData\Local\Temp\Hype Regedit.exe"1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2256 -
C:\Windows\Temp\pnl.exe"C:\Windows\Temp\pnl.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4764 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 11403⤵
- Program crash
PID:3716
-
-
-
C:\Windows\Temp\dowb.exe"C:\Windows\Temp\dowb.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:876
-
-
C:\Windows\Temp\vpxiis.exe"C:\Windows\Temp\vpxiis.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4724 -
C:\Windows\SysWOW64\arp.exe"C:\Windows\System32\arp.exe" -a3⤵PID:1320
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4764 -ip 47641⤵PID:2704
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3220 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffefa9446f8,0x7ffefa944708,0x7ffefa9447182⤵PID:912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:22⤵PID:2244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:32⤵PID:3256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:82⤵PID:3452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:2584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:12⤵PID:1216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵PID:1808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:82⤵PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:82⤵PID:1804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵PID:3096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5544 /prefetch:82⤵PID:4600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵PID:1676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:12⤵PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:12⤵PID:3084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:12⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:12⤵PID:4328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:12⤵PID:1664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵PID:5272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵PID:5384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:12⤵PID:5472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵PID:5636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:12⤵PID:5776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:12⤵PID:5784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:12⤵PID:5980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:12⤵PID:5988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵PID:5360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,7679070429078203892,7724726662299821066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6304 /prefetch:82⤵PID:4728
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3020
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4068
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1120
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Hype_RegeditNoRec\" -spe -an -ai#7zMap23308:96:7zEvent19201⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5768
-
C:\Users\Admin\Downloads\Hype_RegeditNoRec\Hype Regedit.exe"C:\Users\Admin\Downloads\Hype_RegeditNoRec\Hype Regedit.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4812
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize290B
MD55e24ea2883b1203bc670337568007e83
SHA14254f3cb556e228237e09b49c667992103a53067
SHA25659a20340bc9a4fabc3bf980c06730c8d7c0213f0cbd2517f9c6352fd53caed7a
SHA5122d9f214e7d948c01937978388b87f93128d88f94399b361470030a34a7677bd3c66468e50ff351a3b1da73e2cad36226701ce69049c894d4fabcec5156fbe0f5
-
Filesize
152B
MD5b5f5369274e3bfbc449588bbb57bd383
SHA158bb46d57bd70c1c0bcbad619353cbe185f34c3b
SHA2564190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464
SHA51204a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5690a0b117dce52f24c9748368f2627a6
SHA153d5eef83faf9321cab98f2b55e55af2cd7c59c2
SHA2568934c4f89565e4ef55c13898fbcd261b0253c428d64385fe390c381eb341b3a2
SHA512063df50fcd2fbb176564da70cfa9f773d5386ea787bda235ccbc31eed99bf76c181a44a6e2ad9f52f5caa25ff23a3db7305ee8179a6c5505dea05871816f5011
-
Filesize
5KB
MD5a0bd233ccf559d8f0abd2bd776e9bf4e
SHA1dd6de0090654377ba6ecc4e75f27264833c1d1c4
SHA256d225955981fdfbab7ce145c738228c953ab48bdacd1230b134df2fbac511a771
SHA512951efc0e70f479185cf01621c6050997504fbface83764550e96d19ae544bea47df5dd4656c49a4b8cbde6e9d4a5d2587ae3692cb61286c1b9bd71cea7d64b57
-
Filesize
5KB
MD51ea67e9a0503275657dc2dd270fc6f21
SHA1d112f56991ff071e8ea9b1c811eb53d5ae667e1c
SHA256034c7708df50ca31ff513ec15aae147e7b5f5dee86a690476098107062d7dfcf
SHA51224851aa051ae3485f1e72633c0dccf8374eaba6b4040ba89f0f1e52cbd79d5e8e28fcc10e73115a944eae2c9fc5f9c6952906de1fad93825ccff4a40b2840cde
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD56073c7edf13321ba14e9fa0cb516d050
SHA1873b6cd5c7c224987bf0fbefb3d684cd7b0d0060
SHA2562f48d85e455aa90eaf6813cdcacb3d483155f1f8b5d07421258b09d4b7989ba5
SHA512c39a015ff7815bebf24eebdf58410bd63d4f4729c229b4a1d1e31d61f23bf7c485beb83360b90524c9306fef49578b76980c443ded0f7b996995f2693279d768
-
Filesize
6KB
MD563e8173aa5f2be664a9e2b96c0d73027
SHA193e078d9897185d7e79ad666b21456279c87f47d
SHA25635c61a8bde9d74e081dc0a410c1a7f1145ed399437cd05f6f1ae36d314f5fd28
SHA512a06046310b9f411070bb617af04725148ea9cd219498d25515c073cb1d42bad2477c39942afa6655aa999f27b804854778b0e6f44597696b8fb779b1db37e7b8
-
Filesize
8KB
MD5afbac8db8576635858c3faca6d65ebc0
SHA1fcd56acc260063187c3e3f095eac66ab628d1ac7
SHA256038f9348ae55ee613f450a2e1f5c39c44c0a160db3053c4dfa1d81d285acafe9
SHA512c504b39b9feb15cb249fbce9e52055b47999a87d542a2b0c5cc8ac9a43a2fd0d2a7517f6f6a6e1621f0ca3fefd5f86995e1145efde28a8327c145e42195c76e2
-
Filesize
9KB
MD5db2d2a0e5c85a851d4952cd9806bdebd
SHA1c999abd2877f430fd077a1d415f9f8b473463878
SHA256d25fc4b5ad1d153407ee15c4a85629317e733ce9e5c764989b8957f10e398a45
SHA5129fbff3b66d2f2def929323ec6aed6feb2abecb5fe788c169b6283bcdbb3272217dc8a21cdddeb2e1c5982f759058fd007d60edecf318da857864f10f252830a4
-
Filesize
24KB
MD529213338df67d29d6454ee5d61ad3970
SHA18c69ca76a2e639060d5ce835a9600e6ea3764a83
SHA256d29fc0d97fa74d382d0f557ecea4e42b7d50dbce43915bfc0c114c16e532aa51
SHA51214db25eba8a863d390b97fce4315402ed7c249598ff6c31d5a191b0f71c274eead42ba0658403e744110de072e6ff1cac3bccee1e48875bde6b1fe39a60d2407
-
Filesize
2KB
MD5162883770ef220b0b350e7b73303408a
SHA16032860f359ce4b608a7dbe0a81c9e2c3f42a554
SHA2566e8f3618b386ace91c948e9b33bca9719584adf3ce03bb2629ca5107be8b6d68
SHA512c85556b7b52b2b7f669020e3011adcf83dd50a8739afee99214efb637ba442aefe364b2820c2f70513873312bdb5cbcf493de632e81d7dc162a58be7c10dde9a
-
Filesize
2KB
MD58ed8c64f319d5fd123a41784d8391e54
SHA111d1f60184af1ce66ef989ed3b436f793c4bff19
SHA256cd31eb28ecacf807072d8319c9613005a2ee4ab724a3c0cb40b27962a879d03c
SHA512e6c760b3269aa2566d6eafbde251fe2e995536a243db83153817a37688c471dc2bcb92953f8c55b216694305359ef1d56a1b35bbecb3f49f9a75d834e22506b9
-
Filesize
2KB
MD5268610d7299d9a550fb45f0d0aa71822
SHA1cdb63502f9c902833469b153510534d335214a97
SHA25606638f5c7b574a14539c4ace50fb42edd5e1e6cb9c6b41a85d99fdd38566d087
SHA51259e92b92927aebce70c385dd27fb1f5886a24d2ed97b3e9c9c24ee5ae338e934965551d0e8f4fcb9b515378eaa74eadb81b45cf736b22ea6d1d9e263573f20d9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD519da0f49d905b576487c775f37e2bab7
SHA1615f38e7bca9e524eeb5a8b155a9dcd5ebd51eee
SHA256eb3fdbcc2a522f30928af14d0896f2310df00dfc15160aa80c2aa2946ff8e184
SHA51257cf1f39083bcf58c879756767f15cf6aaffe938f93e78d640d8da4095a7362b49c0134c3806d39315e90441c948439047b6c33b35cb15c0a2acc338f64ca292
-
Filesize
13KB
MD5aae1da2c084faba043cdc73afc8e12ad
SHA113723363266006b58ccc45935608d03f59b62cca
SHA256d406667e03832d0ce084ca1eacb443d73886e2005cc6ada5612d376980d36342
SHA512f0225936b4758385a23b3a78f8e5b033a8b5ce93d21cf5142bd604f8cb7b79b5f4d5db62e4aa7b5458aaa80f8631f7a38bf04f680304edf801d12d785d448fbf
-
Filesize
13KB
MD5f90dac70d23f0ec1b7d5a6b891e3699b
SHA17e32dba63d0f9c524fcb82b1718b53df7b4c40fa
SHA2563d8692fcfdbfeba8ccaa51306436e57a7713be8446e9d53eea5a84e78e5d6c35
SHA512071aac7eaf06b35c73493551b6e1bfe59de3aa0500fad9121bee0d663537f1b7b20942621b8d85f0d71877fc2030e6b601935d7173bb49bfe361af42899a2247
-
Filesize
69.8MB
MD55132a7af28488bb50504dc7a31ef52af
SHA1edb5c28a8fe7223318f9594a0b0acf60219d2798
SHA25667d51245f00911de82fa3c3d63c8dffc686c1117dcced7cf245cb5fc8609a7ae
SHA51228c25524c9c5704a789e080dd6dff8b8e894d96416925fda17d9e40711338d3b4b48ebc8430d8eea03fed83d439856f64a0170e209b7b21f7ce915387f217e69
-
Filesize
171.7MB
MD5da1cdcc5ab856cca418521fbc589afba
SHA10f76841091b15367b0252de66d6d2b5ca3302c0e
SHA25603352db4ea4b1c233237b5124f6b3f0c70c35975057e226469a8d8e0751e5e1e
SHA512d211d7188dd6f3b1d57aa79fb79ac1076bfbf306b0bf8500d222b66ab3c24acc76b6cc84df16fd7b2d85c6ac65a90494dd232c6f928c567a313b305184de272b
-
Filesize
171.7MB
MD5da1cdcc5ab856cca418521fbc589afba
SHA10f76841091b15367b0252de66d6d2b5ca3302c0e
SHA25603352db4ea4b1c233237b5124f6b3f0c70c35975057e226469a8d8e0751e5e1e
SHA512d211d7188dd6f3b1d57aa79fb79ac1076bfbf306b0bf8500d222b66ab3c24acc76b6cc84df16fd7b2d85c6ac65a90494dd232c6f928c567a313b305184de272b
-
Filesize
449KB
MD511bbdf80d756b3a877af483195c60619
SHA199aca4f325d559487abc51b0d2ebd4dca62c9462
SHA256698e4beeba26363e632cbbb833fc8000cf85ab5449627bf0edc8203f05a64fa1
SHA512ad9c16481f95c0e7cf5158d4e921ca7534f580310270fa476e9ebd15d37eee2ab43e11c12d08846eae153f0b43fba89590d60ca00551f5096076d3cf6aa4ce29
-
Filesize
2.0MB
MD5f217e8054b7dbbcbd4ab10baf4750588
SHA1b1c3089e6b895e6415c36beb82516746e19d2b55
SHA2566a542d4e68417d91d0a21f9e5b85449959325b29e2410c3ef1df7526dd091194
SHA512ba778f3c3819364954b6681bbdb87cf9ca2c34d8b0e6e76df665a2d93a94c9b421893a977960d24a908bc9b7209749fee65c930ef0776a0195265193846fe56e
-
Filesize
7.0MB
MD5d4c5a6b52a0360dd4c17ad9d32484477
SHA16f0a77dfac1ee96c696f19a3a041fd74b7cf7e24
SHA256ea8ff91c2c4701ba0a0614fbf52ac96c3bc979cdd4b81da1d81f5340efd7f2d4
SHA512d64eae4e417146b4f119c0df9cbdd1cebb141fd594920961d8e1b075a8c72db8541a0bb51b4e9136fffc7ae451c7e34841576d0e58dc9104c99a7dbbf3a79435
-
Filesize
7.0MB
MD5d4c5a6b52a0360dd4c17ad9d32484477
SHA16f0a77dfac1ee96c696f19a3a041fd74b7cf7e24
SHA256ea8ff91c2c4701ba0a0614fbf52ac96c3bc979cdd4b81da1d81f5340efd7f2d4
SHA512d64eae4e417146b4f119c0df9cbdd1cebb141fd594920961d8e1b075a8c72db8541a0bb51b4e9136fffc7ae451c7e34841576d0e58dc9104c99a7dbbf3a79435
-
Filesize
7.0MB
MD5d4c5a6b52a0360dd4c17ad9d32484477
SHA16f0a77dfac1ee96c696f19a3a041fd74b7cf7e24
SHA256ea8ff91c2c4701ba0a0614fbf52ac96c3bc979cdd4b81da1d81f5340efd7f2d4
SHA512d64eae4e417146b4f119c0df9cbdd1cebb141fd594920961d8e1b075a8c72db8541a0bb51b4e9136fffc7ae451c7e34841576d0e58dc9104c99a7dbbf3a79435
-
Filesize
58KB
MD548ef0378eb7d125c37a825e1727bf9c6
SHA1beab162b64248eac8e070c23b706f6059ce5dcfa
SHA25677afabdae4961cc055becf7ca7e696a62d32b02c8daa4fde81d0a2dc2b937aa7
SHA512f6c1dd87a3f91991c699763ab890ca36be1f5b3ec160ffef49899971c90b5ff3f5dca3717f3db63998641d4ee77a08d55d3778537e5d77e752245a1193f2254a
-
Filesize
58KB
MD548ef0378eb7d125c37a825e1727bf9c6
SHA1beab162b64248eac8e070c23b706f6059ce5dcfa
SHA25677afabdae4961cc055becf7ca7e696a62d32b02c8daa4fde81d0a2dc2b937aa7
SHA512f6c1dd87a3f91991c699763ab890ca36be1f5b3ec160ffef49899971c90b5ff3f5dca3717f3db63998641d4ee77a08d55d3778537e5d77e752245a1193f2254a
-
Filesize
58KB
MD548ef0378eb7d125c37a825e1727bf9c6
SHA1beab162b64248eac8e070c23b706f6059ce5dcfa
SHA25677afabdae4961cc055becf7ca7e696a62d32b02c8daa4fde81d0a2dc2b937aa7
SHA512f6c1dd87a3f91991c699763ab890ca36be1f5b3ec160ffef49899971c90b5ff3f5dca3717f3db63998641d4ee77a08d55d3778537e5d77e752245a1193f2254a
-
Filesize
9.8MB
MD51339d9b2e6286b64fadaa6f8fad00091
SHA147585a5bd08ecd1f939ebd0c2e74504376855146
SHA2561555d682a099098621079072db88e6cbd306f92b9ccd4db4ad6485dd6d81fe50
SHA512572ff0bb039f77748ec36ac39e80e4f18af7364599b450a107345f608eef1587314ca50a82b4c35290107e881916dcbcc444b29692b59b3d73aa3f7f3c3ac570
-
Filesize
9.8MB
MD51339d9b2e6286b64fadaa6f8fad00091
SHA147585a5bd08ecd1f939ebd0c2e74504376855146
SHA2561555d682a099098621079072db88e6cbd306f92b9ccd4db4ad6485dd6d81fe50
SHA512572ff0bb039f77748ec36ac39e80e4f18af7364599b450a107345f608eef1587314ca50a82b4c35290107e881916dcbcc444b29692b59b3d73aa3f7f3c3ac570
-
Filesize
9.8MB
MD51339d9b2e6286b64fadaa6f8fad00091
SHA147585a5bd08ecd1f939ebd0c2e74504376855146
SHA2561555d682a099098621079072db88e6cbd306f92b9ccd4db4ad6485dd6d81fe50
SHA512572ff0bb039f77748ec36ac39e80e4f18af7364599b450a107345f608eef1587314ca50a82b4c35290107e881916dcbcc444b29692b59b3d73aa3f7f3c3ac570