Resubmissions
18/05/2024, 21:14
240518-z3gmhagd65 718/05/2024, 21:11
240518-z1qsdsgc48 121/04/2024, 08:06
240421-jzkxrafa91 7Analysis
-
max time kernel
143s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 21:11
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.mediafire.com/file/1qjiryaa2bfydzi/Subway+Surfers_3.10.0_Dat2022Modz_Legit-%29.apk/file?dkey=dss1s0mz3uc&r=684
Resource
win10v2004-20240508-en
General
-
Target
https://www.mediafire.com/file/1qjiryaa2bfydzi/Subway+Surfers_3.10.0_Dat2022Modz_Legit-%29.apk/file?dkey=dss1s0mz3uc&r=684
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2236 msedge.exe 2236 msedge.exe 3884 msedge.exe 3884 msedge.exe 1644 identity_helper.exe 1644 identity_helper.exe 5612 msedge.exe 5612 msedge.exe 5612 msedge.exe 5612 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 37 IoCs
pid Process 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe 3884 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3884 wrote to memory of 3560 3884 msedge.exe 82 PID 3884 wrote to memory of 3560 3884 msedge.exe 82 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 5032 3884 msedge.exe 84 PID 3884 wrote to memory of 2236 3884 msedge.exe 85 PID 3884 wrote to memory of 2236 3884 msedge.exe 85 PID 3884 wrote to memory of 4076 3884 msedge.exe 86 PID 3884 wrote to memory of 4076 3884 msedge.exe 86 PID 3884 wrote to memory of 4076 3884 msedge.exe 86 PID 3884 wrote to memory of 4076 3884 msedge.exe 86 PID 3884 wrote to memory of 4076 3884 msedge.exe 86 PID 3884 wrote to memory of 4076 3884 msedge.exe 86 PID 3884 wrote to memory of 4076 3884 msedge.exe 86 PID 3884 wrote to memory of 4076 3884 msedge.exe 86 PID 3884 wrote to memory of 4076 3884 msedge.exe 86 PID 3884 wrote to memory of 4076 3884 msedge.exe 86 PID 3884 wrote to memory of 4076 3884 msedge.exe 86 PID 3884 wrote to memory of 4076 3884 msedge.exe 86 PID 3884 wrote to memory of 4076 3884 msedge.exe 86 PID 3884 wrote to memory of 4076 3884 msedge.exe 86 PID 3884 wrote to memory of 4076 3884 msedge.exe 86 PID 3884 wrote to memory of 4076 3884 msedge.exe 86 PID 3884 wrote to memory of 4076 3884 msedge.exe 86 PID 3884 wrote to memory of 4076 3884 msedge.exe 86 PID 3884 wrote to memory of 4076 3884 msedge.exe 86 PID 3884 wrote to memory of 4076 3884 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/1qjiryaa2bfydzi/Subway+Surfers_3.10.0_Dat2022Modz_Legit-%29.apk/file?dkey=dss1s0mz3uc&r=6841⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3884 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffaa37e46f8,0x7ffaa37e4708,0x7ffaa37e47182⤵PID:3560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:22⤵PID:5032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:82⤵PID:4076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:12⤵PID:1532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:12⤵PID:1504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:12⤵PID:4304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:82⤵PID:912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵PID:3964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵PID:640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:2952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:12⤵PID:5144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:12⤵PID:5424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:12⤵PID:5708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:12⤵PID:5856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:12⤵PID:5896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:12⤵PID:5904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:12⤵PID:6064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:12⤵PID:6080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:12⤵PID:2740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:12⤵PID:1088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:12⤵PID:4136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8232 /prefetch:12⤵PID:5168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8416 /prefetch:12⤵PID:5176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:12⤵PID:5616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8684 /prefetch:12⤵PID:5700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8716 /prefetch:12⤵PID:5788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8964 /prefetch:12⤵PID:5796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9440 /prefetch:82⤵PID:6568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9424 /prefetch:12⤵PID:6576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9820 /prefetch:12⤵PID:6688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9748 /prefetch:12⤵PID:6696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9596 /prefetch:12⤵PID:6780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8556 /prefetch:12⤵PID:6984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:12⤵PID:6772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:12⤵PID:6952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:12⤵PID:6920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:12⤵PID:6004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7316 /prefetch:12⤵PID:804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9600 /prefetch:12⤵PID:2416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10188 /prefetch:12⤵PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:12⤵PID:6048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:12⤵PID:7076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,4926256622737508203,9737889171105589370,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9196 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5612
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1228
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3852
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
19KB
MD53dc3dce0584fc95b6bd8073e35c1d675
SHA1b4a35e0b3cc06661d9d3cf88df3cd58e186efdab
SHA256fb02eb27a233514e42233b256eaea3173c4ec4a9dbc207c2b2adcc3980d8ef52
SHA5126b39a275e267e40bfbd25c6b2e87f5e2edfacba8c6afcc797726980e21ff25a271b397759d96bffcaccaf8ce92ffe458def545d2b56d1c13c012cefccd206ae4
-
Filesize
20KB
MD58dc2756f85fccea2e456061d06bdea5e
SHA1cdb7f846722ae88cfcca334697b1c61e7945d8ea
SHA256ff17f0a5c2b621ce0625cfd2d947bf0eabf322c95a8e75a27f42d0722329ae9e
SHA512585b17e9f72a35299cf49d23567dd29d1fbc70caef0c8374f20ed43c16bcfbbe0cb95107a88e3666b88c1d09263e2180771effeb9fdfdd8423cc08840dcf0d69
-
Filesize
204KB
MD541785febb3bce5997812ab812909e7db
SHA1c2dae6cfbf5e28bb34562db75601fadd1f67eacb
SHA256696a298fa617f26115168d70442c29f2d854f595497ea2034124a7e27b036483
SHA512b82cfd843b13487c79dc5c7f07c84a236cf2065d69c9e0a79d36ac1afc78fa04fba30c31903f48d1d2d44f17fb951002e90fb4e92b9eae7677dbb6f023e68919
-
Filesize
19KB
MD5fab6067f1d6f62066f48ce21cb0e783c
SHA1d3122e09b6373b9e61dd81449b4061e4f13d1fc2
SHA2566e092b4934454cb79790becd24714627413ffd111268f7bc7b665523b0c54654
SHA5125c7b7e98b4f756d5c4ccc43492d81298c7269e3d14f64973e294bb695637564043f0d46d8a3aaba6e6335e066cfc0d2d930cfb2ff2c906afca5574eb56d7c422
-
Filesize
45KB
MD5d4ecd214999e994f7426bad82fc8f90f
SHA18d813195a9a03632a246c9ded97b8171ebf8f681
SHA256aa3a689ba8dc4f260b6e7ee9a4c7841304d1a5ef2135d2a0314ba41af9592466
SHA5124ef4cf3227c4397d70fbdebc10ee2e41532e7d8e169bf1ca70c40e200e3668c2d52c620fde705c286b4d552b36a362cc046f3679dbd21995559263da1b7784a3
-
Filesize
53KB
MD52aba366b524191f6f16653a9991de6e1
SHA18c8622ce9e923bcb575ddf6fcc378bd22662a6b9
SHA2566311946fcb6c0f5870338a1a0131a400fffa50b1a487faf07fbeddd136bcf4d0
SHA512aa5d3d6fdc6196b477bad7d767608c8c8384a343b9c838684fff71c3e5a979e257e268b13454429aab3344c831614720a79bfcbd0db26e9095dba5f232a3beed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5f9e0f08b7292e34526d9187a6d885e7e
SHA13c02b3ed3601fcdab3ecf5218ffd9c486421e7cb
SHA25667e953017bf8495bb1eded734f8bcc25e4acfbfaf1acc6da5c79fe98e51e10fe
SHA51283a8c4311322a8143ded0c0a940e6dd2a9ec8adc068f55cb437501459ee8c639fb95d11d46cc8b436aea88847480be9222ed407696c62dd1c167567be1aadf3e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5c93ba3df724f8fb58ace9e6ec2c5e9f8
SHA1f48131a700688668b9cb4f793de8290c917df1d2
SHA256883654c3752b1fe1247a95de2175fac56ad03c7e4d18cb3305b910b59086c6dc
SHA51293173d2a56198961bbc721bf69c9027eee8a733efc09ba3527b9b8995817727ce017fbd9ebdb968fe00bde33df33003d7b29b28986ac3442259b5c296027ece9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD53af9e78f531653c9de95afa0fdb7212b
SHA1659b372e3a6c3182c90b5d044f2f2bc84f77d014
SHA256d5dfef81fa5d945520f89b59f191a74c9f1befceb78ed7a26d2732969aaa0bc4
SHA512a57dda9e14c1aa646ba6b28b25699bf1cdbcb8836e9e049816c81696a2199287040b7ac3f02e0ce120122c15354c2423c8f355c2d89f11e71915273049182d5f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5558abd62a218f015da219d4c484cd84b
SHA18675f098e03e27d9456f3e7186f3278cc3a02dbe
SHA25665874babbe7bfd86ccd7b91065a776e834cb197333fb1d58cbe9714955bc2dd3
SHA5124a2516ca4c90b9e0d666b48d48db9b740ff091c55468c6efded1977c52a05154d8f5d5b6744ae7a0e0a2ebf989e490b6bc63f8502ce787a706cf62ee4e0feab5
-
Filesize
12KB
MD5f6ea6eebc04d5a45661c3a2c6e12822e
SHA1c24b139eefcbbd78f56ef942b0cfe83d81838f22
SHA256fbab3da002699f6c015bf3adbafc64da925542b9eb0e9cad6f732e36e4707b1c
SHA5121f41ad23bfaaa2ed434ea73b42d652f65f4ab0b902e4eee01c420373724fd9f03eed12549f017ac7ccd4eece1bbcf40c6cca4b98f452d0814adf113b2635e663
-
Filesize
5KB
MD58a963f5bb1a52fc8882d2df06ebe021a
SHA1858316d952b52b40835dae4a0cf98f671c169331
SHA25665a4e7f39ba1e5ae1cd2df7f6aa89c141b3622540e11f5f683f54b0b1a5ca2d5
SHA512afb281898ff9f97047ad63b03939d87ead56ad8339c4d7544d50c33181a3b932da9df5b9fbf2ec5a47726d977c003c3263da9444628f507aa9811b930861cd5b
-
Filesize
9KB
MD5e3200c892f6e23500c1cde28462a8532
SHA174be44dc8d6d55c0e92a222cc9548b01ffbfaaba
SHA25676cb9c149b419777230b3fdb9bff5ce9277de940f486b653ce8cc1724eaf105a
SHA512c8f74546554837a4381b21db7549240dedeeab040f293e58b71966c55c2ef0e366d3d655ad9b3046f0f73a92ec2100910785b6db62e66b11d917cd8d8dec8f96
-
Filesize
15KB
MD58086aa0471f8458d8873eabab4e2d803
SHA17cd275cdd21a940b944369bdcaa37eddb74a882d
SHA256eb29cd643e51c13f4d070f35a2af291774dba0413dbb5d4f19106a1d67f26378
SHA5122ab32e835cb1bfa47efab1c3b7579735dab095d756a164331668be6e840ea3db0ce2dac304452b472e0ce1284625bb9977ddf46c242cd92da1a0365934c2a172
-
Filesize
16KB
MD57f1f6b2b33c229998681abf3883bf710
SHA1eeb7019d9dfe6a2777c7c9224fe9d31624339dee
SHA2567237ce127a8021ec8f62879e90ccad1f48b4dd77ad7029cdf400cb975d1f0d61
SHA5124f98282844e9071bee2f16fdd0af87bdfa654fb911e1319c7e031c3626fb1128245165d6e97ac58a7755af2ccde18bf3a28d87f5930eb2920b6aa3b099f39d90
-
Filesize
5KB
MD547c30bb6b6518c2212e75b21adb7564f
SHA14b9a26df57b257218bcd4726d132ca8bc3fcb41e
SHA256bf066d91a4846dd454837801df2f3b8fd581930c3c5e7c342beb43f178e1840f
SHA512026eeb02c7554fe0a278dae3cab1ee646ae4a3e0377bc713a6fd0f66bea00cc6a25799356caf9fae302fbcbe05bfceac2580ba081fb70e6f20b201719152d78c
-
Filesize
5KB
MD5e19c5e730973dd7ce4f75502452ac54d
SHA14fd12d67fbb023121dc29dc6f964881524e606d8
SHA256912f279180f6b45f52573d13edb70f25743b5144d331a3985e24c456522c72b3
SHA51232e30dc588c917158b0a366e603f8aa29c6298d9bcc303a3f7e9ec4942c83d68a26d0c0be0b0743559c87a51bf2e72205b5438d045706b291a17516d483d3a1d
-
Filesize
5KB
MD59ee95ae509297355e0b4e0d423aeaada
SHA12a71ab04118d1a6209abea4c82d734740dbdb86f
SHA256ab310b10944e730d8c8722509a9068440842f651e656123def965bb5a7a5f359
SHA5129dbd312504e06928eeddf1057a959b9d0510659fd1ffc033eeca3244cdb0ef16e6191e24d63d5f340a444a87bef8d1cf7f6177901b5a5036492a1b0fffa1622d
-
Filesize
5KB
MD5c16253ef7bbf876fb847be27587075ee
SHA16d39b435e2d72e8f5e8839c041a4065e5e86116f
SHA256c0b6fa4b6e7bf33d2727c783764c9ea3ffb76b8e4af4f4bb78cb1ce763d5fc90
SHA51252931c2f95403622b30ec84f7660217530a67dfbae1835f024ccf68cb2d7b0f20bb424fa75cd677bac19852e155b94c550780f7d16885019a764d251885ae8bd
-
Filesize
5KB
MD55cb20899fbc9b1d5becbaf65a01ba6fd
SHA1138b3f7060ab6dc5e66b95558ba14e66de365070
SHA256900c5418bcac88d6ad2cc2a2b57b979e2fb7a6cb52898e9094376e1b2b1d5ae3
SHA51292a655823a17b705a29a76431e3281ee01b7b6f925ae25d22a66ed068579ae90916625f6405520b56088ca054e4d6bfa322b9c4c09a15d06545804129414dcc4
-
Filesize
1KB
MD53e3899b18a981108f2a8dbbd24d50081
SHA16ab8d7bea09c39aaa021acd6ff81fa3cdff43aae
SHA256c1f5baf0555c085e0218cab0e32fec2b2f092df85e6104e9bfe308363bd3446e
SHA512e4a7d55eb45a7924e353132154de1456f70595f092f99691a1bc0b089c516f18ef923cdbcdece91cc6992a9d64e69185bc206a1be384e00d69501659161801f3
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5f5798ad77d49b45b3ba6d47468b08895
SHA1cdda425c75ffb923b3178e0c1f21963f6ba20ca0
SHA256fe6c6bb551b52d70ebf5f5409e57dfd1f298aaa3b373c56a7192e12e4d09ba3e
SHA5123a305d8c9297138fe3c9831e79a7c85e9720972d46c94ae0ff1f4edeb8ef8af15c609c946e37ccdedd269f7d1bebe26aeafd95358cc35ddccc8fc5f5762cdef8
-
Filesize
11KB
MD5da8a0f1e5cc7ace636a0e70c74010d48
SHA1059faecabc68e63461858e4a7a05d9da9313ed49
SHA256e778ba2d2e11808ae54be99ab1faac47e1fd9b3785d0d92b094c3bcc01e6ebe3
SHA512cc2fe46522c53eb089afbaac55a209b38ecba5ac62550a5c64df0d42354fc3a53946252eaa30f58514ad09ea47564a5000234fbde74c9490e2600d0a25c9b7be