Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows11-21h2_x64 -
resource
win11-20240709-en -
resource tags
arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system -
submitted
11/07/2024, 20:40
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://shorturl.email/e/ExQUjixBxgF4
Resource
win10v2004-20240709-en
Behavioral task
behavioral2
Sample
https://shorturl.email/e/ExQUjixBxgF4
Resource
win11-20240709-en
General
-
Target
https://shorturl.email/e/ExQUjixBxgF4
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 3608 msedge.exe 3608 msedge.exe 3372 msedge.exe 3372 msedge.exe 2948 identity_helper.exe 2948 identity_helper.exe 3432 msedge.exe 3432 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe 5024 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3372 wrote to memory of 1832 3372 msedge.exe 81 PID 3372 wrote to memory of 1832 3372 msedge.exe 81 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 2904 3372 msedge.exe 83 PID 3372 wrote to memory of 3608 3372 msedge.exe 84 PID 3372 wrote to memory of 3608 3372 msedge.exe 84 PID 3372 wrote to memory of 4648 3372 msedge.exe 85 PID 3372 wrote to memory of 4648 3372 msedge.exe 85 PID 3372 wrote to memory of 4648 3372 msedge.exe 85 PID 3372 wrote to memory of 4648 3372 msedge.exe 85 PID 3372 wrote to memory of 4648 3372 msedge.exe 85 PID 3372 wrote to memory of 4648 3372 msedge.exe 85 PID 3372 wrote to memory of 4648 3372 msedge.exe 85 PID 3372 wrote to memory of 4648 3372 msedge.exe 85 PID 3372 wrote to memory of 4648 3372 msedge.exe 85 PID 3372 wrote to memory of 4648 3372 msedge.exe 85 PID 3372 wrote to memory of 4648 3372 msedge.exe 85 PID 3372 wrote to memory of 4648 3372 msedge.exe 85 PID 3372 wrote to memory of 4648 3372 msedge.exe 85 PID 3372 wrote to memory of 4648 3372 msedge.exe 85 PID 3372 wrote to memory of 4648 3372 msedge.exe 85 PID 3372 wrote to memory of 4648 3372 msedge.exe 85 PID 3372 wrote to memory of 4648 3372 msedge.exe 85 PID 3372 wrote to memory of 4648 3372 msedge.exe 85 PID 3372 wrote to memory of 4648 3372 msedge.exe 85 PID 3372 wrote to memory of 4648 3372 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://shorturl.email/e/ExQUjixBxgF41⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3372 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb8c2c3cb8,0x7ffb8c2c3cc8,0x7ffb8c2c3cd82⤵PID:1832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:22⤵PID:2904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:82⤵PID:4648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:5028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:2972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:12⤵PID:2896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:12⤵PID:1248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:12⤵PID:1160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:4212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:12⤵PID:4288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵PID:2488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,1656988166542364147,11589109871543645403,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5744 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5024
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:348
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:572
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5b0499f1feacbab5a863b23b1440161a5
SHA137a982ece8255b9e0baadb9c596112395caf9c12
SHA25641799b5bbdb95da6a57ae553b90de65b80264ca65406f11eea46bcb87a5882a7
SHA5124cf9a8547a1527b1df13905c2a206a6e24e706e0bc174550caeefabfc8c1c8a40030e8958680cd7d34e815873a7a173abe40c03780b1c4c2564382f1ceed9260
-
Filesize
152B
MD5f53eb880cad5acef8c91684b1a94eed6
SHA1afab2b1015fecbc986c1f4a8a6d27adff6f6fde9
SHA2565cb8554e763313f3d46766ab868f9d481e3644bfc037f7b8fe43d75d87405a27
SHA512d53f3965428f73c0dfed1d941a9ff06eb70b254732410b815bc759b8c7904e11292ad7e9624c12cccaed6763e7bea68208bc0b67fc70b7616d25bda143833794
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5df2f381ace2ac2b96cd4633a102b788b
SHA1f1720605c1334dc87c79c7d3b90538fdb0a13d1d
SHA256226bbb90b709ece24ef0a3f9ff973a343f6226410dcbb6d3e3a48080f50667c1
SHA512658997286d6cc5ec5d39c652c15c6b46386c68af321bb5394e239cac2332f11199410044bafc6e1e9d01ff8090d293ef496275678fb2babd1b5fed25ac31ec10
-
Filesize
2KB
MD531a9d6b6c0d9200da9fbb2aa9554ce00
SHA1813a1723fdf7dac258db8647e3158cdecfacae4a
SHA25695026f830b04809184221c5d56bd21920ec2b03137e54ce5c6202e8b82fdd6b0
SHA5124adc22b18c8a2322125408c9399964821b0523aff517e4916769e052cc8537b007db85c4d6b17c4676e2a486372df2326094bec5ec561c1c132d4f3c384c3abf
-
Filesize
5KB
MD5f544756697505c8cb98ee3ba980f6203
SHA1386d566a80b0ba162ee937b91756f3cf4c2aa2bb
SHA256b07cda2c295e47db980d1af741b987d76eec04b003d5c004a6bf93d46fcbe2cb
SHA512673d287d660712257780a4d0ddf3a4e8867edeb88c982012fdb468bef5468bd7df7cab24ca2bd6a9e5f442d8954f95ddde98a4132a792ada531c507cf54c7a00
-
Filesize
6KB
MD5b3e1ab8f4071c8d09cb33d32a47f274b
SHA15bca95b46b3d9a448252f82d9efb0bd86a1c26dd
SHA256b0ec76d0684931aee314c0dad559633260d053a10e92709829878b78246b69ea
SHA512a4eedaf3713419a7d442f221c52e9bc294f738e73388712021a96b03e985f13421dc109b03c725828428322355406dd94da9dc3957ed8ca6daac6b4994a25ce0
-
Filesize
1KB
MD5fcc5cf4c73b29c9a9f3d8a43ee459815
SHA140d28054ba93ac8b0a892fa8af6663210f159325
SHA2560f804560bc2b9027072036bcb1ceee989fd725c25cfc67ce42dcc1d48d35eb11
SHA51269bd4970b12c87e543f77ff4243b5a650b9970313ad41b9c8849cb32c7b502349aac63eaf2f940d95b49df665195cffcebf245fa3366e4763ad02fc774e475be
-
Filesize
1KB
MD54a44790d0d2cdde5a2f20b089fc0fc0b
SHA14779aaac63e71dcf881033d6d4a7fb7be37ad529
SHA2569765003901fea855405df5bff6539d8ec1ea04971b0c80bec4caa60772407729
SHA5120c20b62849d2c3c1fbf9b9fba2437ce3f1ea5532e7b73e9dd030a3ea259598d60134c28bdbb4a7a8e01304eb3d55e74caca6e82596b428699bd6066461d3cafe
-
Filesize
1KB
MD51ea2d6e687105d8422bcdf383a9a4baa
SHA13796db955132b67d40dd8f9539530e8a385504d2
SHA25651dff5624ee35a4fa0c0c3f56416c25966d741f421522116044364c3924db959
SHA51215043cbfa8a755d3730c39b64e5813ff9f8b78b7a4401716b11bd0b1bc05767c6d7de8e138ff1ae67fda25ee5f067ad76dfcdde82e48972fd18ef8a4e04235dc
-
Filesize
1KB
MD5a6e56ce2697792c4b73e2df3f27f0c66
SHA1468ecdea81af33cb4b78119acc2c925770ae4e99
SHA2560c44985c6672ec7d930e7a3ad04b3222b1b4dbb3337b6549e80d7da9c00b9aa6
SHA512428604c47f0e5bf8fd6dc62d286afe135550102e78360787fec8db66a2a4a5b82dbf27e8bac9528057a185684df9ee0287b45dcac6f43ff4c2666177ddbedfb7
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD514fd09e4ef5dc35d23bdc8c7f9108b62
SHA166ca837098388be8ecd28ae62978500b08fc46a3
SHA2568d64c560376ecf3d265f1f495aa6be30092998f543f7e6970ad7c3adf5eaa6dd
SHA512ad2d6f60587259540beaab034bdf37a79cd91479d2948812d821cc19ef8a3272534c9ea2a95bce131b3ed1d2469d39dfe25316c0a4540a5da606259d2562ac5a
-
Filesize
11KB
MD553b2bfb51b428506fc6677b3f7354d86
SHA1678bd64c235023dfe3b9e2a56a280bbb8e9c70fe
SHA256a6d34c670e28719160e0fa07744029f955ee3acab742c6e2859353e161d1666d
SHA512f72ae2f6db5403b034e7834939c0953280a81c30a8029b2c818f5b9da7d27f72c52e5492a4494ec4d14275ddb266a037b9933b1bffa4a1c0e11cbb6284b019f5