Resubmissions
13-08-2024 15:37
240813-s2ggsawgmn 613-08-2024 14:19
240813-rmt9naybjf 1028-07-2024 21:45
240728-1l2f1swfkq 1028-07-2024 21:44
240728-1lrlta1and 628-07-2024 07:40
240728-jhm1sawakm 728-07-2024 07:19
240728-h5hh5svcpk 727-07-2024 21:18
240727-z5qyyssgjh 626-07-2024 20:28
240726-y9a8mawcqf 626-07-2024 20:28
240726-y84tjssgnj 6Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
13-08-2024 15:37
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://discord.com/channels/@me
Resource
win11-20240802-en
General
-
Target
https://discord.com/channels/@me
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 54 whatismyipaddress.com 55 whatismyipaddress.com 56 whatismyipaddress.com -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 3 IoCs
Processes:
msedge.exemsedge.exeOpenWith.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3007475212-2160282277-2943627620-1000\{408C9B3B-CE5D-4622-A852-016848FACAD4} msedge.exe Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings OpenWith.exe -
NTFS ADS 2 IoCs
Processes:
msedge.exemsedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 18 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exepid process 428 msedge.exe 428 msedge.exe 4728 msedge.exe 4728 msedge.exe 4332 msedge.exe 4332 msedge.exe 2392 identity_helper.exe 2392 identity_helper.exe 1136 msedge.exe 1136 msedge.exe 3560 msedge.exe 3560 msedge.exe 1780 msedge.exe 1780 msedge.exe 5196 msedge.exe 5196 msedge.exe 5196 msedge.exe 5196 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 57 IoCs
Processes:
msedge.exepid process 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe -
Suspicious use of FindShellTrayWindow 49 IoCs
Processes:
msedge.exepid process 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe -
Suspicious use of SendNotifyMessage 16 IoCs
Processes:
msedge.exepid process 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe 4728 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 1224 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4728 wrote to memory of 504 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 504 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 4912 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 428 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 428 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 3520 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 3520 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 3520 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 3520 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 3520 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 3520 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 3520 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 3520 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 3520 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 3520 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 3520 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 3520 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 3520 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 3520 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 3520 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 3520 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 3520 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 3520 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 3520 4728 msedge.exe msedge.exe PID 4728 wrote to memory of 3520 4728 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/channels/@me1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4728 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd4a053cb8,0x7ffd4a053cc8,0x7ffd4a053cd82⤵PID:504
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:22⤵PID:4912
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:428 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:82⤵PID:3520
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:2548
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:588
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵PID:4216
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4020 /prefetch:82⤵PID:2972
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5008 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4332 -
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2392 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:12⤵PID:3464
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:12⤵PID:4396
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1136 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:12⤵PID:1724
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:12⤵PID:2676
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:12⤵PID:4252
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:12⤵PID:2160
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:12⤵PID:2044
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:12⤵PID:4288
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵PID:3248
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:12⤵PID:800
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵PID:4608
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:12⤵PID:5060
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:12⤵PID:4428
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:12⤵PID:1844
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:12⤵PID:4748
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:12⤵PID:1476
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:12⤵PID:740
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2820 /prefetch:12⤵PID:3884
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:12⤵PID:3308
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:12⤵PID:4252
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:12⤵PID:2596
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:12⤵PID:32
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:12⤵PID:2168
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7456 /prefetch:12⤵PID:324
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:12⤵PID:2728
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:12⤵PID:5156
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:12⤵PID:5288
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8388 /prefetch:12⤵PID:5360
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:12⤵PID:5552
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:12⤵PID:5596
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:12⤵PID:5144
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:12⤵PID:1080
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:12⤵PID:5472
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:12⤵PID:5528
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8656 /prefetch:12⤵PID:5368
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:12⤵PID:5400
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8176 /prefetch:12⤵PID:5212
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:12⤵PID:4764
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8524 /prefetch:12⤵PID:5632
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:12⤵PID:5680
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8004 /prefetch:12⤵PID:5736
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:12⤵PID:5768
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:12⤵PID:2808
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7940 /prefetch:12⤵PID:3360
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:12⤵PID:5432
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:12⤵PID:3908
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:3560 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8560 /prefetch:12⤵PID:1100
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8748 /prefetch:12⤵PID:4520
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:12⤵PID:4088
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9420 /prefetch:12⤵PID:6052
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9272 /prefetch:12⤵PID:5268
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9276 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1780 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2440 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5196 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:12⤵PID:724
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵PID:5716
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,17851729118717897213,2045620105583372474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:12⤵PID:3284
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1652
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1460
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1224
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5172
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004EC1⤵PID:4392
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5b4ae6009e2df12ce252d03722e8f4288
SHA144de96f65d69cbae416767040f887f68f8035928
SHA2567778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d
SHA512bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1
-
Filesize
152B
MD54bf4b59c3deb1688a480f8e56aab059d
SHA1612c83e7027b3bfb0e9d2c9efad43c5318e731bb
SHA256867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82
SHA5122ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5e464b3b-e6af-41fd-bf87-c6057f4f2196.tmp
Filesize15KB
MD55302da4e83b893d000a9382f077d37e1
SHA18978dbd582ddb7d24806b0c9b43a32b1e9860201
SHA2565c8681f3c08a87fe49d88c9fa8d935776c826dbbc4fd791d96ce5b688c157854
SHA512064baf0ca9f84b9594459e5be53da5872900b96b4b46b325ab05893545465e88e6c8bae7995c29aad6409937a604dcc10046ccc86b7cbcfaf06a1f40c2bb5f98
-
Filesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
Filesize
67KB
MD5a074f116c725add93a8a828fbdbbd56c
SHA188ca00a085140baeae0fd3072635afe3f841d88f
SHA2564cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6
SHA51243ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28
-
Filesize
41KB
MD5c79d8ef4fd2431bf9ce5fdee0b7a44bf
SHA1ac642399b6b3bf30fe09c17e55ecbbb5774029ff
SHA256535e28032abf1bac763bffd0ba968561265026803eb688d3cb0550ad9af1a0e8
SHA5126b35d8b0d3e7f1821bfaeae337364ed8186085fa50ee2b368d205489a004cb46879efb2c400caf24ba6856625fe7ee1a71c72d2598c18044813ecde431054fb5
-
Filesize
19KB
MD576a3f1e9a452564e0f8dce6c0ee111e8
SHA111c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.2MB
MD59f8f80ca4d9435d66dd761fbb0753642
SHA15f187d02303fd9044b9e7c74e0c02fe8e6a646b7
SHA256ab481b8b19b3336deda1b9ad4680cce4958152c9f9daa60c7bd8eb6786887359
SHA5129c0de8e5bf16f096bf781189d813eeb52c3c8ec73fc791de10a8781e9942de06ed30ff5021ab7385c98686330049e3e610adc3e484e12ef807eec58607cfae63
-
Filesize
43KB
MD5d9b427d32109a7367b92e57dae471874
SHA1ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39
SHA2569b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3
SHA512dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07
-
Filesize
73KB
MD5cf604c923aae437f0acb62820b25d0fd
SHA184db753fe8494a397246ccd18b3bb47a6830bc98
SHA256e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4
SHA512754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8
-
Filesize
27KB
MD5c3bd38af3c74a1efb0a240bf69a7c700
SHA17e4b80264179518c362bef5aa3d3a0eab00edccd
SHA2561151160e75f88cbc8fe3ada9125cc2822abc1386c0eab7a1d5465cfd004522c8
SHA51241a2852c8a38700cf4b38697f3a6cde3216c50b7ed23d80e16dea7f5700e074f08a52a10ba48d17111bb164c0a613732548fe65648658b52db882cacb87b9e8e
-
Filesize
40KB
MD53051c1e179d84292d3f84a1a0a112c80
SHA1c11a63236373abfe574f2935a0e7024688b71ccb
SHA256992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff
-
Filesize
53KB
MD568f0a51fa86985999964ee43de12cdd5
SHA1bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA5123049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7
-
Filesize
27KB
MD5c38d86a2b5eea9e823662c4ced969527
SHA1d9d42845ac4f59b9ac28ba5380a8ec02646efe3d
SHA2568731878e6c79b29f4e6e52a6c3a6a023de6d85026a965cf994b71e0851abca9b
SHA5129178e814ca9bdbbee0ffd0d2d4faafbf06f693b5b0f48f18f40550e92ef9151859c1d8b605c0d29e4470917deedc96ead59ed853e37e4628b5327637d8a88c38
-
Filesize
27KB
MD57820201f0db0c706a0ea5bb7ce018ef2
SHA16d116650afbb3b25bfd6226c7d5ee00dd1fe4515
SHA25604f262a5cce0399379de17e5635f1e1acaf4371afe981edaaf792625a682c44a
SHA512bfecb88d8852c413525e1e1bdb3eb69c97a10e4ff67ae3ca5eb97fff5a2ee369a1b80a0d314440a375d0f9e950e0e970a6de6afed09062d8523ca28ac878946f
-
Filesize
16KB
MD589a574ff00e6b0ec61d995d059ce6e65
SHA1aea09e96808ab77165ffa712eaa58b8f056d0bb6
SHA256e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44
SHA51230d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d
-
Filesize
20KB
MD523c54b0bc9c644bf02ad8d7f31f16c2b
SHA1aba05aab062010e907949add719df310938cfc62
SHA256fb039026d49899e1a47fc2444c11b4f8c8ebd85ad3680cf3eac4230b8f09f21d
SHA512e268db06dfd054aa9c3db8aea05a164dceb451bcd7da02633fa43d5ddcc59f25fac09b1be491caade834a1511fb61555f1fe2df322e7362426b7af1af8d415f9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize456B
MD544d1c2d39373b6031fd33d87b6fa8199
SHA1d24878b47e39a35f37c7e03f5d951ce3c931293a
SHA2563af3ca0cbbae20a11b701e0c22e0e4d35a34484b28f47deb7d8552a33ae565ac
SHA512cbeb47b31d9377988d542984065ac41ad4c9fabfadd843e4c794415f68a8d8e3c4291d17b99ad43eba81ee8fffe9446896e42b2119a1cf8c6a7b310abeef951f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize6KB
MD5ea6ecd72fb81454fcbb6e15d9c7426f0
SHA164bf5cd8c8ac28c8912479ee3aa7ad23829dd4a0
SHA25695067f20dda8a4317b2a9115c1191e588f4e10f5c087b6173eb6a24b45e2cdb7
SHA5127cdc63d1df85c5a0eeb86ee28acad20d4b90f87540cb0232ca1b1af293ba2c5576fa27dea34be0e54759eeca37a4035e7aafdc637f3039b6be8a9d4e514a30aa
-
Filesize
10KB
MD5f9bf62b73bb1e433f27bd287e1e05599
SHA187333e6330608d43ef91088d311d8126ec38e8dc
SHA256afa7d92698823d47a1fe33a2ade5e391d44208806090aeb8c35120294c28aea2
SHA5127ca88b3b414abc94d3551bc736d8aea97a6aec85548122f922efba0ddb19aacf01a9ded067ba66abd5514b67b9f4097b062878572925e385bb806c80c729e52f
-
Filesize
13KB
MD555d7221fdad9d041aba7380688375c45
SHA1de3a13f0880f52df626aaf3951584aeefddd18cc
SHA2560b28d3cba112c253415fcd7870ee55079958669b80b079a89a237fb62363f5bd
SHA512b3ec233d20d2e3a232dc6dae253de01396527701e5d58d94a0992c37ce6a167494c658e1ff3a30cdb09164b47461dce20dd048019c2499cd0c5102c7dd22c440
-
Filesize
6KB
MD57dcf4db985747ad7bcc31f41729c31e7
SHA128b209ccb5e461cbdfc66886f1f428694c7d2320
SHA25643c2f7ba6906b40770144c75c1ee7b02b633f67523975cb38b8da55f7f8cb251
SHA51234434dbf4f4489f370dd95211ee3ce266942c81bb502fd5174ebb8dda42927d6a6c6b21bcea1c39a31d75429c6d42c9c7e1e86a26fcd93da7c8934d76cd28a11
-
Filesize
6KB
MD561ccfe4f92b3dd5267b8bcfc880f7513
SHA12ba5e4a28f8f328f72854cee98fe7fe0e3c93060
SHA25671657171fd24991034d36b0f10bb707763bef3804e1eb82fae44f9fdf01b29cb
SHA5120ff0b67673ab1f59672eb469e4146510f5d8863bada9dfff00f7c96a82ea87548f1f60429cd2896b10a1538ede2109e23a9bdc63725f0c09c576b8c2cac3b26e
-
Filesize
6KB
MD5966cb6131aae35b6f70330013ba77ccb
SHA1fce665154a3a189cdd616b80e7b7afc020c69684
SHA256c17358d9e157b53de0af3de1580f65fa09275beac5f4077795ec21c223597867
SHA512e9ec6cf0aa6521521390184ec4d556e6f212172f43f61d20566aa72d3792f95edaddc556d2265d2188cdda739d21e80dd530d37a91ac77fa867cb282fe8cde4d
-
Filesize
14KB
MD52d64e3e0edc722fd7b6a5cb8a2c92d59
SHA13693ad6f146aff69606b07af60845912e679e88b
SHA2569fab6ae55cca1e7e582cc0aa985512558d1254a0fd2c14509fda2fa10333798d
SHA512dced31f84cdc023f4270f42d51f0462a69d66e32e08249dbba8ece95d2b897b39f5f150163ed8ce6e3952ea9289749a5be1577dc25533be9e59f598b1b88a836
-
Filesize
15KB
MD5798fa6097cb53409d128ef1804301eff
SHA15b7e4c2ca531293e4ad47655ac1f3eb96172346a
SHA2569697a19cea982efda8e994250f567f64dfc33814010699e158854eaebe6b5bcc
SHA512156d03d607f3792a22c633e7f6aa01f7a67b1011dd363010687a0badcf45fefaaf83338d13e66268cbc0ee3c59594da5a80980840acf539c3b196ffaa94b30e1
-
Filesize
6KB
MD55481bf3c27dce6c051cf067cfafff05d
SHA107e90d18b01a149ed0c2725a3d35a8f4b461a3f2
SHA256004532c9f905fca398dbbdee71234b790dec8d02dfc6e5a2817a84f68f6432f2
SHA51271d028d2689d4c26b97847ae6074ee1db129308cd809ab564811e12a938053741d7a7420eb7c44f3b7727513b43ad8720e2e2afe2e748747661dc8b2cfc97de6
-
Filesize
15KB
MD5391a9e047ef3ef3cc46f58b2ee7a17ee
SHA1e43252a4bac03705c9190baba64e2e2203fa0ff1
SHA256cb0763b15eaa18b8d881e581b70f225da43d5775c4d234600cadf5c4fdd8bc96
SHA512a1c0a15e129c31414efb88f5f5fd71fafae5be5776591d9a8c59122753233c797216b6ad9b8da69799ea5f8b4cb699265d68068eb40454cf4c7a91609df9d980
-
Filesize
3KB
MD543a47884a59238b3f4a668ff1b34412e
SHA1f2a3edf3dd205d118845e9dc85d61a65efc80ce3
SHA256af1c9dcc6ac9221ed54c84a456914cad72ac3195e81bf853ae9ce359a3dfa550
SHA51247c024762a493f43031b47fe87a11cbda53b8ec82ccfe0f7e98924ef11947f76c00723221e16ac1e48c2c59bf4f54709bf353dee52ac443ccf347e4b8804a0f1
-
Filesize
5KB
MD5be5048149bc8704ec27a8364cb6426d1
SHA1db21fcc800b5ca39f0995de41c47925957a1c2a8
SHA256351b2904a704b2366914b3b435888acfb66e18e15fad35d520e4b52d8f87c6fd
SHA512ded9b5256f639d98e299ed2ee2a6ca75c2cbb912383249a76fd3258063b4951db0dbf80efcd5ca590f2ec36a7799281cf0f7bd037a483862958d3bd3f62fb3d3
-
Filesize
872B
MD5593f99e0d2c169c853ba976f6db97965
SHA129956f714f32dc4cfd30aade2cd906a3c3e9288e
SHA2566a10f30e4e68326f6948da62f4b9edbfe412b7bf2b07bed89003f47e0ba20ba1
SHA512b9af3622a618897b16945432106c02c526e1321027a182ced704e531cfbc5e40f76a341f144345ec511497d9e43d235d778c1467f79799404bfb4514c6778d87
-
Filesize
5KB
MD5a873a99e78cb61d553348e0868bd81cb
SHA17f56e3273a1f3ec0fc1968f0aada71cb8b110cf2
SHA2561d357d609d1c227a11a4c8ad9617d5a0909f3c88e277597073f48835b35c9bc0
SHA512c2b90d873072d69e67d1746c342fc154451ab207a8e31e6c25c05ac7bea63cd3ad9f2d6c6617b04695d6eb7cc7b41f4b242d081cefc240dbd1377d4782ee3f98
-
Filesize
5KB
MD59c6e5b59ea0fde2fe34541d7e5c08b49
SHA14fe3dea9ab1fea9028a65ccf6fb65a59168ac4bd
SHA25676b9850c5c551b143787a42a65d2fd72d95a310baa8487802b255ccb8e6922fe
SHA5124e911932a7e7caa3b44c7a9ead2d81c31a4ce348ba93484d5ea4513b37b5f512c259da058fd827f9bee28f7b6e5d26abbcfe86289b21497a37799d231b5d8178
-
Filesize
370B
MD534924d6d80e87ca01fdb100700f21381
SHA13e7b683d5d6a29f2ecca65eced492dfea7073e05
SHA25639ecbd020b0f378ee07e66791277cd3865850b2b9fbbe5493be4068d080caa44
SHA51296ae65c0c5a85a84910425ee6320bdacaff237dc8002d81f1a5b108f4103334cd74ce627927f385c64af0d3a26ba587095c7d72ee1035d79c51d122ad8afa8b7
-
Filesize
5KB
MD5a4df295c18b23b93d655db49a9361897
SHA196d76ae50a6b217b3dd41c7b36a063f68c768aaf
SHA256567ee38ce20fe5a19420f34ee9b2932102dffbc0c5f128577486a78317e3cd03
SHA51280e9d03b9fa6a9802e705fcd0a4d80612aa4b5c10df023e21b16e71d7081b3d4118c11aa97fffeaac803738cfd4adf50e9d65bb1fe4b11ef5d2e2e19ae277067
-
Filesize
370B
MD5dfdb957d11a1b60645e10a7861cc0259
SHA1c4fe61be229cc686b97f7a8f53f402e30a74e56f
SHA256730645e021f24741ff25d3a7930633b1a15164b9fb751ecc4dda74f38f1c4f6d
SHA512e097f12a8d9c16d4f0c747a42cba0c907de764b9081209daf04822e7713d980f5b56af4b63e679575ee0852cd8b0fb2927cc54ba2cafcf5e0259e08d8560e5fd
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5bbbb23f5f5bc70eb416a904dfa2e7fb6
SHA1ebd439f9fcd9ad276090eb06e8b5f16faee1659d
SHA256ee82e84df116b3b83cf79fca6243997a238d75938eaf414ec5590b3caca5aa14
SHA5120cfef8bd9c619bdf093b75fe2a5e1bd42a67990e06117c6983143d2aad08a3bd18e18ace3b295baa0e4f6bc7397dff501f5b969be30f8a82eb79b5edf3ee578f
-
Filesize
11KB
MD55cb3e6deeabdb9f5daf60ac671471c0c
SHA1362c4e0080b7aaf8834c912e8e1e98b01992c3ec
SHA2564e0e2e6701aad1b41332bc98713972359643371eb6db76de90a5306fd19b0f71
SHA512ec73a57bd3ba2d23f0da6a27e9ad9fc8b97172e662aca912bb3cd5c5c9441a1377900a2b44c32a5aa21eb6366dcf76e8b1f3dccb0b770ae1801bbe126344f9f1
-
Filesize
11KB
MD5f94882b54c624fcc5c3a991d4421d32b
SHA1d06627b4fe3a601b6dcf9497cefafc77b0305f25
SHA25626f3f023169c4aa2efe5d20450bdfe46260bd93b93d5cd9e43e821ab4405a143
SHA512571c4b82473531b9c340884e82b7666b482a0df5412de282f4f1888d621d4960208ff136b6699f5cf082461d0ab41bc3b8e4c6aa660e657154257be56f8a8c5d
-
Filesize
11KB
MD57fbba80ddf415221936053efecda590c
SHA12cc683c80840e9fcab0d8a1a07f25fca3344c3f7
SHA2565ca02b0e578d8bbc36b1cd3def04bc73291971163fe21608819437523dd27197
SHA512a96faf1fa3a7596c36a78ee07309be66abe6396943effcf86f3f4d3b1953d9206e027a0b6e228aab8171335393e212a841b8051f8ee4743de85b5d03913642a6
-
Filesize
652B
MD577524798e9d4f40ceeacb23fdd9dd82e
SHA1eca03d1c4ffd4efbcdd0051af3451920e36148f7
SHA256eb8d5e463b885c3f68109e641bea03611ffa75c25e5b9d101cbf8ded47b065cc
SHA51233f29bfb09131f162b7d5cb530dd9898320f5513cef40e2046efd66cea84896bfb79e54ef044c6956c2204dfcac082d5b9842f9dc0071f27703b0aa2055eabee
-
Filesize
17KB
MD5352c9d71fa5ab9e8771ce9e1937d88e9
SHA17ef6ee09896dd5867cff056c58b889bb33706913
SHA2563d5d9bc94be3d1b7566a652155b0b37006583868311f20ef00283c30314b5c61
SHA5126c133aa0c0834bf3dbb3a4fb7ff163e3b17ae2500782d6bba72812b4e703fb3a4f939a799eeb17436ea24f225386479d3aa3b81fdf35975c4f104914f895ff23
-
Filesize
653B
MD5d62b3a603cd3d94b863e7f1b8daa0cee
SHA1998fdcd298a5b8dbf41161ce2ad0267dced8fdb5
SHA25623f03de32cf18cbe524c378bc2b70f90d5401832c88cd218a4d5a412f00192c9
SHA512886dbc54686a4d2aee089bc3be217ad46ed82cc5573b102c2883c23d52d18b3f434b425478130ac9d431044012a2e3679307b0f4104165d34a0b6b6098353ee8
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e