Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
17/08/2024, 18:40
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win10v2004-20240802-en
General
-
Target
http://google.com
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
flow ioc 139 camo.githubusercontent.com -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133683937967581885" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{035C2ACE-BC5B-4F3F-9A1C-4B4E10CC61A5} msedge.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 444 msedge.exe 444 msedge.exe 4284 msedge.exe 4284 msedge.exe 3624 identity_helper.exe 3624 identity_helper.exe 2996 msedge.exe 2996 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 2536 chrome.exe 2536 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
pid Process 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe -
Suspicious use of AdjustPrivilegeToken 8 IoCs
description pid Process Token: SeShutdownPrivilege 2536 chrome.exe Token: SeCreatePagefilePrivilege 2536 chrome.exe Token: SeShutdownPrivilege 2536 chrome.exe Token: SeCreatePagefilePrivilege 2536 chrome.exe Token: SeShutdownPrivilege 2536 chrome.exe Token: SeCreatePagefilePrivilege 2536 chrome.exe Token: SeShutdownPrivilege 2536 chrome.exe Token: SeCreatePagefilePrivilege 2536 chrome.exe -
Suspicious use of FindShellTrayWindow 51 IoCs
pid Process 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe -
Suspicious use of SendNotifyMessage 48 IoCs
pid Process 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 4284 msedge.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe 2536 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4284 wrote to memory of 3636 4284 msedge.exe 87 PID 4284 wrote to memory of 3636 4284 msedge.exe 87 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 4172 4284 msedge.exe 88 PID 4284 wrote to memory of 444 4284 msedge.exe 89 PID 4284 wrote to memory of 444 4284 msedge.exe 89 PID 4284 wrote to memory of 4012 4284 msedge.exe 90 PID 4284 wrote to memory of 4012 4284 msedge.exe 90 PID 4284 wrote to memory of 4012 4284 msedge.exe 90 PID 4284 wrote to memory of 4012 4284 msedge.exe 90 PID 4284 wrote to memory of 4012 4284 msedge.exe 90 PID 4284 wrote to memory of 4012 4284 msedge.exe 90 PID 4284 wrote to memory of 4012 4284 msedge.exe 90 PID 4284 wrote to memory of 4012 4284 msedge.exe 90 PID 4284 wrote to memory of 4012 4284 msedge.exe 90 PID 4284 wrote to memory of 4012 4284 msedge.exe 90 PID 4284 wrote to memory of 4012 4284 msedge.exe 90 PID 4284 wrote to memory of 4012 4284 msedge.exe 90 PID 4284 wrote to memory of 4012 4284 msedge.exe 90 PID 4284 wrote to memory of 4012 4284 msedge.exe 90 PID 4284 wrote to memory of 4012 4284 msedge.exe 90 PID 4284 wrote to memory of 4012 4284 msedge.exe 90 PID 4284 wrote to memory of 4012 4284 msedge.exe 90 PID 4284 wrote to memory of 4012 4284 msedge.exe 90 PID 4284 wrote to memory of 4012 4284 msedge.exe 90 PID 4284 wrote to memory of 4012 4284 msedge.exe 90
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4284 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffcff3546f8,0x7ffcff354708,0x7ffcff3547182⤵PID:3636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:4172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵PID:4012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:4000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:12⤵PID:2908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:82⤵PID:4736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:12⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵PID:4556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:12⤵PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:12⤵PID:4532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:12⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:12⤵PID:384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:3616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:12⤵PID:3480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3440 /prefetch:82⤵PID:1284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3400 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵PID:2408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:12⤵PID:4004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2684 /prefetch:12⤵PID:3536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1972 /prefetch:12⤵PID:3052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:12⤵PID:4316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3077026028118070864,4413327161411055224,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3592 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3892
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3904
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3420
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4e8 0x4901⤵PID:708
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2536 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcee49cc40,0x7ffcee49cc4c,0x7ffcee49cc582⤵PID:5000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,3288731530220148200,9111732970371658,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1896 /prefetch:22⤵PID:2008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2024,i,3288731530220148200,9111732970371658,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2216 /prefetch:32⤵PID:3712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,3288731530220148200,9111732970371658,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2240 /prefetch:82⤵PID:3548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,3288731530220148200,9111732970371658,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:3048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3352,i,3288731530220148200,9111732970371658,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:3952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4588,i,3288731530220148200,9111732970371658,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4560 /prefetch:12⤵PID:3892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4816,i,3288731530220148200,9111732970371658,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4808 /prefetch:82⤵PID:5180
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:4460
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:5244
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
152B
MD59e3fc58a8fb86c93d19e1500b873ef6f
SHA1c6aae5f4e26f5570db5e14bba8d5061867a33b56
SHA256828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4
SHA512e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e
-
Filesize
152B
MD527304926d60324abe74d7a4b571c35ea
SHA178b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1
SHA2567039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de
SHA512f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
Filesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
Filesize
67KB
MD5a074f116c725add93a8a828fbdbbd56c
SHA188ca00a085140baeae0fd3072635afe3f841d88f
SHA2564cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6
SHA51243ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28
-
Filesize
41KB
MD5c79d8ef4fd2431bf9ce5fdee0b7a44bf
SHA1ac642399b6b3bf30fe09c17e55ecbbb5774029ff
SHA256535e28032abf1bac763bffd0ba968561265026803eb688d3cb0550ad9af1a0e8
SHA5126b35d8b0d3e7f1821bfaeae337364ed8186085fa50ee2b368d205489a004cb46879efb2c400caf24ba6856625fe7ee1a71c72d2598c18044813ecde431054fb5
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.2MB
MD50aba6b0a3dd73fe8b58e3523c5d7605b
SHA19127c57b25121436eaf317fea198b69b386f83c7
SHA2568341f5eb55983e9877b0fc72b77a5df0f87deda1bc7ad6fa5756e9f00d6b8cac
SHA5126a266e9dad3015e0c39d6de2e5e04e2cc1af3636f0e856a5dc36f076c794b555d2a580373836a401f8d0d8e510f465eb0241d6e3f15605d55eb212f4283278eb
-
Filesize
4KB
MD5a9c78d274e8cfb0954e2bff3f9c57cc7
SHA17aa959f7b7f07943519776c70fe1c23ecc025f4f
SHA256f0c1d117c7606b0d6562d6f573588e313c00e74ecc6eb3f4a971a0da0989ed4d
SHA5128513952a7fd459c073c1401286fa2f97457997ce078a672841b1251345f1ac615faba59cd30bb0d1b4c725d00d06f93fca3a275d177b27a0a475993b5b689288
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD566504a008f7fb902c0eec6f23382a043
SHA10aa0bf9b007484601fa148bddc3ed21062c4b2a8
SHA25631f8d4611c3f252173ac69e48cab7f9bb62621f67345bde742e9de951aeeb7ec
SHA5128b3d1850362e12f11324b4b259704b74dacddbf1b092777c340ce1968612a25183b13e8e4ae397dc2b03b5a9919d14f72c0f05e87ae81367309aa0e33e278906
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5ff8866b66c83a7e9e6f40cd603029f16
SHA1b0569bd4f754a6f6dacf63bb0cd68fe3abc9adf7
SHA256fea23a1f85bca594161e3fbe833f48e1dcfd7ba050df8f7b38de11dfc27a01db
SHA512149581839055265e7f593d77294d306e1e3fb485041ea7fcdea5afb129204a6a6db3f9440d9f25dbd7a09785fbf981589d5d7d33a5407fd41d09d0a88db7d897
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD50bd056e32e9fcf1f8df562ebbef82f3d
SHA1562c6932f39a4f072208a174de72315bb78918bf
SHA256868c724dc1f07d8f30cf7ec1bd99ebee1da324f63622d6fe4aa6ed3bf10fd694
SHA51276ac032359c3048a991acadab4dc4003c7678c803b42bb2c4be80e4a103655ce38cf21db4fd41424aac8cb8868d6c78231e7dd314c82787dcc42f347cc103579
-
Filesize
1KB
MD570a656cf104d4dff9caebe36b2eb0905
SHA1b7e3b60e7783ea5ed84e5a59876da9d26f56e6fb
SHA2561da49951d1341779b717e66e2499721743c582cfc1f9f4a5c52665f96f2fe70a
SHA512cf18f38d114854061d9011338c3369e0e71484823e3c9b0cd674cf0d36f6211ab0cd1ab837c06d1c195f349ded04214cdb8ea59e7f266e99aa647a35284c32e1
-
Filesize
1KB
MD5b2127ae1c17429104536de6db26d6f49
SHA1e294baa48678488ec92460e1007499c5ded1ac77
SHA25687ee9ab8a7ef515f163f56458eadbbf56df6a0ff0f653c82a856a7a1d114af7b
SHA512c3b63657203ff9d3fc98a8f33cd7fc64d84808d15de2bcda908857cfa15a19cb8f549a791ab92235c052da59ef96015a4800a30f5cb7653732a13a0bf3088080
-
Filesize
6KB
MD5fb8b32d3bc3c3f7b95c134704274542f
SHA16bc90bc87d6ae8ecf4869fce01da4976ba922c93
SHA25647af30346f7229df2331abf0cb59c532fd748e67b3114e5cb2d168062cbe5a51
SHA512bc991677955988d1faf187c03c77229cbe42f9e799fc86ac034fd0bc68ac3618ae00929d814d72e7d1dfbedbd0d62a2f0f0a4868f37b23e106154a6d072a4829
-
Filesize
7KB
MD54f69fac2a4712b6eafb0d088282f0eaf
SHA16138a305c2315d4ed823d5efc5a041f64044b373
SHA256b7ddb5865d3f7687db2e5b969bf37d2f64685d26b9fc6bd88e796a009cbbf80f
SHA5123070601e99d8653a3dd9e777833a9daf3e24a226442aaf4605520938b152e01023c6640403fc3401f3c8ceb96db0d07f23abd458173a356abbb4ed7dbff215e0
-
Filesize
7KB
MD55ab458b23d781f49fa96ed2e3127fbb3
SHA1a24373eaceab79b325deaa670e0d4f10b77ab05f
SHA2560e982b69ed90106bf298fecf8fb6dfa879ddf12c0754b36a95e3e6a9c1885af5
SHA51228b1ab7d2e4c1939a9caddd71b70efdccc80e7df846dee679b4be2f3b44751e1565d4cc1e624643bd58548f638d5cc14dc4c0e37dbc6bfb71273ca5daadc561f
-
Filesize
7KB
MD5baa7e657b34e8c25e9c650fc95e74bbc
SHA119eface13786bfbf7e65e1d93104d7b21e3fd6bc
SHA256bffb6e65f45db39c0fd15a53ddd3abe0dfc4f3191477273a86e6cd6d0c18f427
SHA512bcdca47352740e54e5173efc259b8d943e0008a88903a55894987bdcd9db33d90c32290500d23dcabe5f004252abdec6bf3f523fe7171002b7851656974ed889
-
Filesize
8KB
MD5f4c0dc4a867719d614030e27f33447de
SHA131c1ba10265028bd832db903a901347a6be17f7c
SHA256ceeb534c13499b655b3769e845a2ec9e312b9bc2f177cbab80f5eb831497cc05
SHA5124ee400b62338ad4da18ff503832edcc9b61cc17d1b461203da480497f030c1bbd26a4a28aedc1042f4d86301764496cd59aad0ad63893065cc0ebfd9929f304b
-
Filesize
7KB
MD5c191d59a97fedd7365ed5926628ffb81
SHA1610a5dfd10207ef7f08f561cda4602ebefa1e639
SHA256e34f66afa4c366dbe18edaabbde4f2d1e297062d15508c3c6c4656c88d777057
SHA5121d0d7aa49e62da1d46798098deaa92b9e1d5d3048e74036fc61ccf0e8950c6a504a961d2cc3327bc63380497ba9af1d0b8087dc1d13f062681d0d4689650af86
-
Filesize
1KB
MD5bc7d87b8d29c8f7c3f8b6302d6612a35
SHA18cd724bf07eab68ddcd2329c6b19637bef06d584
SHA256a40da4d11c15d38c54fb28655e227e8e8dc99813f2163ec4c8292b7e6e851630
SHA512537450af2bb3d9c84f4302962dc842a6132990ce1d789e2680aa930a87de5cc5c280e551894f7585b5afb14f2e4852a0a56c5bcdc2ced7cb8fcf0135adfa4d29
-
Filesize
1KB
MD576d3a24bf2011cf44c3fa75b3a916e58
SHA10259dc00a5069c370a919b50601f902362659920
SHA256d8a08cde56f90e9f3ba2291014896dedd2e805a887c911d1cfcc3e1759c9adc5
SHA5128021a9373bce80fcfc4506a7e9ac58a1cb5d149bb2665c398a8232cfcdde37104b4bb322dde64f0e5ad93114003f750eb3466ab9f6165927fca30e911e1a98c7
-
Filesize
538B
MD5a7d159a210d77a89cbc05ff9b9c9c9a4
SHA1e20be312ed1aa0f8200fc09663c12ebe7ef0723c
SHA2563928fdc5360699ff37061c0c5215582a64871b2106244311f3ab888456be6b21
SHA512379e935552083409d4d7ad3cb01ff38791e6630189a26e52fe5d580a8ee8f77af351b09846bff365fa84908488372a0e343b79c8f41df2ee11b1da185ec9b210
-
Filesize
1KB
MD53f0f8f783a3a632a2001e0d093ac3c32
SHA1ab3870d4356291404f29712e0a168f0c79e6ec21
SHA2564edfa1ebbdf4fe09a76ecf874ec9c00bdf1800bd1ee89439837c521693d84827
SHA512489b7e7ce349b3342be4433ba39b0bb5408b7699642dc6aa6a7d5ca2f7832e93f578d9e762f9f35387d9f4b7619a217c9f70539783cc1e83846e4cb7df2a2e94
-
Filesize
1KB
MD5c48c6243c5450cf49afb2948b4148a11
SHA15e57ab84cad0e86e17ddef0928fc43d305d42b9c
SHA2563b8de5fc0c979da9c2c96e5f63dec33e6e292d9ee017aa2174b57a6c07345519
SHA51221b01de5386d649b60a7b69e7d74547ab1693ff732a56f9b6620771ad613cbb5b413b0b6bd9b95253363e0f066181d13919b4fb3c2f659118452c3d96eee2b0d
-
Filesize
538B
MD5f93d1ad1bd61f5b1c3d1f7dda703a16b
SHA1566416ac089e048fc6779cc74af0ee7a2bfdfcfd
SHA2565e770e792ba9284995969ac77d1de9dcfa0caa3c835cb70ec209f84e0d7cfa78
SHA512990fec5c2e1d64253b662c347ed5df64e32802f5d8d440139e7b669314de421d1e48b39e278411ee886712e382a7998b4ee8b40dbae4e7f0478eef88c9e40867
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fb10a076-dbae-4764-9a99-2ab702625a0d.tmp
Filesize6KB
MD5dcc4979df59248c126b2c7782e1fd53e
SHA1b048a885de4e5599e8d045c32d570e4fabf496ea
SHA256d92f64e5117363d7f282e960ea2006980a180a5a65a14328b8c93e34509c9697
SHA5124aa1cb6f0a7769c43962426c5191897d45a70bc9ef6f5a89e53362a93194fadac691201670e5f63b8f919ee5c017ddffcca9b04c7d39e0d5ddeb6f92c0faff7c
-
Filesize
11KB
MD5853b0f9ce77d9dc62e1836ef2246452a
SHA106181ef5af65be31ad9af465d6d8659201d36053
SHA25659e7def2be04383f1bd5277635d7893564195bb7119fac2ca838a38ca038602c
SHA5125dd81aba8c88328e5c8845e6bc5c20cc34785119a4cf0c6e7ce8a3f2c7dfa44622e127a48ce349136fbbf039e0b180de02fb5ec8d2ab4701941d529fff8726a1
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize11KB
MD5bbeb71155c17f1406a9a6969e601e8eb
SHA11345bfded03c9d732d00165c340be99ffe1159b8
SHA25692288e6c4b9672e9f1e31b4de3e5ecd07f751dcaf7e4da635cfb3ac691c112d8
SHA5127d1d809c040184145f35adb6571954e319d8669d6c5e0e109853938d509edaa3541a0d98519991dfaf70a04c5bb515b17ed771840e16ddb8256a9ecc46af1ee8