Analysis
-
max time kernel
968s -
max time network
988s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
03-09-2024 17:14
General
-
Target
a.html
-
Size
1KB
-
MD5
7193f01bc59d377aedc3a05c4b74acd4
-
SHA1
0e67e5bd2fea43c330d6bcf12f6ebd7bcb4873c7
-
SHA256
f3deab6e4a4ad022d1c8eab84c36bfb6e99ac77a5577f713714706eb6f449168
-
SHA512
d9f37b914b9ef569a034abaefce4c42a48f1b16764b714bad8f1845cbd5415bdc8d18bb07ef90430fe6464cac8c24e61c83bbd5b4512bbf04ecce04c7375ba69
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 41 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 23 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a.html1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa9c573cb8,0x7ffa9c573cc8,0x7ffa9c573cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1832 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6948 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3196 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6752 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,18356892945470193688,9076516496945003115,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6480 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Arturia-Pigments-v5.0.1.torrent"2⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=67D2A3277503E355F64BF4424C58495D --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C0A21FEE105645A45AFDCF25847B4145 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C0A21FEE105645A45AFDCF25847B4145 --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:14⤵
- System Location Discovery: System Language Discovery
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=327C6A8F5837149174049F6729364031 --mojo-platform-channel-handle=2344 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
-
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D41⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5abcda36a555b8c801cc1749e033b010f
SHA12c460c39a8ceaac882769be85f2d1519816e5c3a
SHA2565526ecfe87e670ff84e4f3ab8becc304ada2afbf309fff934f6d272b1382c9f9
SHA5127ac7e9449db6e37ba6ee3d77b27382af912e3c79121e94fa738182f3bd7dd456a4b5d9059cb9fa47dd3505f79c387d3cd23c38a2d9f59e6823a55b4aabdb5f42
-
Filesize
152B
MD5eae66abf9433c97fd8ee061e9d75f17a
SHA1f6827cd253e644a657d85cf071d7e69d139625e7
SHA2564e138e7947a1ae4c787128cf1d89c11a6ab4e7bd57acbc16c8913a917990bec3
SHA5121e4a7a935ab30fdc84ee114ee62f445331ba40117bb1c038902aaf20728c4d70dc70bfb2098d95f292e44b2e628f49f36c5cb8bb81511726b9029f2362872eca
-
Filesize
2KB
MD54b89d285056762eea7f8e9f4c9c04724
SHA1dea02fb6d3d2d9b094abbd06d342511155fd2692
SHA256ef44061fd731c5df109f74d064b7dba15db5bfcb309152f08cc119dafe6667c9
SHA51269af7cab79e27025655a955b336d366faac8ab1768f49bf35031221e315c0978ca3d8837e2b8be83d69a7879f7a82f20cfb5ab21c359b55f707b028b9ecb9405
-
Filesize
27KB
MD5d900ca08873ee57d40616d39a44cc0aa
SHA17ab3ac8b1504b7b914a6e94c979b8390bb492f6a
SHA2561eea479cc0abe04a0846f41031207f9511f12ffef017a6109d4efb6f5523465b
SHA512b3029de5aeb56c26b316ac4ce08dbfd533b9fe63c2a8f0c256693349259c4c8a3c3e462283dcb26c27d4008fff4835923800727a4df17bd6fffd097dae2128a4
-
Filesize
63KB
MD5a2b03561cabc0d346e9a6be3f5b11b5e
SHA1ba0aea2acc1c20700c4c09c5b2b8d0bfbd33ce6b
SHA25609588f4db755d8d88d9e521f5189d97c2ac781ee7ad782bb0c644eb9f69feef1
SHA5123602c58bf569bbf22d2a559f0a62c4ac8d6c9868dd956cf0d75d694d104eaf2f82d22c9427636a46ec82cc24e758ad1eaad75fab771ce843308c1b2fe57c6ddb
-
Filesize
20KB
MD55957c300b8653d48c875490dae6f3edd
SHA14960cb666c7863b2bd8a3449619005d0730875b0
SHA2569dd3ea282d524bfc4a534223dadf1450686feae44cf231eedd604fd6238e96d7
SHA512eb965c8beb916dccf7469399df4e504c1ea255a443d933648429e7b59ef04d249812912b171afcd45b155047773ed46218d2e3509a701f4bd63171c133efe66c
-
Filesize
20KB
MD5b697f8604edc9875b0075ed06c69fc65
SHA1933f120dc38868d832efe962f27144ee597275bd
SHA25648c5bf89d95ed77f2ded5cff403c849aae18c11ee5512e9056c64bd2a57be797
SHA512430a6fbeebc338435ebd764cebe62aeba5e08a53b59e3e01a886d2c4ef12bbb4e301a991f70794b8bb3f5797e56c9c6abc0a07baed12bba6070754e8aba66a89
-
Filesize
211KB
MD5e7226392c938e4e604d2175eb9f43ca1
SHA12098293f39aa0bcdd62e718f9212d9062fa283ab
SHA256d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1
SHA51263a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145
-
Filesize
4KB
MD50c05ab3b1df2b968628de525723d52d1
SHA17cbb8e363e684b583f70fc0f42df4a15c20aa1e7
SHA25639020daef1ad10fc06c90bf2747a14f91aa450d69be23bbc5ce769fe2d6358a5
SHA512e8076d1ac0178778dd1a301b14c2b38a9154afbe41cda9d58941bfab5421f35aaf00ad1936b0b214a7e405f9257daa67272f2ef0835dedd232fe89f3cd1c9b3c
-
Filesize
3KB
MD528d829c5bd0a4a497b7d6939ceaa37d0
SHA183cde30233588c0aa0d7751c864eb11b24c954b7
SHA2563c469ad9609b8e89cb7fd3b9035fe11cdc5c463b7239da687b4352f684060302
SHA512986b00b17967c26723c684ec709bcbf049c8569919422bfb84ab1783aeb6e52a19f787c001170d5a87b02a6a6fd2b0f5a450e45c16a8e1dd295ca487a631cecc
-
Filesize
648B
MD52306990f475a881e9fa789cdcc7fcae3
SHA1e0c1035260ce05081bccca9e568adfaaba177bc4
SHA256be29dc2178030973b37fa10a13a2512fcd3b05de4a78fd13afcdaecd9d08150d
SHA512113e9a72ddf309176e4f323fe2841b8ccd1bb20c4e15c5b6ca4753be1b1d7c4fd726065dd0fbc7fd994977ccf6751220bedd0b4ef1e00c27b9a2eced9023404b
-
Filesize
7KB
MD530e1a318404006b8b6792e8dd76742ca
SHA198510b12310d70f571de9b60f28bfe78a92ccb10
SHA256ca3d34789dccecde6c8aaf0175beb7d5d755c46532ba7e5932d57a46af85da1b
SHA5127de12e6b04dd7289d2ae2ea17868cd49e2298cda980f1305ae07ad914004a19d9d406e16c88da49f7b8b19a3385c3b2f5e8eae73daf1bd88bbbc867ef9bc3771
-
Filesize
10KB
MD5a1f00a1abaf9126bb1cb9711892b5a5b
SHA1e93e5b2745fa80b282e52f3513d9f8a4f2dc8197
SHA25639738f5f0a541c1c868cc6224a81bf4af9a0f5ade9513b1f7aabc1e631018ac1
SHA512b62aee7d79f0c1dc922d69ab688d853af0ec5277c37bdc38e2cabc3053d5c56e14c7185bed861e3a97783604317188b3c1dd525757283405f5dd870930f288c6
-
Filesize
10KB
MD5ab0d440b9ae192d33e79f8d311822d29
SHA1f37bc60512babdc8fcb0a2a4772d1032ea014ec5
SHA256c2eece660b32a8e85450ebadabceb443a76fedf6d9da500f6fe830cd7f24f40c
SHA512c9953a4a284c77d93c874eb177162a97581be8af298deb7871caa5bb072a20cc81e1b25faa456afceff70e9800362c7997fc6aedb7293c9918074625ab6c5b82
-
Filesize
5KB
MD51cea907d49cf2654c9ecee547cbe5d1f
SHA1d4a524260a12fe496f3b99ed38e1d5a56a4d89a0
SHA2569cb27e1a6ca48ce09ecab609503963097f6da71569b98a9d3f5b9e388cf472d9
SHA5120b24cbd0abf0d6cb6efb95d3e7bcdbeb92bba66d717dbacf11e69ee8e00c8bac1268ee23abcc7afae3432016b4c1ef75f89cd144501e7b6dcc766b1f4a4f9d1e
-
Filesize
6KB
MD5d2d1b7822060e840c484fa1627922ee3
SHA1bda37586c643385d6bbf4a52ac15a9fbe36ca388
SHA2563531a7f0e15475f789923df39813b3f65fef4216c71876fca508e69eaa96c5c4
SHA5121d9368ceb2683757ccd867ee7d3741ee933ecaac8c0f2f5faa6499dafd937f9fa76499b5e8cfc39fa14dadae8aeb0b663ab0c360f92130be7a8c124f379d849f
-
Filesize
5KB
MD53f866f5060b3238fe96607048a77f477
SHA169144f88a3234f9ac486ef065f1783d83800fcfd
SHA256a3cdf3d3355606c291e97eeff9064e9da5dc8ecd8f2be3656ab10083ec3713f1
SHA512e744e2d9e1f4c5dfd20e86e7447af40b757c133ea5a31999ebc61c7c2e87c0ab373479d7110b0b3ed152e69ca9739048632c0c8e9c05a01fc898a78acc951a7c
-
Filesize
11KB
MD5f82ea7ff1c60a0fd622b1c75f9d027f6
SHA18e822c8a1b7db3d317fe3e359f51bc87259a84e6
SHA256a4b7aaa9bc47badf8963627eca402b1e009db76b6579a19d30300e9ae30b81f0
SHA512c8e575767b6e33c4ecf191e7efdd8365f5c8d0ae7caf95c7936bef33f47607fd7126c1267291fd98929fee74738a7d0ffb76a7ed1e27547f762d98beec1760d2
-
Filesize
9KB
MD503dca96fb07afc46d85c54de5459e328
SHA1531a0bb6ca637a25b68b04823bf8b8347dd0734d
SHA256285e2190a9d6b861a05987c9755d5ff2017ab7b26a4e408881515ee6144bfeae
SHA512ea2b34c4f6615ae6366e93a341476c4890cab4b4f9e472bc8656d7946bc6bb1752547a197b1306fc0f9743d4741c3eaf83044a8a8f9698b87c35a9e21e994c55
-
Filesize
11KB
MD53c6bbf15583f1055f50a15456ccce378
SHA12d957da9b5b43ec6bc93ebdd6f505ec8178062e9
SHA256e55cd72cecbed628ad46950479d3a97ce50a65631746e532f3fc10b618b3a6f6
SHA512182ddf8249d1bc7e85dd0bb3d99c4f214eb92dd09780a1dc578e1ac76afa7ba42b3709065544cec9c5db9e302d3ea75a2f5dab8544f89a40ce6d290b7b8eddab
-
Filesize
25KB
MD50193b3aae67315c00bba748821e1b6a9
SHA18894ce52c4937213da1937265f28a9da9f33d0e0
SHA256e27037ff3798055646cc946ca88269b55e98e10bf3bbd057057f3f1a52a3afea
SHA5122dd184f82b6da5dfdb371c80632cc3321c6fd62a16d3798460a292b9348c42030558a0a7e7e6da53100fbf3d7aee4f7c0b28f62276c8f3cc74e348a4efae7bd8
-
Filesize
1KB
MD5924f280c2e551c7c25bb4f904f520aa2
SHA1ac0725538f14814a48c44be534dc11866fc6ecc7
SHA2564dbe7bf3b703d15167e2b51c5ab6f5c9068028afa3ec275d120464924cb96059
SHA512167bea2294adf12885bc3ed827e0abd273d5e38b3ab65332954d6f75f77919810a64171edecfa2ab40c0d43fccc0aad654e5a2567ac8e85bdba11335de1ead0f
-
Filesize
873B
MD573bf568330e424fbf5e151fe6c174834
SHA156dd1ec12ccf31fcf882c685ea34c32434812ba1
SHA256fb74e90df818d2fd66733cb7632877e65b770f2f866b0040b9d791b33ed93c00
SHA512e703842c77023c90c360a3b268f8182cf5199ec53059c52504c68fd6e00ef68e924b76bd9c486deee94cded21f8bb3f9430389219457d6d73c8330a10f1915b9
-
Filesize
1KB
MD5bb4509a7eb9b0d3ca4e70dc147940230
SHA15a4f6a75615b93e6c94956f6d6d9a4f8e7f5a52c
SHA256f471d6759af0d4ba38b44e7210e23fbdf5f87425a7c83c57864f38db249f2bf3
SHA512ed4062b0ec550c2c83f7f6803aa4e98a948d92d309ed51d890ee658b4f5741c99f16106dfbc1452bf0328c49164db05c5b94b31774a7dc7b35539e83885def86
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5f105527c8f10a5efc39f92994587ab2b
SHA117af0721acacd1ab37f59ec0edd8f2430856a15f
SHA256ea647d90ed46b3e541f79b80ebc26d91f8a1035b1af4b03e89d9813cab95da23
SHA512b4da961b07524f5359c5fb25d91b652dc274aaa81d76c6ad6f2824697d6f0fbccc304c73720da063f2c8cd31d3449bbca0192c87e9ccadbaf53705fdf43e4a2d
-
Filesize
10KB
MD54d0da9a0a84ff76ad5663c5e7ec1a982
SHA1cb3f97167b52faeb554e4da427e08611b7537c51
SHA256889069a63990746045beb3b81000b107650cd388e06c53742a6fad7f709c3cc8
SHA5126e4cd166f5e0aa18250435e0ee611d8625cff05f5a660dfdc1609b43927d4eb77c2b669b4a153493e1d1ba205384050fd1edfe5d74e14563fc5a293cd8f0606d
-
Filesize
1KB
MD53aea3c2f37a960a0ff47b6a9deda919f
SHA13e1333e22ede14b899e4362a2617101b2e8e91c0
SHA2569c047a893c63b6098c68d8288ab045b27b7acf7254161b7a1bdf38df993052c1
SHA5129d18d0d5213b2dc207ffe3740448cc36d471a7d0657080d2997ab7db1d046fc42a9ddefcd169afafd001b5dc37d2914f0f3c9f7d800d3b56374281dddabd547c
-
Filesize
408B
MD5d3a1cda930e4b6b3c77264713366dcad
SHA1bf822b001e5db33c3e22f58b1d1ba3120199e51e
SHA2565b553f8470feeaa738c943f32d50a4159b680483d7ad867fe992850c8d6f4378
SHA512b2add38e5a043b7d3e50a9f4cdb03813d9e000220a50791530b859eb3204ad13f02206fb7f748e0d1c263c75f8c2cdb52eb991a7719e771a7bfe41789b3448cf
-
Filesize
11KB
MD5cee63fc0bdc29c4bfea7f99358b67f13
SHA1c0386cf8046c64d15152c6d04a64ccc65342c722
SHA2564d138e093a8ef04944af33623e21ede98319676813135c3544e63d3669f972b7
SHA51245ef6d41dda3ffc54b470250dd1876a8883624e4b28d6d365cafac2e1e53ebb14670952d755eba5b78c038b9d91630557ecde45e1dfc86d3de8230ab729e32bf