Analysis
-
max time kernel
91s -
max time network
93s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241023-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
27/10/2024, 20:11
Static task
static1
Behavioral task
behavioral1
Sample
sample.js
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
sample.js
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
sample.js
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral4
Sample
sample.js
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral5
Sample
sample.js
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral6
Sample
sample.js
Resource
debian9-mipsel-20240611-en
Errors
General
-
Target
sample.js
-
Size
66KB
-
MD5
e7e597e858a5593c28fd5ef148ca6274
-
SHA1
3d9f2d4a4c237607ea9a654253539b8d79e774ed
-
SHA256
e0209add9a799a1f2b1b75e422d40cecefabff9399ce3200414e807a07debab2
-
SHA512
e67baa0495fe73706e9ca5b1ffa17734c3282504d5eebe1ccf6601f5b2e28c7b7ab389b6497a451e6ca8bae30bcbc0cf8f46c9d0e54b0ee2a4333b0fd8df0d64
-
SSDEEP
1536:u69UFLCCwNiey/JehNFZuSuWtWWxPqoho1HwAEpqcSkNSWaj5CO6ZsnJfrYauv5q:J9UFLhw4eqou1HwAEpqcSkNSWaj5CO6M
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SystemTemp chrome.exe -
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies data under HKEY_USERS 17 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "22" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133745335398479429" chrome.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1824 chrome.exe 1824 chrome.exe 3596 msedge.exe 3596 msedge.exe 3860 msedge.exe 3860 msedge.exe 320 identity_helper.exe 320 identity_helper.exe -
Suspicious behavior: LoadsDriver 6 IoCs
pid Process 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 668 Process not Found -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe -
Suspicious use of AdjustPrivilegeToken 61 IoCs
description pid Process Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeShutdownPrivilege 1824 chrome.exe Token: SeCreatePagefilePrivilege 1824 chrome.exe Token: SeManageVolumePrivilege 5052 svchost.exe -
Suspicious use of FindShellTrayWindow 32 IoCs
pid Process 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe 3860 msedge.exe -
Suspicious use of SendNotifyMessage 26 IoCs
pid Process 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 1824 chrome.exe 3860 msedge.exe 3860 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 5128 LogonUI.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1824 wrote to memory of 1820 1824 chrome.exe 84 PID 1824 wrote to memory of 1820 1824 chrome.exe 84 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 2768 1824 chrome.exe 85 PID 1824 wrote to memory of 3952 1824 chrome.exe 86 PID 1824 wrote to memory of 3952 1824 chrome.exe 86 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87 PID 1824 wrote to memory of 4148 1824 chrome.exe 87
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js1⤵PID:3108
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1824 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffa18eacc40,0x7ffa18eacc4c,0x7ffa18eacc582⤵PID:1820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,2511009451024469387,9796605816770236053,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1968 /prefetch:22⤵PID:2768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2184,i,2511009451024469387,9796605816770236053,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2232 /prefetch:32⤵PID:3952
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,2511009451024469387,9796605816770236053,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2288 /prefetch:82⤵PID:4148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,2511009451024469387,9796605816770236053,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:2588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,2511009451024469387,9796605816770236053,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:1228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4632,i,2511009451024469387,9796605816770236053,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4664 /prefetch:12⤵PID:1696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4084,i,2511009451024469387,9796605816770236053,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4848 /prefetch:82⤵PID:3068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3192,i,2511009451024469387,9796605816770236053,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4964 /prefetch:82⤵PID:4204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4448,i,2511009451024469387,9796605816770236053,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5068 /prefetch:82⤵PID:2600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5012,i,2511009451024469387,9796605816770236053,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4784 /prefetch:82⤵PID:2756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5084,i,2511009451024469387,9796605816770236053,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5292 /prefetch:12⤵PID:692
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:3004
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:4980
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5052
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\WatchRestart.mht1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3860 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffa08e946f8,0x7ffa08e94708,0x7ffa08e947182⤵PID:2916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,4384209910279477849,17079075141973026140,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2316 /prefetch:22⤵PID:1048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,4384209910279477849,17079075141973026140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,4384209910279477849,17079075141973026140,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:82⤵PID:3676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4384209910279477849,17079075141973026140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:12⤵PID:448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4384209910279477849,17079075141973026140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:1312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4384209910279477849,17079075141973026140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵PID:4828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,4384209910279477849,17079075141973026140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:82⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵PID:4184
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff7932c5460,0x7ff7932c5470,0x7ff7932c54803⤵PID:1276
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,4384209910279477849,17079075141973026140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4384209910279477849,17079075141973026140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:12⤵PID:60
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4384209910279477849,17079075141973026140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=64 /prefetch:12⤵PID:3176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4384209910279477849,17079075141973026140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:12⤵PID:5324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,4384209910279477849,17079075141973026140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:12⤵PID:5332
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:320
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4708
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa39c0855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5128
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5981f41e978ecae328355c41043a520a6
SHA1a01470c1a7ce3872afe29b3f421404f638891db1
SHA2563d06df0dc68173feaae8051bda94e47e7e34ff269028c5b0497679d1027c3268
SHA512811544536a99f0dccae2272eeb8139e40c2f6d54f09ce81938c90961449a74973f546cf9f22988157a82686de7d9dd2a3823711bd97dd7aa37c41b0dec727b2e
-
Filesize
3KB
MD58bfd9321c7acc1cb018fb1de2dcee2da
SHA19efa6e0cf2525cd712db1b1475d68a457c4795ce
SHA2566da8f56518af9b503a3efce2d2ca8db45be702bffd8d980660301b5a531f9aa2
SHA512667ddf24053e74993dbadc1f24e5585006233826c3dee374a41a145976692a55ab8576e2082bcd8ea21dcf747f682394f56c54ba144f747322abd6b22efaedf6
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD5fc2cb3b4649a94c70cd3a9457587e97b
SHA1424e9583b09506c468543ce358156a702173a111
SHA256e1ef1831e2510c1d8296a8e9e058b32ec25c4858156b62e7e45b9f2f372ec2fb
SHA512a1ca9cb9adeb60886a3f8cb831ab76c3534082c11a3ee0915a0847236a5f2d34a50916df58325e355f3916dd59c0a014d40626b430881cf81cf57ee14291f826
-
Filesize
356B
MD516b26a81c4c3fe1d0e8244528da99192
SHA1cb01fb67d166256d95c32b97171015f4da237c80
SHA256a986a55ecb1223102df13af8fa16dbdaaa7e41fa4e66c3acc24c610d51d12a10
SHA51275c6bcb76908e4910a62f9eae56824c116e333be5d4ae184597f4498c95b49e2fb1bdbfafa86155c79cc0e1b9f85f22e4723f5c397e9f71efb019b71710b6a72
-
Filesize
1KB
MD52c05c7f4e618628b9db766f873546a78
SHA1b5682c0d2315b8fcc0373a5fbed1eb0e0a3cfd85
SHA2562c8af76f7bc26283051470aa0485a94e715f92c95ca54128a03c6b407f5d1aab
SHA5122b5806a85ae7aecbf1a32d5519fbd27b78220164c898196316d20822f4e0b38c88d1ec2d9b621a3d84d2ab02e74c52c3a898f104c4240973cb62269ec0522043
-
Filesize
8KB
MD5e82568c06745f6dc7a3df4206f31308c
SHA120eb2e762debeefd1e08f8f800d7f1ea8bda20d2
SHA25692b75147111e2687e390379b6f9d942d78e9a3c2479940fcc960aee5abe8f67b
SHA512044388e490f4678394ac693f06f36e226e6e494d4e1de317927f60d99d196a3b449ca2371a12bb0b0c5ff7ab0a425d6e9b8d16ef4415a510b7f0da0754b82e29
-
Filesize
8KB
MD50656e2c5dc7c4d292d32e2dc0a176e8b
SHA1e61db99c9702b0c5a41a0a8792da0f5224c972a9
SHA256d22fd71ad4689391c9d223f0e948d94f319d707d82ae1ce8921a949692b4109e
SHA5123f029136aad5b70f3a60d30012f9cf4e928119f472b686a0b45ce49bebcf8f10e9b44de4c52c532d46ac6b115aaaf80ec1f7f428680768215fbda94d37d1a4b4
-
Filesize
9KB
MD59d364bd0fb9ebfd62d118defad32de6d
SHA1678430aebdc621d274292f9d0e17bc5acb49ee5b
SHA256a25f5e7e52ef10c38d851f85dbc0fed2fed31fe5cb19d82131fe565491471db5
SHA5121cfbc66e3edad8ce30a55adf79a44653a5604ef8ad2d61d26856fc91a61b02e4d17ce21eb78f207d3db7515e8149b74b6eb07b16ce1070a99fe21c385f246b14
-
Filesize
15KB
MD5c858aed512c7f63ab91dddafd041de2d
SHA140e29792de5420a87e14cb40f036eb5909989aad
SHA256d8b5e42af99a2c3e7fcfd97297b04ae7a688cdfa458a2f09603297780616be5c
SHA5129baabfd14beb32e00719dff1ecafb556aeca05300708e90c84a7f9ce488b5d6f87627353bc236b5b2cfff411e29a267e1c40e241e2dad05884685f621e2c895d
-
Filesize
234KB
MD5914bc6e061175bf4c8e8fb0538c32aa7
SHA14261e9abb893d0a36531044fa5749b9db05e33e5
SHA256283e227a0e5b926eda93ddda56d9f839cfa40c60618075b2972a63c37198f2ca
SHA51241ab9da7e9aa4a7d863f7958ef306bf3a22c5b0be547ac7581aa33f6399b03015ba88c2c91b6fc07e7a4eeca42a0017ee9d56560e85e147c128d73610d76035b
-
Filesize
234KB
MD541e942e6fdef325d8336463c258f222a
SHA1068db398fe4b2bb82fdbdaa269298790a2bbc45d
SHA2562bbc514252af83fd5b08b295affffa377aca5551b55d8a9571547b7dd7ab4215
SHA5128face131195277ec7e14b98d81794d302f2219aefa193cf2988d0ba60d6d724f6a3933423a0bc60d27e7d882dd7266e04a540758d371dbbbaf3ec913b6425c37
-
Filesize
234KB
MD5bb4ceff43986242fc886385cddc4a438
SHA1d9ca2a4bfb309e67fdf636f143c5956e6629e6cc
SHA25674d27721a6d5f223631fc29488d2b26f1e748e01e771b37077385c70e93f5cc9
SHA5125705a45b904ad42112e514ec71f0bb75ba015994cbed517c35416082e4f07c59c3ee419b9757fb98ecdc27c010f189a9e37ac129ffc72e089203e3e523261bd9
-
Filesize
264KB
MD5c7c5f7c5d6e4ec388f29be4e3433a25c
SHA10eca17b6ebc0043ec000404f8c8dec27fd595bb7
SHA2567b1d8135da160d4fbab696171deb530c52c59074396dc4ff1a87d8dc3de69a4d
SHA512410324af74c679c631a21c873041334452d2327fda6f232e55f435069085187088314f9e71a1952bc1699ab5d6c26e23b6705b24bf90025c6066cac4cb6c1509
-
Filesize
152B
MD5e87625b4a77de67df5a963bf1f1b9f24
SHA1727c79941debbd77b12d0a016164bae1dd3f127c
SHA25607ecc7bd328990f44b189112a1a738861b0f4528097d4371e1ab0c46d8819f4e
SHA512000d74220ba78628b727441c1b3f8813eec7fc97ff9aa6963eb2ab08d09525fa03935b32e86458c42e573b828a22b0b229af02b47eee511dc83de4ed3b5e726b
-
Filesize
152B
MD55d9c9a841c4d3c390d06a3cc8d508ae6
SHA1052145bf6c75ab8d907fc83b33ef0af2173a313f
SHA256915ea0e3e872d2b2e7d0e0ca30f282675139c787fec8043a6e92b9ef68b4f67d
SHA5128243684857e1c359872b8e795a0e5f2ee56b0c0c1e1c7e5d264c2c28476e9830981bb95244f44c3b2ed334c3e1228f3d6245cce2f3d1f34cdbce8e2af55b4c85
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\03b171f5-64c7-44b1-9b0b-6abdbc82589d.tmp
Filesize24KB
MD5137094a3453899bc0bc86df52edd9186
SHA166bc2c2b45b63826bb233156bab8ce31c593ba99
SHA25672d823cac2d49660cdd20ebf4d3ac222c4dd15aae6e5ac4a64f993ef5c4fdd44
SHA512f8f149c9eab06e8d7e1aa62145f0fc588dc36fc521ef4dceceb80a191b72d79586d920feb5f3b1d19595109cc6d608c143e32f521a4da1068c708a2538899ada
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD53d07de042a825e5cc5925f4a982d163c
SHA1de94d491f9d7db29c9e3b4d86a2637ee1ecba7b3
SHA2560e2afe85ad39d6ebad74aff48f7c206eb159efd6c722128476a8d7a8098fb631
SHA5126569577732c1d1693af1ac3e82619432942f7e58b5105469ae95f27575f8fb3a6d89b726711ad00c0472a08167d00d7f548b8094ab48c507fc4546786380656c
-
Filesize
6KB
MD5e2686cf266b5593eb547629399c57ce7
SHA149e67b2a9fbf8e30048c83f97b49f65f2abb63c8
SHA256250490f6ff1d774f737d6d648b3e497c2b7dd502ede5dc3e075dbff2f6e7c51e
SHA51257fe835f5084d6198eee113b748798eb29c3d35dc7a57dbf92beed227ac2a4613c21d918f1941aa543c7bfa7046dadc2295f3504cbca96f70b4bd807407e4c93
-
Filesize
24KB
MD5794620ec1e79ac9bc9a27ebbeecb08ac
SHA1cf365eeeb64a25fe763ac078edfa5ab9c321d789
SHA256b3356f0ddc460c6b00366420f51c6bb83c286362f073e7943a1271b4a2c3e58d
SHA512613096da233853fd5116a0b94d2bcce62ae83900a23d3e64e4b0b9ad315a173eda178a288611e37c37d6b9e2a5af3af14b25c36c70eac78149846822fb3d012a
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
8KB
MD5b854f013e46777bffbbaea583af3b280
SHA1e698711c869bcf774348db403370c38ad4bb5c08
SHA256d5b3e4bafc5790e6248caeda3b1831e86b0caea5844e19384300f7a00d5f97f8
SHA512c1074bbe937d67fd019407d86b583c8281461b53bd71f89f5ae3096c54c30770a230b71ee40d167f4c9e2d289742478c5e3e069f49887e8347a7c1881748b0a1
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize3KB
MD5b8563c7bb57cd39c7d4afa35c7d2e130
SHA1793098b78e971b08f93317fa0219b414c9cabbfc
SHA256ea6a7d210302ccc0cadba5a38c50828817fd3ad607633e3d17a76b9a9920fe8a
SHA5129e81a35b1aec1f9b720fc0a86586b6f5c1a19224f7225bf6b9b31a4fd185f444aa9eb1312713ab61016c50d7bada22f523621fa892a11ba73c3158c992888bbe
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize3KB
MD59da758982c762540c5ffe3ea3553087b
SHA1cc3d6f44523bebe5d06524a1f80a2f09697f4c97
SHA2564a3ccaa795be83a59abbef248987a605402ab22c265e3a9eef973d15b2208eed
SHA512757a188c0cde74975356c1cb550153d5f9869356558323f977a561a72dd1f99d874d15d4ebdb5bb259fdbd4f9ef0ad0ed541a8e682fe520042094339f5ab8557