Overview
overview
10Static
static
3Setup.exe
windows7-x64
10Setup.exe
windows10-2004-x64
10datastate.dll
windows7-x64
3datastate.dll
windows10-2004-x64
3madbasic_.dll
windows7-x64
3madbasic_.dll
windows10-2004-x64
3maddisAsm_.dll
windows7-x64
3maddisAsm_.dll
windows10-2004-x64
3madexcept_.dll
windows7-x64
3madexcept_.dll
windows10-2004-x64
3pdf2bmp.dll
windows7-x64
3pdf2bmp.dll
windows10-2004-x64
3pdfium.dll
windows7-x64
3pdfium.dll
windows10-2004-x64
3rtl120.dll
windows7-x64
3rtl120.dll
windows10-2004-x64
3vcl120.dll
windows7-x64
3vcl120.dll
windows10-2004-x64
3vclx120.dll
windows7-x64
3vclx120.dll
windows10-2004-x64
3x64/Templa...te.htm
windows7-x64
3x64/Templa...te.htm
windows10-2004-x64
3x64/plugin...ns.dll
windows7-x64
1x64/plugin...ns.dll
windows10-2004-x64
1x64/plugin...ns.dll
windows7-x64
1x64/plugin...ns.dll
windows10-2004-x64
1x64/plugin...ns.dll
windows7-x64
1x64/plugin...ns.dll
windows10-2004-x64
1x64/plugin...ns.dll
windows7-x64
1x64/plugin...ns.dll
windows10-2004-x64
1x64/plugin...re.dll
windows7-x64
1x64/plugin...re.dll
windows10-2004-x64
1Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
submitted
22-11-2024 05:53
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
datastate.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
datastate.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
madbasic_.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
madbasic_.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
maddisAsm_.dll
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
maddisAsm_.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
madexcept_.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
madexcept_.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
pdf2bmp.dll
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
pdf2bmp.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
pdfium.dll
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
pdfium.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
rtl120.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
rtl120.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
vcl120.dll
Resource
win7-20241023-en
Behavioral task
behavioral18
Sample
vcl120.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
vclx120.dll
Resource
win7-20241010-en
Behavioral task
behavioral20
Sample
vclx120.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
x64/Templates/TemplateCorreoCliente.htm
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
x64/Templates/TemplateCorreoCliente.htm
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
x64/plugins/MahApps.Metro.IconPacks.BootstrapIcons.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
x64/plugins/MahApps.Metro.IconPacks.BootstrapIcons.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
x64/plugins/MahApps.Metro.IconPacks.BoxIcons.dll
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
x64/plugins/MahApps.Metro.IconPacks.BoxIcons.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
x64/plugins/MahApps.Metro.IconPacks.Codicons.dll
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
x64/plugins/MahApps.Metro.IconPacks.Codicons.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
x64/plugins/MahApps.Metro.IconPacks.Coolicons.dll
Resource
win7-20241023-en
Behavioral task
behavioral30
Sample
x64/plugins/MahApps.Metro.IconPacks.Coolicons.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
x64/plugins/MahApps.Metro.IconPacks.Core.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
x64/plugins/MahApps.Metro.IconPacks.Core.dll
Resource
win10v2004-20241007-en
General
-
Target
x64/Templates/TemplateCorreoCliente.htm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2016 msedge.exe 2016 msedge.exe 1424 msedge.exe 1424 msedge.exe 2784 identity_helper.exe 2784 identity_helper.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1424 wrote to memory of 2848 1424 msedge.exe 82 PID 1424 wrote to memory of 2848 1424 msedge.exe 82 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 324 1424 msedge.exe 83 PID 1424 wrote to memory of 2016 1424 msedge.exe 84 PID 1424 wrote to memory of 2016 1424 msedge.exe 84 PID 1424 wrote to memory of 2296 1424 msedge.exe 85 PID 1424 wrote to memory of 2296 1424 msedge.exe 85 PID 1424 wrote to memory of 2296 1424 msedge.exe 85 PID 1424 wrote to memory of 2296 1424 msedge.exe 85 PID 1424 wrote to memory of 2296 1424 msedge.exe 85 PID 1424 wrote to memory of 2296 1424 msedge.exe 85 PID 1424 wrote to memory of 2296 1424 msedge.exe 85 PID 1424 wrote to memory of 2296 1424 msedge.exe 85 PID 1424 wrote to memory of 2296 1424 msedge.exe 85 PID 1424 wrote to memory of 2296 1424 msedge.exe 85 PID 1424 wrote to memory of 2296 1424 msedge.exe 85 PID 1424 wrote to memory of 2296 1424 msedge.exe 85 PID 1424 wrote to memory of 2296 1424 msedge.exe 85 PID 1424 wrote to memory of 2296 1424 msedge.exe 85 PID 1424 wrote to memory of 2296 1424 msedge.exe 85 PID 1424 wrote to memory of 2296 1424 msedge.exe 85 PID 1424 wrote to memory of 2296 1424 msedge.exe 85 PID 1424 wrote to memory of 2296 1424 msedge.exe 85 PID 1424 wrote to memory of 2296 1424 msedge.exe 85 PID 1424 wrote to memory of 2296 1424 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\x64\Templates\TemplateCorreoCliente.htm1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1424 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa042846f8,0x7ffa04284708,0x7ffa042847182⤵PID:2848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,9176074091176590020,3817269427616469170,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:22⤵PID:324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,9176074091176590020,3817269427616469170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,9176074091176590020,3817269427616469170,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:82⤵PID:2296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,9176074091176590020,3817269427616469170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:4964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,9176074091176590020,3817269427616469170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:1860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,9176074091176590020,3817269427616469170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:82⤵PID:4180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,9176074091176590020,3817269427616469170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,9176074091176590020,3817269427616469170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:12⤵PID:1084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,9176074091176590020,3817269427616469170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵PID:5072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,9176074091176590020,3817269427616469170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:12⤵PID:3640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,9176074091176590020,3817269427616469170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:12⤵PID:4556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,9176074091176590020,3817269427616469170,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3504 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3440
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4256
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2908
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
Filesize
5KB
MD525ca0d8abe260273017eb05626020a41
SHA132e9b93bf1a8029be07f4123a0b188c5774414a9
SHA2565eda399c398f0de8122fc9c6c52eec8a5975ffffb49139960f1e4a814202a49a
SHA5123eaabc1b42e8809259ffd9b34e54dea51d28ac55507271a6754d0eb07004dba2d2d9e397a12d35742dfa2f405e6289ad8ddf9ece286045e23e7308f968d65fa2
-
Filesize
6KB
MD578ca9d237291728b1857e4813cf671e9
SHA171fa0462e91569889970a4636cbfb541169522c9
SHA25610897b97ff25f33e4dfcfbdc4ceff9a281033fb2e43d7fd087d9fc93453d6459
SHA51231b8f4471d4d6a6cf2aa65b3c6a6a5bee7c1bc806d7c7933933db917d65a3ecbd5684cca5cab993891872eba659264c6f81c50d096c64b0fcfe9c2777bef8b07
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD504df71e7c34125b359d1232f93eddd5d
SHA1e7e0f84f6c99d4eab6503842f47810021c1a4cec
SHA2567a7d3c9c381b2f68f4a76166c82f2baf22b22164b71b041ff01973d306bbbe48
SHA512dcbcf5c75699bb8a4055acc351676388cab537db523fc2605e10fc56ec9441e97f785011e76637e28c043060ce9d14dad6a7469de27c1db0ed75befce4662278