Analysis
-
max time kernel
720s -
max time network
801s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
23-12-2024 19:41
General
-
Target
https://evolve.en.softonic.com/download
Malware Config
Signatures
-
Downloads MZ/PE file
-
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
-
Detected potential entity reuse from brand STEAM.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 50 IoCs
-
Suspicious use of FindShellTrayWindow 38 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://evolve.en.softonic.com/download1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec00246f8,0x7ffec0024708,0x7ffec00247182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8036 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8164 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8396 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8384 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8180 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8856 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6860 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6860 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8388 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8548 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8228 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8760 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8352 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10621916584780825400,11318868059016593542,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4896 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5bffcefacce25cd03f3d5c9446ddb903d
SHA18923f84aa86db316d2f5c122fe3874bbe26f3bab
SHA25623e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405
SHA512761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7
-
Filesize
152B
MD5d22073dea53e79d9b824f27ac5e9813e
SHA16d8a7281241248431a1571e6ddc55798b01fa961
SHA25686713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6
SHA51297152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413
-
Filesize
11KB
MD509e62b176b75e167861305ec6f249243
SHA17fd6a0759d21eba2af21b4749c1d2d333c43449a
SHA2563fec4c49cbb9392f7f481371e2d3b8a8d1c99b027227da75e6574b62e2789389
SHA512aee66230e1b5dafecc6c942a4f0f47c1aa63fe544af1029faf15777d0c181a0878efd8045710ecb95ac74b8119da09c5d40193722a20396751f3803328850122
-
Filesize
62KB
MD535fe37e08d59a3191e5937bbf348e528
SHA164555d7ba585935ad7031b1dcd85e32d665c5e19
SHA256e0050b274222e7bbe0d963be219a27e4a47fddcf1a72da32f744a04eccf91615
SHA512ef3b2acc746dc86ce4e9d075c133e0b65277c14c6347526e25ad5ede7a0f9403478a5fc6a2a19babea02012b5770de1b7484e68c1dec64502d362f8197289f93
-
Filesize
31KB
MD500bd4556d9672009a7cce0eb5605fd1d
SHA1e6aa062aa34cd745dbaa2b0fb851511a5ea734dc
SHA25611e4340eefdc92053fa38149176a0c17f55472b8fd3897426a76050aedcb8621
SHA51234f87481e0cfbab27750b392d885092bcd6e11796745b5ef7f39e9564b8d29d169cf8d72795e45745c366c18057d02120726951d2729c699bc60e6518499536e
-
Filesize
156KB
MD55d3f0428f0458a2bb9ea8bfe60b0dcf8
SHA13ee8111e61daa7d51d321302ff73e1eaa2141c03
SHA25646095f57af5496989f3c4403423185a77fec3b56a875a75e19dda192a1609cba
SHA512d45e2ba35a42aca2913388d0b2dc684647a5ddfc4ca43f26d14cd9f357d740fa16ae350d75df64af5ad59d15039b085be1d511a786fc93b6ab3c29ea0edc3fb6
-
Filesize
23KB
MD5e11f24383d217db0b0e872fa666d876d
SHA1168276fa736a3635096ea6b9b4f9452ddca1b76d
SHA2563d7f64e8cfbda617b84b883de75b02984b8c85667a67895aeb1930dd0f49b80b
SHA5120cef6a28b23384d5d0bc535a850bb02430b7cc6c70382e843d3ffb91dfd0f2174706f8a1c23386edf315fa3cffd939e398098a3e904c76b0079e45f8715a7cb3
-
Filesize
14KB
MD568ae73acc38d25ef164740e6406d931a
SHA1141ea5d404764f4dba77e18c9669cfaf7e414376
SHA2562f699b7c7ccf7f9c45f1decfcc045027d39978edacbd91a1dd382890d842e8f3
SHA512f6ac96dd8a4a10194d718fdcbe70a0bddc0b4909e79d77c8390ccfb934a8b6e11b8a8417b72eb85f453a497774ca4d8688ea3fc2eeb33423fb2395acbc111504
-
Filesize
54KB
MD530a99512b0078bcea74066bde7d4788c
SHA13519be6fb4f96718e30678fa70b308f92c885c58
SHA256885ad0269ad906e11781af0683fddb8758dcbc503f8c133fe814ef2fffba77a1
SHA51263f454def4bc8c8f140bffbed55a345ff88a21edc1a8320fa9094b05e37b91635a8bca2aa6aeb3ebf2a6c66ec8004e20e065b06edc4e2a2d6a09d6e548786895
-
Filesize
336KB
MD5a525696c282dd27b8962c5d3017d2609
SHA184a1ccb1833c8ef6f3cbc9f8f24db300550de729
SHA2565a1a5e3463859ac65b1ac8de3fa7f92c7ba643d094da373cc51a11e6c8c55943
SHA51235455410555b1b61e1f1cd27f1d6219f92c8ac1d56238241d9a3b5c7c29056473bf7aa2146e03a58c007ab88230682030e710c5894ea1c61d44eee00cdfa65ae
-
Filesize
277B
MD5dade4a404f68373cbf871e50edc72baa
SHA1a95d0dde34a926a9d410b6894a62f3320f0de2ba
SHA256853318ec85e3f1c475fa8382fbeef8124a79f94e7947ff0a68ffde2d42298fce
SHA5126bbd4dac47fa038c397d10b31997a5175a553d8c2e83523b94818ba8a59517a9b0071dbde35587f4986c79abd4aaa74ccbfd0fcb535545aecabd4021bba6e06d
-
Filesize
267B
MD5bc92143a2d5ccf532660e34d41c6bf78
SHA18df4abb6daed5cfd572c7a560d251d8f4003a374
SHA256f818e7f94d729e498b80770495a4499b4ca0e350cd42e461c404aebea3ae6784
SHA51291ef6c1284b2e9408c7ad7f5b8bfcf59c5570d12ae51bfe9a2c65103e9ea5af73204dfb1125f3919f106365ac927d4f666bbbc7e022a686d1137da8da9c1e295
-
Filesize
2KB
MD55c79fe3ce0d93f723986e4ccbb8cd65d
SHA144a4bfa8f40e4559e347c8d38d060c07a9f4a273
SHA256f93081c7f88f14499d99a2d4464a4a6db1720e2414e02bafb005b6d5b3312444
SHA51245b1f78f035635c92858fae49cb9ce0b05fb569b46551018424094fedae079bc9870c0d096aa13e2afe35a79e0b11dc6cee0df3a1c7783d759711918605b7e13
-
Filesize
2KB
MD565d1ef107e5e3b81bb8c2015055710bc
SHA1e2422519a8ec2d529638622205008251600f6145
SHA2569503b24db35a230263048ab52a7cbe976eba813e183339fcb03f399832e90e73
SHA51230c0cf0ea33c21f285aedd168ec5a33b9d3d5ce156a0ca75a6e63d5cee029b84e6b76bb85c3c52912a4356c3cc337f25368171804e6f3eba886651239d95e901
-
Filesize
2KB
MD5282b2e08de9b1788b231a080d2537ded
SHA137d680d2b832afdb6244b68ef1b8fd8f5a4025e4
SHA256ecebf4eb6956ff370d98775042f3b23603e80b78443c71afc2b5cf81ecf089a3
SHA5124e47d9a0a7294a30e80c12634ad595bb3b40b6eeee316a4ff08fcd9d804662f6223485494025d90c58d20a3db4d8ca1064394c7e675841fab44b7080b2f2c2e5
-
Filesize
2KB
MD5146566bdcf47c29c1d5be79702a795b0
SHA1275e5b448377d5d953112c4d2755e966b8702616
SHA2564d8ca0b698f7fd0e37feb8f6739b1aa3d6c8efa5f4d556599bdaa7aa7ba6b6fa
SHA5128330988844d73bee2798c54feef43f6acb1656f86dfcd32b7a59ce1e02fc01f642cfef432e4b315dd0310343cc823811437f70f626edca80c50dbaae4987fd9c
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
13KB
MD5223aa27f5f9e50583bbb8678ee9fb882
SHA119a870ca8c2feea8a0b7b61395d05f8a5ffe48bc
SHA256150f81920f65b3f35931f6683d8fb37ff17f65911add8d1ed1094b25ad2f6d51
SHA512f30bdc04914441c07876d41cd70c55d36871013ca87d453cb8a5f5ea2b293c217d8cd34e31530d177f3a0826263f23fc98bbabf266c2375d64672bce4610d3bc
-
Filesize
13KB
MD5881ab4faa1aea625bd5fd57257317534
SHA1a8ec1d3ce40e714dc06524776d371e420209a1d4
SHA25650ef64a44a89fc1bc6055d5779fb7e607aab77c42fa1ce0832218b3ae650b997
SHA512d750e774338f81dcaea0d7a7345b0d02d7127e0320abab40a7af98825be3f3f0d733961809dcab2a4fb689806547957ed840606338a6aad44415d2bcfc419e83
-
Filesize
13KB
MD5ac3d642724580731f7101e51ebda2366
SHA1211c10149a2216045c58422f28a79557c421bee6
SHA2566f1763ea127ce7a22875c0c2fb4a2f3bbdfd7206030753d64a564186709c10a1
SHA512b6578362542d30254ea23744b3ea1b93c2885e6e3d805caa40005c668ea5a6fb2c00b9ff75c14944943d2ad721833cd6de22b8bb1a2f509bb1b8891415ee1632
-
Filesize
16KB
MD5d5ffe96cd419866e5b2df0ab6d7b8018
SHA1a3e3f486c40dcefcabc1d410d238e21987a0582f
SHA2569dbf2fe64080cae8ff2035265a7ba9f24da331070a895975a7e1c0e6957c28f9
SHA512de0154a6133d236fc2185a35f85e160a53691b84499d88a28e9c4b23816312aab5671b554357bcf195f513f7db004171c89ee5a039c651dff29b44408a27504c
-
Filesize
5KB
MD57f7c09fae9b93b779716376f09911c46
SHA12491f6916ad6f1e0d46d93e3f5db45365762afe8
SHA2561b7875178f1f2335a1bf57c502859e260e5f26b86040a4586255ddf6b31bd1a5
SHA51243aef31ea0753ee26304fdaf17aab5c72c9f13ff341892fcba14b3f2b2d6de65bf9343fdb432dc4ed240a13a804b7dd5adaf0c634f12b231ce4eac06c8331666
-
Filesize
15KB
MD55f9fccb1f4af9eee991dd4471c72c64a
SHA1bf1bc93aa01341aa81377fde6339803cacb22455
SHA256b4b4f1c1527c82775f24973cc9f734e28ab44a5ee2968269ef47163083da6ca4
SHA5128512b3b4061680bd4870207b386e000466147a6e5d1509310a6eacb733f8060485172765b2b075fedf8c6d7c64cf44e8e7b1bde0917bddcd7180ca739a29b1f1
-
Filesize
96B
MD5563f995896d3df32b9d0d492dff0f6a6
SHA143a0f179dffe2f95e375128f66413d2530ef331f
SHA256bf50c3bbc9d7014c6fba1a188fc7cc127540df6c7d5ef9b3a44f70d6f6654cf8
SHA512847fc69463a7d574b1cd89d34880dd86cbba9277abfbeec53eaa9f20fb9e2d89e2d3c509bad3427c23f24de4d2114f7a97cdba15e036c2ea29a107fd4501831c
-
Filesize
72B
MD567f80752670f670c597fd0e1826e192c
SHA15cbd71ce208a2fc9a66cfa875e70cac54da5d24b
SHA25626d8cada2dcd869546f1c28efdb255e280a27fb1f5deacfa3609ab140f32d101
SHA512524a16a769224cb5cb338695dce831a29e707020813faffbb0c909cf132cce381216fd8212275d5b88f50a8d53f6c897ae8f9e4d7f4270c1e9d54f7ae4371c4f
-
Filesize
48B
MD56f98de16afe9cd5f38c24700d6c7f0f7
SHA127076ba2f0c7ab0a8ae8eae043c384172bf56518
SHA2561a1aa0c3543666442c79886ad306f396af7be32f0715e91e5d22995d871de287
SHA51247c23418608e9cd31dbbe34ea95003d1073e1712f73e568ad02fc67f4575eaca2ed2817723502b58570a50ce990ae45ca0f5d8c4231f52bc3b076bb5c7f4e576
-
Filesize
3KB
MD51e5482c9abd0efc9ff73ec76b4dcc4eb
SHA1555b6f84e02f5bdf10db8e6434a6c37c5cb18200
SHA256f61771e32b1c944fe578ba6646e39d4f6b68863b7778148959900404e2192a2f
SHA51238687f2ac829a749c2d13ef21cb9fbc74773ecef45e67ce18b80d712838418ddde78994fb2c8d986fa0c1db9414b7b1f31639662e071e92ae3fdccd16788b637
-
Filesize
4KB
MD53f48a6aec1a366cac7ada3975754624a
SHA1468789ee8e77e6385904b11152dd0c315858a9ca
SHA2568f6516f9be5b19e913d67375f6877cb5670e0d069127feea5bb41bd420221782
SHA51284ec62e1af032c601cf3b57a5049944722014b1bad07873a43d884d208835aa68af1d9ad50778a76ca2410643805172321e10a436e26838accb161af8140ae02
-
Filesize
4KB
MD5eb1b562d6e780ad8b4dac35ac2b0b8a7
SHA1dc739c6df4007cf131be6a7f7a028fc791130995
SHA2566d097446f1f181220c3165ae6ea26824adaba660e5939200c7bb22d1b81d99a8
SHA512e93f655f65a0cc42306994894917fb5c29efeb1b824cf5811424fbabacfe7e9bad78e834e200c794b4c6318f9be70eef89c2d09f86c3123d031e9c18e4ed9eda
-
Filesize
2KB
MD535904418c189e64328f733af1c0f227f
SHA1d1f28ab826382526dbe351e6bfa39a4b6ca2eb6f
SHA25647cc6ca3f6e4e13b25ebc69ac11dbd7c8ba7501a1503d361efecc66d0987d49a
SHA51212e9f51c25fcb502e02233ef8ab306243627620753660d83db4e84d6c2c619f1fbd4f4637d299e443d34fd8617a97d9e3c8ed7bdf97ba286f496f16fbd2c4606
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD546d7ed96c86b87b48c57dcfe1b71b75c
SHA182d8132fa79ae6608bc1133da16e32c5f8422191
SHA2566fbf21ae34bda31aa723ab33916fe8cef11923bd420342ae3189315522172f59
SHA512e51f6d7b7f50155a0c2824473397b4ec5c1879fc895d87f388b2ba03346ff5fdc12b3ae7f6c9382d096ee0215e15d9348e3a8e22f1c96e31c852695e8dc76b64