Analysis
-
max time kernel
77s -
max time network
86s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
25/03/2025, 15:17
General
-
Target
https://emporiomega.com.br/team-work/template.html%22%20/h
Malware Config
Signatures
-
Detected potential entity reuse from brand MICROSOFT. 1 IoCs
-
Drops file in Program Files directory 5 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://emporiomega.com.br/team-work/template.html%22%20/h1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2a4,0x7ff8ed0af208,0x7ff8ed0af214,0x7ff8ed0af2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1864,i,13398352626081044400,9028236458486416013,262144 --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:32⤵
- Detected potential entity reuse from brand MICROSOFT.
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2224,i,13398352626081044400,9028236458486416013,262144 --variations-seed-version --mojo-platform-channel-handle=2184 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2468,i,13398352626081044400,9028236458486416013,262144 --variations-seed-version --mojo-platform-channel-handle=2476 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3492,i,13398352626081044400,9028236458486416013,262144 --variations-seed-version --mojo-platform-channel-handle=3480 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3416,i,13398352626081044400,9028236458486416013,262144 --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4848,i,13398352626081044400,9028236458486416013,262144 --variations-seed-version --mojo-platform-channel-handle=4964 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4800,i,13398352626081044400,9028236458486416013,262144 --variations-seed-version --mojo-platform-channel-handle=4952 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5528,i,13398352626081044400,9028236458486416013,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5448,i,13398352626081044400,9028236458486416013,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5448,i,13398352626081044400,9028236458486416013,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,13398352626081044400,9028236458486416013,262144 --variations-seed-version --mojo-platform-channel-handle=5812 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5620,i,13398352626081044400,9028236458486416013,262144 --variations-seed-version --mojo-platform-channel-handle=5816 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5608,i,13398352626081044400,9028236458486416013,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5092,i,13398352626081044400,9028236458486416013,262144 --variations-seed-version --mojo-platform-channel-handle=4924 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=5328,i,13398352626081044400,9028236458486416013,262144 --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6392,i,13398352626081044400,9028236458486416013,262144 --variations-seed-version --mojo-platform-channel-handle=6256 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6516,i,13398352626081044400,9028236458486416013,262144 --variations-seed-version --mojo-platform-channel-handle=6340 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=7156,i,13398352626081044400,9028236458486416013,262144 --variations-seed-version --mojo-platform-channel-handle=7152 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=6376,i,13398352626081044400,9028236458486416013,262144 --variations-seed-version --mojo-platform-channel-handle=6540 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6980,i,13398352626081044400,9028236458486416013,262144 --variations-seed-version --mojo-platform-channel-handle=7048 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD560d40d2b37759323c10800b75df359b8
SHA1f5890e7d8fc1976fe036fea293832d2e9968c05c
SHA256c3a2f26d5aef8b5ed1d23b59ed6fce952b48194bed69e108a48f78aec72126e0
SHA5120c339563594cc9f930a64903281589886308d4412ee267e976520a58d86b2c339d7b2320e1b3fd6fbf81f092ff1735f0710c669af2986ea5b63d2c1e0a6df902
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
2KB
MD5674219eff6e5fd577e5a212f2ee3fee9
SHA17473a06ebe7c4382844e2ca539603aa965ea8ea4
SHA2562bcd72485b0a466bc1f646309992bc4069e73350706ef36ff1e398d96e0ad49d
SHA512919e1796ca39c4754f6ae28e3d01e2e8de2129e867393527ebfadde17960e18f9d713cf7fe681b030ef4ca2082f4c6f1bb8f4ea06539ea5d621200eff8c5a2ca
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
17KB
MD5343749658380c2835b7199db0c2aacde
SHA1f7da27c43f47898a2221647086c853b6f6fdb821
SHA2569f4ffcc84a05ef65656bbea5c8d3ab80b66110a542db9324fee63ca69f8e8e78
SHA5121c7ad6bb784eeaa4d34349b1cc023eeaef3e15e5730830dccfe65176742038cc6880991b5536245889df8875565d514775540375270a25c0d240501c70337fbf
-
Filesize
18KB
MD509e9d85d688891d5bbe491fdd5eee3b9
SHA1078a4d07cca70727e3d3dfe68c1eb993eeef4827
SHA2560f8241e9fc41906fb66a3052356087fcaa5454099a2e5e50cff7c01eb600f0e1
SHA5127b550e4d800d21d079d3de203d8f5560742edab51ba2df45d6bf6128a401bdddddb53e275adc83c45e8c445f2856ddde8a5f1ebfebcdbc8c023c1633f4ae19be
-
Filesize
36KB
MD583fcd1087040e6dfb82c289f3ee26fbc
SHA1408f7f0d27437392e5eb1732900514ec6f3e75ae
SHA2562102d8b87fe063fe49d18fc7e0e91fb7a938ca96f68d952b71b8cc5af43d5742
SHA51250ce485217277032c9df6f774cf0ec58779b946fbcd7f5e72cd3039b51602e88add287ae10a5e537ac08e1b67b9749f47e437a12ad791e0f8567158a304e5fd4
-
Filesize
22KB
MD5fcf196648f637083bd64b81a7374819b
SHA14ac7064081d6f2fcef1938526795d17a95307c9b
SHA256caeb498594c3b0b97910caccffb4d4cf2900687e8e86be74bfce00624bae1025
SHA512f938b0c295cf18321bfaa11e1a40f2e01dae71c429528b8a3379a015ae5f0d42747f18fe4e3f611ee8b07fe37daf07410f92c840f85ec1ee46fb9c7228e01195
-
Filesize
469B
MD5958440401e584c3682a98963324e0fbb
SHA1c37295e89e99a9f3857c541ed33a2aa4f5f2d0d9
SHA25601895fcf5c0256e2846f0eb0437e5c2903682f322ec3d5dae6858243f0e9e8f9
SHA5125928d12780e3081f33493a6aca85e282c58f8febc2564668fabcb52e831d52860eb0fd2b8859c845e09a46a1f181db4bc6687f6c389e56ee9b4545126a319ba1
-
Filesize
22KB
MD5fcd4cc06964271a1d57725deeeca7fd8
SHA168a81916bde16b13da58327c404abd4d19652685
SHA256ad43348555ad3bd24db0f4d008e24a0baba66d1b52c31c043cd66904734abfd5
SHA51240cb767227590346470d4617c0d3e8c6700c74b04501ce464ff9428af124d59045e1234e4c50e6fe91b5fab66ef96fae419fe0dcdb84607653438d51a73a6b32
-
Filesize
904B
MD54fe5c9c956bfdccda7e25998c515161a
SHA19f5c967b3e9c10c21d88df53326b68cf49fb20ec
SHA256a5d1c314b5be467f322ff21187b0435c03cfab034b7ba6a8f0bbba91b8996a35
SHA5120db592f0bac9268f4814eb02c82cf6746220ddd45ff055c36a1a46fec6467ab51afcd8dbe46ff65d107706e2d76d9c84199f433e0a965f42889e8aed667d50bb
-
Filesize
19KB
MD541c1930548d8b99ff1dbb64ba7fecb3d
SHA1d8acfeaf7c74e2b289be37687f886f50c01d4f2f
SHA25616cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502
SHA512a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75
-
Filesize
40KB
MD5efd55f4a259ff3c30931c3854ccc4c11
SHA1b0adbd5470a574125dca95dbd7b2c253cb708cae
SHA256460403818a207d49a26ae1a329a3a5cb72740ffb9e4265e8b11c5107522c7dea
SHA512bea5ac1ea71c498da6e1d3b71af021968e6905a81704ffed07c4d0b936c1ee7fcabe36b4ec3512f8d18be5b90aaed912d257ae5aeb89d75bcafebdc04013a5c8
-
Filesize
49KB
MD5a68a4f78c8d21e58e2af4b07d95078cc
SHA145108594ad6a00086a18478eac3f6e563920737d
SHA256ff63467398be5bc0e82570c1d77d4686aa6d47cac577aad707d8a283d4cfea2a
SHA5124fb5f140ca0a0a74489b036dafee85c53b837eab628606bb76cf00ed8d3136327dc18af963dd8a4e146cffc2e0972685ee2f92de7ca5c77ac5271d3b46ebd1d5
-
Filesize
54KB
MD5967b64a899db7d3f529d70b80a0fcc4d
SHA16e881e1999870ba445d178fac29750391b2c28a9
SHA2567305c0daae8ab0651d797a0803d70aeed8c1f452daf1d0682251d6faf9306efd
SHA512e470a34c82d2a8ff6b2323a3689604db1cb349e1231a1b36604d3f414fa5976cd9101df87cf1b0a108d46dbca905fcb96c6439933655f0fd384991cb562c9284
-
Filesize
392B
MD53340d071ea83d7b1c5e06e2ec62d59fd
SHA127b2e4f4216ed69e1cf6f49a307fd14502c72874
SHA256e32908cf40a0ee8295b0eb69eafb9eae08c0aed66f29bf9d371628992c03bae2
SHA51250c19adc80bd43344298ab021890755589cea3f361ba23911b9f659a5f121d4654ed4d276fec8c8653970b890349ad11bea3c553b83154fe7d5b77ac21e5e16f
-
Filesize
392B
MD52cd0ebf4221b189428521f206a6fd57e
SHA1e74484d6942444204c4a65f76e12e7a2015d2ce0
SHA256cd28c0426b5a170356066bb7ce36fc717ed4f2d3644e24821983780559a992c3
SHA512bdbe50ff7e42eb944ba70ed7dcf547fb4f268a5ad048792cb7d171d19ec7245749e6d49afa38794a5bea5f73dc52c6a068e115e0c7ecad844c872f5f35f7862e
-
Filesize
2KB
MD5da18475c1a88843722bb879a2ec62c5d
SHA1e293c481bc60aeb80019ad657a244771d35b5625
SHA256d2524887f2115665c63fd00cab00b1b64764f81cdb075195a184c8ab9cf6d389
SHA5125d7953df76fcf3587ba09dde52d745b1f72ecccfe54dbe252a4f1b664c0f7dff6b662ef787030d49800cd2f21ddfa62165d9bd24459b88a75ef80fe46d78a812
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84