Analysis
-
max time kernel
116s -
max time network
113s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
27-06-2024 17:57
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://is3.cloudhost.id/yi1ycq5hrjjvl4lb3w9p/yi1ycq5hrjjvl4lb3w9p.html?AWSAccessKeyId=COJXNBFO8B89DP45D8TX&Expires=1719583165&Signature=bk2rTj2VP1G0DSMZwpi%2FoID%2F7CE%3D
Resource
win11-20240508-en
General
-
Target
https://is3.cloudhost.id/yi1ycq5hrjjvl4lb3w9p/yi1ycq5hrjjvl4lb3w9p.html?AWSAccessKeyId=COJXNBFO8B89DP45D8TX&Expires=1719583165&Signature=bk2rTj2VP1G0DSMZwpi%2FoID%2F7CE%3D
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exepid process 4560 msedge.exe 4560 msedge.exe 3736 msedge.exe 3736 msedge.exe 2812 msedge.exe 2812 msedge.exe 3912 identity_helper.exe 3912 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe 3736 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3736 wrote to memory of 1660 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 1660 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4880 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4560 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 4560 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 3544 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 3544 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 3544 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 3544 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 3544 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 3544 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 3544 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 3544 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 3544 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 3544 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 3544 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 3544 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 3544 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 3544 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 3544 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 3544 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 3544 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 3544 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 3544 3736 msedge.exe msedge.exe PID 3736 wrote to memory of 3544 3736 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://is3.cloudhost.id/yi1ycq5hrjjvl4lb3w9p/yi1ycq5hrjjvl4lb3w9p.html?AWSAccessKeyId=COJXNBFO8B89DP45D8TX&Expires=1719583165&Signature=bk2rTj2VP1G0DSMZwpi%2FoID%2F7CE%3D1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xb8,0x10c,0x7ff80f013cb8,0x7ff80f013cc8,0x7ff80f013cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,2256017097287694489,3609990683466792599,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,2256017097287694489,3609990683466792599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,2256017097287694489,3609990683466792599,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2256017097287694489,3609990683466792599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2256017097287694489,3609990683466792599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,2256017097287694489,3609990683466792599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,2256017097287694489,3609990683466792599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2256017097287694489,3609990683466792599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2256017097287694489,3609990683466792599,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2256017097287694489,3609990683466792599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2256017097287694489,3609990683466792599,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8e4bf11ed97b6b312e938ca216cf30e
SHA1ff6b0b475e552dc08a2c81c9eb9230821d3c8290
SHA256296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad
SHA512ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD523da8c216a7633c78c347cc80603cd99
SHA1a378873c9d3484e0c57c1cb6c6895f34fee0ea61
SHA25603dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3
SHA512d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6741faa8-8973-412a-8182-c59bb631cf6a.tmpFilesize
6KB
MD5c22e5c7ab017df66ab21d7f09db8593d
SHA1b1d06aeae6db9a7a4be6ccdc68aac61bd447457c
SHA2569feab9664653d3d1a5b60a4c09d0f2bc92c501400868e12194ee8a8ec9a67de5
SHA5126372f4a823884ab203a0f1a1b57c88e656cf8058b6b5ac40b9188c4c0e410c62a6a3313b4db0593557e3c9c337e4eb53847ec17a49e9569a06ddb80515467f30
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
240B
MD5fc931f71a86106160d262101e9a42e78
SHA136588b29d61b6c098e00ee6580c4469dbc9704be
SHA256d20e97d9140513979b560a1de2b6a33d86986250d4e172b91befb7587cdbe8cf
SHA512702dc2e01107aa825c25419de214d3ac000589786de47c6cd04ea024127b7947c734630995f2c73f47306e6045d04005308a23b539f60f51f252a1f20ab009c6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
968B
MD54f9030d646f113271e0b1db0f56c7dde
SHA1d55dd303ad6b4657efe6c2bd4045b517e0776e4f
SHA256556a9ed371b5ca5b59d4a7f9ec29965186f9a586c5cee593a2033e969d9d701b
SHA51219ecc61ac48f4ab093450a41700dd3eb805a23c9c9502eb49532a21bc31bf4d28503a6b826e7a64eab58e20cafb9c19643b2b109eb1730040122575df4000841
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5fb7a827163df01e75c40d2d0524fd882
SHA18f50c1821ee20b8cecf9f01462184a55262f6f27
SHA256a347b3f24a6089983eaa3093b224118838d54665a2e185f0291628699b797750
SHA512742f0604a4f2d5cc69db1a3f56717844f0b228dc723b90ebb6ef824306eab219419ab2117efd31d477fbd66e8895fcf48cedb55399864a7c7565636ca815d017
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD505c0cb41ad341c7f9ecd6e19e621e824
SHA1c09902598df814cb6930bad7d1d103b9753cfff4
SHA256b3afc94e826b9fa7f1403971a26d975fd08edc51a49a9fa0c6447d165b12a18a
SHA51241d465f75f27bf7cb8f8b1b0ef2b7a1e0252e8f4263f12dae6100b5303630800bdea058f7a66a0fba5d49553c2d8c472e9c8532718e9e153926e49f98e0cca1c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5e1d79aa82bf20d0dab740db62c1611a9
SHA1931a7fe248d7cf3b872ea3196f7a986fddbabdcf
SHA2567ed383c1ab2977323a45d56d5072529c646e7aee1d238a1fb3ebf2843992c5e3
SHA512adb62d2ca8d83ef6ceedb08b33a36317ab6fc55ec932bc1a14ec5083abb2a5834361934d8c08060079aa0b00223deb3202d7b685c2922a6c3e0e0b1b8c51a7b7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5f98b628fe8fa2947e8db76fff22f112f
SHA17d4d40d893a4ad65438fe1885dff69c8c66b97bc
SHA2569dd51b186c21e2e82ea37a247e9b8e9f1d8d08d5d906000b588977e866fad574
SHA512b1867deb62ea56285a4f1331c9ede15032ddd21985ebe69fb449635f1c7ea6f0d9f045aefd7f7fbba36cdc8c7472374f0f030f328648af592bd1bb6fce5f3a9c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD50437e62d1c20141b0522a6f6a9fbfce7
SHA1afffb918c33a6360bb7c4ccfa8d58f24a7faa33c
SHA256b204e3ee9653a7abb84541cfd23abdc3969f9afc271cddfd22cfb87699fe4af8
SHA51240d7982f0913607eeb570187ca3977c765165424f0059011a01d694d3c6b5549e0245af1b0d69410652cc261f575f3ab71d6167f786c015c5f11dbd47c9c6016
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dicFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
\??\pipe\LOCAL\crashpad_3736_OUAUJAKLWKRJWQZSMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e