Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
181s -
max time network
189s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
28/10/2022, 19:26
Static task
static1
Behavioral task
behavioral1
Sample
ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
General
-
Target
ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe
-
Size
242KB
-
MD5
0c2b933c96075287e46272be1168d0c0
-
SHA1
f67149313c952cc96cb546f9a7d88cad4f485a99
-
SHA256
ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d
-
SHA512
41ffdcb204f1eb7fe59204917c5f39c54a247a7315c5ae8b41b1f4baf1880421bcab0ff4c0f5f47c2f810ec764214a2e6fc8ab4b9d307d1a6b68a4b374beb77b
-
SSDEEP
6144:1LAOpuAQaJAbw1uZcGNpDIVpWHHfG1nE00abhsy:FWAQb4uZc+pDIXACE9hy
Malware Config
Extracted
Family
sality
C2
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Signatures
-
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusOverride = "1" ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallOverride = "1" ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UacDisableNotify = "1" ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe -
Disables RegEdit via registry modification 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\DisableRegistryTools = "1" ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe -
Disables Task Manager via registry modification
-
Modifies Windows Firewall 1 TTPs 1 IoCs
pid Process 5052 netsh.exe -
resource yara_rule behavioral2/memory/4872-132-0x0000000002260000-0x0000000003293000-memory.dmp upx behavioral2/memory/4872-135-0x0000000002260000-0x0000000003293000-memory.dmp upx behavioral2/memory/4872-137-0x0000000002260000-0x0000000003293000-memory.dmp upx -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UacDisableNotify = "1" ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusOverride = "1" ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallOverride = "1" ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SYSTEM.INI ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe Token: SeDebugPrivilege 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe -
Suspicious use of WriteProcessMemory 22 IoCs
description pid Process procid_target PID 4872 wrote to memory of 5052 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 81 PID 4872 wrote to memory of 5052 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 81 PID 4872 wrote to memory of 5052 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 81 PID 4872 wrote to memory of 784 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 8 PID 4872 wrote to memory of 792 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 9 PID 4872 wrote to memory of 332 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 13 PID 4872 wrote to memory of 2416 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 30 PID 4872 wrote to memory of 2444 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 65 PID 4872 wrote to memory of 2576 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 62 PID 4872 wrote to memory of 2152 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 33 PID 4872 wrote to memory of 2976 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 58 PID 4872 wrote to memory of 3256 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 57 PID 4872 wrote to memory of 3344 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 56 PID 4872 wrote to memory of 3416 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 35 PID 4872 wrote to memory of 3500 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 55 PID 4872 wrote to memory of 3716 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 54 PID 4872 wrote to memory of 4668 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 51 PID 4872 wrote to memory of 2940 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 39 PID 4872 wrote to memory of 1300 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 36 PID 4872 wrote to memory of 5052 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 81 PID 4872 wrote to memory of 5052 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 81 PID 4872 wrote to memory of 5016 4872 ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe 82 -
System policy modification 1 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe
Processes
-
C:\Windows\system32\fontdrvhost.exe"fontdrvhost.exe"1⤵PID:784
-
C:\Windows\system32\fontdrvhost.exe"fontdrvhost.exe"1⤵PID:792
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵PID:332
-
C:\Windows\system32\sihost.exesihost.exe1⤵PID:2416
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:2152
-
C:\Users\Admin\AppData\Local\Temp\ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe"C:\Users\Admin\AppData\Local\Temp\ecbb9a149791dd6c72940bfafaab7b3be875873d200fdba6cfe2392fe802fd4d.exe"2⤵
- UAC bypass
- Windows security bypass
- Disables RegEdit via registry modification
- Windows security modification
- Checks whether UAC is enabled
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
PID:4872 -
C:\Windows\SysWOW64\netsh.exenetsh firewall set opmode disable3⤵
- Modifies Windows Firewall
PID:5052 -
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵PID:5016
-
-
-
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵PID:3416
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵PID:1300
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca1⤵PID:2940
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵PID:4668
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵PID:3716
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵PID:3500
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:3344
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵PID:3256
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc1⤵PID:2976
-
C:\Windows\system32\taskhostw.exetaskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}1⤵PID:2576
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵PID:2444
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵PID:2060