Analysis
-
max time kernel
2643s -
max time network
2703s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
18/07/2023, 11:12
General
-
Target
https://ghostbin.me/64b659b6e2f37
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 18 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 41 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ghostbin.me/64b659b6e2f371⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa679b46f8,0x7ffa679b4708,0x7ffa679b47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3108 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5632 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6220 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6940 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7004 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7104 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5784 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6164 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2268,17247016391045693990,5643401453716541793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x440 0x4381⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x440 0x4381⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58411007bafe7b1182af1ad3a1809b4f8
SHA14a78ee0762aadd53accae8bb211b8b18dc602070
SHA2561f274d0d144942d00e43fb94f9c27fc91c68dce50cd374ac6be4472b08215ca3
SHA512909e2e33b7614cb8bbd14e0dfff1b7f98f4abbf735f88292546ce3bfa665e4cb5ee4418561004e56afc5dd30d21483b05f6358dad5624c0dc3ab1ba9a3be18eb
-
Filesize
46KB
MD52f3a9bf38d1c62f7d98245ce5e624243
SHA1b717005992581c196a3b45b30f0827060e605c41
SHA256624275866abfbd84a28615d768575020273c2dad86e7431ae3de34c9fd305cc7
SHA51237c9e46570e62533d913b818a53aff01e2bfeee78178ca6d99a9be95985584c778b66b738b40c1d58fa475c01c479b3cd9b7b26454fa757ef5387bb3ba51240d
-
Filesize
93KB
MD581f4ed1c943ffee48dc25980e9ea3447
SHA163b2e345aa27344ba73a4c8195712e5c77de3d23
SHA256439ee7555cee27703b2d2879973af95b0e16ba53a0dd8de431b9b8f7ee58afd6
SHA51201c066234cf28373f2028204807d8be6b79e6e3645c5fb3d888115258263938b4ad5c67c63abb1956a443dbedee109eb8a90671c27f0ebc11cdb9f9aa53b3fc9
-
Filesize
32KB
MD56321aad92f5c73b012005800adb11869
SHA1d17deb8e6f613ac4fd692bc5c395f8266d958a02
SHA256bceb3a61424b96fa25eef0a87b6cbc1d05c9a519f82f6917c3ad10410c77c2b3
SHA51248b2bd6e217d7861dffa1868cc6179a16d167a25aca6605bfd543aac95bcd585558d396374b2b19e14278297f8fe25d78f4519af169c6fb5cbeec454f0959a76
-
Filesize
600B
MD5c77cf60c67a60df3e858ee807d806904
SHA11b9f61894ba89bc770e01a9d2a3ba3a1dbc78c2d
SHA2569ca352202ab9d031666f796093d38d86b3a0120f763d7149e3d9837250dff5c5
SHA512c5298e1e0571e564b42abb0389587b558f5c7cf9380df9e4687313dfe509ccd6fe2c9472c8c53e1f18134e7a1282c2d96b5de626d11a2a852903f1dd0127ddbb
-
Filesize
1KB
MD5cda8c1189c918cd73e09920cde25bd00
SHA1c119b237d6bee14c52a9a7341b3116cf7fe453dc
SHA256fd4a23e750a23240f4bfd34186a30d17f95da6e2dc2c205bf612adfd6636c221
SHA5123a4c298eeb6c1502a0f3e7126a7061d8cf8d7dc51b3b0d0872b02f1889915cf0c58d99377365a162d5c14870cb074dbbb0fb5fcb22b0c86343dabfd32fb9720e
-
Filesize
1KB
MD58434cc5958bd723e9f633c59d2d7b72d
SHA1de706a53915c6db19d40bc38324dba6b50d1f7db
SHA25647ce64d75c38f969834b4612aeb408ec2dfb1f00772418dd8663f392745f265f
SHA512af9f775ff2b3c15f48578771f7b8b896ba9cf52a4688d558cc6615f69f329068dcd431b8b978620e4df43eea1091fda7a2a52a3ac1329c9c9bc5d5c6227b7287
-
Filesize
1KB
MD5b867892464461d8c5db911407aa5f590
SHA121fdf63a092d3007fc022e192a3e1917cdf2c3db
SHA256656eed450a9668a5253fc211801f9192dde7e728ce9bff4746c6a3ca389d0790
SHA512df75276b9df3a27d4a46d00092799efc3a7238436e259db906635749677d4997e58318aac667af5f20804772854bf7df02766aeb15d5293e34c3eb697c1b3ba5
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
56KB
MD5802be869284111db259995d30ccb0d8e
SHA195a0a302be6c385cddbcc0fe8c63c82ff8c9318a
SHA256690212d59da6c1a4e975d021d5e94554218244f13a07597f66b4df56de228af2
SHA512310242abdb2eb8bddfda46b9972f12de682b3211fe39dcc1d1d2aed0a47e6f7036b7e1a692c96f326acf66c988c57f0c9faf93276e5fb3b74689f2a70dcc5de6
-
Filesize
295B
MD50a0678de4d22b2bd16e1540469b1a7d7
SHA1f5eb972d760c081625c20138bdf8bea4c1390912
SHA25648d5de24e273852733796f37cdeac02d7320494ad0d207fce6894ee9dc34b725
SHA5128f8c489ccebf4b6e42c523455f1c273715ca97bf5f1637d760093b6f401d4b83e5b1fbe235ebd1463d1ef20ebc50732c8bf9d40ccbee92ba94c0e5af50ae83fb
-
Filesize
31KB
MD50e154d244f5c8198d29607828988f467
SHA1a735c302d3535f3264a4702eaae0ec40a1754b64
SHA256df8166052d376c6776e474481f2059165910ffab66aea4b76e56b004ee4e2757
SHA51291afbf890adcb2ee60d6a6f7cc67e6876e93c321de2e2bb107f4e8fb523de3043c49b664c316bc0337ec7699cf0279eccaf0f3a164de6c89d6e8f0c24648db12
-
Filesize
754B
MD57f739a9aba6178c9cd65df719b360523
SHA1e7fef0aa469cfb870a98fc2be0cf8a315a4206a2
SHA256706baaeaabf2e1366939b83bc796f5155a4ad4d97d660a9b4919012de128485c
SHA512dd8269aa26cac68a09507ceb89a982751ba993adb4877048039315c5faab31ee5550b275e1a840b5110540bcfec8bdee95fea14bd2a41b754bb768a26179fa09
-
Filesize
524B
MD5e5f976c27511fa5be1dea7cf1c57cd1a
SHA1256543215153dead39d3be0debbd171b84d64a50
SHA2566880294a7314f0a1fd1b5f67191424f709b1608a256bf5f284f350e35216c0e7
SHA51280ee818d80c5ae12e3b0e3f4f5aa093dfc19a2b41ee9bcf2ddc784ed829e0f3ad5e91b278dd7a6f527e3abb969372f5e3a54e203d2f0989adb8038cf4a325c5c
-
Filesize
39KB
MD566bfda3bd065a7bddbd420caede2bdd3
SHA1486c24b0883a0feec940c52ce2848c3a9f3e91d5
SHA256eddc63d7a0ab9df345d78b47af36c8d146713d8092a1bfd7bdd5bc6619710b42
SHA51295963e85ddb5cf0d50226ad49e64833e20dcd216048c9515c664c1f625b59d0cd59d75e0fd71283fd8a85e992ebde0e2fec83879e63aac74fb3a24ec8cbf5dcf
-
Filesize
2KB
MD56d68384278243fab960ecf0249a2134e
SHA1eda4efda21391ba475e89950fb7408a7d6697faf
SHA2563bfb4992325e77dfb3b7a897220484af67ea8df927b23120e39f72cdc5de8bbb
SHA512cdc799e27681d7146496ec05cd93e41a4dd952756af287a070cf0cb949329f51a4a94ed8805ed24cd836bc78f318d3c14bb0d522227d2527d33ff0280f582e67
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD5570172f225b7f4d0209d2b0a64dd9edf
SHA1270bee1b8cd0cd1c658a9104ee8aabcb408f78d9
SHA256df96974fa8ad546b864eda4f4bb924aa38411c8e4b8bbe720b445c4282995d0a
SHA5124141eb6fd961038c9e64169651f84a9bc4a270ec91e8ccb599d0c7d599b0601a8b3d5e0edc3de2fd099eb110edfffb7b0aea27a8cff746b7615f1b82ffe0e40a
-
Filesize
7KB
MD5ca3324157b668852a5b758e7a18efd99
SHA16be934205f5a2416f8c9992c4bb59bbe9cbd8ec2
SHA256db8e68c5641871483c4a8df7bbf58d55a8b0ed451295706dac2103c4e7601345
SHA51279935f6d8649cfe43f70bbe00238eb843f59a99a06da3e1cbd172c11e6a8266c08baed3c70d83ce8c213672f61ab8703aa9cbd5d0a5eb6a07e73738c8e59ce5b
-
Filesize
7KB
MD5992e30230c1a3a2eea18588dc88084d6
SHA1adb30afe2786fe7ffc6f1b1529fec332df199326
SHA256ab98407ceb0c42ae4c8e9d8777cc551bc1e3d62fdd37dc26e09586c4123c289d
SHA512b8af1ee05469992c16a3ff11db6e4cb84867f5c099b39c7170ccebdd82f3e0b886eb9e5a592821ccbcf8d02377bb563cc0538147a84f7852de2f2b7fbd827e58
-
Filesize
7KB
MD57128172df8dd020f015fd4c49e390795
SHA1b2b9e4c12baedd424a0dbad238e4d3601dd3bf77
SHA256a25f395c60712df57b59edb14013292f2e5cd4bb706b22b3ffb05095f3780d0e
SHA5127a22736556d57f073fc6a0f87029fb2fb810d697d08078b4ddcdabf687317a77a3cf2832640ac424fe4d84ba6743542c28382a28844c79ae5a0c65c8f1db50d1
-
Filesize
5KB
MD51796845e845050e06db9f08191a983f0
SHA1fa9a46a85a7a4cc16dfa03777850c9e0c3ebd3f3
SHA256bb17e89b554169b0a62f942c51f984bf69457694c927fda4e22a1209069247e7
SHA51295cb625aef74db7acc2da44a0582dd09fd7e9bcd59e6805e2d0cab5465753a125f4d4a4e42a377170bf38ecdc87986c320fc196905ee868630c6d98b0a0d4703
-
Filesize
5KB
MD5868a1090f0c03459bc6d8389a6d514b4
SHA15e8753222463f20788dfdbc02cb5bee35af9525f
SHA256754b444ba4f0f657ff06b4df9db7c4b892547f0090668aade382171c44209085
SHA512f0577e8f0764944b0d327357b9f46e0b3ca00e0c83a891262f74689da8d6ca6213562e73da49e8647cb84f7ed323083b7d865490d4732779000d3c76c140508b
-
Filesize
6KB
MD58577a8a1395b12fce643e08a0f7eb85c
SHA145a2fbb9089f09a16ffb5aeda841b7604eae5638
SHA2562eb5adaa08b7eb87b0ad3bdcbfbf8f8287dbb5b290a3661360bf169b75c80bf2
SHA512d3bcff0bdb76324ee5f83e2ac17e476db80c7b548fc646fd146ef23bba62bb2bc93badc6f90df6784a2dd526252f8c0899e0a27a8206744da36130e23e493074
-
Filesize
6KB
MD5f334504289567bbfbb84a6e2d9a41ab3
SHA10021cfd3e2c31d3ad891f04fc11216b9a58f8ea3
SHA256dfb2b240f413de2dd055be4c8e4e3905d9b92f01ab080209d2a7345a1a229310
SHA51212e16276f0f08615ab00d85a9c9e8594689e3cfc029c4465a135e8533db3092a1bdd3395733dbaa97928572dc19c02209a7cea59d8512ed41adab19ba74a8d29
-
Filesize
8KB
MD5c24ec24c05e6230ef382d655c9cfae38
SHA151ef1a29c52475459f8a90473208f64f4407cb52
SHA256911144aa4c747ac439ccd295bbd3a59e1fa73a9fb087eb359f940444f9742a40
SHA5121b0f148ec5c6adcc13c12802c06fcbe03e8d2a7ab848b8c15f26989b833ec9623ba759d002f37962abb99f90f3786c59c949a10cf7fba7fa6c41616eab0c9801
-
Filesize
7KB
MD5208cff87f1e65d5b7a990756d8f7c343
SHA1d97ef877cde5066bdf27159e1f14f1772eb37a3f
SHA256b6510c2d04ea8e8dbea99b78ace831249b730e88f860259aecd4f76c80496d0d
SHA512415285eb6c0d720c61ffc92d2ca07ff5056a325d3ddcd963e98d48a481eac35dca494872d1f0d0486ce498ee3ddf14a6665d33bdff719ecf166527952d58b269
-
Filesize
7KB
MD5ea9babd8a15b1a641bc71febf0d6fff6
SHA11c1be1e96859324bb8251a421c8088526dccbf96
SHA256f796d83ab54b9c5427cd347ff9deea71d58b17173ddaf0dd1adc8c1453a9c804
SHA512c947d06f012ac75d16cc1d03f3d6017efe39faf2c6c870cdbfe4445c7affb0f2e9ca3784d41f57e73e6440373809f45e279b0a0aca793614ed67affeece3d7fb
-
Filesize
8KB
MD5eea9012784c70514f8661b3f04fc98c7
SHA10bb90f02c2e72d44ddcfb2b2522f9a785321d9b1
SHA25615437d93c79c9e449edf2b39cc7ab506065c5c2d222a17025b0055a12fe162bd
SHA512074daeda4ba54e5c1f36d3bb2246f834f367f08b855176d345dbbba2707033c399d287a187477db5c7fbcb4ce551b10f676d43278be72bb4e31b347f543aad4d
-
Filesize
8KB
MD53040ed32f0fd1be574d08416fe2d1491
SHA1f06d8f86f76de9b21356d7660c5dee4672e5a710
SHA256c284c20aa2f4254a273382f927cd211ab2ba92027cf0514023e3e7a9ab569bd2
SHA512c58a16a740e492ff1059cc75656080b57d5e57ced6a34f7735510df1195a299b723f6db9c1a23c0411fdaed2ffceaa5b95dff691d53bbc3780d90f0d831fc9de
-
Filesize
8KB
MD53b6cb98dbc21395ee86ebcec60678be1
SHA19071e8ad914751330e0dc62336ffdd0383a08b5d
SHA256c3f910e2f954028a53f61e013cd4e3a3904c09054bd3fb0f1e807f41489ae7dd
SHA512637d7b3c28e2eb0467da44ee683a2054cded4680471ff30bd075b52850c46048a42380afecd98105984ec90808008982dc0b2999800ce4909d4157ad0d9ecaa8
-
Filesize
24KB
MD58caf4d73cc5a7d5e3fb3f9f1a9d4a0cc
SHA183f8586805286b716c70ddd14a2b7ec6a4d9d0fe
SHA2560e0c905b688340512e84db6cf8af6dbdfe29195fefde15bd02e4917a2c5fda8c
SHA512084ef25ea21ee1083735c61b758281ba84b607e42d0186c35c3700b24a176ada47bf2e76ed7dadd3846f2b458c977e83835ced01cda47cdd7ab2d00e5a1a294e
-
Filesize
26KB
MD555cc897cdf50c347021265d683664593
SHA19cbd91204e8339d960a9f4a04cc3203ada19ac91
SHA256e8ee8e95c95391cfdc52b398f4311b7b7dee8b01f7589d8f3395fdf352e1a3e7
SHA512ad2da61f5d1524013ba285db63aef2fdd84c55853044c33172e0e8fcb2b7187d0283ade04ed876d7542f686b56aa840daeb09753b14503611813281d6226906b
-
Filesize
29KB
MD514cb8416f41835b307d145b96322d8bc
SHA13e5384d5603ae3cf6bcebd250557a02a6635b50c
SHA256d427897d07c9fa298d3300a079c6fd22d8a55c78eeab06a72467282b4eeed8ff
SHA512a52c7e89113b90722b003e781eca8eeacfa600ade8be9b4e3b0e641a82a1d4ca01c182c3467180a75f725e8a540a060c8591010a79266b9db9cfa323dbee6f4f
-
Filesize
90B
MD5cc5ff2a9bed8351c1f7ce31d5af8b8f7
SHA1abb9b711cf45547096467606e8e32c1db697604e
SHA256b2554040c8c40b8cdaa42817cf0dc5f9c0f5527bb6ec4438cb75a64d60462186
SHA512d160704252f24bdd06c6df350c4b6b3c7244d513e6967b95b04e5887744f04e98425adb52b1e9adf09bc85ebc64b16f95ea403c0994c9482e60796da6eeb11b5
-
Filesize
26B
MD52892eee3e20e19a9ba77be6913508a54
SHA17c4ef82faa28393c739c517d706ac6919a8ffc49
SHA2564f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae
-
Filesize
90B
MD5be63f941c4e2fea3a92ed8796813bcbc
SHA1e5b5769f7d0c8e176739063b03f06c8ab9c13287
SHA256a608239c2a89da0b75d92d1b3211685b7ccea477c043846c92c2b9ad19c119f3
SHA512d405c489590f6b3f04c226dc5f1616dfff38b11d2cd1dd829a46b4cc4c496d9da2bfa7f26c5c847e2bcbbcea0c419781722320c6225456b751270ae744667bad
-
Filesize
1KB
MD5fcb4651846e982a0afe0bf505e6481e9
SHA125658c0b63158f6d5e3a15004fa559f2b73f2978
SHA256a851dac8b9b05a2e94e251c30271f8e347e66367db88fac6f45a8ecfd6774953
SHA51236b09fad2c22d94e9d73cd3931a99f580ba1269908036bb73bdb9ad2a78b2d6730c73a48baee1b4c2eb52311487031673d279525acf1f8bc570adbc229bc222a
-
Filesize
1KB
MD58aae0a8bc4fb82cb3472ed7f2e5ce743
SHA1a0add80197c719469c7d85eb9d6e9f40bd6df6f1
SHA256730fbd3a77ee8cf83a2e106a569f66a6c89c98d1241b1d68b8d647f4cde37b68
SHA512f98b90f7a497d0804b7f7a55d62d7810fa2dea4deb8c6059eb96fb8811b2fa9d425795a491ee52c55e6dfd98cefd9a83271acb43d0d71c4b61d71fa011f1551c
-
Filesize
1KB
MD5b797a4934c618abdc5a19a98495b1eae
SHA1d8e9956ac7401aed3050f38bb8f398811ff0918b
SHA256a09d9d0f1c1705d8b43804b01a80effe3e19aa0325c8a7e89b32d076f9e785f2
SHA5121381630c4a115f6e658182cb2e585aac39f6846179b7fde8f26cddebc49de37525e2337241deb0b5e0a20fa9282ed9eb9c351739cedcd5641c1849e7ac9e5de5
-
Filesize
1KB
MD5991e579bcb109a5e11335823c82ada88
SHA11910a9f3a25384507454f21fa4572fe7eaf45b23
SHA2561a1ab9014cac744e6ce15e57bc7ea18680acecb826513a2b8389bfefed879934
SHA51276c03670e377fe06f161fa8b508bc76e859763a4d97947a7b4ea1a0f9b2ca649835a0695fd2fcf61a0d4b891fd2a909de160a29214a2f34965b398cfa69049d5
-
Filesize
536B
MD55d56e1f44b0673d25332c38ae4c8ef73
SHA1940b1ac4f2c81194abcff62c2fc9fba981d4fcc8
SHA256877f2a2589cd564332e60a334b2376723e586c88b013d45c52a8e6235bee6f54
SHA512ff2e2a7e5c5006da8fed24bbe2d18634df9a956eb598fd201ea885d6cfaaff55e896e53022dc43c254b3363e0c7297881d78bbb45e0455aa50514afce2ba9740
-
Filesize
1KB
MD589678f66e8851c2a3397c066fa11bebf
SHA151a013c908a4f2083202c8f8e1f4f8c7374d6502
SHA25620392827a82251ea21a0f2cba220ca2bc705586cfdbabd76c5868f41319854d2
SHA512548d863991d7fce6f7d6068a8a577087d30e9269904d532f19fe62412e592c44d3d1b20e582b15854fe730fe51225351cf5b807f1cc735e411fd321c5c266e46
-
Filesize
204B
MD55e3acec8fe7071eef21f3c4438c281d3
SHA1b886ca51f8e7bb66f7750927bca11593aa7f08d2
SHA2566fda81ee1d7de4d285a4e25a76f9383f5e7cc7c6cd5e4eb009af42a66808d618
SHA512083b44e5b3cf437a4b5bc0490b236ebea54495c971fd9fff012c90677ba1b9cf27e50fb3aee47ec917c423088df00b7bb0325bcd09fc294ee77cb8b45dc03bdd
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD5a69dd17aa6a267fd9a18ec1b9d1870c7
SHA15ba3d67a3b7dcf4d7d08e1772be23778eb524ce5
SHA2564c02e85524014d8581de2e502c6eac2b8390162abef8bb15ca392225fedc9537
SHA512802e3d67d300c755aa84ed7b31a58a4dad90235409e239afad4200c6c466558b1065ab73baadced6768a6d5a6afe30527f58a3620a37461896c9743840de99b9
-
Filesize
12KB
MD50493c6e39ea2f277800e8d8c9f88b970
SHA18f700424147fb7bc0c94b266ec60801387f1fae1
SHA25677749005ad2fc2f47ccdf779f73fad45b84e0bbb5837fbb4b557b47d70fe3d95
SHA512fc180f1c8631e4e00383a0bb781ef3a26b7cc4ecb4de15683ef47e7dcc27682e2a939c936c1f63d87d984d8113fdeb6d180243138d8a3f3f487f80e753d9b02b
-
Filesize
1.5MB
MD5f718c2936e88cfd445bcf3a44f0d1845
SHA1cf3f37860a548b6321942e3d16b6fd96980c739e
SHA256b94d5449965248323cf4e41bf88bfcf8e79c9414288f2d25c3d8687d7d10fe15
SHA51247818d0950c370c697183d7b2a96ffba87382ddaff3c4d9d25f2e41a87f4924405f63dca14ef8bb164eeb835cbe0209c95750362dbffb34c8cf6a45deaf5ed3f
-
Filesize
15KB
MD53207dc1e9ab3a1551ae81c8a3d395557
SHA18e0f457713f038039b45a407ce2882c4fa9d2a0f
SHA256bb29785d8db7e05177adaf3a75cfc4b3fb79e14da4fd349ab253bab8dd0a0b55
SHA51218afed6ef6632590c85e70ad14fc5f422541c957cc7576436bb1b020a0755af636c05acca0a64bffa050ffb9e382bdde1a19ad2d366c77786aaae915001dd3b2
