Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
08/06/2024, 09:06
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://shinolocker.com
Resource
win10v2004-20240426-en
General
-
Target
https://shinolocker.com
Malware Config
Signatures
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation ShinoLocker.exe -
Executes dropped EXE 9 IoCs
pid Process 3860 ShinoLocker.exe 1796 NIMvdqXi.exe 668 NIMvdqXi.exe 3916 NIMvdqXi.exe 2964 NIMvdqXi.exe 4920 NIMvdqXi.exe 5096 NIMvdqXi.exe 1520 NIMvdqXi.exe 4012 NIMvdqXi.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShinoLockerEncryptedFile ShinoLocker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShinoLockerEncryptedFile\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvV38rZo.exe \"%l\" " ShinoLocker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShinoLockerEncryptedFile\DefaultIcon ShinoLocker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShinoLockerEncryptedFile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cvV38rZo.exe, 0" ShinoLocker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShinoLockerEncryptedFile\shell ShinoLocker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShinoLockerEncryptedFile\shell\open ShinoLocker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.shino ShinoLocker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.shino\ = "ShinoLockerEncryptedFile" ShinoLocker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShinoLockerEncryptedFile\ ShinoLocker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShinoLockerEncryptedFile\shell\open\command ShinoLocker.exe -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 552337.crdownload:SmartScreen msedge.exe File created C:\Users\Admin\AppData\Local\Temp\cvV38rZo.exe\:SmartScreen:$DATA ShinoLocker.exe -
Suspicious behavior: EnumeratesProcesses 28 IoCs
pid Process 2456 msedge.exe 2456 msedge.exe 552 msedge.exe 552 msedge.exe 4248 identity_helper.exe 4248 identity_helper.exe 1876 msedge.exe 1876 msedge.exe 1796 NIMvdqXi.exe 1796 NIMvdqXi.exe 668 NIMvdqXi.exe 668 NIMvdqXi.exe 3916 NIMvdqXi.exe 3916 NIMvdqXi.exe 2964 NIMvdqXi.exe 2964 NIMvdqXi.exe 4920 NIMvdqXi.exe 4920 NIMvdqXi.exe 5096 NIMvdqXi.exe 5096 NIMvdqXi.exe 1520 NIMvdqXi.exe 1520 NIMvdqXi.exe 4012 NIMvdqXi.exe 4012 NIMvdqXi.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe -
Suspicious use of AdjustPrivilegeToken 9 IoCs
description pid Process Token: SeDebugPrivilege 3860 ShinoLocker.exe Token: SeDebugPrivilege 1796 NIMvdqXi.exe Token: SeDebugPrivilege 668 NIMvdqXi.exe Token: SeDebugPrivilege 3916 NIMvdqXi.exe Token: SeDebugPrivilege 2964 NIMvdqXi.exe Token: SeDebugPrivilege 4920 NIMvdqXi.exe Token: SeDebugPrivilege 5096 NIMvdqXi.exe Token: SeDebugPrivilege 1520 NIMvdqXi.exe Token: SeDebugPrivilege 4012 NIMvdqXi.exe -
Suspicious use of FindShellTrayWindow 40 IoCs
pid Process 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe -
Suspicious use of SendNotifyMessage 26 IoCs
pid Process 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 552 wrote to memory of 1636 552 msedge.exe 82 PID 552 wrote to memory of 1636 552 msedge.exe 82 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 3124 552 msedge.exe 83 PID 552 wrote to memory of 2456 552 msedge.exe 84 PID 552 wrote to memory of 2456 552 msedge.exe 84 PID 552 wrote to memory of 3664 552 msedge.exe 85 PID 552 wrote to memory of 3664 552 msedge.exe 85 PID 552 wrote to memory of 3664 552 msedge.exe 85 PID 552 wrote to memory of 3664 552 msedge.exe 85 PID 552 wrote to memory of 3664 552 msedge.exe 85 PID 552 wrote to memory of 3664 552 msedge.exe 85 PID 552 wrote to memory of 3664 552 msedge.exe 85 PID 552 wrote to memory of 3664 552 msedge.exe 85 PID 552 wrote to memory of 3664 552 msedge.exe 85 PID 552 wrote to memory of 3664 552 msedge.exe 85 PID 552 wrote to memory of 3664 552 msedge.exe 85 PID 552 wrote to memory of 3664 552 msedge.exe 85 PID 552 wrote to memory of 3664 552 msedge.exe 85 PID 552 wrote to memory of 3664 552 msedge.exe 85 PID 552 wrote to memory of 3664 552 msedge.exe 85 PID 552 wrote to memory of 3664 552 msedge.exe 85 PID 552 wrote to memory of 3664 552 msedge.exe 85 PID 552 wrote to memory of 3664 552 msedge.exe 85 PID 552 wrote to memory of 3664 552 msedge.exe 85 PID 552 wrote to memory of 3664 552 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://shinolocker.com1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:552 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff2ca46f8,0x7ffff2ca4708,0x7ffff2ca47182⤵PID:1636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵PID:3124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:82⤵PID:3664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:3740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:12⤵PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:12⤵PID:3732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:12⤵PID:3656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:82⤵PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:12⤵PID:3420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:12⤵PID:3856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:12⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:12⤵PID:1964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5516 /prefetch:82⤵PID:532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:12⤵PID:4456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6772 /prefetch:82⤵PID:1724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6828 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1876
-
-
C:\Users\Admin\Downloads\ShinoLocker.exe"C:\Users\Admin\Downloads\ShinoLocker.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
PID:3860 -
C:\Windows\System32\vssadmin.exe"C:\Windows\System32\vssadmin.exe" localhost3⤵PID:5048
-
-
C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe"C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe" E wWlBpQWU8FxXq9ToVNQRNw== DgcIzFCu3c06wMM9XSWcIA== "C:\Users\Admin\AppData\Local\Temp\htGzxe.txt"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1796
-
-
C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe"C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe" E wWlBpQWU8FxXq9ToVNQRNw== DgcIzFCu3c06wMM9XSWcIA== "C:\Users\Admin\Desktop\ResizeSend.mp4"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:668
-
-
C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe"C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe" E wWlBpQWU8FxXq9ToVNQRNw== DgcIzFCu3c06wMM9XSWcIA== "C:\Users\Admin\Desktop\SkipUnregister.pptx"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3916
-
-
C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe"C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe" E wWlBpQWU8FxXq9ToVNQRNw== DgcIzFCu3c06wMM9XSWcIA== "C:\Users\Admin\Desktop\UnblockPing.pptm"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://shinolocker.com/?h=20442&t=DgcIzFCu3c06wMM9XSWcIA%3D%3D#key3⤵PID:2148
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffff2ca46f8,0x7ffff2ca4708,0x7ffff2ca47184⤵PID:1728
-
-
-
C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe"C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe" D wWlBpQWU8FxXq9ToVNQRNw== DgcIzFCu3c06wMM9XSWcIA== "C:\Users\Admin\AppData\Local\Temp\htGzxe.txt.shino"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4920
-
-
C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe"C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe" D wWlBpQWU8FxXq9ToVNQRNw== DgcIzFCu3c06wMM9XSWcIA== "C:\Users\Admin\Desktop\ResizeSend.mp4.shino"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5096
-
-
C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe"C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe" D wWlBpQWU8FxXq9ToVNQRNw== DgcIzFCu3c06wMM9XSWcIA== "C:\Users\Admin\Desktop\SkipUnregister.pptx.shino"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1520
-
-
C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe"C:\Users\Admin\AppData\Local\Temp\NIMvdqXi.exe" D wWlBpQWU8FxXq9ToVNQRNw== DgcIzFCu3c06wMM9XSWcIA== "C:\Users\Admin\Desktop\UnblockPing.pptm.shino"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4012
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del C:\Users\Admin\Downloads\ShinoLocker.exe3⤵PID:1780
-
C:\Windows\system32\choice.exechoice /C Y /N /D Y /T 34⤵PID:1580
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:12⤵PID:1440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14907298897156248148,6239165696413525019,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4000 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4448
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3276
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4188
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1876
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2880
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
116B
MD5dd6642cc6915562e68ace9fb088d6d7c
SHA18ac0eeb0d1d9736166daf683dd65466018a53b48
SHA256346ec726e0beb6a9b1beedc9e4316036689d6fb28ce8d44895b8770374d9253c
SHA512df023383c93dc4e2000520724d8bed425bde63929f01e06242b03c9b5eade65eb475dad0698e301bdea208f82bdcdcc9c46953f6fd50e4cafd307db78c3606ca
-
Filesize
108B
MD595fb2055ba1c3ae0f8801fdadc1c90a0
SHA11e6b28bbb81a3c454e4da350569a808e39fffbc7
SHA2565efaf851112ec73d6b3ad36f445b8b628d315d5941f5477231e4aca86f6ed28a
SHA51245c1a3f25d0e95b9e97374abe592ca4929514860020acbd70f2150cf94e53b0d402fd154d800c4483a054a2e019a72bb043305851905aa02797f28a6b19c8e26
-
Filesize
118B
MD50c00bafc7026685b1b972561f5323cfe
SHA1cf1e286922828e03b5f7dc4e8ba1c9d6a140a756
SHA256a527bf357d07d2c9575826dc589c18c2cf6f8d2173855eab26caf5c4ea83be16
SHA512b6dcf5d463a0a53515cc550da613eb502209c4339b96abf0d8b0e7695c2a0e01eff6b8ce2a2991e8477149ab826d1c7d5205195f0444e47af775742f7c2a62cb
-
Filesize
342B
MD51ec1427550351bb2214734c3a95d6c58
SHA1c63cd3a9d621f920abdf23f81d6fc9daab1b2f4d
SHA256ce7440ae6dbefe30761e8400ae5f6d10774ebed5d11000fb4f9437c1af4ab280
SHA512fee49195cd32e3ffe6dfdd3356e2dafc30504d7e20fe97e548fd5508680be8a9f600cfd481058831547bf6737d9ea2087205a4c0b1cfd123abe3749b1591641e
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD52f4a1693ebaca4258e36c6e03811846d
SHA1309945fe63935d0ff7c0853de7849e0923fccea6
SHA25605ab30264e2b4e93a640e850e285d0a75125d8d803a061e3b32888525bcf247c
SHA512dade978c9763908dea3bad5fbbffa9e22c72b6c5a6609beb3701d09dc6b28b05a230f68ae4f9d2b09a48b44bcc3fede44ed503656b7a1c439cbf312cac413b37
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize312B
MD53e0e3e30d9c9fe09144ffe59eaa78fbf
SHA1614aa6d35e08f7bfa8b97c1a2e53f34fd11534ed
SHA256fe6e85281ef0c1bf2c787233f805af81382631b47706700c2d461daafc4d7900
SHA51212351cf09b808b2b132570f561fcb522f1be5e09c9d4db8dd94ffefa6b9ab5e654373aa69b9e2d7fcfc0f76ad80ab7d6e93ff7f5d4085192c25ae78e6b05ea91
-
Filesize
2KB
MD5bbd4f2be0756f137e68991c041524467
SHA1c7443adfd3e39cd28110cefe5b01d4decd70872e
SHA2560da9f0e7409ddac6c7adda3fe2dc8a1e313974ccaa8bd1ef98539dd9d4c3fc0f
SHA512037bb3d3ab4512316bb9b9be8f9519718923224d17d935300ecc25c6749fbea08181821984cb6e3912eaba861e57db938ee5d6875f877a7994f8dc177392458c
-
Filesize
2KB
MD56907edd84a62083cec3944f4113b1e95
SHA1cd658d74f2cc9fb46e87705743f3f9d282d14dae
SHA2566f29fcd7de4e6eb0e960dabed241a3d1aeec8a714eaab1f82bb5e4cc451ee8ab
SHA5124eba01a18754176355d7baa0173b14aa3e12be0ec8d7d26c331570267a536add23b57b1aaf98ce6300948995361374a23ab23d5aa2aa5881921d199886143e79
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
7KB
MD5ad85968754466303fe117cd7a6725d56
SHA11196e23b1ee33434c99e2c6ff8e74a4e80e96be9
SHA256abd0befe2165636b101a8b1f533e67a8d06d7a3a3d993a9bf9443e656b4dea5f
SHA5127259b11fd0f9d2a254cec7a00784a37afc40e4625b060c6673dcecd3e92fc71c13d83c3a964a27249455a77533c67e9381f8fc334623048fc5077d116e73e619
-
Filesize
5KB
MD53e0f51e619ffa6cbddf749964816fcc0
SHA1c1020cbab28ad4a016598a9ae0ef205fa8f98f86
SHA256f4987faa495eb5f3edee265b936c90f2d4a58e0e23def430a842b97d98425228
SHA5126e7cf33f1d57c276b2152fbedd9eab644327477e1c27005b875ea83b3b6889fcf9b9528b0d0335006c413aca6152c2acff17555ed40175fb93360de833e1fa08
-
Filesize
7KB
MD51dd862413c5766cf89bb925c5958d58b
SHA167d33c6d0c9f8a4bc6cb2c8c78aad119511297c8
SHA25663cfb36f7956c65883f992dbd5081433d1c8ad9287149fba97111d191255ff30
SHA512b5965cc3b50ed651cd98d8df40cf34fa22812e4270ae0c86b1a07f8accfec603546aff75b9f06e2f5c4249488767e5bc294a4d54cf0e09efdc871f0a7678de54
-
Filesize
7KB
MD519cc39b2a8e7cda5b834e87c43918685
SHA1a174a1ac253d7d741d51c7b9f5eb4941802edeba
SHA25650f1959fdf418f982923e22914133e105907df5a33369bc8de8620aa09e2fce9
SHA5121c0898ef57bd456346fb89db6f24b3a06412ff1762cd490d6b654656aeb68886a2819c38a0d38f218f0e29020507cdaeb1bf03ef41d4c97be7f91ba58c9e78e6
-
Filesize
7KB
MD51e9613be91af496eecb0e2668c9494da
SHA1cd23f5dc41e11c3d0f266156e03cbdd92b260688
SHA256ac3e78d736c437d31c1ff96cdf91ede2ebc000890af6861d32beaf0fcd3b955c
SHA5120131273c5d2d66ceed219e2c2dafc980bbd5962b063aea7d75ba53170de995b652322b7967405d3db36f988e6f295ff17f7a313e992c3801fcca04478fe3e9f1
-
Filesize
204B
MD5e9dcb2fdab23ec16d57255fee7668db1
SHA124364ebd4aabe9d6d260d36c45206d9af020c7c2
SHA2566fd87879a220b0cf17b80e0a024474bbadb707f9b9d8a27cfb8c997b46662925
SHA51221aab4831f6ff07c3a1892b2f5327dbabfff64f971f61900bc5996b7fba1367c41a5f6395b920e60cafc1880caac0c2ddb60d84d45daa23cc83f15bb4ec2abce
-
Filesize
204B
MD57c288f8ee9e671a4b944210dc5aebb8a
SHA12a7899f5c5457e0eadaacc16e2ae7fb15dc5c5dd
SHA25652c02457d85f2d6d192cbb7650f4a9500b1b6921b5abe45be931847f84725302
SHA512115a8501bf2e93d396e969f564f654a952cac32a82519284c34aff15d36999cec69f3ae54b7b0cc0b6641014975f336c40ec906a1d97170fc51eef78143bd805
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD523ce79068414f10d32c7ed47ffafc56c
SHA109bc5831c0043971d0a248a3a32631140bfdc732
SHA2569effaa9a3af9b732540aaf61ff6aa35f7ffa50dac9a57d0f84f66267976548a6
SHA51278004cccfa40cc26b301667b7a5cde327e287df729f76f9150d61df74b26ff3ec156efb2a1ad62cdf6b4acd414c299d6552d9b1aca14718557f3419c8345730f
-
Filesize
10KB
MD59c9c99e9297098182651894555008423
SHA198a4ea9736790ac0bc9f54ffda520aef55e2cd87
SHA2568b3a9fef072fd7e0f37065a3886221fcaafa9b9a50519ac5244e7f5062964b58
SHA512b3596718764470129754ffa073dfa14c3074126e71c4ee46c7ea1443ba8df9cb17feabf60dcff9173c1541535eab31f8f42cac0bb457f5db639f084b5122ba56
-
Filesize
11KB
MD5ca87b6b74f7427cca1acce017f7cb066
SHA1d25e39c191748055d629097a950b822a50c880bd
SHA2568f82e86569d71dfc5c6b95e45ff82cc349fc6a746125314fcce558c139ce56b4
SHA5128c1e8d7352674e3509f74fdb6fd3eef61a10bee6bb1e0c5611d94d2c307d4c22610429fac76868e4fef8637a5041c454768fac951c7a2a0403c4a8c935ec9fcd
-
Filesize
12KB
MD5c139b1b02df2bb767206a8aef33f20dd
SHA1f577d8bd839161bf5101afb4bc553d1cdfeee7c3
SHA2566aef2a20079a06566bb57277e587ff6de38a92f7c7feda0fb341cfaf3aa13834
SHA5123d1b824467b21261cef637982a101f4bfa4a12d540744373d7a18cc489069e9945bffacb663934e04f30bec9ff638bb686f894e797ea02517892bf83b2ba0d4f
-
Filesize
19B
MD5045e48fcab07a40e2661e7c2224e46e6
SHA12ec92ddd366c05dcc6a7cb2c165b02ce3c3a3e28
SHA256988106b5a8392f2b556a859921a6204e3cfb082702e1c2f0ae1bd4a5c35ef435
SHA512ab1d85568e615148c74e625d78fd7ed21bb5c5bd9c72aa8e301d9b06b738ab1ba1461177d390ce22cf9b770ccb74b01102113216185f3d0e9bbd03ed30d2088b
-
Filesize
64B
MD5913f047771d397d7ee25857b9c77e15a
SHA1fac1ccffcb3a616d7040d71605b6f1f1faa83623
SHA2562926efedc413ac8b1b7f60c11c8988c3844aeb57d4aaf2c528a8cca61f271a57
SHA512c75017d47640e6f06b9564b4dfbbddb383fc2c01019b426cdfcbd8881542385a1783e6f51784fc4edf462909f3f40fc6eb494ac6aa5f69722b143027ee8e769a
-
Filesize
205B
MD5262008c69297e259c7beb3fc31c4f97d
SHA1f1ea2152ef82b5df2a42bcaf1e0795da15d864ce
SHA256ad6d1dd86da0ac33b15e23e9cb4a0d9fd3255d656e42c72adf5c976ca317b9fd
SHA51285e91198eff309a906a65514af4be49c5d7c10d65b310f7fc56e8d75762e6c0b2bea851d9919d9954abed7e1570a0547788b1b7fe7ca6da918fc08e419a67ced
-
Filesize
10B
MD5ff64d3a5a3379b6f114a7bd7c10bbd99
SHA1696b0b4e95bac7735af6bf05f8fc365c67619d21
SHA256d8a14b6e02da29b0413769c2a85c46a5540caad68b4717105acec3acfaa75866
SHA5125de3aa12491963c91e248ecc24efeec749534b9502f3f274ac7523dd1c657d91be12a74292f60e1f07b0c6f0edda3f94895982f164d3f94add37c2b74e6bfe5f
-
Filesize
16B
MD527db5ac5ea2b4045386ed82be3a0ee31
SHA121adfd18965261cd6c333b2c08797c0d7799228a
SHA256f895fa4fe2bc0903fd6696261e076d0898b2728f3526060d5c09eaf88b252115
SHA51201b91008a1faaad1ddda4a7851fc2f387d84749cda44d8dae3d307b80fba85432d89b27b64a130076ca68aa14511dadd8cfcad14f4dd4ec39eea2cd7f74f227f
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
957KB
MD59513250edf3508add0d8283f2367e8c1
SHA15de4d068088c3635093b735aca503cbf96b2f2d1
SHA2561e380e013f942ef8a2ada685f3dedd5a28761e41c126232533f78424a757cdbd
SHA5127548a46f031f0e8d5eb76eaab8941eb0d942f65e9d4a93de663e6b139a3b3b4402eaec4dafee5b2a59da8ed388fb93519873cccf4e81813732f0f01739522fa4
-
Filesize
957KB
MD59512b9ca93365aac2c4914a1495f374b
SHA17f18e6de6837daae60fdd4ff68a91770751552a4
SHA2565f9544e035a13e57e089b66c667ff244d35dd4f2397fa9bce47e5f27997c22e3
SHA512a7104ee1ccd628aff92626d4017643cb3e565ed7659bf2cf00d4fe772adcaa994f7266ac44548f47a2e41e215d872da44326cf6fc229fe1fda903e9dcf43536c
-
Filesize
783KB
MD54cd07eaf571630a26d7b5d4f9534fd15
SHA1050651fd6a2cd42c0d14e0245a62e9e61b6bc6a2
SHA25671595b185342447fd2ab544af7ee49a5a634db749a8967b18d3ea10a47a8adeb
SHA512eaf7b57e8d6fec8ba6bf76f803512bac0faa46bb86ac998caf882d6a78e80b29b5a189416134f851cb984f8a03d16af97047d47a7571a924cdd77d8e90a862f5
-
Filesize
783KB
MD52d3dbb1063aad304ce2eac3bb5735575
SHA1729709d4d8860ced19be53ef2d1882d0c375b7d6
SHA256d23085e20e88d18c9e2ad67daca8c4ce7b7932f20248912115d3ea9f6c7791d0
SHA5125cb82b8a5830b184e1301a411b0dd7da86699f461261b13f88b32a0089d67f87179643eb18b48248402d8f1d02fff458efcccc0c6e5452bcd9ac6a72582e5913
-
Filesize
888KB
MD5326d1f73f8a971da87e0c524439576ae
SHA1728fc76385bafc41269f23b2807ec82e9891052b
SHA25646c15b0c70149f84943ccd2aa357839c9ad62bd16d87059414ac6fb95a9eff5b
SHA51290ec50858af7afe72505dd5f359a9d8cac0b7463e0a25d274e2e9a3120cc102c0f3948a80b80e0144b602b097685a3e90954da4c16729b38d95c2e510f3a0490
-
Filesize
888KB
MD52b75aa09129a90b31330cf631f171e6b
SHA122e1204ee20970cb880a09c7bc5d0911402c5dd0
SHA256bd1f7cc44063de27efc25ba747ff4cc943a4266a2d20ce056cc272962670f4d9
SHA512b4f8fa6239beabb84d68a7599eb2adaf333a7380fd0c0339dd86cf73a7b8dbfd3301e53708801deb9c17309eb9750123562dcaeb5190d4e0ce52f603a07c94c7
-
Filesize
190KB
MD5fbabb0c7b53cb434275b2cdd9f5280ac
SHA1343cded71ddd5f26724380ef8d87c704c0384aad
SHA2567ac91cb05faf612b6b9243f8358a113840e7b4d985f8ef455b3836446a538c53
SHA5124ac82e0f7da639dd12594c332a54e91bbbbd47b57d81a53fddd30d314a4b4823f8a0274c59910f187af07e626311dce8ec65b2a717455a0a1016603693bf4a14