Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
7cbsidlm-tr...64.exe
windows10-2004-x64
7$PLUGINSDI...ts.lua
windows10-2004-x64
3$PLUGINSDI...rol.js
windows10-2004-x64
3$PLUGINSDI...all.js
windows10-2004-x64
3$PLUGINSDI...nt.dll
windows10-2004-x64
3$PLUGINSDI...RL.dll
windows10-2004-x64
3$PLUGINSDI...ad.lua
windows10-2004-x64
3$PLUGINSDI...ads.js
windows10-2004-x64
3$PLUGINSDI...all.js
windows10-2004-x64
3$PLUGINSDIR/Env.lua
windows10-2004-x64
3$PLUGINSDI...ts.lua
windows10-2004-x64
3$PLUGINSDI...er.lua
windows10-2004-x64
3$PLUGINSDI...ime.js
windows10-2004-x64
3$PLUGINSDI...ftp.js
windows10-2004-x64
3$PLUGINSDI...tp.lua
windows10-2004-x64
3$PLUGINSDI.../tp.js
windows10-2004-x64
3$PLUGINSDI...rl.lua
windows10-2004-x64
3$PLUGINSDI...re.dll
windows10-2004-x64
1$PLUGINSDI...re.dll
windows10-2004-x64
1$PLUGINSDI...ml.lua
windows10-2004-x64
3$PLUGINSDI...box.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...eb.dll
windows10-2004-x64
3$PLUGINSDIR/lua51.dll
windows10-2004-x64
3$PLUGINSDI...om.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...7z.dll
windows10-2004-x64
3$PLUGINSDI...nz.dll
windows10-2004-x64
3$PLUGINSDI...on.css
windows10-2004-x64
7$PLUGINSDI...out.js
windows10-2004-x64
3$PLUGINSDIR/utils.js
windows10-2004-x64
3Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
05/07/2024, 21:40
Behavioral task
behavioral1
Sample
cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/AdvancedTests.lua
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/BrowserControl.js
Resource
win10v2004-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/BundleInstall.js
Resource
win10v2004-20240704-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ButtonEvent.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/CustomBrandingURL.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/DownloadThread.lua
Resource
win10v2004-20240704-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/Downloads.js
Resource
win10v2004-20240704-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/EagerInstall.js
Resource
win10v2004-20240704-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/Env.lua
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/Events.lua
Resource
win10v2004-20240704-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/IntegratedOffer.lua
Resource
win10v2004-20240704-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/LuaSocket/lua/mime.js
Resource
win10v2004-20240704-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/LuaSocket/lua/socket/ftp.js
Resource
win10v2004-20240704-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/LuaSocket/lua/socket/smtp.lua
Resource
win10v2004-20240704-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/LuaSocket/lua/socket/tp.js
Resource
win10v2004-20240704-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/LuaSocket/lua/socket/url.lua
Resource
win10v2004-20240704-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/LuaSocket/mime/core.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/LuaSocket/socket/core.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/LuaXml.lua
Resource
win10v2004-20240704-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/Sandbox.js
Resource
win10v2004-20240704-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/Scheduler.js
Resource
win10v2004-20240704-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/customNsWeb.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/lua51.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/luacom.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/nsisunz.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/skin/res/common.css
Resource
win10v2004-20240704-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/skin/res/knockout.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/utils.js
Resource
win10v2004-20240508-en
General
-
Target
cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe
-
Size
569KB
-
MD5
ae4e3e0faf92ccf2e75c7f94cb0f47d2
-
SHA1
40d202a651fc7c6ae8c6773b0cd3fa8b652bce09
-
SHA256
350f2b7af2310de1eec502397eb73b1e5c909b989294a1e988911c07a8ec616c
-
SHA512
82b2306e3a067e93c9e303bc9a3bd6fd79083fcf6cbc07417cd16d6db79fbeec7d47718730541cbbd3719be5c69adffab49ba2511f4e74005a79f1683d119372
-
SSDEEP
12288:CsY7rZ1FRInAnOd10oNg6+h+cnJq0Vc/BntFre+OaNY:Cdz4dB7+hHq0V0FU
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral1/files/0x0007000000023481-151.dat acprotect -
Loads dropped DLL 32 IoCs
pid Process 3976 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3976 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3976 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3976 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3976 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3976 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3976 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3976 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3976 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3976 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3976 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3976 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3976 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3976 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3976 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3976 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3068 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3068 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3068 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3068 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3068 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3068 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3068 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3068 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3068 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3068 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3068 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3068 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3068 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3068 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3068 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe 3068 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe -
resource yara_rule behavioral1/files/0x0007000000023481-151.dat upx -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3642458265-1901903390-453309326-1000\{56814B46-F87D-4960-B941-E9D80F6B5353} msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3652 msedge.exe 3652 msedge.exe 2044 msedge.exe 2044 msedge.exe 4368 identity_helper.exe 4368 identity_helper.exe 2796 msedge.exe 2796 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe 2044 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3068 cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2044 wrote to memory of 3928 2044 msedge.exe 95 PID 2044 wrote to memory of 3928 2044 msedge.exe 95 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 4424 2044 msedge.exe 96 PID 2044 wrote to memory of 3652 2044 msedge.exe 97 PID 2044 wrote to memory of 3652 2044 msedge.exe 97 PID 2044 wrote to memory of 4952 2044 msedge.exe 98 PID 2044 wrote to memory of 4952 2044 msedge.exe 98 PID 2044 wrote to memory of 4952 2044 msedge.exe 98 PID 2044 wrote to memory of 4952 2044 msedge.exe 98 PID 2044 wrote to memory of 4952 2044 msedge.exe 98 PID 2044 wrote to memory of 4952 2044 msedge.exe 98 PID 2044 wrote to memory of 4952 2044 msedge.exe 98 PID 2044 wrote to memory of 4952 2044 msedge.exe 98 PID 2044 wrote to memory of 4952 2044 msedge.exe 98 PID 2044 wrote to memory of 4952 2044 msedge.exe 98 PID 2044 wrote to memory of 4952 2044 msedge.exe 98 PID 2044 wrote to memory of 4952 2044 msedge.exe 98 PID 2044 wrote to memory of 4952 2044 msedge.exe 98 PID 2044 wrote to memory of 4952 2044 msedge.exe 98 PID 2044 wrote to memory of 4952 2044 msedge.exe 98 PID 2044 wrote to memory of 4952 2044 msedge.exe 98 PID 2044 wrote to memory of 4952 2044 msedge.exe 98 PID 2044 wrote to memory of 4952 2044 msedge.exe 98 PID 2044 wrote to memory of 4952 2044 msedge.exe 98 PID 2044 wrote to memory of 4952 2044 msedge.exe 98
Processes
-
C:\Users\Admin\AppData\Local\Temp\cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe"C:\Users\Admin\AppData\Local\Temp\cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe"1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
PID:3976
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1416
-
C:\Users\Admin\AppData\Local\Temp\cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe"C:\Users\Admin\AppData\Local\Temp\cbsidlm-tr1_11-Free_AVI_MPEG_WMV_MP4_FLV_Video_Joiner-ORG-75290164.exe"1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:3068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2044 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaf06f46f8,0x7ffaf06f4708,0x7ffaf06f47182⤵PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:4424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:82⤵PID:4952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:12⤵PID:4860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:12⤵PID:3352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:12⤵PID:4768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:12⤵PID:1108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3588 /prefetch:82⤵PID:1392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3588 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:12⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4368 /prefetch:12⤵PID:884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:12⤵PID:4964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2080 /prefetch:12⤵PID:4860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:12⤵PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5320 /prefetch:82⤵PID:3276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3128 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16809232838772089392,13322016399143013524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:12⤵PID:3864
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3424
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1104
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD506b496d28461d5c01fc81bc2be6a9978
SHA136e7a9d9c7a924d5bb448d68038c7fe5e6cbf5aa
SHA256e4a2d1395627095b0fa55e977e527ccb5b71dff3cd2d138df498f50f9f5ab507
SHA5126488a807c978d38d65010583c1e5582548ab8102ebd68ee827e603c9bdfcdbb9f98a488d31414a829409f6edca8bd2eb4aadd4ff31b144de41249fa63a26bc91
-
Filesize
152B
MD5de1d175f3af722d1feb1c205f4e92d1e
SHA1019cf8527a9b94bd0b35418bf7be8348be5a1c39
SHA2561b99cae942ebf99c31795fa279d51b1a2379ca0af7b27bd3c58ea6c78a033924
SHA512f0dcd08afd3c6a761cc1afa2846ec23fb5438d6127ebd535a754498debabd0b1ebd04858d1b98be92faf14b512f982b1f3dcbb702860e96877eb835f763f9734
-
Filesize
6KB
MD57736264b1fc3401e57a1470249517154
SHA1b4a069a0d68ceb4ecc4f94e4869dc1c9cdf1e265
SHA256973d200f71d0bc417c4a3cb1a4aa4cbe060ff9a2214e02aea70e6ce142783300
SHA512b5cfe6c8b10b468d3fa62ea179c0c623ea8f09b96d6ce4184ec9a50a3bbd8d095b94ea77fa4cd77f00c4544bb573c9c95b454ecff87d4e412dfb1468c0666743
-
Filesize
6KB
MD563a3c68610f951a1c4da140d5c9a8e87
SHA1c9ca5b8200fb9c2a1c84f01b37ef50a549cd0f06
SHA2560c961d35983421bd00199fa195459da995474e95988dcec01601015d04df13b3
SHA512fdaf90980975687e3ef40b4fcebe21d6b63e25238060648e87e625cff8d3d5631f410c304807bd86dee9bb2811df88f97844ec0c4bad262f3439147fa0f5d34c
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5490db572e4ed32021f17365c5471b6ad
SHA1cce47441afcd32c7c691efad70608b6a7c8b584f
SHA2566a54597a23830ca904513b83302022af6615a72d609e2636f0ed58ec031282ff
SHA5120efbc7d59c456f59dfe94c3b1c25ed80b8dbeab99770763ca7327feacf09a1a425ed9da11faa93b74bd2dd6e5c80d617ce46ce6d769a219287f7c1a1c5bce1c8
-
Filesize
9KB
MD5c1573fe0e36f3cbc82ca19c76f81fac1
SHA184904ddd3592eb3eed9c62dedfdde45870716aae
SHA25668472d9b7aeb69480ef0a85e5e1106132209c09f2f17b964629c92ab52b12b9e
SHA51209bbeca379715f2b633df14243c8548602d082f2252c1cc6785e832b3fe88a5617ec105374db45f088436fe7481d3c4828de70ecf334f3173ffc1306ef5b4d69
-
Filesize
25KB
MD5426c1733c63c8b214e79ecc56f1d86f0
SHA13a09c6f583f430dd47bf867e988832aeb406a75c
SHA2564fab581406264ed2b50c326ab00e7a7b7f3da787b3ef562b6c23a3fdcb555818
SHA51255dd3bda227d93c12e783c57d3809d791bde6159c3b7b0508815f0864a0b490f7904d77431865dea57622d2518b553028e774625d7057093ba8069fa668e3ff7
-
Filesize
38KB
MD5663e3fbb8b2950143a0c72e408b8d1fe
SHA1624cdbc316cbad83ab5ac694ef4031aa554cddac
SHA2566d7475590ff1188df4808509ae664893b03d0440104cbb9f423df7ebccbce85a
SHA5121e9bf899fedadb939245bdb3805f77d3f3999de1f21517ed9c2d7cb1ef549c91c58de24c4a38c880ba19d07dd85803a8cc7b868736139a5ce929e2a6e14020a0
-
Filesize
8KB
MD5e440044afe6c761507a996b5b45ab0f9
SHA1ef772c758fd5d6098b41375f35ac26f3963cc306
SHA256b1864aed85c114354b04fbe9b3f41c5ebc4df6d129e08ef65a0c413d0daabd29
SHA5128a82df90459929de1c91ed29a122a149749d42adbb85faf0c3123d0f0886babc90cb93de85105feb7497b46552a6747ae05b985f5a488d1d8f1a2a7db44077b4
-
Filesize
2KB
MD54bfdaaab9014fe129bc6388fd5687c8f
SHA12c6ff28245e1dc7ec9ac1c43c3cda354d07b2c4a
SHA256e9167e0da842a0b856cbe6a2cf576f2d11bcedb5985e8e4c8c71a73486f6fa5a
SHA5123a1a4d838bb5cafe71da262ee7bd6dccbd30dd4d7abe0d04f6ecf96bf704d5e111967be812894a47f2eb3374ee110620b7cc47eebac8b72ddcf7f506ba82a607
-
Filesize
4KB
MD574dbe1060e91112e1c21ef9870b4a587
SHA186afb6aecb0a8387ffa5dead1cc9808332f94310
SHA25615fd138a169cae80fecf4c797b33a257d587ed446f02ecf3ef913e307a22f96d
SHA51273218ebb2ad27d3402173054be997089549698d9112acb4b1c9fe044689a40ceda3df00304d336d2034e61c04832f52d971509240414838841d40f53fc0c3723
-
Filesize
9KB
MD57309f4294ae4abb4f6ae657b2a98d488
SHA1327d143e9f7a1835a58fdaf569a8f7a937fcf2c0
SHA2569ba5df91091c46f0ffe0a93ace577a4833c92cbec1742113d0a2da9e568f9a10
SHA512a44d2603af63828e8a0b1fbc7455305c616e5bae4a351b429e7e94a6aa7e4d6425f69d57d6a44ba87ee5d29accfc01c1f3ff288652120ff8f08a66543d357895
-
Filesize
12KB
MD561a2a779da46e835338f1ad1efad1717
SHA1091d49262b7c1d1f4a89655673710f6d8a37baf0
SHA25668fd4bc835da98dd1d5509333f8cc8861133c9439d3de879bf29a96de462940a
SHA512657594b8ea1a2584c45d85df6c57c5ed43bfae2ece2db534e52ad66a8c7f8c1f85f99bc9329fd8d88a06b6fd2b9121b8e359dbdfd532da0e26d94352a055ec14
-
Filesize
3KB
MD52cad406e591cade482c7f16f39c21481
SHA184a3ab88ff7a9102c2c6d21bdb6eede6862167a4
SHA256343afa62f69c7c140fbbf02b4ba2f7b2f711b6201bb6671c67a3744394084269
SHA512ecc98991c25036b54f2bb71b3229e4bc8fb401e55db0e5f9c958c2a7b00b40fc9ae2d7e45002d4f2a03cec85535785c42ab6d20476fe095a76444d143493b145
-
Filesize
10KB
MD58fb662c362da002b833793ea7794fdaf
SHA17afaf1ad22c95690cbb3f55226b617121efc20eb
SHA256269526c11dbb25b1b4b13eec4e7577e15de33ca18afa70a2be5f373b771bd1ab
SHA512b0b766ac2b5cff879009ad9f74295f7ab0bf8b0628b8aece5597243e0fa96f4a85361728fd8a08eea7d2629dfc5e5d8b6aebca432075ad74c131ad3161a475c7
-
Filesize
52KB
MD54a4845ba1666907f708c9c10a31ec227
SHA11ebf626adc84147e5114885ce779f92d6eb68f3a
SHA256a1ffee9687ab4a23a78b3251888aff09e2896d76f8d16d713367b265f125188d
SHA512d009f5e2a2ecfbec5e5e788ade142d612846d0c99921774e4a11b060998dfb0680cf1e1a54604535d5560738093f9ae166866cb23eee5c7d9c4e5cc5a33e7464
-
Filesize
80KB
MD54bf7db111acfa7c28ad36606107b3322
SHA16f20b9f6663ce0c309a2ce60e718d64ffb6c75b3
SHA256bfe8445c38ee71240e856f85d79e94123d7179bf43688de0e2a14e32e6ef21b0
SHA5120a5e66a65b80e15d8198f2934c58227ae17680f0fbea9865b2f44af82a29c53d4f95cf9616b4dfd75202420eb73b7d962cf2c84fdad6ce26afe1eb4bb978d0b6
-
Filesize
11KB
MD57292b642bd958aeb7fd7cfd19e45b068
SHA119a800620d041634abae5b5d096cb0e87ce4c188
SHA25690f1bb98e034fcf7bfddb8cb0a85b27a9c9ddb01b926b4e139e1e8fc53d41d09
SHA512bd758e0833454e0aa2af976ac94fde17c5401102c5991887cefbe8e337974381584c73e2d1e50e49263c55c3788e24dc7f8bd0b9d2a76a6cbe38e48dd9d6c44a
-
Filesize
10KB
MD57e3c808299aa2c405dffa864471ddb7f
SHA1b5de7804dd35ed7afd0c3b59d866f1a0749495e0
SHA25691c47a9a54a3a8c359e89a8b4e133e6b7296586748ed3e8f4fe566abd6c81ddd
SHA512599f61d5270227a68e5c4b8db41b5aa7bc17a4bbe91dd7336b410516fa6107f4f5bf0bbb3f6cc4b2e15b16bf9495fdc70832bab6262046cb136ad18f0c9b3738
-
Filesize
4KB
MD5d02a497be5f89c44827f142c4662f591
SHA138f83ccbac11de069df0e1cd79a6fdf7f006516c
SHA2566d29dfd24695535b5973d8261d93373603ceaae03ab97662fe1b3dcc47d18226
SHA51281c87f9d56a8ab7703a4effd3ba7b982b6765ecbdc0dbb1c595f549c4310a5db57dcdc38929eafe56983ea8cefc0b572c3faf82a4b62eb7c564b05550215f1c1
-
Filesize
18KB
MD5bbefb63464a7667f5ff8c23c1995f05f
SHA1165c41ca3a5f366f80184d616471a63dc43f87c0
SHA256470a6bd6f30161af95c48835fd1b31050986ed2130bafc0717bf132414f81012
SHA51248e74aef474ef5f057881ed1cf77749693cbc9f0c54f177b5b98028f58113975fed34eb2c888764d39466611e101479b2b408589aea33343457f15309d35ddaa
-
Filesize
160KB
MD513c3a33c1f6e43f38de533fd0b766c98
SHA16b92c3d6694ddc40d9b75853baa51cb2f9f8db13
SHA2564158063b0a868431f6430f54c1192bf20e58a43a6d3d03b740e090951e2f4427
SHA512d64466c03deec744e7c0bfc23e54ee91a4eff4075fb92ef97c0014bbfb00e0d21731119a3a199fb9cac4a528419e8b8066589eddadb16b445ea298d67b037c15
-
Filesize
287KB
MD5ed7f7857933b38e5d10daf828e79af19
SHA17f1445f87f7e2256efc33ef56da20c3b23a1e0f9
SHA2569dd5218bc2d12f4d07e268bc6ec01d6eefde4b99a07246d0a96d18477d331b5b
SHA512ceaf9597d4cb725c4ec8b7af8d1090b38df102b52ca7606a24e9a094fc81f450f93ad22770c905db9115e271fa5fa4f5731caa7b1875e204edb10fb691741715
-
Filesize
6KB
MD5ebc5bb904cdac1c67ada3fa733229966
SHA13c6abfa0ddef7f3289f38326077a5041389b15d2
SHA2563eba921ef649b71f98d9378dee8105b38d2464c9ccde37a694e4a0cd77d22a75
SHA512fa71afcc166093fbd076a84f10d055f5a686618711d053ab60d8bd060e78cb2fdc15fa35f363822c9913413251c718d01ddd6432ab128816d98f9aabf5612c9f
-
Filesize
5KB
MD5412e9a95b337edd51aa3ab78f55d1c2d
SHA1abe08ab1394eca8fea5b9b80543aed81b4ae52f9
SHA256cf8d7d1866b230881f8b70b992c24fdd4dc3f52c7a761be1211e3d5371a48a9e
SHA512f393433319a86d976f7607d4b2f4d65f6753a9b854b9e1a60d7c327e5911bff8ed2ad7224e29b4e245ab2646141fd528bedeba97a57c7753eb2a53cf46f52454
-
Filesize
11KB
MD569bcc89d627ffbd8d41539206d4928c6
SHA1e4f7ef442a8db26f2996e7e1c680bd4252efb69f
SHA25699b6abfb3414dd4cad3e9f4e4634eb861334406920348af58b56a4445e3adfd1
SHA51268f10e8a5c9707059598b8676556d8c6814d121761b2187f285e81104d8f5f473acce2076bef5572a2dca1c2594fe9f4db42fd4357836b76685a32c37b961b52
-
Filesize
2KB
MD5ac1975abfad71bac76271f4923af0894
SHA159d553a016f3850af52e544f62c4fb567dd0db72
SHA25693629c8757f07c280324ae4acdd631df5929a0d2a02fc28d9fe4486c91750110
SHA512bb073bc9dcdbb32065e19f7e286f2e5789a06b66580eaf03c313a5ac7008b3d8d379b4d5ec932e4fbbb1b76340eb609146566da1c53e19371307e171d21fcef3
-
Filesize
3KB
MD5a34eed4e795d1a7f8f26af91994b2785
SHA1d950dbd4147b86e246fc19afbc12592aa0ee55b6
SHA2566345b8a47f378416cbd31e543410fa5b03c914219ded2a51c2d3c858f281d6cd
SHA5120d3d92c6b5053469a2edfff0050672ff847135e5d1d08fb7b353df9690f8edcc32f443733bd0d70061f572e3f220769a64a0820918e4b51cf99d8bed30b4f3e1
-
Filesize
11KB
MD533be8e17a9eaa306d7d86b5caccc6b55
SHA172127dace2cdf90ab19e032131f22a5dd3f2572e
SHA256f948109defb8a315640744e6c7941af1d6ee2d158220e273e1273512026fbd22
SHA512f9fc132521a51a20aec25ab0755bb5abdbf8ad0de8b1f10ae994b0b7e2b26e7a073f5e70f4dc107a00f4e2bab0773c0fb4711d1396590d40ce17db7469578b01
-
Filesize
7KB
MD50b893d34a9d305bb4fe3094f55b87138
SHA1ad666098a43f0561ed3320bfa36eed0e3219e48d
SHA25668513e783bf14fea511cfea5b490773593bf4c9bd896129e79210e9aefab105d
SHA512cc9e0e552258b726d8398289f2144cab5a32dbb96222c4b8c0af61cf08d59d0f9c94be24f5ce75d921ce954c51facb0364ec1e31b1eba7d37019a89e693e0471
-
Filesize
7KB
MD5d0018c9732e8cdc4dd87a5bf59c12611
SHA11ca71275c48c05c8e041e75eb8a19182afcf7c49
SHA256d8a2e1786e7e5ce578ca0228c35b1137d37f46f99b440c1d55ea339685f0568e
SHA512ea4ce9847e26e867e34a57ab70a4af7f22ff26db8ddc6d1c050d84fa6187bd0e86f16114c8b72646a8d7f71b7db48a4b9df01787de8649bac88f454e28eb67f4
-
Filesize
40KB
MD53ef03d0de98b2f7e69a512d74d9fff86
SHA138666244540d3106e1e47824bb061f137b5a49ad
SHA25608f288987a652cbf124330b5be9f7f11a169076e206cd99136d8ca84c8e6ecbe
SHA5123db73f7c4304833ac7f02efa8e8a3b15723d17479c92c71b758d56c3051ef5d75e2edd485dda66cce49dea2390f2fbdf97e9944977e53565444fe52d12881ffd