Analysis
-
max time kernel
101s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20250610-en -
resource tags
arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system -
submitted
01/07/2025, 07:08
Behavioral task
behavioral1
Sample
2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
Resource
win10v2004-20250610-en
General
-
Target
2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
-
Size
99.6MB
-
MD5
83dda7744f9b5b294359beaa82e8a432
-
SHA1
03106aa4010829ff4b156622dc2cc39bd4ddfc60
-
SHA256
2d2417d98fc2a2d9db515f099256898326e518b8046f8ca5df48a21318ef96ec
-
SHA512
60848a704cc04de72f7900024f887258e861d58ac8c9782b5a6191db65f69b7adbaae549f18f0af64cf4c0e62185c9c13639b5b9aa51e58cfe9f43a1e35c8008
-
SSDEEP
3145728:+VgYRPSC++6y9qcYVd1AY5bADDxgds8pfeaC:kxaC4y9qcYV75bAHCBZfC
Malware Config
Signatures
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory 1 IoCs
description ioc Process File opened for modification C:\Windows\System32\drivers\etc\hosts 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe -
Loads dropped DLL 59 IoCs
pid Process 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
pid Process 4644 powershell.exe 2008 powershell.exe 996 powershell.exe 2736 powershell.exe 2676 powershell.exe 1952 powershell.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
flow ioc 42 api.gofile.io 43 api.gofile.io 48 discord.com 49 discord.com -
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 31 api.ipify.org 32 api.ipify.org 34 ip-api.com -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3001560346-2020497773-4190896137-1000\{C16C9B55-93FA-49F2-897A-EC09478F5206} 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4644 powershell.exe 4644 powershell.exe 2008 powershell.exe 2008 powershell.exe 996 powershell.exe 996 powershell.exe 2736 powershell.exe 2736 powershell.exe 2676 powershell.exe 2676 powershell.exe 1952 powershell.exe 1952 powershell.exe 1952 powershell.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe -
Suspicious use of AdjustPrivilegeToken 7 IoCs
description pid Process Token: SeDebugPrivilege 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe Token: SeDebugPrivilege 4644 powershell.exe Token: SeDebugPrivilege 2008 powershell.exe Token: SeDebugPrivilege 996 powershell.exe Token: SeDebugPrivilege 2736 powershell.exe Token: SeDebugPrivilege 2676 powershell.exe Token: SeDebugPrivilege 1952 powershell.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe -
Suspicious use of WriteProcessMemory 18 IoCs
description pid Process procid_target PID 5376 wrote to memory of 4656 5376 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 90 PID 5376 wrote to memory of 4656 5376 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 90 PID 4656 wrote to memory of 4644 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 93 PID 4656 wrote to memory of 4644 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 93 PID 4656 wrote to memory of 2008 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 96 PID 4656 wrote to memory of 2008 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 96 PID 4656 wrote to memory of 996 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 98 PID 4656 wrote to memory of 996 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 98 PID 4656 wrote to memory of 2736 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 100 PID 4656 wrote to memory of 2736 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 100 PID 4656 wrote to memory of 2676 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 102 PID 4656 wrote to memory of 2676 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 102 PID 4656 wrote to memory of 1952 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 106 PID 4656 wrote to memory of 1952 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 106 PID 4656 wrote to memory of 5280 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 108 PID 4656 wrote to memory of 5280 4656 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe 108 PID 5280 wrote to memory of 4692 5280 cmd.exe 110 PID 5280 wrote to memory of 4692 5280 cmd.exe 110
Processes
-
C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:5376 -
C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe"2⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4656 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Get-WmiObject -Class Win32_ComputerSystemProduct).UUID"3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4644
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Get-WmiObject -Class Win32_BIOS).SerialNumber"3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2008
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Get-WmiObject -Class Win32_BaseBoard).SerialNumber"3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:996
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Get-WmiObject -Class Win32_Processor).ProcessorId"3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2736
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Get-WmiObject -Class Win32_BIOS).OEMStringArray"3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2676
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Get-WmiObject -Class Win32_SystemEnclosure).SMBIOSAssetTag"3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1952
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f"3⤵
- Suspicious use of WriteProcessMemory
PID:5280 -
C:\Windows\system32\reg.exereg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f4⤵PID:4692
-
-
-
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64B
MD5446dd1cf97eaba21cf14d03aebc79f27
SHA136e4cc7367e0c7b40f4a8ace272941ea46373799
SHA256a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf
SHA512a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7
-
Filesize
576KB
MD501b946a2edc5cc166de018dbb754b69c
SHA1dbe09b7b9ab2d1a61ef63395111d2eb9b04f0a46
SHA25688f55d86b50b0a7e55e71ad2d8f7552146ba26e927230daf2e26ad3a971973c5
SHA51265dc3f32faf30e62dfdecb72775df870af4c3a32a0bf576ed1aaae4b16ac6897b62b19e01dc2bf46f46fbe3f475c061f79cbe987eda583fee1817070779860e5
-
Filesize
30KB
MD50fe6d52eb94c848fe258dc0ec9ff4c11
SHA195cc74c64ab80785f3893d61a73b8a958d24da29
SHA256446c48c1224c289bd3080087fe15d6759416d64f4136addf30086abd5415d83f
SHA512c39a134210e314627b0f2072f4ffc9b2ce060d44d3365d11d8c1fe908b3b9403ebdd6f33e67d556bd052338d0ed3d5f16b54d628e8290fd3a155f55d36019a86
-
Filesize
5.7MB
MD5817520432a42efa345b2d97f5c24510e
SHA1fea7b9c61569d7e76af5effd726b7ff6147961e5
SHA2568d2ff4ce9096ddccc4f4cd62c2e41fc854cfd1b0d6e8d296645a7f5fd4ae565a
SHA5128673b26ec5421fce8e23adf720de5690673bb4ce6116cb44ebcc61bbbef12c0ad286dfd675edbed5d8d000efd7609c81aae4533180cf4ec9cd5316e7028f7441
-
Filesize
43KB
MD56bc084255a5e9eb8df2bcd75b4cd0777
SHA1cf071ad4e512cd934028f005cabe06384a3954b6
SHA2561f0f5f2ce671e0f68cf96176721df0e5e6f527c8ca9cfa98aa875b5a3816d460
SHA512b822538494d13bda947655af791fed4daa811f20c4b63a45246c8f3befa3ec37ff1aa79246c89174fe35d76ffb636fa228afa4bda0bd6d2c41d01228b151fd89
-
Filesize
2.4MB
MD5678fa1496ffdea3a530fa146dedcdbcc
SHA1c80d8f1de8ae06ecf5750c83d879d2dcc2d6a4f8
SHA256d6e45fd8c3b3f93f52c4d1b6f9e3ee220454a73f80f65f3d70504bd55415ea37
SHA5128d9e3fa49fb42f844d8df241786ea9c0f55e546d373ff07e8c89aac4f3027c62ec1bd0c9c639afeabc034cc39e424b21da55a1609c9f95397a66d5f0d834e88e
-
Filesize
117KB
MD5c1ee7b155ad3fc4c7cc29999671ec2b9
SHA125b7ede05a8c8904ac333a96e1e95766d1d1c5ba
SHA256e63580748533698abdafaff1210f5bb0247b36ee987d0180076eaaa46245c0d2
SHA5121e8f882403cf944b635049f7f7dbbd68353d62c06320f0aac0cb2cbc84568f6fadf849c447f9e41cc10dd61bd6cbd7cf7eafe516a955f20ce6a09d1992b2ce85
-
Filesize
117KB
MD532da96115c9d783a0769312c0482a62d
SHA12ea840a5faa87a2fe8d7e5cb4367f2418077d66b
SHA256052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4
SHA512616c78b4a24761d4640ae2377b873f7779322ef7bc26f8de7da0d880b227c577ed6f5ed794fc733468477b2fcdb7916def250e5dc63e79257616f99768419087
-
Filesize
48KB
MD5c0c0b4c611561f94798b62eb43097722
SHA1523f515eed3af6d50e57a3eaeb906f4ccc1865fe
SHA2566a99bc0128e0c7d6cbbf615fcc26909565e17d4ca3451b97f8987f9c6acbc6c8
SHA51235db454dbcc7ed89842c0440b92ce0b0b0db41dbd5432a36a0b7e1eddf51704b1f0d6cff5e3a3b0c3ff5db3d8632fed000471180ad72e39d8dbe68a757ccdfb0
-
Filesize
70KB
MD50693819137d5c98bfae7f06b0d76a8f9
SHA1d9d92845f0f41a600e3967a1fd05ca69f2147a34
SHA256adaaf0c703641f6dbed30d101a5e23c17cc9454c36303394b9e28a52ea457471
SHA512ab08c8fc551d96c5f5cfa81b72f2ef8256c852c676cfb2c60a93f06dbfd07577679ddd0cc3356092ac91412e6442572f8af92cc467c4cde0475c4cbb918ae4d2
-
Filesize
83KB
MD5ed9f4c1cf33db08cac3c7ba7a973e61b
SHA1b0db47ca7be3df00d1585fdabe13fb983cfed04d
SHA256965f199679afa9b31d537d98c3ca8403afd6b9e58e1a463ae47697ae4bf12771
SHA512dc5f79944f9acf910d4af892d8a7c2368d2de29bf8ade2feecb056b2b3416d55bd22aacd16a7dc4488c4a1a5682409430f6f210e7396af4f14fd5f307ba1926c
-
Filesize
175KB
MD55cba92e7c00d09a55f5cbadc8d16cd26
SHA10300c6b62cd9db98562fdd3de32096ab194da4c8
SHA2560e3d149b91fc7dc3367ab94620a5e13af6e419f423b31d4800c381468cb8ad85
SHA5127ab432c8774a10f04ddd061b57d07eba96481b5bb8c663c6ade500d224c6061bc15d17c74da20a7c3cec8bbf6453404d553ebab22d37d67f9b163d7a15cf1ded
-
Filesize
129KB
MD5ab19e3dd4731ed075589abadcde68991
SHA1b51ed4059d7d0ec7cbd5b34767e310bdee9cb4d4
SHA256697d05cac7c167c00ccf22ea4fdbc7a8db93ab9c6421061191558e42478068c5
SHA5126aa9cb0e5cc9514d71bf7a2ab21d24a3fd5ef0eb0f0e7bf26a4a807914c7a3cadf73e1bd6cdd9f31d8594b72272eaccc79632f9dfd9534da5c8217d0eb0e9cda
-
Filesize
273KB
MD590071379b9e53b2d1834d49f4fd804ec
SHA1c4cde25cff9cbf90c55bf908bdaa8a14a82311ad
SHA25690045140e45edcfe4f4859b3190184faff1249220011330a9d01319745766607
SHA512a67feade76fda58faa8a9842f6a07d8b12eb477c5baaf51f323de90fdcc8c5f62f2a756f30e1ea494b95eaaededbbe95f2aaf6659175e6e141057af0aac6f514
-
Filesize
133KB
MD5a52f49f8fc408a15e0717c1d7bd1c803
SHA145b8ffa6f2e04494c274cb2fb176af60091b1092
SHA2566fcc5528ce81f4514fb11cc7248080fd335a3c60d898e845d3341ee589887da1
SHA512fb2a5d88f43b2370681de2e46042e7568ccb503568473ceec1c993e9e936b275ee3b4ab968a12740e567604d2490b252104c8a9aa079644ff935693ec8afc745
-
Filesize
68KB
MD59ec1021fa8a3c252e1f805ac7f172753
SHA1773a3069dfb3711cb6f07c1c4dbfbab8b7c779d1
SHA2561430e4a2ed19eda840668a292c39ff44488b598f53e903a61739a86b779ecbfe
SHA5120940c59f5c1c4afe5457d16aa5053aa7e27de1ac2748de5a0614ec01d630f76d75a86159260a6c53209d098da16d50fa0c4ee3427c04a38180fe9eccc4e6b034
-
Filesize
156KB
MD5d165b7b9a127f66704ceaa196be319e5
SHA1ee3de55b32d1357599cef86df35e307477038a15
SHA256b78f5a8476139ff04731046459efd047bb8f52dc92c5b2082eabf2929c0ca02d
SHA512b99214ce14899656f9c0fd23b219d06de383aff95b344def145a9304c47e41b1645bd3544f4fb83ac070d42951de228873a99feb98948910fdd0e7fcc54a3122
-
Filesize
36KB
MD525fc0102fdb08c54e6bd72c0b11b1a4c
SHA12dc0d9a3bbcfef184699c147ac2cfa2fcb40a7b8
SHA2567b21c5b0ebee82b0d85724f245857d65e23f82c6aaf392efcd4f800462025d92
SHA51289640ff838030ca75309184bcf1ad58a8ad3a917564a4185675bc7494630bbfc5b821dfab53081b5a786553aae89958b057c369b4d56af12ccb0fcea983e3d03
-
Filesize
56KB
MD54a721637bc0c8b53d13485f5030da7b5
SHA17424dde1d136649e68b1f13cd0e738a1d428393a
SHA256fae5e0e822434da7b1707b9ae4c77b8fa7d1d7b810e7e2f5cacf04449c714086
SHA512fff4270fd6d759d31ae6784510208ab4d2eb0b454799d393f4d2155a6dad9c8b836233eb3d233002491019bbeba87e9e862c8eee608a51a0f83194a9a5110e13
-
Filesize
33KB
MD58fc4810cff733e6f17a7530d3fb67d58
SHA120163031892c87a67169f4ae25115e4e33845626
SHA25608050f94efe7bdd9d7cbe85b1196de391cac1b30f4a4918610cb174ae529a5db
SHA512c45ebdb450f30d034ba113729ada2a006baa2ad8c7a83cc59ee55e6fd10511d6f663b1d7f24fbcd493884a84cbedd1368e3a2136ff7da58fb47394147b021f45
-
Filesize
84KB
MD5c2938dbdcdaba1ccbefee37f6a06cd0c
SHA1944cb024144f327ba517ccf72af9bb9a79b8b23e
SHA256c63e8e6a369cbe86e57c9823fb48bc5d4e7bb18455b9b001986b4768c49007da
SHA51279e9f40665b7049c9feb04742a91c8c88749c1998794f1a51ac7b47a5f5ac3c1a2b441dcb9cd126e395581d9553305c24356b54d81d0a9fbecb41a4341af776f
-
Filesize
127KB
MD5540980b7e2a93b434819c736aca01c68
SHA1f2d19b38b466a5c03fdc329ad064b23d8fc4cb18
SHA256443b801d2a372b67155044a928be68af0a677d1302655e5599131180ddd87659
SHA5123a3adc84efaeaecfd77aa78adbb9d8067c69b318d4aa219beebb0c502aa477dcb721f11d6090b314e75e8cb6941edadbaf644a5bb8a41d400b9294eb95477144
-
Filesize
177KB
MD5893ee1e905ec5a1f74b10d73a8b94e6a
SHA123d6eb756eb48c1632b02a24f53aacf71bdfa409
SHA25611572f6eb63e43cdc2908812506ffcdab21be2be5931f1e38d856c15f5a79e6c
SHA512237c9b37f4b44ae37726f3fef750f6eda65b9d8a540f386c5a43e1bcef400dfed0f9f37f2dc4042fe0c4fec0ed9aeb700797396bae2e5f052525851760288b61
-
Filesize
67KB
MD53aa9cd197097575a1cd85c4b60b1489c
SHA1973644b7c6c66e0c0ac0bb6f82600c1e62669ab8
SHA256574549683a4298335bdb8761ec6eaa11d56e366b618b5ab0b701b5fe2dda48aa
SHA512b616be273ac160f3c344fee6506f3f90948aa2fb12ac09da5a02e3ef8292614d7257a91b5607978675905ee377aef0640e75d43b5ed70d3799313a6793f17607
-
Filesize
27KB
MD58cdd2cc12be9491bf150e366e81217be
SHA16567dba49c9bac718a1badb504fe83b1d3755c66
SHA2566a3e6d89e71a803609e6e765a592011427a5b6e7a4766bbca7790b601bb66dbe
SHA512c573f46295699a7314dde633b04e331f292aeafb36f813055144c95f24bc386ce23704980e3cb6a491d4a05e207cf2517526fd0c602b53cf514a7c2b8d27a338
-
Filesize
39KB
MD5609206d81f38626f1c022d1a0ff1466b
SHA1cef724eceae7995d425c169912e292ac43572ed7
SHA256a7cc096244a497219269a3ee1cf2526a2b613d73fa566749f8f2408f5f4117d4
SHA512e973f30ee976b580913f3a5c2d762364897054f958fb26236eeccd17832cce0bfa1bc04c0981d221c0536f5c9b1d21551ec12a873cbae64fc6b50634dc9d0166
-
Filesize
1.3MB
MD50414707680d8d7de3f9dbe4afe12470f
SHA1f45e8ecb11b8300862a5f68aec382f69f2eea1c6
SHA256ec0b8a00bfb4ebc1c86297c7dd47efe3a0ce9976a71da1b01647d7ac55d61eb0
SHA512a7b00d925b7751555bab41554798e858b0f6a086c093aa1e68c10c62254ac5d3d15200f0ad755883bac306b701c2e3c9045ae9a388fa20861c9215fbc5f53dd1
-
Filesize
5.0MB
MD5ae5b2e9a3410839b31938f24b6fc5cd8
SHA19f9a14efc15c904f408a0d364d55a144427e4949
SHA256ccfffddcd3defb8d899026298af9af43bc186130f8483d77e97c93233d5f27d7
SHA51236ea760a7b56ea74174882155eddfb8726828240fcfc6b34d90ecdb7e50a7e632374dcbc9b2889081c0973cc51f50967e7d692498c4abd1f2cba3f7fe8d659cc
-
Filesize
38KB
MD50f8e4992ca92baaf54cc0b43aaccce21
SHA1c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA5126e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978
-
Filesize
776KB
MD58d4805f0651186046c48d3e2356623db
SHA118c27c000384418abcf9c88a72f3d55d83beda91
SHA256007142039f04d04e0ed607bda53de095e5bc6a8a10d26ecedde94ea7d2d7eefe
SHA5121c4895d912f7085d6e46f6776034c9e3d8d7bf934be858683bf6dedb13abca360ba816d8a5528ec7a3ac6e33010fdb6fc89b2699b5cfeedaabfdd5df143dffd1
-
Filesize
199KB
MD5feb79984518146b9703d3913d54f2106
SHA16a4eb8d7e593f008308f05bf26f7caf7d76a1716
SHA256567f19a92479e66b652ffaadbddba26b7c5dda43d5e97c67a4a76a076021b736
SHA5124b5a67c38aa149cde71ccc1171cd55af8a12a66d514f63fb543005d9ee8f19226f839d28782187a0e46e0f205e3307e4e0739e1b2bd64c0e99e0af794c1836e8
-
Filesize
70KB
MD5c947a886e61ad18d052840e095aaa5fc
SHA14a2d0092e50757e0b951565c02dd541ab48da96e
SHA25685d02d4c7e28c0f183415dc2be5fe8e06aa7fa0567673c75c65c0031f59e1e8b
SHA512d4b3d769fa4c22e914e12ac8b63263bacda72b351bea5bd53ba1d0fd6a6c57c98fc392645170f26e7c84fdf855fbe587615f4f3b1f150285420f5b26bda2da0a
-
Filesize
5.8MB
MD55acd4d4f35e13ef79c883ace05c4eaf5
SHA103a2944b87b8a6fe0bff5336978ed6558deda5a2
SHA2560565965617d94274d7f2c2958d0bef33392cd9d2f346f99d8e1bedbdf264ee85
SHA512f1bb13fac80f28e2419479ee14e41dbcba8fbdc0ca3698d01a8ccddf2bc2fe3a4cf90acf2fd42e4a2f1ec49751d0c66cbc7b59fb8a43fc4dcb7b892cae76e525
-
Filesize
133KB
MD57b4bd20267c93e35c49c32aad05b6b15
SHA1860a10d04c8764f540ed34cf08e06f32b7b37611
SHA25690ba935a0145ee9ae56267a365cc0088d34fa506b7afeb2bd1bd78cd33359605
SHA5129e05566461d9be1a234057e1ae9979b6d022189cb49b2c264c9ad253abec0f0235919f24159638accc45fa3e75ab324db8edf737e72db1efda2cfa589531ddfb
-
Filesize
32KB
MD5e5728d041bfb1841fc460db4027a2952
SHA171e6aaa90e905a72ac83450796af4fb2bb3503d7
SHA256d1e486de9653640be7c3a9bed04aa716b29ea76a69e1de758dd9fa708f2c9d38
SHA512a53efe3872b035445b7d66a71dffb690cfd00ff6296af25d0dbdfe92c904a8d06442c91e9638b2d5e54420f6998220d65f39b35ef3c1a87e812e9deea1967ab9
-
Filesize
1KB
MD54ce7501f6608f6ce4011d627979e1ae4
SHA178363672264d9cd3f72d5c1d3665e1657b1a5071
SHA25637fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b
SHA512a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24
-
Filesize
1.5MB
MD58d5b3e4d55c16910619125e497272d65
SHA180e78e1d734c0860e24c85af5c73308a12ac9571
SHA2568f3adef8fc3f3870ec29c927d7e418a176326eb234d6589d67518cef389cb28f
SHA5126f276b430f02b9e1b74e7bca5b5d0db54be136242b926fc4a3ee557f00da122d50dfaa5d801733ca917b4e84511b2bc922e027515578b05d61b29afc1546d01c
-
Filesize
1.8MB
MD5fa83a807131f3d4a6070eb884e682ad1
SHA1226bf1cd0fc289034d9579c95ee0fe4df50cc6b8
SHA256a308beae8555cff5ac2aff7eaf0aef40b5fe173f047e246dc49da9a4d3ef62f9
SHA5126e86f3725bb68af581e3e1b917c950f255e0f4348256fc02d8a560159cd225fe28303da2554c205636f2f82b9757072bf0c3460116bd7b09ef0bf01cc46125a2
-
Filesize
1.5MB
MD50da8eb1421517029c8d986519b0e5c63
SHA1daa8395b9d691b5dfbdaa1f63256555a14010891
SHA25620f4876506bce7f89e53570e64fd1dce30a64548326b45f372871c7019560df4
SHA512f729f812901cc023111989d6e1eaa639d2ed2283bdb852c91abc283dee3d785295d3191f70f2ef535d268d454279a7ddd0339993f06be21b62d43d8ab27d70af
-
Filesize
695KB
MD50a3be15d03e1c55c4df0c7e4fa4005bd
SHA1a8b30adb77dccd9b7bdc1ec3b1800127e586e3f6
SHA256e7d0375a7064b1c8916cca7cabf7e3df559fc8463dfdf831f403e95c79499121
SHA5122a408d178dd0261dfeccfb791fe05a40caedc64b7ad6cd543fafd31d1e676721240020ad43f26cd8adf94a8c3e68522fc96ebb0f987fe0ba15b9287aac1242b2
-
Filesize
130KB
MD5747fc8b90e33f5e9048bcf26788b9169
SHA1ac30aae15bea0514c7730b007b68dd841a7f3ddc
SHA256b1b1bb33af9cc14749936b1f6bac36b2ffc494ec1a5fb8b12fc9180a6454f545
SHA51251416cda9a18f113d46c3cb06e7ed85717c64325156be16c4fc78bddc7a06f0e845b3fedd2c1ca6c965517530d9cbb9b9497dd1b309bc16011d2e1499bb5d082
-
Filesize
142KB
MD5eb3af30a0981219d851e6506db106bc2
SHA1fd7b1b01dc01a7f32bd51f9a31bf717f4d55d09c
SHA2561dd27f0411ebb31bd148a61589cee254410915f1e6c37aa3ffa52fac71a5426c
SHA5128f55f4a86b747b5570d0f539c95dc1677eeba52bcd01850e8d86998b3415b99c92566ad9ece0e46b50e0e3a7eed6a4fe09604ec295f36f9bebf6e8f407ace468
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
1KB
MD573d602a775b810ed33923eae2406af6e
SHA1e4d999ce942b502c9e52007d8b41e68a26c61c5e
SHA25638050e2e35c0add722e0a88f898ba6b316af1ba6a2f8e0fbd5ebd57bee1b97ea
SHA5124a26cd356d3a285d71525d96f73aa82fe25f0262546c8a40454b1547e6a2943d1b7f29f2e99a8cdca60f737dc0507055113f5043b872d199481c80c2a5f93b51