| File name: | 88c9f499a1ab9d599ea61c85ed1ef99d9200f9a42e05b5c324bf683162351d5b.bin |
| Full analysis: | https://app.any.run/tasks/0cd86501-2840-46d0-81ab-09565472a0ae |
| Verdict: | Malicious activity |
| Threats: | A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. |
| Analysis date: | July 01, 2025, 11:24:39 |
| OS: | Windows 11 Professional (build: 22000, 64 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/zip |
| File info: | Zip archive data, at least v2.0 to extract, compression method=store |
| MD5: | 00CF10520622BA599429E5D65EDC1018 |
| SHA1: | A8DBB351599067B99DC0585763FABA7D7A0A5F3F |
| SHA256: | 88C9F499A1AB9D599EA61C85ED1EF99D9200F9A42E05B5C324BF683162351D5B |
| SSDEEP: | 196608:BlZe40OZnvihh/UHEF2T0hBTRQm5u8c/TopzOJipWJ54CxGzVyR:BlU404vO/F9hBNQm5rc7Gz/1CpR |
MALICIOUS
Generic archive extractor
- WinRAR.exe (PID: 1460)
SHEETRAT has been detected (YARA)
- InstAccountsManager.exe (PID: 152)
SUSPICIOUS
Reads security settings of Internet Explorer
- WinRAR.exe (PID: 1460)
- InstAccountsManager.exe (PID: 152)
Reads the Internet Settings
- InstAccountsManager.exe (PID: 152)
The process checks if it is being run in the virtual environment
- InstAccountsManager.exe (PID: 152)
Potential Corporate Privacy Violation
- InstAccountsManager.exe (PID: 152)
Reads the BIOS version
- InstAccountsManager.exe (PID: 152)
Read disk information to detect sandboxing environments
- InstAccountsManager.exe (PID: 152)
INFO
Application launched itself
- msedge.exe (PID: 4076)
- msedge.exe (PID: 2320)
Executable content was dropped or overwritten
- WinRAR.exe (PID: 1460)
Checks supported languages
- InstAccountsManager.exe (PID: 152)
- identity_helper.exe (PID: 800)
- MiniSearchHost.exe (PID: 3940)
SQLite executable
- WinRAR.exe (PID: 1460)
Reads the machine GUID from the registry
- InstAccountsManager.exe (PID: 152)
Create files in a temporary directory
- InstAccountsManager.exe (PID: 152)
The sample compiled with english language support
- WinRAR.exe (PID: 1460)
Reads the computer name
- MiniSearchHost.exe (PID: 3940)
- InstAccountsManager.exe (PID: 152)
- identity_helper.exe (PID: 800)
Reads Environment values
- InstAccountsManager.exe (PID: 152)
- identity_helper.exe (PID: 800)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .zip | | | ZIP compressed archive (100) |
|---|
EXIF
ZIP
| ZipRequiredVersion: | 20 |
|---|---|
| ZipBitFlag: | 0x0800 |
| ZipCompression: | None |
| ZipModifyDate: | 2025:06:20 20:24:28 |
| ZipCRC: | 0x00000000 |
| ZipCompressedSize: | - |
| ZipUncompressedSize: | - |
| ZipFileName: | InstAccountsManager/ |
Total processes
153
Monitored processes
38
Malicious processes
2
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 152 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa1460.40688\InstAccountsManager\InstAccountsManager.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa1460.40688\InstAccountsManager\InstAccountsManager.exe | WinRAR.exe | ||||||||||||
User: admin Company: Perfect.Studio Integrity Level: MEDIUM Description: InstAccountsManager Version: 2.5.1.9 Modules
| |||||||||||||||
| 800 | "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5940,i,4514588349724548771,12580253089067331623,262144 --variations-seed-version --mojo-platform-channel-handle=5960 /prefetch:14 | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: PWA Identity Proxy Host Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1156 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3428,i,4514588349724548771,12580253089067331623,262144 --variations-seed-version --mojo-platform-channel-handle=3464 /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1236 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6092,i,4514588349724548771,12580253089067331623,262144 --variations-seed-version --mojo-platform-channel-handle=6524 /prefetch:14 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1272 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1776,i,14401362865263759595,9050923224629996114,262144 --variations-seed-version --mojo-platform-channel-handle=1768 /prefetch:2 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1460 | "C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\Desktop\88c9f499a1ab9d599ea61c85ed1ef99d9200f9a42e05b5c324bf683162351d5b.bin.zip | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.91.0 Modules
| |||||||||||||||
| 1508 | "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=4792,i,14401362865263759595,9050923224629996114,262144 --variations-seed-version --mojo-platform-channel-handle=4816 /prefetch:14 | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: PWA Identity Proxy Host Exit code: 3221226029 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1668 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4116,i,4514588349724548771,12580253089067331623,262144 --variations-seed-version --mojo-platform-channel-handle=4152 /prefetch:9 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1668 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.92 --initial-client-data=0x27c,0x280,0x284,0x274,0x28c,0x7ffc90bbf208,0x7ffc90bbf214,0x7ffc90bbf220 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 133.0.3065.92 Modules
| |||||||||||||||
| 2320 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://perfect.studio/registration?from=FREE_InstAccountsManager | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | InstAccountsManager.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
Total events
11 549
Read events
11 451
Write events
95
Delete events
3
Modification events
| (PID) Process: | (1460) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
| Operation: | write | Name: | ShellExtBMP |
Value: | |||
| (PID) Process: | (1460) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
| Operation: | write | Name: | ShellExtIcon |
Value: | |||
| (PID) Process: | (1460) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\omni_23_10_2024_.zip | |||
| (PID) Process: | (1460) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\chromium_ext.zip | |||
| (PID) Process: | (1460) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop\88c9f499a1ab9d599ea61c85ed1ef99d9200f9a42e05b5c324bf683162351d5b.bin.zip | |||
| (PID) Process: | (1460) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | name |
Value: 120 | |||
| (PID) Process: | (1460) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | size |
Value: 80 | |||
| (PID) Process: | (1460) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | type |
Value: 120 | |||
| (PID) Process: | (1460) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | mtime |
Value: 100 | |||
| (PID) Process: | (1460) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
Executable files
19
Suspicious files
282
Text files
83
Unknown types
40
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2320 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\9d139ce4-087b-4fbc-a398-d054bd004768.tmp | binary | |
MD5:747A8726AA0DE2E4BBB934AA2C993F1B | SHA256:DE03DCDC9FF9A880C12AB634DBCA5541364C6FCAAD24AD1817C19772C385EBDD | |||
| 2320 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Profile 1\Preferences~RF13eee7.TMP | har | |
MD5:02E60EA32D3FBBAFE0921BF1D2BBC7B2 | SHA256:D7DB183C78185682DD3D44E063832D1FEAA0706456F2D5133262EF969D382914 | |||
| 2320 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RF14223c.TMP | binary | |
MD5:4EE3F503D16645CF4FDB143EBCCADE4A | SHA256:BF48268428B54445DF8DF0A034A74A4245AE5C3D86F67BCD5DCA654DF8248E97 | |||
| 2320 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\81d7eac9-1221-4ac1-b301-087140f40ece.tmp | binary | |
MD5:28BBC59C65D3F50CE3B4E130A21CDB8A | SHA256:100ED5250DAC027C2AB31E51A5E7AA5A84F3F3FC9C2762155B8C26F8F3C05942 | |||
| 2320 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RF143cf8.TMP | binary | |
MD5:8352F7D8126A42775B3B73180DE82B5C | SHA256:A1517FFBFE2F569199DA1681B3BB9F5EF11C6A36AC7E976D5C1B1837C129B37B | |||
| 2320 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\4e042787-1b16-4d9e-b90c-98300a74ebe4.tmp | binary | |
MD5:8352F7D8126A42775B3B73180DE82B5C | SHA256:A1517FFBFE2F569199DA1681B3BB9F5EF11C6A36AC7E976D5C1B1837C129B37B | |||
| 2320 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\bcd45f99-5028-4879-903f-e60d5fde2c6f.tmp | binary | |
MD5:41C1930548D8B99FF1DBB64BA7FECB3D | SHA256:16CEE17A989167242DD7EE2755721E357DD23BCFCB61F5789CC19DEAFE7CA502 | |||
| 2320 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RF143ce8.TMP | binary | |
MD5:9AD0B6796B336C23767FC5A8E66A2A3E | SHA256:FE3E6BF854401FFDAAD7291D82DD868FFACE216404C118CDB512FF858321B6F3 | |||
| 2320 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\2dcd2abd-0192-4621-8f87-b5ef3f8dc6ff.tmp | binary | |
MD5:482B1E0E4ABA935AB76B1E833322030E | SHA256:E72A4FE75683B5AA4358BBCB41EAF619FEFC26CA180EDFA2A7806D28F362E921 | |||
| 5420 | msedge.exe | C:\Users\admin\AppData\Local\Temp\chrome_Unpacker_BeginUnzipping2320_424962113\protocols.json | — | |
MD5:— | SHA256:— | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
19
TCP/UDP connections
76
DNS requests
76
Threats
9
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
152 | InstAccountsManager.exe | GET | 200 | 172.67.69.60:80 | http://perfect.studio/update.php?type=check_connection | unknown | — | — | unknown |
152 | InstAccountsManager.exe | GET | 200 | 172.67.69.60:80 | http://perfect.studio/commutator/check_connection?tool=IGam&version=2.5.1.9 | unknown | — | — | unknown |
152 | InstAccountsManager.exe | POST | 200 | 172.67.69.60:80 | http://perfect.studio/commutator/download?tool=IGam&version=2.5.1.9 | unknown | — | — | unknown |
6208 | MoUsoCoreWorker.exe | GET | 304 | 199.232.210.172:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?228f185f65704b7e | unknown | — | — | whitelisted |
1340 | svchost.exe | GET | 200 | 2.23.77.188:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
2540 | msedge.exe | GET | 200 | 150.171.28.11:80 | http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:y5qmLBGeMXil0de6ahJkJ4krbAaKqKMHhFNJ6Ljxil8&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 | unknown | — | — | whitelisted |
1524 | svchost.exe | GET | 200 | 2.16.168.102:80 | http://www.msftconnecttest.com/connecttest.txt | unknown | — | — | whitelisted |
2540 | msedge.exe | GET | 304 | 142.250.186.163:80 | http://i.pki.goog/gsr1.crt | unknown | — | — | whitelisted |
2540 | msedge.exe | GET | 304 | 142.250.186.163:80 | http://i.pki.goog/r4.crt | unknown | — | — | whitelisted |
2540 | msedge.exe | GET | 304 | 142.250.186.163:80 | http://i.pki.goog/gsr4.crt | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
304 | OfficeC2RClient.exe | 52.109.76.240:443 | officeclient.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
— | — | 52.109.76.240:443 | officeclient.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
2392 | pingsender.exe | 34.120.208.123:443 | incoming.telemetry.mozilla.org | GOOGLE-CLOUD-PLATFORM | US | whitelisted |
6684 | firefox.exe | 34.120.208.123:443 | incoming.telemetry.mozilla.org | GOOGLE-CLOUD-PLATFORM | US | whitelisted |
2860 | svchost.exe | 104.46.162.227:443 | v20.events.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | AU | whitelisted |
1524 | svchost.exe | 2.16.168.101:80 | www.msftconnecttest.com | Akamai International B.V. | RU | whitelisted |
1688 | rundll32.exe | 4.231.128.59:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
5268 | svchost.exe | 104.102.63.189:443 | fs.microsoft.com | AKAMAI-AS | US | whitelisted |
152 | InstAccountsManager.exe | 172.67.69.60:80 | perfect.studio | CLOUDFLARENET | US | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
officeclient.microsoft.com |
| whitelisted |
incoming.telemetry.mozilla.org |
| whitelisted |
telemetry-incoming.r53-2.services.mozilla.com |
| whitelisted |
www.msftconnecttest.com |
| whitelisted |
v20.events.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
fs.microsoft.com |
| whitelisted |
perfect.studio |
| unknown |
settings-win.data.microsoft.com |
| whitelisted |
edge.microsoft.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
152 | InstAccountsManager.exe | Potential Corporate Privacy Violation | ET INFO PE EXE or DLL Windows file download HTTP |
152 | InstAccountsManager.exe | Misc activity | ET INFO EXE - Served Attached HTTP |
2540 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare Network Error Logging (NEL) |
2540 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare Network Error Logging (NEL) |
2540 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge |
— | — | Unknown Traffic | ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW) |
1524 | svchost.exe | Misc activity | ET INFO Microsoft Connection Test |
2540 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge |
— | — | Potentially Bad Traffic | ET INFO Possible Chrome Plugin install |
Process | Message |
|---|---|
InstAccountsManager.exe | Native library pre-loader is trying to load native SQLite library "C:\Users\admin\AppData\Local\Temp\Rar$EXa1460.40688\InstAccountsManager\x64\SQLite.Interop.dll"...
|
InstAccountsManager.exe | SQLiteVersion: 3.42.0 | 2023-05-16 12:36:15 831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0 | INTEROP_EXTENSION_FUNCTIONS INTEROP_FTS5_EXTENSION INTEROP_JSON1_EXTENSION INTEROP_PERCENTILE_EXTENSION INTEROP_REGEXP_EXTENSION INTEROP_SESSION_EXTENSION INTEROP_SHA1_EXTENSION INTEROP_SHA3_EXTENSION INTEROP_TOTYPE_EXTENSION INTEROP_VIRTUAL_TABLE NET_20 PRELOAD_NATIVE_LIBRARY THROW_ON_DISPOSED TRACE TRACE_PRELOAD TRACE_SHARED TRACE_WARNING USE_INTEROP_DLL USE_PREPARE_V2 WINDOWS
|
InstAccountsManager.exe | OnMapSizeChanged, w: 953, h: 633, size: {Width=2, Height=2}
|