Malware Analysis Report

2024-10-10 10:00

Sample ID 240616-m545csvcml
Target Stealer.exe
SHA256 3aa5fd9be59e523761738140b7a5906a3672a3b75827dad09911e3280f98680d
Tags
umbral stealer execution spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3aa5fd9be59e523761738140b7a5906a3672a3b75827dad09911e3280f98680d

Threat Level: Known bad

The file Stealer.exe was found to be: Known bad.

Malicious Activity Summary

umbral stealer execution spyware

Detect Umbral payload

Umbral family

Umbral

Drops file in Drivers directory

Command and Scripting Interpreter: PowerShell

Deletes itself

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Runs ping.exe

Enumerates system info in registry

Detects videocard installed

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Views/modifies file attributes

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 11:03

Signatures

Detect Umbral payload

Description Indicator Process Target
N/A N/A N/A N/A

Umbral family

umbral

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 11:03

Reported

2024-06-16 11:07

Platform

win10v2004-20240508-en

Max time kernel

144s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Stealer.exe"

Signatures

Detect Umbral payload

Description Indicator Process Target
N/A N/A N/A N/A

Umbral

stealer umbral

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Stealer.exe

"C:\Users\Admin\AppData\Local\Temp\Stealer.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 gstatic.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 gstatic.com udp
US 8.8.8.8:53 gstatic.com udp

Files

memory/3400-1-0x0000014EB6B80000-0x0000014EB6BC0000-memory.dmp

memory/3400-0-0x00007FF8E4853000-0x00007FF8E4855000-memory.dmp

memory/3400-2-0x00007FF8E4850000-0x00007FF8E5311000-memory.dmp

memory/3400-3-0x00007FF8E4850000-0x00007FF8E5311000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 11:03

Reported

2024-06-16 11:07

Platform

win7-20240611-en

Max time kernel

70s

Max time network

198s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Stealer.exe"

Signatures

Detect Umbral payload

Description Indicator Process Target
N/A N/A N/A N/A

Umbral

stealer umbral

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\Stealer.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\system32\cmd.exe N/A

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\wmic.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2072 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\Wbem\wmic.exe
PID 2072 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\Wbem\wmic.exe
PID 2072 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\Wbem\wmic.exe
PID 2072 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\system32\attrib.exe
PID 2072 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\system32\attrib.exe
PID 2072 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\system32\attrib.exe
PID 2072 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2072 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2072 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2072 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2072 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2072 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2072 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2072 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2072 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2072 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2072 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2072 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2072 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\Wbem\wmic.exe
PID 2072 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\Wbem\wmic.exe
PID 2072 wrote to memory of 2960 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\Wbem\wmic.exe
PID 2072 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\Wbem\wmic.exe
PID 2072 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\Wbem\wmic.exe
PID 2072 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\Wbem\wmic.exe
PID 2072 wrote to memory of 308 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\Wbem\wmic.exe
PID 2072 wrote to memory of 308 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\Wbem\wmic.exe
PID 2072 wrote to memory of 308 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\Wbem\wmic.exe
PID 2072 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2072 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2072 wrote to memory of 2708 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2072 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\Wbem\wmic.exe
PID 2072 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\Wbem\wmic.exe
PID 2072 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\System32\Wbem\wmic.exe
PID 2072 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\system32\cmd.exe
PID 2072 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\system32\cmd.exe
PID 2072 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\Stealer.exe C:\Windows\system32\cmd.exe
PID 1376 wrote to memory of 2296 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 1376 wrote to memory of 2296 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 1376 wrote to memory of 2296 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\PING.EXE
PID 2760 wrote to memory of 2396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2396 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 900 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Stealer.exe

"C:\Users\Admin\AppData\Local\Temp\Stealer.exe"

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" csproduct get uuid

C:\Windows\system32\attrib.exe

"attrib.exe" +h +s "C:\Users\Admin\AppData\Local\Temp\Stealer.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Stealer.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" os get Caption

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" computersystem get totalphysicalmemory

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" csproduct get uuid

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER

C:\Windows\System32\Wbem\wmic.exe

"wmic" path win32_VideoController get name

C:\Windows\system32\cmd.exe

"cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\AppData\Local\Temp\Stealer.exe" && pause

C:\Windows\system32\PING.EXE

ping localhost

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5799758,0x7fef5799768,0x7fef5799778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1424 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2192 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2204 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1136 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1128 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3480 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3632 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3880 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x140257688,0x140257698,0x1402576a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4008 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:1

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Windows\System32\drivers\etc\hosts

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Windows\System32\drivers\etc\hosts

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1552 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1888 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3940 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2132 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3864 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3928 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2380 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3984 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4044 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4020 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3904 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3916 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2024 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3852 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2288 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=1472 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=2284 --field-trial-handle=1208,i,15104983900301896744,7480345003769875221,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 gstatic.com udp
GB 172.217.16.227:443 gstatic.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 discord.com udp
US 162.159.136.232:443 discord.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.180.14:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.180.14:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.180.14:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn3.gstatic.com tcp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.213.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 www.google.com udp

Files

memory/2072-0-0x000007FEF59C3000-0x000007FEF59C4000-memory.dmp

memory/2072-1-0x0000000000B50000-0x0000000000B90000-memory.dmp

memory/2072-2-0x000007FEF59C0000-0x000007FEF63AC000-memory.dmp

memory/2032-7-0x000000001B210000-0x000000001B4F2000-memory.dmp

memory/2032-8-0x0000000002470000-0x0000000002478000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

MD5 d0e6003223171ca4af5d62c2efa127b8
SHA1 48fc5139eca3bad57a5333daf7ab692a61d1420d
SHA256 34f24f059695e869c6ce87ae6556be4e937dac6ddd129a6253a7fa1ff29e16bb
SHA512 8a26dd07438b134d65d5d79c2529f109b57df973bab539def8d6aac51cd7bbadc6bd2dff0d73332f8090afd58739adff7362727eca1ba1cebf96fc4f5fab1e74

memory/2476-14-0x000000001B400000-0x000000001B6E2000-memory.dmp

memory/2476-15-0x0000000002410000-0x0000000002418000-memory.dmp

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2708-46-0x000000001B2E0000-0x000000001B5C2000-memory.dmp

memory/2708-47-0x0000000001E40000-0x0000000001E48000-memory.dmp

memory/2072-52-0x000007FEF59C0000-0x000007FEF63AC000-memory.dmp

C:\Windows\system32\drivers\etc\hosts

MD5 577f27e6d74bd8c5b7b0371f2b1e991c
SHA1 b334ccfe13792f82b698960cceaee2e690b85528
SHA256 0ade9ef91b5283eceb17614dd47eb450a5a2a371c410232552ad80af4fbfd5f9
SHA512 944b09b6b9d7c760b0c5add40efd9a25197c22e302c3c7e6d3f4837825ae9ee73e8438fc2c93e268da791f32deb70874799b8398ebae962a9fc51c980c7a5f5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 245b3ccfd5f589039f20897e9c8dfed0
SHA1 61b348837d84cb34d51d45b887aac76e789a97fe
SHA256 dc9e9cb365b1f3979063842b0ae406e3b54966a69d6d6a29cbbb154358ab092c
SHA512 fa2ec504773e04696878a5f21d978e1ebec5e99d75ffadd56a8c826354b8b571a39073b17f00648f2dd10c69f9ec90641de36affe27b9d7a0f5e7321c587591c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4e06fdd05dc47c3fe5ea067a03c5fa89
SHA1 fcda4f32903648aa37f8aec37da76a025252376f
SHA256 b07d2a551b6b61c6b94c25c6445a16fd03e73aeed666dec7f62dabe0ace0e5aa
SHA512 d4d8ebd6cd8e8cf354484002054f85c9e71fc9a93a6682dc3744bfe5e6b05519b95ecf1506add8b3da1436f7c5e1de9be64840b87748f07849c1c35fdbd71208

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 681df2a5677678ae08d5f4f7c10b59f0
SHA1 a2b20ce104b41075a583900a339591db1cf87327
SHA256 eea83edab17409581c0e72cc8cc62dc6b29f7086c270c2cf3298b8dd7876351c
SHA512 a4c410f9ca6efc94001d756d265dfc074730bdccc9d149b5fc55b7a700b021d7e69afc23bb5cb13b7d8e0fbc93c20c32b828f4d015e05502365ff3cb61f7745e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6462862e6c83b874344f0fee1facb33b
SHA1 6ecdcdef70f619891c6885cb405952ba234e39a0
SHA256 8de1a6bd8092c76cda244bc062eaf60a1d398f5ac207e6e323701ad10bf92905
SHA512 ae72948603f06da5b3dad7212edb84d2544293fe18a438760db2282d3f37fe721ba5fa4000bca8d3f7d9b84470717ede9f905883f1c196863e41d0ea2ade7046

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3ee33ea753338503aa1d41f48ff6a625
SHA1 e1d5c81a5139de07f54f703104e3b4d27db17786
SHA256 fbf437326a242ccf9a2d4c68a7acdf10dcc06a60c4b3dbb1a3a0bb2267208add
SHA512 3fcb267edff2453f358840ce2258e7627a4bc6757cccd646fec638f3bb034c80785f05ae337df943afcc4a5fe177660439032adb5e0315b72388316e30c789aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 f0c27286e196d0cb18681b58dfda5b37
SHA1 9539ba7e5e8f9cc453327ca251fe59be35edc20b
SHA256 7a6878398886e4c70cf3e9cec688dc852a1f1465feb9f461ff1f238b608d0127
SHA512 336333d29cd4f885e7758de9094b2defb8c9e1eb917cb55ff8c4627b903efb6a0b31dcda6005939ef2a604d014fe6c2acda7c8c802907e219739cf6dab96475b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 bb82f6b975721f7516c470271507feb1
SHA1 992a23f0dbd86734402fd9a29706436bc76fba1d
SHA256 495e8e7f53579ef9db3cde689bd31c4665ef84d900eed9f4a58887637eb26e69
SHA512 371f71a1b5376e5befc6fbb3d4cd1c2530aea5a87be2da08c8d0efad4b4aab338c2aee40880ece4442f284fc26ee94a8bd11cbd3cf2cc9f80c44a4e0ba9db036

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 dd242f4737b2737ecad98bc2028b544a
SHA1 065a4e6f50f16e5986df7f582d4839e59c4338a4
SHA256 cc8950f8d690094464d97041d919cab9ec3af790437c6e3febb754e245171cd6
SHA512 b393c7f0da53d9ae875743cb564b223b2031767844db1de296b6e652492bc29f8e19bae002b66e987c00b11009ac7df0bff7a36d661f7846e8bd8c9a0957a272

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 146419eaec3baf218e043b7a60619b7d
SHA1 f5994892cb49531c75fad96d29a1d23a849b9949
SHA256 19a1cf11d1ad89a4e06a9b8a8ba8666545629ab701ee17ea8404e508a24dc75e
SHA512 4928a6133b84a485812dbeecf14144deb308edecde286ca6d3790c5add57ab679b0bd6e2014223db2693104ff23004eaf34d05b6ebc95c264ed8e4caa7e80fab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0f3153f5f3739de46d014df285f3913a
SHA1 e75ba0a14cf8fe5e6522979641e0a9bf729b3d66
SHA256 d913247dbd19b809a504b069f3e8b620dd3d26c849cb06a1ad92dc3ea769fb29
SHA512 fcd298fbd4b8b3e2354995646cad9c0e6955429bea9e1b93f5b43e4dbe3cda06357c63d75f002da36e79303f19ecb6d609aa557436fb04ed3a75dd2fca00f979

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFf78abf8.TMP

MD5 8fc53b3ef0942f8c49f119c955c2eafc
SHA1 2b68e6eb1815003e956329fbf5a1df4a4d2cb6fb
SHA256 96fe7d6c0ba5ef6f6a99eb26b2264b478b6df73d2a8158cc8590a05d1aae03d9
SHA512 6cbf487d3695516cf75014c4621286f8fff113238dec28271406f9eeb2289d7f077d0d7c6caa62d2da69913b9a770881b1ed31f8b44390afabb3821cb3bd7ee0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 4f6cde0256be80943b63298152c32dff
SHA1 7e4e93ae5735e4e2fd9050423fcacd504d1fa61e
SHA256 7b3c3699e1a0314018dedb80283a67ca3197c766ce4434095ee3cfb56216eaf6
SHA512 68916e7825f52a1a6d2c6a5503b9604127fe4d8bed61150171652aee3cab5a7423c1cf8a4b1a955096a81580928fc0cfd164134590104dac706ce7859e30dda7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 39b289d515b131ddfd39538f223d27f3
SHA1 07d4e3e287665fea843031e798defb0e70dc010e
SHA256 323af417b13378f90ea206a6f62d85a27bf83288dfe53faeecaa6ffd853ef2d1
SHA512 ba2b843bf167cdb34abc7d084675aafe107285a85fddada6047bb3c87fe84d130ca4cb5183a35b76e91439b9e1f97b47f9bbb21343a21a40bb054cb39416c206

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 b06457c02f5a8ce25c5ecd443ef535fb
SHA1 eeb4701848b178117b2a4f3e57b6c0063027ad65
SHA256 97d32dbd7968b8b8f7c55dec5d0de15fc3de727b297c3b115bb1b4a015c2d0db
SHA512 ab5a9684fb61fe91b0fb7d0d27830450a0a22b482f129969e612574f3a67947c3a8f862dc4591b122e6e9dd4f9cc1f55852eb5d7e3e2c446c315ddb5ab8ac5c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 5c03be2b8cb2ec14efcce61aee87062d
SHA1 9f752a586d6910f0c00da8e543f91888d708824a
SHA256 28878872c4d1263dfdb494bb054d0a3dc13231d4236feef86bc00c0b8fd4d6e8
SHA512 91d5acc2e070b1a4ac20fa782334b0c6c84c4cafb6177c056bfb373c925a642b5ca32535a613ec10342ed8eaba4a17c7dd9f82df3672d492f91d73584a78a540

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 249b0de3d74b3884972b196617b574c0
SHA1 cdd95b4e9ab1ae8f29c9ecbaf0ed1989d09b86af
SHA256 38af6a677b432df7570d0811c1ab8f2bca749438ed89f51f301913434e5058cc
SHA512 c9f084f686b0a618b7447c98f9f0162fb2d0e553652aa0cee324cf9b250d2d538d168d57c3617b84cc0cca042a648bb8a18cc242d1cde151e3749bd0d2e7e3ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 953b46a98c0ab2b9829cd6b0e68dc911
SHA1 8980cbb1ce6c00d0344389ef1fe7087250958d37
SHA256 4ecd4ca8f12c3d7e742d373b27f8b8f0b74fb99a5745b16211d5fb7e222aed86
SHA512 603a9a182339382c4765f596d3c762d2fa5b1452218e8c1e4a1be89ba54ec8d7ed4d0ec2562b350679b3a1fa7c3aed319299c8a8248af1480f981655404cfa83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 f9b7dab2d07f4678677894ed2d68ec4d
SHA1 10940e81d5d854085d5fe80268a003b053f85951
SHA256 82f6c59d8670e981aa16bee012a742588b590a9b4ed87cbbb301179f06d17da8
SHA512 1c3c35136d61084e97fa4e136ac4213adf62366f38237ce165bb9a69610cb51f470fc1b2de86085fa3cd1646a15b0971ee65174feaa2ad43516e8aa412797590

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 e83d2cc3ae5aa608538432695f2812ec
SHA1 76284674c3a38a313fa0234df4872e1120a3bce5
SHA256 87ddab4115f08954e1037a7d4a6b94c5c8528122eed7b90d007b91f057030e55
SHA512 994340836cbfc52b4244ee1196adaf0bf19f987e3ea064f1faad3aef0ba7dbadc77a3d4d08c70fd73dbfa03140ffce15ad5f8bd67179bf492ed4127aceafa6bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b74fff7a058db7b0_0

MD5 40417e9aa3b0b8af313a7e142ec6bc31
SHA1 efe0549967c65c379f4e7c8fd40a099a6dca0cdf
SHA256 e705d572d01530a9868abf74d750af52d3544bc1e781b62a42bf27e6d5bb353e
SHA512 c3424db5bbc683f37092db84451e8daedc9d9fff5c103ed266e57e50b9d7539078776cf5188eea74f46f0e92456fe763318130c5d660bdc4cffb5a36c41b4189

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\68ae429aa1d289ce_0

MD5 998a8b667a2ecd3ec1726be213b4a41a
SHA1 e6c1edfbcbfceb905721b015dce25b9fab7a3516
SHA256 e601275e02d82da19d0f4746350149aec92338bd035ce65115417cb622c6eef0
SHA512 d43ba2cb10a914db021f2f6ec0820f2442318d50012ee428fbdb68b02001455cb9f8d3240ab6c644ca77230d8f2a9628f2b6bc4f80bda76248b5f3a0e44e8308

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b70bfb556ce18191_0

MD5 4e9e46427caaa52bdd77698217ded27b
SHA1 a055ab3a9ccb35286d147e7be236574dd95f3334
SHA256 f6baf8a54737c6332f5a4930160d501a4880e3179cbe261d214bf7a7a91e1fef
SHA512 53ecd20c3a39aa953cb78da111e9cb7b6d893cf38d422449770c885ce7d40a32665350fddcdaa9a35d5cb2423b26f279c4069fdbd9191075e7a6d550a831cee3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\80cead60731093cb_0

MD5 5af862b3e7660eae334ab5405a93b75a
SHA1 d230be5f87afd5c3c873a87ccc57f8bc83500abe
SHA256 6132d726157b966fb3e0e66b10bdbec8d9b469e79d9730cb193f996df4689b49
SHA512 dd94e3ffcca1c5d8cb53bbcbabe98f6cb125ccdad8880f0f02390351b2945d9b91ed74b898b383ae96360c544e63d71ae3f80af631c72e2b3d268153fd0a0e49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f6ffb796b4c9c11690c050c5b7d3824c
SHA1 9bd77623dfe9ab7a80c02002f988b62a6f747c62
SHA256 e4dbead62adcb47ad0478a56e96fae2f16204ce9e241ab70cf41a22e16c5a4fe
SHA512 97fe02ba1e60fc7b2c083825ac50a28b30d8af19903e9917c8a099b77ed7c7388f7be91d9e2845138c6499de0dae1f9b827c2dedcae26e3228fc125751988bd3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ba9d5b3cc17938af_0

MD5 01d37aa79d293472259eecab2bca09fa
SHA1 418f77446312b7d109178a2ac2400410649ccde1
SHA256 84ceff918940ebc46650581846cab4236ea06688bd68f7e30695b9b222b5872a
SHA512 196b5a1238c792ec7822b3475d9312bef4b3bdb40e504843936409a47b6b4a1371700a49744df672b0deb769f4c14a830b04e62f634647cb7acfb112176b2db6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\053bb0d85f1884f6_0

MD5 e1960ad4381905cb583cc4c95c1193f2
SHA1 5a45b272c4af6e86b26e542ad826a702bf728ee0
SHA256 475d25d509c688f8aa2be83bbe1acdc32df2c7772c7fffb34a1e97f11f5d7414
SHA512 0f7fcb0f917a6b58d27450e3bd2f590e26f462a8583a83d790656ffae2f54d748a56aead559b96f3291f57a3b32b92f0b6af5a62b2c1771340c9735ba247dabf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bc58b588b980a4d11ba7f092682f3e85
SHA1 067e67f9fb20bc09bab7054e0417c67f3670410c
SHA256 227ce156f139c8652d7830bf9b7e411a1cd71d566ef2887d662a07b1f96d0cff
SHA512 2d3d6791fc4ecf4c1dfb7f00d039a1e10b02e024a1ed271398932eed90a44d505cb472d457ca2e08acfda1c3a4f18033285024cf62c9266b8b0d10a460f73a2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 268a05e6ed083656ab62edc7b3b26567
SHA1 2fef09c398c1554ca3446419db63ee4fa18deb4d
SHA256 f06e9a3c5fd180dd79a932112552cf3ae48839dd637512cc18aed78e53ee0663
SHA512 f57ae8306e56aa26549314bb171f10f58088a3615209a079127fbe02a3ef5c0f202ab372bcd821ec388bd32461419e2fb5e5a98b7c458a74bda5f049894473cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bd4453f2426e9053_0

MD5 932ad3bea5edf3c310e520c39b26eb78
SHA1 a7be57d8603bd8b6f798a0be4d68a6c9402a11b9
SHA256 b871649546d520efb492d2c71768aa42c431b6d1660229f4302d83cd670c1bd4
SHA512 52c3141a02793f2ddeb10feca514c1407b94c1a007349ac17031c8a8e923e58d88e800b00796567cf8b93461008a7fa200113e47ef5f0559045b31c5548cfc8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5a0494dffeea882203dcaa18fa7cf0ae
SHA1 fbff6c977e518342531f644fc57d66783664ad2b
SHA256 d5cdc2eaada842a41043fe0a1e9527f72158e4a8680684311a92fd2e611e6d0d
SHA512 7b3f29089f57ba7338095850561e2f0a69ba81c64f2857904da8fd3577de73c4661cb00558e8e1a68023c527bbcd5c47e09b4c81e0a93c70251048196e8c3e81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0a4c955a240d26ba29f9fd4b60e97f05
SHA1 81074c11a96372aaafef4a3c4b9d3d35b7dbfe83
SHA256 fcf4e01e1efe15c9e5ffd03a29ee7dac3fc1ef7d7d0bcdda8356c5fb9f7d32f7
SHA512 25162e0ebb12c8a609e8b8e9a721619bf85eb963943018d7bb8be2c78539066aaba7f3be8cd38506c6b9bb1b6dcc8662276d58b2751863aa7ed9ef240c872371

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0945db97189a852f0c03ed0644a20468
SHA1 931ae732e9d68f3d0811a9cc8f0dcff7b99716e4
SHA256 8d8afe6b20798a9d333492fa0cf32973271ebb5bac17e1cee0f2a249d23a692e
SHA512 64d612dc2a1ccce28fce080e1075ef566f830806b3ba0701bd2077542fdebd09ecda7e8acd7d70f7611e76742e26630dfd3d7c3d05fb25c38773521d5c0b7596

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8166baad4e3443338c0aa9298e4c911b
SHA1 33e7dc232aa757e5f8e75a75265d31d82969fcd9
SHA256 275908a696d438f9a6fa371611db79580230f9f299fc31f9ddf6a3f2188f2659
SHA512 5dba1290ac3ca8426d114f5a97aea43ebb1517cfc6266a9dc6706ec6629cb038b369d4ce90073674604e3b6ebfd0704fbfdf87d5f003c38d0a8c56fbfb6c882e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 34be8267cbcfd2c30ffae8542de04a21
SHA1 3d1fae0afdca46ea9f88617249dea3a3cc18a39a
SHA256 e05d3e9dd5d0ec3c162871a8f0594405befe1336c7f2a27b86db2298da7b7147
SHA512 602fc87d429ae16144fc65544d7839b3725da2851e79dacea8c581e46c85d7312a7a240b74f1377a89588b602d3bdcfc69b8c4b6751ead6985be95fcf60fc20f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 75b1f4f6d9613db06678c54bf5409656
SHA1 a5009103e9de3e1a17499295dbe4347fba874d60
SHA256 49865581ce23cee1a7d4b1f24da45f94ad259c328dadd6fc12180a4b7743a1f0
SHA512 b6ff3570f9a39995f579ee16ee28b9b90c76678918bd5490aecc6a2a2d7ff2aaf94843e7ed8092ab9698ff7b9998a4dcb9954b4b89f15ba8bb1a2f62f663ce5c