Overview
overview
5Static
static
1IM NEVER LEAVING!.zip
windows11-21h2-x64
1IM NEVER L..._store
windows11-21h2-x64
3IM NEVER L...OS.txt
windows11-21h2-x64
3IM NEVER L...0.webp
windows11-21h2-x64
5IM NEVER L...0.webp
windows11-21h2-x64
5IM NEVER L...1.webp
windows11-21h2-x64
5IM NEVER L...0.webp
windows11-21h2-x64
5IM NEVER L...0.webp
windows11-21h2-x64
5IM NEVER L...0.webp
windows11-21h2-x64
5IM NEVER L...0.webp
windows11-21h2-x64
5IM NEVER L...0.webp
windows11-21h2-x64
5IM NEVER L...0.webp
windows11-21h2-x64
5IM NEVER L...0.webp
windows11-21h2-x64
5IM NEVER L...0.webp
windows11-21h2-x64
5IM NEVER L...0.webp
windows11-21h2-x64
5IM NEVER L...1.webp
windows11-21h2-x64
5IM NEVER L...0.webp
windows11-21h2-x64
5IM NEVER L...0.webp
windows11-21h2-x64
5IM NEVER L...0.webp
windows11-21h2-x64
5IM NEVER L...0.webp
windows11-21h2-x64
5IM NEVER L...0.webp
windows11-21h2-x64
5IM NEVER L...0.webp
windows11-21h2-x64
5IM NEVER L...0.webp
windows11-21h2-x64
5IM NEVER L...0.webp
windows11-21h2-x64
5__MACOSX/I..._store
windows11-21h2-x64
3__MACOSX/I...OS.txt
windows11-21h2-x64
3__MACOSX/I...0.webp
windows11-21h2-x64
5__MACOSX/I...0.webp
windows11-21h2-x64
5__MACOSX/I...1.webp
windows11-21h2-x64
5__MACOSX/I...0.webp
windows11-21h2-x64
5__MACOSX/I...0.webp
windows11-21h2-x64
5__MACOSX/I...0.webp
windows11-21h2-x64
5Analysis
-
max time kernel
599s -
max time network
487s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
12-08-2024 13:02
Static task
static1
Behavioral task
behavioral1
Sample
IM NEVER LEAVING!.zip
Resource
win11-20240802-en
Behavioral task
behavioral2
Sample
IM NEVER LEAVING!/.ds_store
Resource
win11-20240802-en
Behavioral task
behavioral3
Sample
IM NEVER LEAVING!/ILL ALWAYS BE WITH YOU SOOS.txt
Resource
win11-20240802-en
Behavioral task
behavioral4
Sample
IM NEVER LEAVING!/tumblr_8c696247ca8d924d040398c4be61115d_e369e403_400.webp
Resource
win11-20240802-en
Behavioral task
behavioral5
Sample
IM NEVER LEAVING!/tumblr_ndbolzrktU1qhccbco10_250.webp
Resource
win11-20240802-en
Behavioral task
behavioral6
Sample
IM NEVER LEAVING!/tumblr_ndbolzrktU1qhccbco1_250-1.webp
Resource
win11-20240802-en
Behavioral task
behavioral7
Sample
IM NEVER LEAVING!/tumblr_ndbolzrktU1qhccbco1_250.webp
Resource
win11-20240802-en
Behavioral task
behavioral8
Sample
IM NEVER LEAVING!/tumblr_ndbolzrktU1qhccbco2_250.webp
Resource
win11-20240802-en
Behavioral task
behavioral9
Sample
IM NEVER LEAVING!/tumblr_ndbolzrktU1qhccbco3_250.webp
Resource
win11-20240802-en
Behavioral task
behavioral10
Sample
IM NEVER LEAVING!/tumblr_ndbolzrktU1qhccbco4_250.webp
Resource
win11-20240802-en
Behavioral task
behavioral11
Sample
IM NEVER LEAVING!/tumblr_ndbolzrktU1qhccbco6_250.webp
Resource
win11-20240802-en
Behavioral task
behavioral12
Sample
IM NEVER LEAVING!/tumblr_ndbolzrktU1qhccbco7_250.webp
Resource
win11-20240802-en
Behavioral task
behavioral13
Sample
IM NEVER LEAVING!/tumblr_ndbolzrktU1qhccbco8_250.webp
Resource
win11-20240802-en
Behavioral task
behavioral14
Sample
IM NEVER LEAVING!/tumblr_ndbolzrktU1qhccbco9_250.webp
Resource
win11-20240802-en
Behavioral task
behavioral15
Sample
IM NEVER LEAVING!/tumblr_ndbos8REDU1qhccbco10_400.webp
Resource
win11-20240802-en
Behavioral task
behavioral16
Sample
IM NEVER LEAVING!/tumblr_ndbos8REDU1qhccbco3_400-1.webp
Resource
win11-20240802-en
Behavioral task
behavioral17
Sample
IM NEVER LEAVING!/tumblr_ndbos8REDU1qhccbco3_400.webp
Resource
win11-20240802-en
Behavioral task
behavioral18
Sample
IM NEVER LEAVING!/tumblr_ndbos8REDU1qhccbco4_250.webp
Resource
win11-20240802-en
Behavioral task
behavioral19
Sample
IM NEVER LEAVING!/tumblr_ndbos8REDU1qhccbco5_400.webp
Resource
win11-20240802-en
Behavioral task
behavioral20
Sample
IM NEVER LEAVING!/tumblr_ndbos8REDU1qhccbco6_250.webp
Resource
win11-20240802-en
Behavioral task
behavioral21
Sample
IM NEVER LEAVING!/tumblr_ndbos8REDU1qhccbco7_400.webp
Resource
win11-20240802-en
Behavioral task
behavioral22
Sample
IM NEVER LEAVING!/tumblr_ndbos8REDU1qhccbco8_250.webp
Resource
win11-20240802-en
Behavioral task
behavioral23
Sample
IM NEVER LEAVING!/tumblr_ndbos8REDU1qhccbco9_400.webp
Resource
win11-20240802-en
Behavioral task
behavioral24
Sample
IM NEVER LEAVING!/tumblr_ndbp92G3n31qhccbco4_250.webp
Resource
win11-20240802-en
Behavioral task
behavioral25
Sample
__MACOSX/IM NEVER LEAVING!/._.ds_store
Resource
win11-20240802-en
Behavioral task
behavioral26
Sample
__MACOSX/IM NEVER LEAVING!/._ILL ALWAYS BE WITH YOU SOOS.txt
Resource
win11-20240802-en
Behavioral task
behavioral27
Sample
__MACOSX/IM NEVER LEAVING!/._tumblr_8c696247ca8d924d040398c4be61115d_e369e403_400.webp
Resource
win11-20240802-en
Behavioral task
behavioral28
Sample
__MACOSX/IM NEVER LEAVING!/._tumblr_ndbolzrktU1qhccbco10_250.webp
Resource
win11-20240802-en
Behavioral task
behavioral29
Sample
__MACOSX/IM NEVER LEAVING!/._tumblr_ndbolzrktU1qhccbco1_250-1.webp
Resource
win11-20240802-en
Behavioral task
behavioral30
Sample
__MACOSX/IM NEVER LEAVING!/._tumblr_ndbolzrktU1qhccbco1_250.webp
Resource
win11-20240802-en
Behavioral task
behavioral31
Sample
__MACOSX/IM NEVER LEAVING!/._tumblr_ndbolzrktU1qhccbco2_250.webp
Resource
win11-20240802-en
Behavioral task
behavioral32
Sample
__MACOSX/IM NEVER LEAVING!/._tumblr_ndbolzrktU1qhccbco3_250.webp
Resource
win11-20240802-en
General
-
Target
IM NEVER LEAVING!/tumblr_ndbos8REDU1qhccbco4_250.webp
-
Size
30KB
-
MD5
30fd71ed9782dcabde6858b6dc503ccd
-
SHA1
0ea21318e9904ab3a40a131ec752f691e9d0f357
-
SHA256
f16ca31c3044c07b62389b4c9285df45979f1345f0d5cbf08239f0bf810ae9e2
-
SHA512
acc88e4f78af84d6daf5f0875ae6dc24b181e4bb98dbcd99cca4b8bd21f377891411e32717c0010e998100cb9e67294650a9c890215df268dc4a3e1ddb442135
-
SSDEEP
768:4XHIyvMmYUdPAHYt2rfIitamK3ThLtY2Ss3/Hax+fdhw0XPM4TMaTgLPM6:4XH/vdYUdYHWUgitO3ThhYE3/HM+1ZXG
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF chrome.exe File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF chrome.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SystemTemp chrome.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133679431384345136" chrome.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 916 chrome.exe 916 chrome.exe 2068 chrome.exe 2068 chrome.exe 2068 chrome.exe 2068 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 916 chrome.exe 916 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe Token: SeShutdownPrivilege 916 chrome.exe Token: SeCreatePagefilePrivilege 916 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe 916 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3420 wrote to memory of 916 3420 cmd.exe 82 PID 3420 wrote to memory of 916 3420 cmd.exe 82 PID 916 wrote to memory of 2840 916 chrome.exe 85 PID 916 wrote to memory of 2840 916 chrome.exe 85 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 4128 916 chrome.exe 87 PID 916 wrote to memory of 3184 916 chrome.exe 88 PID 916 wrote to memory of 3184 916 chrome.exe 88 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89 PID 916 wrote to memory of 2164 916 chrome.exe 89
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\IM NEVER LEAVING!\tumblr_ndbos8REDU1qhccbco4_250.webp"1⤵
- Suspicious use of WriteProcessMemory
PID:3420 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\IM NEVER LEAVING!\tumblr_ndbos8REDU1qhccbco4_250.webp2⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:916 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda3cfcc40,0x7ffda3cfcc4c,0x7ffda3cfcc583⤵PID:2840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,18104490478666421639,14444478703587367285,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1940 /prefetch:23⤵PID:4128
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1804,i,18104490478666421639,14444478703587367285,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2028 /prefetch:33⤵PID:3184
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1972,i,18104490478666421639,14444478703587367285,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2248 /prefetch:83⤵PID:2164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,18104490478666421639,14444478703587367285,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3100 /prefetch:13⤵PID:3916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,18104490478666421639,14444478703587367285,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:13⤵PID:5060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4656,i,18104490478666421639,14444478703587367285,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4688 /prefetch:83⤵PID:5188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4788,i,18104490478666421639,14444478703587367285,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:83⤵PID:4692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1076,i,18104490478666421639,14444478703587367285,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4696 /prefetch:83⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:2068
-
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:1096
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:1340
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5b5ad5caaaee00cb8cf445427975ae66c
SHA1dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA51292f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f
-
Filesize
4B
MD5f49655f856acb8884cc0ace29216f511
SHA1cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA2567852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8
-
Filesize
1008B
MD5d222b77a61527f2c177b0869e7babc24
SHA13f23acb984307a4aeba41ebbb70439c97ad1f268
SHA25680dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff
-
Filesize
649B
MD5efd4ed0c2c3623cfe909fcefcf4619ec
SHA1975276432facc9365d85cbb05ccf8a358fe56595
SHA2566553dc5ee7391802fd1da16ae0dd9a9c6b03da45e328d16f8b30e6d25d57e0c7
SHA512454c51fa05b70b67cc7182ca67b9f47588aae1f339d643849fc73acd78d7ea7209f676a87cc3d315b137bc7ff5e61c44b6967909be4f513aba0e2a4a683e6ce1
-
Filesize
1KB
MD5a7bf136cfee0ba1648457c9127a471cf
SHA1102da780de2e0481859415a5020af1eb1873ba21
SHA256ea1d899bb1ab901d58d0c3f06f3bee9ec519ea142ea1a9360dd956a8e40790ff
SHA51266da1a9375d22a55ef3692038c424e3e5502bb4be13a52b3bde7ff44ac2433ee8c13512ebc2c7d520f56e675fd3a89ce109ca0f62a8bf4a7ecedf67e6148953f
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
9KB
MD5c4c32adda6badf96c36e06099b77d482
SHA1b2cce85331dd27d0abda3d4bf0f1eccc908ead26
SHA2569e638289f97266f20d7c03af5b58b2d79e4f533d4de528d60acfe0149e91f205
SHA512a649add52f84e535799dca405dd744eb4d2c2427693a10a9e0d9624a2a818597b6a468625fdf35ce09b7b5810e6e5be7cde7b973c6b986c57e075211af26796b
-
Filesize
9KB
MD5775f58a7f1d271e6bb1d5e59b437db3d
SHA1ce5dfbf319b5419b9b2fa8d2a5c2b98022ec1d62
SHA25607921142578802cff94968f2ca12fe950fa8e9c01614f1e4d6798fda269fc6d0
SHA5127fc929b1421bef45eb5cb8dc49e7a014f1fd48708feb0d730ca89048dfde905d5eee75bd2b5ec5a8cce08ee14efca89742e73dfd1ef988d55af9d0b9d053b4a6
-
Filesize
9KB
MD585552efcf839fdc12e8d977b5873c39f
SHA12629140724d1999cdeb972c879fd4b2b1d36af3e
SHA2567cacf86a223e0c666d3aa85a0eb5a55c98ddedcb02e16709df3e8fc675ce90ae
SHA512d4ebceb3c38eab7cba7a3545ad43a7b81ca0c7d79178f4771e3b3a5f0a0b6f99845e2a86c1c252efe4624d476d3511dfc2a6f97a96fa186fdf26b90dc7030342
-
Filesize
8KB
MD556709224419f52a4d5316d89d36c071c
SHA1f5579c7378c1f2bd58dc1fef6443979225ba7ab6
SHA2565cae023c272763b09646f65889ce18d36c23dcd0d6c888bcbaa74bdc8678ae79
SHA51274291857306352d22800f9bbcea09f3f6000396cffba63cd3e9f0a1f14738ff3d624884ba4e378b76cc3a417cfbdace893610e16254031282a97439305ca8be9
-
Filesize
9KB
MD541d9e17405541992e19857cd659cff91
SHA185271d29746731f420b6b37cbef5cf8cb77836e2
SHA25654cdf8daca9eaa5ba7f6c5f365d796887f6a8a2ae291a3230e82e52d67aec441
SHA512c7539472b453c31150c63bf37aff5c68f756e1251442b09f805151301b09a871a848da3e9f54bd0f38d0bf7a2fe32ab57336ba052b0a7f43a2d465478f3589b3
-
Filesize
9KB
MD5723f2d530b57cb0b663fd0b169b84ed6
SHA15487fe25a2fadbf6f24293c0b7200ad267eaffd2
SHA256bf92de28cf92ef2ef73c5c0c33264ef8802f82b32fb2626a28c1858b47ec8da9
SHA512dcdbd19eb8fe7a3c79bc224d7c2068feff89ba699f21313ef346988b333b5e50bfe6939b69350fbae7ae7ad3789bbfcd0b63f448e2affeb8805874bc6cc02d7f
-
Filesize
9KB
MD5323a8b241b64813b3f9376ba8021ba84
SHA19e41a334785cfc5594993cb478af03cc24465e4e
SHA2560c350dd1cddd4a555930e5dd0ab1a7f6a7fd9591c1022e4cf05a831316269801
SHA512eaae15bfcb305db4e2f3a9bcb1abc6bed6fe81551960e27f7a1d93a810be4a1078e0cd11ec9c23d0fd6d5357dcdaf8e10e69e54d0f552b0a2666ee4a8f958c67
-
Filesize
9KB
MD57ec1716ec65ba3a9909ff7640d870b82
SHA11ee16f7a8e985f9951302637a236b2f656ccb301
SHA256fe246a7dd3cedd980733235e1cc505fcb0a6790369038095a384bc2a6a60cdca
SHA512d927303dcd367143df882413f420ebe45006e407511f38c710c889ab6ddca494895071727d7bdc66af1a98c73a013e457296462d91879f2ae4f41050d9e4b802
-
Filesize
9KB
MD5f2d81b9c8918d47427dc8acc0943237c
SHA1f1b9d6e18cc69745801c239b18094b98be83b7c6
SHA2566bd90bf1e6385055e22e90ad257e2a47dcba65f58bc60d24639363c98f306302
SHA512d17a7aef6c9bd641773e554fd99fc910491803928ab0713f56d4f8bfa485347ae6ed956d956770c247a5eebb307947d8091c8c52c773436625c831151a32f256
-
Filesize
9KB
MD52f7823a989ebed1d507454e34afe84a7
SHA14928555932e521db558bc93e0a42a4b0de7f49eb
SHA256cc4266794949a81c29814b473e461c72d20f7fafe7128aa92baacbe647ae7f26
SHA51265883548be264acfdfbefa9b27dd6e0d8b739b4ba06a3f025bc27f35a16ffa18b75da46e0e9b7cf82234e006bca50bc443674e0f8e7a83c1ede3caf1d80f7e7a
-
Filesize
9KB
MD5cbfd15dafe5051346e1d4ba62b3f5248
SHA1a7caff4ef9b2654e346825c5ee635cface16c825
SHA256d0869e74a81073a309b7061045256001ff5baa1821c6badefe86445dcf6d2449
SHA512557a0f413ebabc37cbe6bb6750148caf4c2bcaf47fbd626f103c71b6088f5018430f5c93377f8a5e076f66e1835f0c056a1bdba15153de76a36e188fc56fef4a
-
Filesize
9KB
MD58fb44b2244e5c3032c26439ee05e49d6
SHA18285014e1ea9860a27c62d12d98549b91ef0bc38
SHA25616f78c8352981b2a51923b4b6eec4c1dc3c9edcd8501afb2f6a5fea9517c23b8
SHA5121fafe71a686db69744c94e80e7084c9858d1d90e77e181e41b1827fb66b7c79cd0d689598d0ebbc5e12cb54e976720d94afe84f5fade43db02598ec466cf2c27
-
Filesize
9KB
MD5a09828d77e5b017cf40274dbc07b538f
SHA1e72549ee9aece98cde43b05792b275676e10e705
SHA2560ea0707f2821f7f2e26ad143722047d1217ebfab0a45499ee73c94b792ab3518
SHA51264a510ca99e58bca2eb25ee5a20a09f348bc8a1bf9b632c7049023a76491ebea5b25581cab560f33d89591c5929ea76746d58b18708693509d2d13b9947aff4a
-
Filesize
9KB
MD57396b86cfa240210a42e3b76663475d5
SHA1554fa2ce5ab1dc6da9f1ab3aa637d5f3b789b868
SHA25608c2f4cc1fd9354dc45bcc3707ebe56e1058140913ec66d8319dede2fbee1c82
SHA512525c74b431bcc77449fbede33a1bf9848a5a3ed1ca27acd122e339b1ab4e49bb3874fa9678b649a3e2b2d3b7bd6a8a718d4a603d039df847440a1f9ec81d24d4
-
Filesize
9KB
MD55d9fe5ad89e8fc0db6fce811b7ccccd8
SHA12045aac08b5654587c1edbe51ba162523d5e6531
SHA2566ef3802e65fbcf51cbb6b1f70db8a24ba02501392282cb53316b6d8e46acb97f
SHA512ae9d3680b4ad179fa685e43fa050b876d4042a94c50999fbe6978929a674b4d055683daa7c2527aab37fe91487c2c89d17b5ac4842d64c9051a89aa7fe797ea8
-
Filesize
9KB
MD5a588344a698a566732eca5d7409b7832
SHA1ac05a793e1e3681561f8138563f912e19f907055
SHA2561f83912482af713298bfeb6821374c02e2045142405aa94fb5d62ce61d2eace5
SHA512d5aef632c1471f508b1f45f5b20ff7448c0daa7245d6fc4902e0f6f1aa1cc91195dbf94b7aa9cc59760aca5e72e17550edb1323cc6cf406507f83da8dd929fc7
-
Filesize
9KB
MD5564d3b83db8fbb1383ec76eef1a1434c
SHA1e38a2ec95d4e5e5e9546ce1a48e0e13558ba2421
SHA256126badb904f516f01bb90ec40a121236e0e4beb5b1fcd43b785413387e622d8a
SHA512d05fd7e2395a9535577f42eb3bfaf658ee121002e121aeecadcc318cd9d9e063c3583ed8178e7808991266cee610b3e16c1417def52db4928064b459bfa652d4
-
Filesize
9KB
MD5a9594841809f4489aefe83d36f043475
SHA10af7a83507e344dc745fa2092e2ac95bad232817
SHA256ca7ce08442e97f37653c2d2a59aac62203aa2b4f7f31ea413354db4128fd1dd1
SHA512bb65df1f1e1240f8a4b4dd988bf305455eeb5a21f17fa495e4036e8a7a490ec083e1a0f912c440e5e867d6e87bff209184991dddc91ca2c67f348b3985a5476b
-
Filesize
8KB
MD53af70c4bb28d797dd6497cd1f6d853e3
SHA1b64a539e872c7c58f21ebe9e400bf2e5fdad96fa
SHA256e32eda3d9e1bdff0add20a85d3101961a78a013677a4467bb253bb901b972164
SHA512fc83d55bbb89bc20bec66cc97bf827798bf939b44007f6ee3facd996cef34c3bdcc63d4361de688f10e40bac5a62a8271ff2ced47eef958dadf00bd1d3353258
-
Filesize
9KB
MD52c783d50df152be52727f0bacb8dcaf6
SHA1fce5b8c43da220c51487a3d3e0d63f7b7c622c8f
SHA2569069903b1160c743b20c98adb2e9da952bcb5af35504983a8631d76e4182b268
SHA5125c90dfcfd9b62f250a4570e6ba91a792a209a790c6166f53c72abf6dffe7b5fa95bd1ef8277d21384a8aa1d0c4cf6c14369d08f6808dc8b86a1b935bfae1a7a2
-
Filesize
9KB
MD5edc40ee9813b885ff1f735b6ccc313fb
SHA1b8ee2f580826e6a6a8c175ff706fb5a75075be11
SHA2569288b11b1630b616deda99ca662524dad2f5f67cebe00178171731db0354fe47
SHA512b4d71dd1d3bb0f65157cccc6b654eb20f7072d3701508c7a94465505818f21b137ce7f3809d408e0e4c1590393fc0f88fa2c01ac9d6ad289b1a73708590c3dbb
-
Filesize
9KB
MD520b621c70456a6a81d5034ed0ba8f379
SHA11a9b9bfd41b3ff2a54c892d188d94868bc880214
SHA256410b1cfc93a4151deb31717e43f30e1e82809353d97112a95be198b55f7c3c35
SHA512c6b81b4d180ffc1890e122a05773fc79d7c4273f72b273519a2081dbfb0fe8f49c9a1fd87f0e70aae443c3499288bcc3b104b266b9135129959e5d31e45a5f77
-
Filesize
9KB
MD58823eb1a3e13e73062b8970d8c299c47
SHA10e9782f83e950b168f7c0b966ba9d99b64235790
SHA256756b1fd1c3adcab0c7c1116e844b8fa832b870b6472cc0a5d060407b15f8f313
SHA51257cea478813207abf4a88a3081024e7f6e188cfb8887a845c8b9a68e70cd37c72429d8b9006bda0a11ed3b23d7e7af477132178e7f037b21b8afd9036fd5c067
-
Filesize
9KB
MD59b1358e8506020244ce22a4f49a052b6
SHA133a59e71639a74cfcfaee90ebec753a8a62a70cb
SHA2567609775e4725b2d42396115aac837f999b52ccd1286fa3618a4f7983a1b6ebd9
SHA512a6f807be8bfa8a55be7e244d11973144a016fabdc214a9ae59aacc4356f4a3a4fba41a4684c10649d30199bc764f350cea67224d6cedeaeadb21f0619a7081b7
-
Filesize
9KB
MD5e41dcd91f87a852e3703b15b98a54fe1
SHA1490d87bb300c3da0133a38d483f0adc5b82b6878
SHA256d8a042725d7cd241f61294fb5cabceb6fea289568fc2631f878bd687af2f41d3
SHA512a46cdb9751ae6b18238f60fba110430c32d98b72f5960d15d04c76bfa7bf8076596ef583a7869d34ece086c45fa7d30aa162936fa485c6157f49656ab478f038
-
Filesize
9KB
MD567aca5704b16caf44cbdf852330ff398
SHA1a4335e03448f25b7dbc992a2145c12aa9f4fffae
SHA2567cdc8b968b74d83d9b08a5000230680777fea98f8e0841dfdf3581b01de690d3
SHA51258f350247f30c3731af43bc2b003f58fc4de30e541075096afac36dfd81aff90005362732125254335d6bf2af55a9f4e2e94d0a994b228e3cc035e727fae00e7
-
Filesize
9KB
MD534c721aee3b1caf029fcee266aada05a
SHA1df3e81b44148eadc7605045a46f8ecc0148f589f
SHA256dfaba9e8018d22b17aacce83c05fd1423bae007dedc093aedfef7694ceaa6bcb
SHA512f6f1a14afe37dd209d9e3d5e99851816dd2093eafcbdf774cff1298a1e695e81012aaa99f6dec2e80d484b884d14c1f22765be24d8b7162269b04094b60572d9
-
Filesize
9KB
MD55b77a0e9c19180ebf6ba9bd28bba29ed
SHA108f0f325d2bc2267d6a8ec586c046edd98fcb3d1
SHA256ad5c6c5dcf0ad608e6271e1361f0a5c3d257ee065f6cb669ded696ea0fd1b8e4
SHA512dfb1870134b8da426448818b5e9a4c8fd16b55cd7ea5b847ad3f8df5b1e4e3c42fab03d92262dbfb4ffba563aa8ce6707468460034e51b8d9dab867a838603c5
-
Filesize
9KB
MD5bcf41ef715c8b9427fb302e76a541ab3
SHA193f93c58876ca7d0ac3a2764c4af8ae33e136243
SHA2567f91d5be64e7dbd87c1a72d119bbca049c7d1bc3aec73c6e0b96c5abe376c39f
SHA512a566e67371f4022b9a4e99892b04485539db5490e50074ed5ada1de93977b5f37a9d7c040eb63875feb84cd936ae2d92c4f8310887ecfba53a62055574cadfcd
-
Filesize
9KB
MD5c63653d3d09ea325cac48cfd3d6d89b9
SHA1d12cccfc44538893fd33fcc98164bd72efa2be8b
SHA256b5a5b1f44003d982c1389ae4a7e4b3fcde11724c9cb27883f454c86c71918184
SHA512551a78ac2878fe888c0233292bd4312a905774f919e394ef151f80dea33d33129e156c6ddb04deb52b05dc600b92ccf4050ff6c210769343b38ef04d6f4dd363
-
Filesize
9KB
MD5d716b8850280d5206e1b063363baceeb
SHA1497cdfa5d48da336c53244d7315030a22262ca56
SHA25643f32892ac9c639bd56313aa2e5b64c96efd27b0047f129fbec8f5e2a3f62b32
SHA5124e1552835876e3f99a35fa9b1ef9eaaff82dd241a7f892bdf883ad8da1e32f806ef1e6add22332655f9f65d12ee2d3291572cf49c136b4bc90c0a84a0c6beb30
-
Filesize
9KB
MD590b2c8a9cef0e4557a929aa0d72ad8a7
SHA1c2f3aad4348c01b932168d5aeee44ff815fd05bd
SHA25630a0f3701e1d5b81b745d58f2f2605d0f4e7afd0f43c86c5bd0df7442be666c3
SHA512172a88ce815e633b9e06224d7e5a0d9d42b15b7b512bfa91fa8184496f14b0094bf9782be4da6e7d9c4893c81c72c4c97b347a2176c743547f6712d01d3ed0c8
-
Filesize
9KB
MD529052ec491d134e1d211bfda1fd6474d
SHA139000ea662b1c9989ed70d6f51719214e43da4dd
SHA256078461fba279696c618eab983b01888a60f125958b7bc0b41e0c3bb5957163ab
SHA512fcf7b801203b769513cd2ceb7ff6bbd85b77d0c5f405b650d07dd7247a0a39d67cd3ecb9baffd71352c8204e612cc4083130952544190450c483abbc7a97b517
-
Filesize
9KB
MD56236f812a9fe08a3581691ffffd53b1f
SHA126365ec5ee6f986d49db531cfc74063ff4f15de7
SHA256258e9efe10ade02129e7cfa4ab5145854c8bfe6861d265be9b5dd30e97b413d7
SHA512b6caa402e59ea7dc8ed8d802a7c2887b891c56190c152ed84a14f0ebfa0505fa7923689232a1eadb2147bf09adcec46d8c3250bc4774a2e57f6a650f91646eb3
-
Filesize
9KB
MD53ea85006a3947a8c63669f36aba44b47
SHA1954d564a9a7fdebc2be943f14758d2b1944368fa
SHA25632d6a06de1fd917d86dd0c0899bc5fc6ae0d4fea8dad06ed030beacef7ca602d
SHA512074c9c0f92b321fabdecff20d91e4d72742d3aec43483d80ed87dfc471dccfa2865f05e08be00917086f6818a3178758eb0d8329b55a940935f82a0aa1a43ee3
-
Filesize
9KB
MD56a57f7fee9635005e705b9de56d1794a
SHA1b814cb9a32a4c4a5c7bf13cfa1c1603efe473315
SHA256d3f56bf5a50f61030f325a79e997c5e557685ed960d8d8d06f095bae9c92aa17
SHA5126f36fa4ccfce488fc8acd26d8e6d57510e50f160a51696a8b025e79798438e83ac3944e02347ce3ad9072c3d454e776c859ea1215314296e71160df807dd040e
-
Filesize
9KB
MD59db742d4e77b8ff201d9531c6fb6e4bb
SHA1be5e72b9e286a876bbbee38b50f50c6c37819642
SHA256016591e4eed755955e23f42ad586ad8eb6ba9e5a255510ef73e9ace8dc4d5085
SHA5127712d4f6315bd50be2b3ee4658a4197d812c51978442dec221aa5607ee80693fdfa86216d92d33864fab1b7b2535e47615df8fc6a043f350ee8c83fd21a5516d
-
Filesize
9KB
MD54c6564f0713b41de80a620b5f44d2cb7
SHA1cdda79b4b9eb31a4edf25c13e8f76980318046f2
SHA256407e6b319383cd46b555f9eb626d17cae7287de3679f4de41e4b1b69c8c40d32
SHA51281514af8a566e0cbf08e387f27b7e39d5a292aa8fc356987b6a17115ffe400aa9cde46a9dacdda457488cb6d3544ea764c0622981842e5dbadeab02008ad9d32
-
Filesize
9KB
MD5cdd30e4ef162633707368e3fc28112e4
SHA17b2e07687782e0eff2f9668560c38441356694fa
SHA256bcbc62b1af262c39c244e4049d16a6a798b1bf5ac5d9795c5e5cc529b6004151
SHA51232e6e0dcd91ece423cf000d877b8063fe5ef8e2410ae44f59b733b3f131954562baaa35a7a035e954a44d7cd8016faee962c579d17f20b03101f8b833586257a
-
Filesize
15KB
MD509a53b0c546e043de6493dc9d173cefb
SHA11168c82bd019f00e0b06c518eb9bf3f606d963e2
SHA256f4f5d2b29afd1287a198d62401a189e396178dbc69853314fd1ca68936e2e2f0
SHA5123ee0beeda562f5d9a2d0e24b74365dd81d2f56f15d846212ac059ad8298ce50a2596303bd8945a1909301c57d9560bc7f3710c958d77d5977dc1b8029f1c87ba
-
Filesize
193KB
MD56313368640e1005cd001fc112047185f
SHA19ad8d5ebe2135e49c85984825b26e13596a03fb4
SHA256372dc4334b7d1ed553875f076fb59f9d682a96f3613890a83fc0d36dc0d3010a
SHA512e8c51ed145439417ca525e750105257abfa4f52de44cab91c904639c878206c5f592980c7b2013eb589be2f368e75944d2fba86d084fff88040e1379adc43886
-
Filesize
193KB
MD57ae11ecaba4dcf3554f2f3f0649c8bda
SHA1010d7c9a4b698aa86c1116b96356234c960a1f1f
SHA256bfa5c8afea17c470fc9284c78e469c925d3a6cd6e76453a8fea3203e618d4346
SHA5121603ac87a5c1c2941ab1e18f2f23fc001b5ffd7f259c5d020a55d5c1ac696381ecf7ed93f97d7173499fd2822318b0c44aec9e9bfd6d6291b24988add673f7e1