Analysis Overview
Threat Level: Shows suspicious behavior
The file https://uploadnow.io/f/ZgzLLfY was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Detected potential entity reuse from brand STEAM.
UPX packed file
Drops file in Windows directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Kills process with taskkill
Modifies data under HKEY_USERS
Uses Volume Shadow Copy WMI provider
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Volume Shadow Copy service COM API
Enumerates system info in registry
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-05 00:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-05 00:56
Reported
2024-11-05 00:58
Platform
win10ltsc2021-20241023-en
Max time kernel
145s
Max time network
151s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BF_EY.exe | N/A |
Detected potential entity reuse from brand STEAM.
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\BF_EY.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\f0d940c0-2574-4315-b831-fc6d2184bee7_EN (4).zip.ee7\CJEN.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133752417853179126" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3785588363-1079601362-4184885025-1000\{C023914A-5A55-402E-93BA-9877B66309B1} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\f0d940c0-2574-4315-b831-fc6d2184bee7_EN (4).zip.ee7\CJEN.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\f0d940c0-2574-4315-b831-fc6d2184bee7_EN (4).zip.ee7\CJEN.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://uploadnow.io/f/ZgzLLfY
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffe419acc40,0x7ffe419acc4c,0x7ffe419acc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,4564051303443189691,4301473928168619392,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1912 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,4564051303443189691,4301473928168619392,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2560 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,4564051303443189691,4301473928168619392,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2664 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,4564051303443189691,4301473928168619392,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,4564051303443189691,4301473928168619392,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4620,i,4564051303443189691,4301473928168619392,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4608 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4704,i,4564051303443189691,4301473928168619392,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4736 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4400,i,4564051303443189691,4301473928168619392,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5404,i,4564051303443189691,4301473928168619392,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5416 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5068,i,4564051303443189691,4301473928168619392,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5508 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4624,i,4564051303443189691,4301473928168619392,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4664 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4904,i,4564051303443189691,4301473928168619392,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5940 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\f0d940c0-2574-4315-b831-fc6d2184bee7_EN (4).zip.ee7\CJEN.exe
"C:\Users\Admin\AppData\Local\Temp\f0d940c0-2574-4315-b831-fc6d2184bee7_EN (4).zip.ee7\CJEN.exe"
C:\Users\Admin\AppData\Local\Temp\BF_EY.exe
C:\Users\Admin\AppData\Local\Temp\\BF_EY.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im steam.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im steamwebhelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=6024,i,4564051303443189691,4301473928168619392,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5220,i,4564051303443189691,4301473928168619392,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5776 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5708,i,4564051303443189691,4301473928168619392,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5704 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5660,i,4564051303443189691,4301473928168619392,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5184 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5712,i,4564051303443189691,4301473928168619392,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=6316,i,4564051303443189691,4301473928168619392,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5804 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6328,i,4564051303443189691,4301473928168619392,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6348 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6360,i,4564051303443189691,4301473928168619392,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5768,i,4564051303443189691,4301473928168619392,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6128 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | uploadnow.io | udp |
| US | 104.26.12.64:443 | uploadnow.io | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.12.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | identitytoolkit.googleapis.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.234:443 | identitytoolkit.googleapis.com | tcp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | plausible.io | udp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| GB | 142.250.187.234:443 | identitytoolkit.googleapis.com | udp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.212.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| US | 104.26.12.64:443 | uploadnow.io | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.169.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | upnow-prod.ff45e40d1a1c8f7e7de4e976d0c9e555.r2.cloudflarestorage.com | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| US | 162.159.140.238:443 | upnow-prod.ff45e40d1a1c8f7e7de4e976d0c9e555.r2.cloudflarestorage.com | tcp |
| US | 162.159.140.238:443 | upnow-prod.ff45e40d1a1c8f7e7de4e976d0c9e555.r2.cloudflarestorage.com | tcp |
| US | 8.8.8.8:53 | 238.140.159.162.in-addr.arpa | udp |
| US | 162.159.140.238:443 | upnow-prod.ff45e40d1a1c8f7e7de4e976d0c9e555.r2.cloudflarestorage.com | tcp |
| US | 162.159.140.238:443 | upnow-prod.ff45e40d1a1c8f7e7de4e976d0c9e555.r2.cloudflarestorage.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.11.108.188:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.baidu.com | udp |
| HK | 103.235.47.188:80 | www.baidu.com | tcp |
| US | 8.8.8.8:53 | steam.authorization.ink | udp |
| US | 8.8.8.8:53 | steam.authorization.ren | udp |
| US | 8.8.8.8:53 | 188.47.235.103.in-addr.arpa | udp |
| GB | 172.236.30.147:80 | steam.authorization.ren | tcp |
| US | 8.8.8.8:53 | 147.30.236.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | elephant.browser.360.cn | udp |
| CN | 106.63.103.40:80 | elephant.browser.360.cn | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| IE | 20.223.35.26:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| CN | 106.63.103.40:80 | elephant.browser.360.cn | tcp |
| CN | 106.63.103.40:80 | elephant.browser.360.cn | tcp |
| CN | 106.63.103.40:80 | elephant.browser.360.cn | tcp |
| CN | 106.63.103.40:80 | elephant.browser.360.cn | tcp |
| US | 8.8.8.8:53 | 97.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 157.34.239.216.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | store.fastly.steamstatic.com | udp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.fastly.steamstatic.com | udp |
| US | 8.8.8.8:53 | shared.fastly.steamstatic.com | udp |
| US | 151.101.67.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.131.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.131.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.fastly.steamstatic.com | tcp |
| GB | 92.123.241.50:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | 52.67.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.131.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.3.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.241.123.92.in-addr.arpa | udp |
| GB | 92.123.241.50:443 | store.steampowered.com | tcp |
| GB | 92.123.241.50:443 | store.steampowered.com | tcp |
| GB | 92.123.241.50:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| GB | 104.82.234.109:443 | help.steampowered.com | tcp |
| GB | 104.82.234.109:443 | help.steampowered.com | tcp |
| US | 8.8.8.8:53 | 109.234.82.104.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4336_TOSOACGPCRNJVIWH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 3ef8b6c1c896626b8014f0129bf16a28 |
| SHA1 | f4568f9cbc09af5bc1b7553862d9ac4df495fd55 |
| SHA256 | ec3284dbc3eb5c13461f4531537d5b40be9aadace3deac752bc04a545fea1cee |
| SHA512 | 6a9d2ebb8a5a37ae28f82237e1aa2007766decfe0da5f76553e6e7287af65f9620482547d1ebc99c081518a0fe27c666344cd9c98a8727f68c3c3a3986cd0211 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 445bb5a2ef72a75739388480daaeafdc |
| SHA1 | 6b99618390d062987b4f7aad7d2ffcf50cc7efa8 |
| SHA256 | 9ab5f952aad4a178d65f24ca2cc0d98c9d5d19d1c5796f19e1f17db0a015c06f |
| SHA512 | a16f050d756f7fb0e8d8227d39c1d3261aa7fc41f28d7503191c149b77da25ce2b0f6fa07d8f24b3d96f17e6393cf97cf20469b8e1ebe13a4bb37fcd07b908dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e5011b4146afcac266459705f47c8aa6 |
| SHA1 | c001eadf5164ebb97cdab736cc8b8aa72412b1e5 |
| SHA256 | d7a0cb0c194b57e2c7dde4b6074fd6d56013e8ce2ab2b08795b44ce012e4b417 |
| SHA512 | 94113413a457160304f68569345ceabcf4c7f46dc4acba887d231a50780e2fdfeb0939b0aa6f131c3c3722d39d4e74c72ae55e772b8d2d36f7558d9560b1706f |
C:\Users\Admin\Downloads\fb2dc7b8-15a0-4350-8dd6-24598279db75.tmp
| MD5 | bdca6c9cbed3a964b2c771eef5eee5dc |
| SHA1 | dee94bd8b58db95d4f50eeae9533f19e342bdc51 |
| SHA256 | 8de57aa3fc77d69d7d28b78571f1661d43ab484dd6bff744014b0a70b5803a77 |
| SHA512 | eb33e775cc0d95e99ca292bca53c808d9bff5d537927476de85b1c7a4d27e5d9afbc468bf7bb12de836a969abe9ad740dde0b9cfb16e81aac46d78c1a7b0ebd4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b4fb4743afee9a3199c4a58c2d819e45 |
| SHA1 | 1d22b1723cdba979491c859a6e5e5709db22bae1 |
| SHA256 | 60245239c9fbb1e6b7f6637642adbb865205f5379b315e41694f0f59c5112a5d |
| SHA512 | ac5ab63e1c9941744202b2e97b3ad2876319cefc7fc20e318cff2eb1eddcd883a6a60650d9c81cd9d5cd5bd1569183073d547f5b97a25fc885202d85c631805c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 769f58be42daab44fc550f2800e5d36e |
| SHA1 | 3199cf2ec5d851648124d3e8b5385d02f610a8b3 |
| SHA256 | 05e996007706dadc2dae05725ed15d4663b1de3af853032b92db92983e807187 |
| SHA512 | 931dd7732dfb0f3a8d4adfa1beb3e0394772066aadfbfdbef788d74bd17396ceddf03cfab021fa741e7af21598a8b748ed09c145d659ab4dddb58cf22a2fd1b3 |
memory/4504-245-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-246-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-268-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-260-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-252-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-250-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-276-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-292-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-291-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-286-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-288-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-284-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-280-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-275-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-272-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-270-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-266-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-264-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-262-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-258-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-256-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-254-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-290-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-247-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-248-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-278-0x0000000010000000-0x000000001003E000-memory.dmp
memory/4504-293-0x0000000075104000-0x0000000075105000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f206c5c47c778c53c88706f1e3b37534 |
| SHA1 | deca158137ef648b8ffbe05f04bd6ab6c5c9d8fd |
| SHA256 | fd122d0f944f398c7bd58fddfed6d6bed1215833ddd0e0a008c363073d1a1d3e |
| SHA512 | aaa708b0c8594449f52a4f0dda72444e6fc07c32fddce3c1924d749546cc42f8afe2fbb3c81ccc19f99f686e75d9f1077133d521dc88a76c46ef4aa5f1dbff35 |
memory/4504-303-0x0000000010000000-0x000000001003E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b5dcc5b82db794abf747b580b9ce8dde |
| SHA1 | 18c9dbd9017d6975580bb5505db5b6c3e0a747dc |
| SHA256 | f1027db2a0e4018adf126a53dfc553b4f7d454aa940429c5158748622f3699c9 |
| SHA512 | 89f14c206517fc060d40a1188072ccccd712969981230b909564616ade221c883b1d33bc7be75da86be4017425c76840da04f13f267da114b12fbc9f0ac5ae8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8e01620ffb1a83b7c63bf5a93e0ba861 |
| SHA1 | fcacf4a507e97bc150398efd42cc1717f50421c9 |
| SHA256 | 5acb8c9572ea1e3b666b57fa3b626fb3b210885056acb94d6992bfae5b3b640a |
| SHA512 | 41ad5be16715f8d5b5fde965eaf152c801c619d4c15a290d546faf8ab05961b20e85d6652d65ac1ee3e4d7ef7049e52ed62c599c75372b27cea558edf57e2214 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\79480e47-60e8-460e-a280-a9bbda0fbb16.tmp
| MD5 | cda6b359a4e1022485cef5c94c08cc93 |
| SHA1 | b68ad567302acd7c1446526312424ac292123c8a |
| SHA256 | 06118669a5806445a6b0a3192e11d96a03a5f3fc4786addb052762c34b20a1b5 |
| SHA512 | 2bf521227a4f24470bd6bf519e903c2f959fe40f1aa0ae8ae2aac1ae96f642d0a22866f7b28f6e97847a56974dd160f11e4ddda5b0e191f6e29a065003da6592 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6f97efa22d6b071fa1cb19f829a0a92a |
| SHA1 | 2f87e80088f761551c6fe470294152fb9240dffb |
| SHA256 | d92002cad38742b89bf6f15f96d0cb98880f1b6b9e306b993542e37bf53f82cb |
| SHA512 | 6bc6188b6f1db5ec0622eac75b081f78c7401293975df374de398cbef4dbe9e6930c7f0298060ce6e69a143347129ee317f95ae1c640ba57d7ffdf1e9b01469f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f974dadcbf089ce97bb4b802cfb68231 |
| SHA1 | f3a4e505f77f9177b00b6c242f4604deaf91d66d |
| SHA256 | c091be46482e79e265a6a364bf096dbdc5844a7eb152c6a34a933464d1b6bb4b |
| SHA512 | 8de85fed049f56e25e639a3f9bcfe7bb8873d83e4404650fafabb78e93376e92ed33d986794ee9db02604233d469d4623f40b0653ca9c362bc4b490356431363 |
C:\Users\Admin\AppData\Local\Temp\BF_EY.exe
| MD5 | 9be9baef8f5bddb382889aeb190b341c |
| SHA1 | 79c452f0f15824c1642fc8fedd7be5a4314ac089 |
| SHA256 | 3fcb28d168674e3fcc8d388914a54b49a6a49f254081a4827b121c3e38565e45 |
| SHA512 | d9410f421b64718c037a2f2fa9c012d7e55935ab90d34059aceec691d1751866c89cef110192413e17f973779bd661692970efcfec0a7735a29c672d0cc3686a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5cffc86f1d477a78e18437032116bcca |
| SHA1 | caf86d6dfbe5f3be09f0a3a80ab8606c5db37122 |
| SHA256 | e60f30ad572b45a3d80c2fe0475662e6c6ea3c954361fa30933d970ec08409fe |
| SHA512 | 8711c0b907f7fce91d9ff60ae3e74b733573613b1fd77b429cf65dafd6604e5bb4e877395087cc5d81011749ee10bbf3f2d0a6970d8ebaa543d4105afd79298d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e3e76dedbf3a0c4b49fb5c71c06f1b3a |
| SHA1 | f53f07feba5da3a138797498c0f810c9ba668192 |
| SHA256 | 92d42eb09451af7df8c5183420c0b5c7ad0b7b4fcebf10d4702fae8e20c1713c |
| SHA512 | 32a6f902022bd223382332caf00333c0cada90eaf448981b20dde8478ae541d310a19ee5a900a9a9414ad5556e50c32e20b017d82cc8561bcf588719f485dde3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 94a54b01c4b3d546d89c7e2cd57ff212 |
| SHA1 | 36f673c725f8870bd91de77349cb2242f8e29d23 |
| SHA256 | d744298f23a194504a9d6054b4f3eb5d60955ae10083d25e8de2ea2423445992 |
| SHA512 | 678980a75f878e65a405a67356d572f9d4372b526e2e3230e0ba61b5f529dd87b90a2318f9f90c8087d7218406d3f0e864d068215ce6e3b338828b78126456e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8fc8b3ce7a5a882ff758357443742bad |
| SHA1 | 8c2b166a31253e9faaf49a63183d9c8e05c9fdf7 |
| SHA256 | 635c6cca29d70658dea27268821106e6511e5c6fd98f15cfed7be8d185016794 |
| SHA512 | becba2001dc635185c228fee80168c12199d504633e1cdf8063ebd939a3af0d2489760f9c582da6e0aab9551b725b82c6c7b249d06357ac2f68445b6c1e22fdf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 034849755f9b058f8b4bd73947282bc3 |
| SHA1 | db29cc4a5eded5a1b94557953f4f5f0bd20afa71 |
| SHA256 | e6d7144882ef44228e9e3718aa47bca2527b65fb112e55156a380477e1d9513e |
| SHA512 | fa7969ced9bfc6eccd559f3a98ce5a94c4e88d186b9f5390fa21a0509191e554b6d1579fce84d382f553025c9f229b31e3c6572d206243892bb851c97c640d7b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0dd481f0ac864503a843358e1e6a05ba |
| SHA1 | 95e62200f1a8a6edeea09479e1db1c3fabb9aadc |
| SHA256 | 5bc0653c313952bf48d137cfbf5ee6fcfa65d4ef774f2c2b981a28ab6efb3f09 |
| SHA512 | 4362784cfb81c0f25e4d994ad21398c84ba440cf018d4cd629a9dac13b3b88dbb5a62c549a824099d9575c92d61cfcfa7dcb00b3ff839ef260f35b03eeaccd92 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 529027a5af86dac45445efad8268671a |
| SHA1 | 39e8c11027f89cd56616a56ca4aac8d8283fe263 |
| SHA256 | 989d22c0e038715c66cc4c316c8a84f714bd44b4521c9a98a584b6444b1dd7f6 |
| SHA512 | 2ab0c1be32947a88d5387bca1c5e2186854ad37343f533483d2e3eb805d022a4ea57ef5918a5007c23c8cb05a6a53fc88186d085ee8018084b0b31cc0cbfe2d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ed1fa792f5585c6a8fcd4cea43a3722d |
| SHA1 | 2b0762f6f9266e1ef1d19e5da7311a215f1f82b6 |
| SHA256 | 221e751a271d83b6e6df6dac098b8c4928fbcb6e02d7211c63a4de8417235722 |
| SHA512 | 7af2402ad545ae8e263358927c517ac6a0a6cf8ddb60acabc1953bd8d1a9b26ed536181dbc35ad8d4d65614cf9bfc36a7fbf9de96d65c2a07f4ac88425305493 |