b42cedb3bb730b345d3b39e3339707608f98f7e844764ed6108cae8262316f82

Analysis

max time kernel
209s
max time network
195s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
18/07/2023, 05:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Mircosoft billing.html
Size

9KB
MD5

2155da170d68d39eed143b6322babf3d
SHA1

c323ebc055dfc176eb6a38ccdb280b13cc069230
SHA256

057617b75cfc503b6f42930c26b1fb2bebb77e82f2f8f74ee2ef7b37cb131845
SHA512

77a6bdb2ab3bae5bfbb84f6faa9aa5ac9805d8e17d6354bbeb467077105abb4a8936afe3bf9ddabd3f081de2d2829c3e253d14fdc52779b7e591f972f602a153
SSDEEP

192:NSDyf+3WuSPiVd1bhaiwdSzMSclXGZkgG27lp78qbm:cDEqFAx0MSclXGZkgG27lp78j

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A6B94AF1-252C-11EE-B871-7E694F6CA729} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c7eaec47cb7afa4887efc5e3f3ae1d8c0000000002000000000010660000000100002000000048d8a44983cb1457f1dd4335f5662f4ae9068d306c986f8c74b3f58a7820b067000000000e800000000200002000000075029a7ddbd986bd41f07d988bfbeb14947c130489021774ad4fd8077a2ffa3320000000e72a52841894480593d84ca7f76d661b7927b000445765cfcd109ec6ebafbba740000000714f65f37b9f815e56469bcd24558d13a94edb867372c904885e4089db03c06550d32afbc7d0c80fffea8bfd1df25e56ccb798a3fcf8bf05a3ac8c0b32c5745c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "396423394"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c7eaec47cb7afa4887efc5e3f3ae1d8c00000000020000000000106600000001000020000000dd04216b02f5a2211cc6cd3f680df918be203ea522447f50ef2b324fb37d5c08000000000e800000000200002000000057021bc27245b97eaf656e3c8a5f7bc8604e2d6fe8dcf1431ca60f60d25f19bc900000005d27857b6991b89341682f80311480ccd378abcb250d11da543dcda736d25735495ae6772a81cb34538b3b7bde80a2137526e84fc513e634b85446ac6c5791ea10326f2f7fb38f93a7187049dbf056c8b6db5f5a159f31a389e5ff24e8fd43c67f7ec6cf39a3d3e1311cb01589bb2037e76b71067d127e63e910f8e011af166cb771d3cd8ad19c70a857bdb3baa6b454400000009ddf48b4fd6c9c17d26faffce99976b61b96282ee681e65ab5f5814e53467ca79ce8082972d2988f719b466d2bbd09f7969816aa5f16961e63c551a2b7c8dc09	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8084047e39b9d901	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe
Token: SeShutdownPrivilege	1964	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
2180	iexplore.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe
1964	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2180	iexplore.exe
2180	iexplore.exe
2924	IEXPLORE.EXE
2924	IEXPLORE.EXE
2924	IEXPLORE.EXE
2924	IEXPLORE.EXE
2924	IEXPLORE.EXE
2924	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2924	2180	iexplore.exe	30
PID 2180 wrote to memory of 2924	2180	iexplore.exe	30
PID 2180 wrote to memory of 2924	2180	iexplore.exe	30
PID 2180 wrote to memory of 2924	2180	iexplore.exe	30
PID 1964 wrote to memory of 2128	1964	chrome.exe	33
PID 1964 wrote to memory of 2128	1964	chrome.exe	33
PID 1964 wrote to memory of 2128	1964	chrome.exe	33
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 332	1964	chrome.exe	35
PID 1964 wrote to memory of 1696	1964	chrome.exe	36
PID 1964 wrote to memory of 1696	1964	chrome.exe	36
PID 1964 wrote to memory of 1696	1964	chrome.exe	36
PID 1964 wrote to memory of 2904	1964	chrome.exe	37
PID 1964 wrote to memory of 2904	1964	chrome.exe	37
PID 1964 wrote to memory of 2904	1964	chrome.exe	37
PID 1964 wrote to memory of 2904	1964	chrome.exe	37
PID 1964 wrote to memory of 2904	1964	chrome.exe	37
PID 1964 wrote to memory of 2904	1964	chrome.exe	37
PID 1964 wrote to memory of 2904	1964	chrome.exe	37
PID 1964 wrote to memory of 2904	1964	chrome.exe	37
PID 1964 wrote to memory of 2904	1964	chrome.exe	37
PID 1964 wrote to memory of 2904	1964	chrome.exe	37
PID 1964 wrote to memory of 2904	1964	chrome.exe	37
PID 1964 wrote to memory of 2904	1964	chrome.exe	37
PID 1964 wrote to memory of 2904	1964	chrome.exe	37
PID 1964 wrote to memory of 2904	1964	chrome.exe	37
PID 1964 wrote to memory of 2904	1964	chrome.exe	37

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Mircosoft billing.html"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6969758,0x7fef6969768,0x7fef6969778
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1200,i,186298878547657189,10517702913761979723,131072 /prefetch:2
  2⤵
  PID:332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1200,i,186298878547657189,10517702913761979723,131072 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1200,i,186298878547657189,10517702913761979723,131072 /prefetch:8
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2336 --field-trial-handle=1200,i,186298878547657189,10517702913761979723,131072 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2340 --field-trial-handle=1200,i,186298878547657189,10517702913761979723,131072 /prefetch:1
  2⤵
  PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1384 --field-trial-handle=1200,i,186298878547657189,10517702913761979723,131072 /prefetch:2
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3248 --field-trial-handle=1200,i,186298878547657189,10517702913761979723,131072 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3476 --field-trial-handle=1200,i,186298878547657189,10517702913761979723,131072 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3604 --field-trial-handle=1200,i,186298878547657189,10517702913761979723,131072 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3796 --field-trial-handle=1200,i,186298878547657189,10517702913761979723,131072 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3892 --field-trial-handle=1200,i,186298878547657189,10517702913761979723,131072 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3788 --field-trial-handle=1200,i,186298878547657189,10517702913761979723,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2640 --field-trial-handle=1200,i,186298878547657189,10517702913761979723,131072 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1072 --field-trial-handle=1200,i,186298878547657189,10517702913761979723,131072 /prefetch:8
  2⤵
  PID:1924

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2832

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
68f3f6128be078b00b790a2e5ec25629

SHA1
e4d87a4dac2133306889ce55ad635e1fd2db955a

SHA256
b9dc98b59bc596cf58a979a500216b5ee1d21ee7c73b3b871c154293a28abb51

SHA512
7e644cdd7ca4c27470a7afafb1cff7e60b7436d45eecffbfd5212bd3bcf90b73caaaf0a8413a21073bfa6f28263f4c02fe0a816e1a5a934d4fc278ea326bd7d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
60fe1a2e6557d1c8e4db4f9237f6ea15

SHA1
815e21cde833b62f9c4c892d8f8aab5d12457809

SHA256
8da7004515035c246ad1cfc99d93e351fe544be7e348037c6229eec3fc2735c9

SHA512
5f46618dd6d69705643001d77012b95eab720648d4320f6f7a08c172ceb80244b8c339cf465c62be74100f43dcb7af3725855a9094dfff70f34c38289145883b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a8848e8a7bce8fd6a9c343e6eba67586

SHA1
a01fd729732c60eda84a5b3ec2e18f37f76f5bb7

SHA256
0c69164d3976d3c8276cdbfed4d4ad68ece1e5dfb0c01aec0362dcfc7400e469

SHA512
d798c1c7ea16c87f729733676909a79e96586fef56101a70f1089f7a2d2ee26dab65e10753cb935ead7ad065add4e81ad54e758c0a1a5fccb278eb92368ecfb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
287bde51c819a8d2fed04dcb98499be0

SHA1
05609b65c21c5d62e16ff94671a0b47a01ba3c3e

SHA256
c8461804e0a5507b09ec5d2e4c958c09cd5fe1b6a444c2ea220bf37536f33b77

SHA512
2f06bd9dd8951ffbe5342af17d7be57e9c79067ca944f3b428f6596b21a5771bf9358105ef5276b75ad9d7688b5d53868137a2484eddea459e25226b8a8c8651

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
47a9f46ed54bf6d07f1b796583239404

SHA1
c3b3e893e9e764a98dcd330b121afd5aaed790d3

SHA256
ccdb7111a64ec0d80af369cfa9127e6201b29fd7a6f70396e6568b08cf8e9d59

SHA512
ac5991b752bd402ea0908abf8508d1fba5d0b5665334cad6e50d1e068333d325d865650495b7a9492f4c6864464a034bdc835bb7396738913a65b3f7cc06e8a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
7793e25e7ade25797d8eef5f146015ed

SHA1
ed5a9c59a065defdee5d81141efeee047f54a316

SHA256
96043c7feb278c58acd4becb134ab640b30023dbe6871eec2f9154743a84b6c9

SHA512
d4180c0211ecddb38ddeafa9c6b5d85d4870e3fe8878760ff0550a601c6376cff27abed55f9dcad62c0022525f4ff8d5dee7287043df35bcd83e670e96dec3cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
43d887bbfb441e30ed47b338ad6c9c17

SHA1
64210b7285c1abe22042abee91db57b216006a10

SHA256
a4f4670e0f9ce0bcae29f526f5782c62841ce3e73b1a00770b3e8827a87d5886

SHA512
fcafc1886313b4267ce0af162423e7cf884eea36a2f4b3a15b95afb0346b098c55e1302b58cb10488329176eedfb4bf5d8475db451c88a740c9d1ce6f2357b89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
883a489c2bd9e672b74d58e89dd84d41

SHA1
fb9cf6240b539baed88eefe210b4589099dd84b1

SHA256
a473b545d84346d92ed056f9e1a358a7c44ad54292cb8e3c7b6e39c42cf5420a

SHA512
a1567117be5281b61fa316f7c779e139ddd04295e44446a06a6e0c9a7349e8b962c22ee6129d0b5130811b58301e41d9819e0485e618146d998c95cfc44160e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
37f8ae999edc945e9808c8fe668241cb

SHA1
76873d9c0445b200b07e8357a499bb5991fbb0e2

SHA256
b343099c99ac64cdda9da8fd5777962680d54216484e21b88a5c75866203f9c8

SHA512
3cfd228c077b6bf42bdfa850baed0bb469b8801f9b6b44d1a686915598376e698cbf562f46fae9e2dcad6e221fbc5447da8fb1fabd8b0923dd1382c63cb3efc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a38caf69aea1796923499a9061e14240

SHA1
48603ee7c5f4e866e14a01e19eb6a5b4c99011c8

SHA256
039c6ff21b125c76b26ca0cf6ef79b5f1197078ed1411192788274b93e78780a

SHA512
7a7db55255b991d46403c79bb6a8f9f1532b9e2cf42bc908231e3aa36b2c447297556101d0e3b03dc66f7dfa7bb558b2adfc69e2de93886df0903fb97e5184d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d1cbe93a3491d93f8207f488d6f8775b

SHA1
f0f1d7ce1bc8b38bb4633428111329d4ad394e4e

SHA256
c59612592e4a19654fce994f7f5f6c6042880d799c88d2f0bd4787a3f58ab8a0

SHA512
7b1a99657862f7b94d706b9cb3ca31216fafa23ccc4b0a1bbef43748c6fd3268363ed48661a895823393f05dad5cc5b8dacc3629c46a06111b3434952be6b0ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
fbb00aa5a56cd306682c3bccdf338af9

SHA1
a40ede6c4a20413c83588037ecb5a10a2e9dfb0d

SHA256
75ac46cd1f3e3b5bb62dfb571275e1dacaa04da1def9c70c8a40ba54e9b6dd3e

SHA512
8915e82abf509bb5ac725bf9c130756f16e5c34b6ff79666de130e01d193954d4230d37927279cd874863c277fb56582ccf1c5ad299a551232e5154c911924fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
dee9232966a7084475218c96150c55e1

SHA1
9b5d59929c72edd31032cad6d9287b2d6dfb74e3

SHA256
015d890de1331228296eac769810b1428c587290cb4e903ed62d8e1c628d0d1f

SHA512
0b34a704fd0e153cc5421afaef64b87d6f7fe13cf0eb16221ffa28dd0307973ee13c87de0d58572388fe64fc3e40bccc07db475480937c35d0445dd56128715a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
20d0dca80fabc3f9da0f3c3c19985f96

SHA1
0b313ed1bdaa43721afa3f8fa372387c81bd48ab

SHA256
8fa34cb7a296976423a1742c62ad83e2d4d85f01eeeca25fe051f60f58353a03

SHA512
08199e89c35d960f69374be61b96105a36d5afcbbec7c8e8b46f8d77f21c7bf26d4be00b76f2479e886aea4357da615826d52f7f87767dddc5f9c50552387fb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5d0fcba1-e337-4ab6-9b9a-04d279e4b910.tmp

Filesize
7KB

MD5
b0fedcab6afe8eba2cb58c1c3930bb50

SHA1
926d45bddde3419ce6a3d7793cc94cc473d61c7e

SHA256
a4341c81c1398a7f417133980544d3ba767231261ed50647d729c00e76678273

SHA512
bbd75164635366796eddcdf7a69c3a027f9a21ff7a310d6960b6e95da14cffb5755d2e370ee18326d2812308a3ffdfe74cd54f9ffa7a868b1566fa05aa6e13c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
508666e2a5bf14cbc61114b180565010

SHA1
19cb4d04e485fd88b49343b2d7ec43ef9af6efd5

SHA256
1224e5d057dfeb4661f7bce96e7162fdf2579bb25bdbca059434bfae4f993b88

SHA512
13ec5eecc5138fc1a7a8d2299608b4edc694421fc89bdedfaf7d0364804ae1fa7a7595073cff640a1fa10fd1a8c7938ed36ad5be944c4e6438982d8a89147902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
975ac2b15f1c8a0cd807f4d88c9f1463

SHA1
5269ed42de27f9224e6d20d928261e1c32ffd8e1

SHA256
c53db60b2d1baa4bfaba48ec10853eabeef18a3d688ba3286a11c9a1e69fff26

SHA512
3da953e8ba1116419363279340ee4f7a5b0c73f08e5b93fba77030d48ac7ed1f961afbc7d765c24035439ed0560d1f2266e586d3fbef713ac606b02391d857d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
39918c5fcd1c83a45948fec1bf9be7b5

SHA1
128d8d9ec23b27ad4f7f20698c8845b9ad360200

SHA256
7434893d75746bfcdf545871aa7e2b015b5cc2476e6cb049b8068db09ec1bd28

SHA512
9cacae28397f61005906c6f92798ea9188bcaa0fcc7cc92cc08290ff0bfc077bb3e2d3d519dc86eeaa3d811bf7a3ba79fd0e3db7a3c280fd1921d61338cacba3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b6423bbd-78a8-4072-a3bc-3d5fceca366b.tmp

Filesize
4KB

MD5
de953323e3f149994207ee68d95662d3

SHA1
91c87158e4e1d72db2d59bfdad8faa25974fb398

SHA256
62505ca8ffd560f6a63f7d6f24b7ab67cc0f792c5a7783d67965958ea6920b9b

SHA512
b9a79910b1cbed1d05d83b71c412c6996cd633d8094ae88f8e92823f7161c55a55ef631701a7f697b5c6a69f7ee95900c55c8d3de306fce1e7303ede8c3b8457

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
179KB

MD5
fe9f0a2f7b00986d63752765a8124dc8

SHA1
e08a91663bf05f8b81d54a02d3d62da61bf26d2e

SHA256
d2ecd7a8c587fdc42f4b2c2cfeff3ce94f791596ba73d6bbf735725dd283c1d4

SHA512
4022217f104144f4e98aec1432b7188d3e048b60c10bdc02486623063d584ae9ab930d424196abbe3ad89625a6f93fcc43fdd368eb916bf95afa22d7c5b3fc64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1AB4.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1AC5.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\1SUVYFF5.txt

Filesize
601B

MD5
e34f99b21e6c8bc917c02383afb957da

SHA1
b2eb7352ec25af1a146244cd8a6e79f373975c73

SHA256
c3291e53ba28c07208032068cab4a44871cad6d30106f748247c34cbeeeafcc6

SHA512
155ac1922bff5c6d3c9b04dbd2de88d98bfae255953b9211185430035c4be98b2f9138f4acd977a2efd6702d51adfe60c21111c24d16584de4deb26f4628f71b

Download Submit