a639a39bf1c7b5e27b3487f14a8d99f81d5e7334580e917606cb4a32647a2816

Resubmissions

19/01/2024, 15:19

240119-sp7hfahah6 5

19/01/2024, 15:17

240119-spb2jagdgm 5

Analysis

max time kernel
144s
max time network
160s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 15:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BT-23.10.0-64UWD-Win10-Win11.exe
Size

58.2MB
MD5

3d1299ef2998b60d60d0b0676916ab32
SHA1

ab603bfb318ea47a3aadd2482f8070dc0c1dfd86
SHA256

a639a39bf1c7b5e27b3487f14a8d99f81d5e7334580e917606cb4a32647a2816
SHA512

961e9b905ff47a5564e43c3c9e5571cf9ac210ec6f5a034d59601e539f7ec3c07d1eddf6be0365d3ed9e9d5a9d1b23bcb80e78ef8386a777d282b47cb1d3b2d9
SSDEEP

393216:hB9i8PUgDtfGi39joJ5HFsPyaGBkE5v1AamBNS:wI71945lDtv+aKNS

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2308	WirelessSetup.exe
1564	WirelessSetup.exe

Loads dropped DLL 12 IoCs

pid	Process
2244	BT-23.10.0-64UWD-Win10-Win11.exe
2308	WirelessSetup.exe
2308	WirelessSetup.exe
2308	WirelessSetup.exe
2308	WirelessSetup.exe
2308	WirelessSetup.exe
2308	WirelessSetup.exe
2308	WirelessSetup.exe
1564	WirelessSetup.exe
1564	WirelessSetup.exe
1564	WirelessSetup.exe
1564	WirelessSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 6 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	WirelessSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	WirelessSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	WirelessSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	WirelessSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C	WirelessSetup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf1800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95	WirelessSetup.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2308	WirelessSetup.exe
1564	WirelessSetup.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2308	WirelessSetup.exe
1564	WirelessSetup.exe
1564	WirelessSetup.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2308	2244	BT-23.10.0-64UWD-Win10-Win11.exe	37
PID 2244 wrote to memory of 2308	2244	BT-23.10.0-64UWD-Win10-Win11.exe	37
PID 2244 wrote to memory of 2308	2244	BT-23.10.0-64UWD-Win10-Win11.exe	37
PID 2244 wrote to memory of 2308	2244	BT-23.10.0-64UWD-Win10-Win11.exe	37
PID 2244 wrote to memory of 2308	2244	BT-23.10.0-64UWD-Win10-Win11.exe	37
PID 2244 wrote to memory of 2308	2244	BT-23.10.0-64UWD-Win10-Win11.exe	37
PID 2244 wrote to memory of 2308	2244	BT-23.10.0-64UWD-Win10-Win11.exe	37
PID 2308 wrote to memory of 1564	2308	WirelessSetup.exe	44
PID 2308 wrote to memory of 1564	2308	WirelessSetup.exe	44
PID 2308 wrote to memory of 1564	2308	WirelessSetup.exe	44
PID 2308 wrote to memory of 1564	2308	WirelessSetup.exe	44
PID 2308 wrote to memory of 1564	2308	WirelessSetup.exe	44
PID 2308 wrote to memory of 1564	2308	WirelessSetup.exe	44
PID 2308 wrote to memory of 1564	2308	WirelessSetup.exe	44

C:\Users\Admin\AppData\Local\Temp\BT-23.10.0-64UWD-Win10-Win11.exe
"C:\Users\Admin\AppData\Local\Temp\BT-23.10.0-64UWD-Win10-Win11.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Windows\Temp\{F6F922AC-8236-428C-96BF-3F8E29F646B6}\WirelessSetup.exe
  "C:\Windows\Temp\{F6F922AC-8236-428C-96BF-3F8E29F646B6}\WirelessSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2308
- - C:\Windows\Temp\2f965de32bfed4fa221ac677cddf1ba8e7684e\WirelessSetup.exe
    "C:\Windows\Temp\2f965de32bfed4fa221ac677cddf1ba8e7684e\WirelessSetup.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3900 --field-trial-handle=1244,i,15544437870809684567,15410435384776357897,131072 /prefetch:8
1⤵
PID:2116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=3596 --field-trial-handle=1244,i,15544437870809684567,15410435384776357897,131072 /prefetch:1
1⤵
PID:3020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=3708 --field-trial-handle=1244,i,15544437870809684567,15410435384776357897,131072 /prefetch:1
1⤵
PID:1800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=4088 --field-trial-handle=1244,i,15544437870809684567,15410435384776357897,131072 /prefetch:1
1⤵
PID:2104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=1432 --field-trial-handle=1244,i,15544437870809684567,15410435384776357897,131072 /prefetch:1
1⤵
PID:2708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=2556 --field-trial-handle=1244,i,15544437870809684567,15410435384776357897,131072 /prefetch:1
1⤵
PID:1488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=2296 --field-trial-handle=1244,i,15544437870809684567,15410435384776357897,131072 /prefetch:1
1⤵
PID:2544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=2340 --field-trial-handle=1244,i,15544437870809684567,15410435384776357897,131072 /prefetch:1
1⤵
PID:1100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=2120 --field-trial-handle=1244,i,15544437870809684567,15410435384776357897,131072 /prefetch:1
1⤵
PID:1408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=1140 --field-trial-handle=1244,i,15544437870809684567,15410435384776357897,131072 /prefetch:1
1⤵
PID:2716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=1572 --field-trial-handle=1244,i,15544437870809684567,15410435384776357897,131072 /prefetch:1
1⤵
PID:2680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=3592 --field-trial-handle=1244,i,15544437870809684567,15410435384776357897,131072 /prefetch:1
1⤵
PID:2812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=2136 --field-trial-handle=1244,i,15544437870809684567,15410435384776357897,131072 /prefetch:1
1⤵
PID:1144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=1972 --field-trial-handle=1244,i,15544437870809684567,15410435384776357897,131072 /prefetch:1
1⤵
PID:872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=2572 --field-trial-handle=1244,i,15544437870809684567,15410435384776357897,131072 /prefetch:1
1⤵
PID:1960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=3860 --field-trial-handle=1244,i,15544437870809684567,15410435384776357897,131072 /prefetch:1
1⤵
PID:2428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=1916 --field-trial-handle=1244,i,15544437870809684567,15410435384776357897,131072 /prefetch:1
1⤵
PID:2804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=3480 --field-trial-handle=1244,i,15544437870809684567,15410435384776357897,131072 /prefetch:1
1⤵
PID:1700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=4640 --field-trial-handle=1244,i,15544437870809684567,15410435384776357897,131072 /prefetch:1
1⤵
PID:3060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=4620 --field-trial-handle=1244,i,15544437870809684567,15410435384776357897,131072 /prefetch:1
1⤵
PID:800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=4888 --field-trial-handle=1244,i,15544437870809684567,15410435384776357897,131072 /prefetch:1
1⤵
PID:832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --mojo-platform-channel-handle=4992 --field-trial-handle=1244,i,15544437870809684567,15410435384776357897,131072 /prefetch:1
1⤵
PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_EF52C1EC85F21F31CC0157A5C8803013

Filesize
765B

MD5
9389c5403447352cb33f439c7e9c18b2

SHA1
14b4c1deeefe1502f02a1e148722cf1f2e78553b

SHA256
7c833c358158f743a1f6089bb0e4fc466830e971d8717d1004ffc783217d3350

SHA512
c3f304fe27d2cb1f7fa20917636bf361636b41262da5d17102800b6e208b6c301d4e8c1da7c27c640285989044e8a3e779f9862184891d3ed0843b65b129b170

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3AA0DCD5A74331FBD6F344550EC48B87_5138147F2BE7083CBCE306C8D330136B

Filesize
638B

MD5
a2c38169adb6b9b0f2e9f3f140c14fd4

SHA1
fd9cfcd4c168a12982931ea095815ebb7e017d2a

SHA256
a2695f19e6d8b475fc2dfc2f231118b3936ec6c03630904f2a3a18057eab5a38

SHA512
53beffa061a651f0301380c9ca9bd16d5db814939abe4ffe50dc756ab71b83f07da733cb9acb318b434013ff6f02e512d7611c399f30b1ce78a31ea7fbd0e8d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
1KB

MD5
765c6d3c40db39f2d87414f0809a8c05

SHA1
7ca9fd389aa670b0369449f74b0be9d732197e63

SHA256
28aadfaa6706dc3e815b14c5d6716586e9c42a44f3bdda0e8b214a93fa601fdb

SHA512
a1ebf643958539fb6e2fe9001836506e633e06b5bae0c6a7b5b10e4a3c76d9db72a1f7db289a14b63420cd90a713cb5efaa04b11eda8a842226b6767a7070402

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_EF52C1EC85F21F31CC0157A5C8803013

Filesize
484B

MD5
4ef122bbc5224b30c91031ebc2c8e39c

SHA1
76da24578e3db8b506a8a06cdd2d82c389c0186e

SHA256
c6d7868ba541615b885d97871bf7f3a30686e5858bdbadf5e33c17e0cb27f436

SHA512
109b57ba61f7268b4687d8a8d76686f30c871f9611eae3b377034103561dbcfa94604d7d2c4599529b9474eea314a40ce8880af30a1b7b27ea3574d570430c51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3AA0DCD5A74331FBD6F344550EC48B87_5138147F2BE7083CBCE306C8D330136B

Filesize
484B

MD5
1b8fefdbb9b442b3afbc9e49647bece5

SHA1
a6beb2af6888aa3bcbe425092e4fb8e60f2766f7

SHA256
e2b2a0808468676a7a4341d45e25c92efdd3d4fbef4672db6539906f0ddddbd6

SHA512
ee50f2a05af85a03acf4e9ce48ab8c292d9801a7a28096362ba1f41e5615c84da0707f275fe384c97e58ca1dcb362565a2327f3530ccd609824c4a09e1e1c18d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a9ebb3caa4f22c4edbca3fb43e8058f

SHA1
fa225d577680b352c5b791c801091c59d442c223

SHA256
22469ada702301f1a5f9fa6d14bbcf4d5e8c0ec47069bd05ab51600f5f13a3f0

SHA512
1ada63096450092fceb735c9a1408b7eb0eef78788c1d26b952d72fa22487bdfda326bce81d08ef0a20cc11b660f71727d477a2f8fd14a5d42cb91309c2ffc4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
482B

MD5
f9ca6dc2eecbb252345fd94aa2e3a0fb

SHA1
d2667d680554eb841e3019f8dec01f7251a8cc16

SHA256
39843ee953513221870e22fe28eac0263647e6a9152b1294156be765d640d9b1

SHA512
70eaec514d0fba86c90897274c084155e4452c04a95f00b05c02c04e28fa66aa76a4e7a05df0c3c4a7295be56c2d42272883a57b70a1746da1c0162737f05e43

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab958D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar95DE.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Windows\Temp\2f965de32bfed4fa221ac677cddf1ba8e7684e\Intel Bluetooth.msi

Filesize
192KB

MD5
be1f3176985378b6867049d71018794f

SHA1
532ec674d1a210a126c30c880cb1187896b2fcaa

SHA256
55d0538d6a3bcfa767a96a2c256467b51b91c971a03c56ba55a33b3867add26a

SHA512
3c54d2093823d82f560be509511a971e94106f5d96f786594fd565c4d8dd5a376bdd1b1cb3365b3a8a241e7bfeeb95b4adde38ea63fdb700904bf3f7f0a84fc8

Download Submit
C:\Windows\Temp\2f965de32bfed4fa221ac677cddf1ba8e7684e\WirelessSetup.exe

Filesize
2.7MB

MD5
c7d68aacd351e43f4d9decb4b2d5ea58

SHA1
ba3219e6a17a249faf027b917b6ed582fd9d6480

SHA256
ef4b2024165d91fab59e18567413ea47962797b1bbf59723fc2bea26889bfd3a

SHA512
5e94c9b5e6bf65dad9b1c93078b09ec54e28bb3fe633454459ef1cc3964dc883b110915614119bf8ff6d04090e6f7d978604632a3209ad859a98e82b5c371fd4

Download Submit
C:\Windows\Temp\2f965de32bfed4fa221ac677cddf1ba8e7684e\WirelessSetup.exe

Filesize
1.2MB

MD5
2a7e369134fa569e8f060536b94b9379

SHA1
2fef0fc62d9dc8f41ee4664a48a7a9db32609bda

SHA256
01577271f282e9c3dfa3a9cad5e06701608f6829934a06d7621422f247cf6a17

SHA512
189ed3becc5b9c39c3343701dd4741ce46e9e292b923e391417ed0a65d0b43ef5e3dec54227518f59affa78583a6c97b2684fa9741fe1184fd767776a325665e

Download Submit
C:\Windows\Temp\2f965de32bfed4fa221ac677cddf1ba8e7684e\WirelessSetup.exe

Filesize
1.5MB

MD5
08454ecb2603494e6c1f0a340667d3ad

SHA1
21cbcbee3659f4930273f5c100abfa884c0a2f64

SHA256
efeabfdeb68ee2f9b9e2579629bdc5035f1918d6b48cfdcd119e9c9da71eb8bd

SHA512
f07cf0c7d1d6c3960303ed44674175b785096faf40133318aba981f7aae5dc2ffe6c01bad6c4111091f6695dcb95ef356df263807eb1fa809de3cdec5c6a67d7

Download Submit
C:\Windows\Temp\2f965de32bfed4fa221ac677cddf1ba8e7684e\lang\setupENU.dll

Filesize
1.1MB

MD5
b9f570c82ec50bfd684ca909dc706cfa

SHA1
f73002863614230af7d1b9e87097689fd470ed56

SHA256
181c05e3bdcd9d5867eba0153a25e95f3178fb7d81495a3da2ec1cba53a71f63

SHA512
c21d2a6e879583c8f618b33f50986268b0810cf770950d83b716e8f198a9daaab78a6754f047c1932df4d7f1a365b2300babff4cf7a982452f40b53204f74a08

Download Submit
C:\Windows\Temp\{F6F922AC-8236-428C-96BF-3F8E29F646B6}\Intel Bluetooth.msi

Filesize
18.7MB

MD5
36ceb370bc75270b31aa50fad3dac895

SHA1
a7eb2b25cf566bc2d9adf06000bc0d0698fd20a3

SHA256
8ed98722bfc10564a08be99cff8cfa953f9aa78eea5cf482c5f5657159479fa7

SHA512
943f512b94c3523ba8149fdbc4f5959f3cd6a70677502b3ca4233b33cbed3064e52f03a978c4b4cf454e0531e189a663896984a28d3a4479fb5e63c416314795

Download Submit
C:\Windows\Temp\{F6F922AC-8236-428C-96BF-3F8E29F646B6}\WirelessSetup.exe

Filesize
2.8MB

MD5
1a482eaedc8d23b8d125b527ac9347cc

SHA1
73a81b5b4bab20677f651ef80b2eac1722046a20

SHA256
80e779e7725b3ec6909fe235649d06f022f0a16f6b8900c24c0262286a6be252

SHA512
80b6a72c8d28e9a749e027da13d6a0b3af202e0046dad7b627a19b8b69e4b2a9a2bc5be31cdf3877392e802f458b282035d5b88d5da62f49313c9b82adeb8b0a

Download Submit
C:\Windows\Temp\{F6F922AC-8236-428C-96BF-3F8E29F646B6}\WirelessSetup.xml

Filesize
632B

MD5
495d22fb91b19d93e337be9cd92b78eb

SHA1
c1c7e948b0ad53568275385dd2c3324455bfbb64

SHA256
4e890388a0a0e8b6ff24fb1e2eb8cb7042ecfddf62419ca1b749f034bbeee483

SHA512
ee102c8acdb1732cee5fb92cca8fc1934e66b1892a6f93cfe64f70c54aea7eab3f89f4dd2154ee75104392cf0e28470149d5be447140e7c51b7743ea1d8c389b

Download Submit
C:\Windows\Temp\{F6F922AC-8236-428C-96BF-3F8E29F646B6}\lang\setupENU.dll

Filesize
1.4MB

MD5
73176d7e920a496f670e103156d8b572

SHA1
7f513573c67d1da78d960c252b64433818246f15

SHA256
445e53326dc3103e67c70d5637b1d46cc486f1806ea50f9ff4bdb806e8f6a3bb

SHA512
cbbc16c1a37519574a3f7b98e57c3214b9d5edbb156e057a04d279977abb7f4ba73e980c9a09715cace8febb97e27d2eb5020ba4a34734a44ef1700d44057905

Download Submit
\Windows\Temp\2f965de32bfed4fa221ac677cddf1ba8e7684e\WirelessSetup.exe

Filesize
512KB

MD5
fcda5186d385d8c01e23133fe3bb8b14

SHA1
8e0a3db65129832da75ba7d2f9d8371d45b4491b

SHA256
aa3dea5db72cce41dfec19a7c1afe9b598f5960b243e9dcb881984b575fdeca1

SHA512
9aa5a22d7bf71e2805b9e3f7addc41fdb53d7b0a79327f474851cf0fd7da0fe0b8c15e9ca3a248850097023e5f58b1b22968399ce1f864acf2b903eaf9e61211

Download Submit
\Windows\Temp\2f965de32bfed4fa221ac677cddf1ba8e7684e\WirelessSetup.exe

Filesize
1.4MB

MD5
e15fdb8448c65b4b813cdc3da3a7d08d

SHA1
f734e0fcab39b93b47b4faaf92121eb2901c7ce1

SHA256
6bf2f1884e9c0bcc7c27876b0a604aca4ca809b1b530c0e1f22320483a1a4bf8

SHA512
28cd24d65d5800f7fbe5b12e447e7a993f2267fcf5e87f42029193eb2fb7b5212bf4a698574ba91a9a9c031d435d71c1742ac36a1e738064d0971d424073d890

Download Submit
\Windows\Temp\2f965de32bfed4fa221ac677cddf1ba8e7684e\WirelessSetup.exe

Filesize
1.3MB

MD5
339b630deda0be35e8dcf1ec4d89d221

SHA1
d84105be15ab182677822d3af635cecc09084d4d

SHA256
dee08cc1656850e5dcb0dd2681b27ba920b671e07128a248a27b395cfabea498

SHA512
8b13ec15c7fefae332897c4182cd1758e3be9e783e207efcda7d5d99a36531bf6e4839cdb03a05ed925a5b1845e6d26cdf8c9cc7adca1186a910c63d9741c29a

Download Submit
\Windows\Temp\2f965de32bfed4fa221ac677cddf1ba8e7684e\WirelessSetup.exe

Filesize
1.4MB

MD5
16748d14be32fa28e33ef2ea690a8ec5

SHA1
0e226f981a8c0c4e213cfe1a140dc89ef4b96e5c

SHA256
076d2e36dd734a7b8a051bb84c05e0bb146757f30b3a65e6e7c7c6b9ffe4d7dc

SHA512
258f7c5a0262b3999fabb2f33e45775a55ab63e5fe2c38cb64f58a73bbb54d96b6dfa4050424dd178783d6a69116b3338d6de5f77eb7265beb7790df0dedaf3d

Download Submit
\Windows\Temp\2f965de32bfed4fa221ac677cddf1ba8e7684e\WirelessSetup.exe

Filesize
1.2MB

MD5
e991c6d8d58e990d2b886c1abac1494f

SHA1
72c9a48c25c774dd9a41dd41d6339703c0aa9ec1

SHA256
0e39bb768a67d60bb73cefc3c72af98576b966ee0747ab417cd430f341dfcfd7

SHA512
8f0c3e56f6083bd845670a3c1a9f79aa3b5221b1db6d4ba412c467ca6a8f809afb253700aad5829c316d7b7f7d37fa475295fef98885eb9567d08296a9a72640

Download Submit
\Windows\Temp\2f965de32bfed4fa221ac677cddf1ba8e7684e\lang\setupENU.dll

Filesize
1.2MB

MD5
ab65e118f948ef9d47db849f542318fd

SHA1
8e949d46e60da872026d63a6d39cdbc80547c813

SHA256
aaa527cf9aa82533125bd17db748eac434718105c7c36f5f297f4302dc201baf

SHA512
c6736305b79b84cd57a586c9651771e4b7f0d5b6f527a5907a237ca8793f2456c13a542a3b5317c0e25c961e6484be403588e09329b68a0a089b021c481b79f8

Download Submit
\Windows\Temp\{F6F922AC-8236-428C-96BF-3F8E29F646B6}\WirelessSetup.exe

Filesize
3.5MB

MD5
3ad97c68b5ed5f60fb2f5b1668888f24

SHA1
89943fd49d7364048a92325c04bb20d1c4ec215b

SHA256
cf9e5f7d0e234021c542dd30aa65620a164def567fbf56254fe194d6614acf4f

SHA512
04ac197867456f77bfce7b446ec43012edf5f318360888a754a85e632fec88d4a7b5e024fd4141630d43feea6b34353eefd57453e5ec4849ee88178dc5a7ed6a

Download Submit
\Windows\Temp\{F6F922AC-8236-428C-96BF-3F8E29F646B6}\WirelessSetup.exe

Filesize
3.2MB

MD5
f68f6b7a205b6308f7e5307235fa9488

SHA1
18de693c6e3cedcc9dc3ea1b174d0a40aa4bb9f0

SHA256
02b31c46b53bf1940ef8e1a4c0b9c54dc565b783265e9c2b6314aeab7ba1d18b

SHA512
526f2d0e1802c5bb20d11c53a57b39dfde81ec9638e25d917e1de003b9bc22e1409c235f94e0a19b5d52245d70f2f47f4fe9c161b414e1e63bd55c96c70af45a

Download Submit