hxxp://sfgbz[.]butsif[.]com/hdoobobglower01

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 13:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://sfgbz.butsif.com/hdoobobglower01

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133505751841776374"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4020	chrome.exe
4020	chrome.exe
1848	chrome.exe
1848	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
5004	OpenWith.exe
5004	OpenWith.exe
5004	OpenWith.exe
5004	OpenWith.exe
5004	OpenWith.exe
5004	OpenWith.exe
5004	OpenWith.exe
5004	OpenWith.exe
5004	OpenWith.exe
5004	OpenWith.exe
5004	OpenWith.exe
5004	OpenWith.exe
5004	OpenWith.exe
920	AcroRd32.exe
920	AcroRd32.exe
920	AcroRd32.exe
920	AcroRd32.exe
5220	OpenWith.exe
5220	OpenWith.exe
5220	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4020 wrote to memory of 1136	4020	chrome.exe	86
PID 4020 wrote to memory of 1136	4020	chrome.exe	86
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 4712	4020	chrome.exe	90
PID 4020 wrote to memory of 2320	4020	chrome.exe	91
PID 4020 wrote to memory of 2320	4020	chrome.exe	91
PID 4020 wrote to memory of 4572	4020	chrome.exe	92
PID 4020 wrote to memory of 4572	4020	chrome.exe	92
PID 4020 wrote to memory of 4572	4020	chrome.exe	92
PID 4020 wrote to memory of 4572	4020	chrome.exe	92
PID 4020 wrote to memory of 4572	4020	chrome.exe	92
PID 4020 wrote to memory of 4572	4020	chrome.exe	92
PID 4020 wrote to memory of 4572	4020	chrome.exe	92
PID 4020 wrote to memory of 4572	4020	chrome.exe	92
PID 4020 wrote to memory of 4572	4020	chrome.exe	92
PID 4020 wrote to memory of 4572	4020	chrome.exe	92
PID 4020 wrote to memory of 4572	4020	chrome.exe	92
PID 4020 wrote to memory of 4572	4020	chrome.exe	92
PID 4020 wrote to memory of 4572	4020	chrome.exe	92
PID 4020 wrote to memory of 4572	4020	chrome.exe	92
PID 4020 wrote to memory of 4572	4020	chrome.exe	92
PID 4020 wrote to memory of 4572	4020	chrome.exe	92
PID 4020 wrote to memory of 4572	4020	chrome.exe	92
PID 4020 wrote to memory of 4572	4020	chrome.exe	92
PID 4020 wrote to memory of 4572	4020	chrome.exe	92
PID 4020 wrote to memory of 4572	4020	chrome.exe	92
PID 4020 wrote to memory of 4572	4020	chrome.exe	92
PID 4020 wrote to memory of 4572	4020	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://sfgbz.butsif.com/hdoobobglower01
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8dac9758,0x7ffe8dac9768,0x7ffe8dac9778
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1884,i,6164708208464850248,7558261049937933703,131072 /prefetch:2
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1884,i,6164708208464850248,7558261049937933703,131072 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1884,i,6164708208464850248,7558261049937933703,131072 /prefetch:8
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1884,i,6164708208464850248,7558261049937933703,131072 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1884,i,6164708208464850248,7558261049937933703,131072 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4708 --field-trial-handle=1884,i,6164708208464850248,7558261049937933703,131072 /prefetch:1
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1884,i,6164708208464850248,7558261049937933703,131072 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 --field-trial-handle=1884,i,6164708208464850248,7558261049937933703,131072 /prefetch:8
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1884,i,6164708208464850248,7558261049937933703,131072 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1884,i,6164708208464850248,7558261049937933703,131072 /prefetch:8
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5724 --field-trial-handle=1884,i,6164708208464850248,7558261049937933703,131072 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5788 --field-trial-handle=1884,i,6164708208464850248,7558261049937933703,131072 /prefetch:1
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5924 --field-trial-handle=1884,i,6164708208464850248,7558261049937933703,131072 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5948 --field-trial-handle=1884,i,6164708208464850248,7558261049937933703,131072 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5348 --field-trial-handle=1884,i,6164708208464850248,7558261049937933703,131072 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5436 --field-trial-handle=1884,i,6164708208464850248,7558261049937933703,131072 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1244 --field-trial-handle=1884,i,6164708208464850248,7558261049937933703,131072 /prefetch:8
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1884,i,6164708208464850248,7558261049937933703,131072 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3236 --field-trial-handle=1884,i,6164708208464850248,7558261049937933703,131072 /prefetch:8
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1884,i,6164708208464850248,7558261049937933703,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1848

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2860

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5004
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\DuckDuckGo.appinstaller"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:920
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    PID:4024
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=70D1F6B65E498E0DF76B28A79FCCEF2A --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:4480
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0F1E33866124EDF29E71DE6A9646F314 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0F1E33866124EDF29E71DE6A9646F314 --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:396
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F72E4841FCD9992A648D25080585549C --mojo-platform-channel-handle=2196 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:4704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5300

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3232

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1d14971e-5fd2-4aec-9407-aee6cd5fe96b.tmp

Filesize
107KB

MD5
198b6264555d9c503aae54b90129fa89

SHA1
e998a0c1c742b60fd60f9aab290ca1db1925f44a

SHA256
881eb1bfddce168a8c49622db2b09f07e55e742e2666de515490b57c9ac577c8

SHA512
6c8c21f5625979a1dcf3c0abc0815f6a8de0cc6f20adf7ca3edd647ac62668d3523a241d30971675c5e1c1ff9eb4f8697db26de57bddb9490b1a7814e693cddc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\71874383-3785-4c8a-8ff6-6fa819d66ee8.tmp

Filesize
7KB

MD5
8eb7d6d5fb002da1899ce98e7b6a87e9

SHA1
cfe9c71707c2a9ead3d15f63770c0ba4027dad09

SHA256
e1c9395e4ccd27a7f6096121e75c648d9498dc02c1933aa6139b8461c8fcf8e4

SHA512
a770510fdf0f88b785c3e2f820cefac1d7732e939c5fd2d0de91e5a45c2670127b4534c99b533228dc77cfe925c811d61ceb611c2dc5906ac15970f9d4bf5db9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\71bb06a1-1a8a-472b-8ff4-7dfc90d46b86.tmp

Filesize
6KB

MD5
f2c9ad4200a4883486a6729cbe4e0bae

SHA1
8cedcf4e27cc80ec87f3ba8d5a1805c05720f482

SHA256
cb94c99ce1e604e61b54b92cd256486a41ebf849f291ded88e0328f37b765834

SHA512
7508f48e283ee8b1704d112da810b89e5889bc7c85df4871b1b38db03b8ae13b7e6edf99eb4cae17c5d631d3454a1282373eaa63078f6145b7e109b6534e8c32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
201KB

MD5
c445ab4315d0633d446998c80764cc36

SHA1
47d3dee9845cc6e29b6771dd6560793b8b93000e

SHA256
5635695eeb70b51c449aea7a5bd3c9699c3c28c64498fb7fcb8173aad45d7242

SHA512
83a32ffdddf3ee56e89f232c8d05a4b00265895b0e41d13700f90fa389f0bf3f112c291c24c3819751803322b11e2ff866971d835d601672b36818c4e099bff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
d31ce955ba6be307ea852c025ae9db1d

SHA1
b8fb9867e14f251443c79526e89265ff868efa04

SHA256
f2b08c4f5995d067ad4a6a72e4e7bee9a899219d72eb162539fb369c3071ddd2

SHA512
1b6c0a5fa3e00f526a1574e5b47e8f31bdc8c760959b3b24255da0ee8ae1585206ab87f64d179ff9f13053c13f7e217b3909c67bdbf3958c03681c2ed829dfa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a6f16e835056ab3665abf4f20d916279

SHA1
3dbdeac8d8f71e75d01f49826a82f6ca325d759e

SHA256
95e385e6b5258ca10519d2551e4bfd02f982ab9a78ac68261b72415016b3127d

SHA512
24004a66385bf2e4a67da1faa8215bc0f941214ad67acb5866fcab91c4788895d25a43a74bcd397e62512c58936b4c13a230229ddec71a27aeaa9add2e05c69a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9b0939701f5bfe2855f36ccf339fb2f4

SHA1
345c9e784a372ad0df5a759bf273d33873ff0dfb

SHA256
f0deffbd407886f9445ef1219cea2c3aa457ae3a63afcf980d32b5afd43a8a72

SHA512
30fa5e00b41f74cb2a939695586f69c17612139b3431730c21f559aa9fd319cf0a2bc178b1c5f97e219cac54385584bff5d8e61b26eac74657db233fb6b556f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a859c21e158a02c475cd43aaea7ce6df

SHA1
1344fe57b8d741335f347e6db940665865cd641e

SHA256
ec83e536ff7db53158220af19dedf8109958cc329deb1976082a8cb83008b31f

SHA512
95c3c30780c34959680cd46bd1b0a4b342bc7508fe6a1fb2eb164fe10b1c678fe5868ae925fa99379cb8eeff42e7aa300b06ca3f1fd58dea9185b94341a39f1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
cefe0efa6f336130cb23587ba662c8fc

SHA1
2deb27c5ed6de0c0dedc10b991db546738bd3a8a

SHA256
b42dab01fcfc61db0e3c01d74e2b5de9559e5622e80dedadf21d693494afe265

SHA512
fbba89a328082692c079c2fb8b1009da82d11a58d6f45bc9513ef49122f91a28335e46c4c0751a077a77a1127568e197a00323aac92eda0266218845754e3450

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
48681fd58de1875aaccfcbb1658852c9

SHA1
075079179cdbdc6bae868867703a46f726df0e32

SHA256
07b59e07985c1480bde5990a9b1e664328cff6aa2fddbc4b88f7c0329f92fd3d

SHA512
4216235bbc54d271278cb9eeafeb7d3937c84a9dda63b63c8c98999e8c3d7424d9a00208e8e3949bbb5062648e702341ef5d0accaec24b585c62f051103e9e02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
3373a004982083e6bfe1177500a9c902

SHA1
7586313f6c292407ebdb80f10a474bc6ed5f7c27

SHA256
92aa3a4e14f14846bbfbb5ec4bad578a87fd6e601c781c0d9658e7cebc471a81

SHA512
fb4c056ed3617d8b8bc5f9d9d7589a5dba29332e56bbf9a9eb9d0aa1c07c5af2ee29ed81b9f8a4909322c4618c8f98613ee492727f7b1efa2db1bdd653ff5851

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
875B

MD5
3317813c80119840e455c788ab5a3c5b

SHA1
fea53bf180708c1c8a41e7541c3045260e4a9a79

SHA256
93764bc8ca659aff770e3f61dd18b5c7a8b21394c8a240aea6a74afdc6783f19

SHA512
aede02f4ad898d937c9522790866151abc7372b17e2e80db558991f6cec61da2d4f05e4033a0e077a04e997b9854de9a1f84abc9753f0b19856de1850686b269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
931522b32c12ec47d958ab67986b758c

SHA1
6f0a89d9403d808f471d4b51496a2a9bffa9d14c

SHA256
b956c542d0683de745768f261d5f666ecc4000c1b750ba6055fdcd7ba80a92ff

SHA512
3ffb8e3ae63ed655bf357aaac38ff956b1f2f5bb959ef9ef16ae9ae981fcc4f6d3403858a66178a505cffac2670b29aede2008926aab28cb28c54471aef51740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6bb72dc858eb02786582dd5fdfb43ade

SHA1
d3cac3a6c68d6fb51c7aba0082cc0c167554faa1

SHA256
897d542dda5a43fb5ae20a7bb8c1fe176f0cc5a6dfe5003a9e090613464d43b0

SHA512
d113226945d7d4c5a7f4945e53ad280e8c1fcbc3cda61b18a72948aa8a83fb2a94f01c53d41cd27fa7c45b144f91d398e15087fd58df1918ad25c63fa3269209

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3c1c02b9bfed902afe95655119b7f72a

SHA1
e8becc7dfb2ea065cb4fa9ebbc91249e3d07278c

SHA256
903c0f7e0bb40ed206fbf7d7aa7ed9afa4bec1df24a5fb54e3d681460d1efd5a

SHA512
5cd4d468b96dbe8f417c230e5b35cdd1620a6641439ded1555e9934fa1e5ebd7fd97d27b4b769e5353b0f747b6f05824fe980e507e6e5cc4dc83bb6f07082b86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
5c128539553b46d488bfcf2131b92886

SHA1
3dfa1ed6876c657f8c7aeb2fcf3e90db73e893ab

SHA256
cc07a35c3e21044f431eb83f8b7a8cbde9bb7c3d7d253c8e9b02c956a51f3fc2

SHA512
8cf1caa34d682433f5ee4c3b15880182a492febf95d915cfef8db4ad4cf1f9ec2245e223c50486603b9d91c4f3f33154850c0d08ed569eb3e37fdaa1fa541796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58432e.TMP

Filesize
48B

MD5
64904358a9d726265e1116baca65664e

SHA1
cba2af8f1f08ca8f432ae79cfc5201349ccab837

SHA256
bcde658a71dd9c23c5fbd309fcb273dd932bedfc041cbaa22c9e7a2f2cad6fb5

SHA512
2f17bf33771ca65ba04602557078e1537a6397b93a0285162c685ff978f395f637a0020bcd46655bdf15e72cc6ec171ef80439d4f3faf1bdb4d90f0d1b8b8339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
739be7465dc96276022a7aceb065968f

SHA1
9c30e3c509c4e80abb1086629ebe9fbc5bd2c779

SHA256
6cce542a8aad68660f0fe6f14ad2edfef51de0739fb067434a5bfa13a6b7ee60

SHA512
dcccda4a3f3d6785556328c1a1bafae6ec85d9178a5828213c606a34aac8ae2e64d2a7ec3e774f72c85acf8b521f99ef1613fbd0754129a5673bd179b12034bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
fce8f2adcb5122c3f6e3bd0a82ee20f1

SHA1
f8d9e4f9152a11309678f67d67b3d584b57e3eb2

SHA256
f95b9432608e8b7066eb71152db886def7ff104b0c77b41a0126ea0758e49f9b

SHA512
f7e477b8ce803dcd65ebc35905d7ee4fa261f2e81b9bb214c3e9882ae5f163f8d6ddcdf51d75c84d61d7a31e3fc58e68d5684f3539c906218c6185cd9d3133e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
9cbb8e7a74559b2caa546254bc27a691

SHA1
60bc100b65c709964cfdc8a4cd611040fc8dcaa5

SHA256
ffff492d918835b4bbf0a33679293a5066b5e9375ec315eafb738134efe814f8

SHA512
d9d2cca4b1100a10a12356120a56f7f4573a12035509763e027ca4391460a82304606be0afb5ff1f1b0a0987ff57682a3e94aa92124085046030049391664072

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
eae18bfc233a3e5840f5dc4a17938173

SHA1
87ea68918f86712bdc4725c004e3b261055a96cf

SHA256
d35b53f9d1c8ae426d5eb6f35763d07ffa261ce4042bedc57b7ff17e860d6e02

SHA512
7a0215c5b4b7ce43cd963a184e477c3c88800c28ba2fc1d4b22de425d2a9a769a31d98ddc10afc7189427caaf3a5717fabd603a376cccf80bdede5b21175cc06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57cfd3.TMP

Filesize
97KB

MD5
c718355e041634ae6d02e642de5972c1

SHA1
6196536fcf28b167118dc32ad6349b6ef949ba2f

SHA256
c3c335ebbbb6266bfa6d71082b86e770206e9e761fa6fd6ae25b97ee7c990f16

SHA512
3f10e821c33760819d6086c1e2fd90bc9c8dc72f6aa775049b2206b4ddb7a8810227eac1e66b832729bec3d6001315c7bb831ad593a0f601bf907c9b9b2b0e14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\DuckDuckGo.appinstaller

Filesize
749B

MD5
2a7c0a43bfbd8fa4bb81a89dbb6c68b4

SHA1
f0f5b2e64c22683a50c959c3658f8c6cc8610807

SHA256
17419c466f68193e7c5ef4392e73ec3a4ea147a6bc292388fcc3253730fc6121

SHA512
1a2191524d42cf789362cb59cb974848e9e4c028823c30594fcb2e7d61fdd8403e2b94f23fba2a7b99b3ee13aa09a4e8555e96134a3e7a3894021280976f7e7a

Download Submit