cryptolocker | hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
03-02-2024 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Signatures

CryptoLocker
Ransomware family with multiple variants.
ransomware cryptolocker
Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
2008	CryptoLocker.exe
4764	{34184A33-0407-212E-3320-09040709E2C2}.exe
4188	{34184A33-0407-212E-3320-09040709E2C2}.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1725696949-2443092314-1471438111-1000\Software\Microsoft\Windows\CurrentVersion\Run\CryptoLocker = "C:\\Users\\Admin\\AppData\\Roaming\\{34184A33-0407-212E-3320-09040709E2C2}.exe"	{34184A33-0407-212E-3320-09040709E2C2}.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
119	raw.githubusercontent.com
95	raw.githubusercontent.com

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
1	whatismyipaddress.com
37	whatismyipaddress.com
38	whatismyipaddress.com

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133514597487172247"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3228	chrome.exe
3228	chrome.exe
2584	msedge.exe
2584	msedge.exe
2816	msedge.exe
2816	msedge.exe
1292	chrome.exe
1292	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
2584	msedge.exe
2584	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe
Token: SeShutdownPrivilege	3228	chrome.exe
Token: SeCreatePagefilePrivilege	3228	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
3228	chrome.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3228 wrote to memory of 884	3228	chrome.exe	76
PID 3228 wrote to memory of 884	3228	chrome.exe	76
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 5004	3228	chrome.exe	78
PID 3228 wrote to memory of 408	3228	chrome.exe	79
PID 3228 wrote to memory of 408	3228	chrome.exe	79
PID 3228 wrote to memory of 4680	3228	chrome.exe	80
PID 3228 wrote to memory of 4680	3228	chrome.exe	80
PID 3228 wrote to memory of 4680	3228	chrome.exe	80
PID 3228 wrote to memory of 4680	3228	chrome.exe	80
PID 3228 wrote to memory of 4680	3228	chrome.exe	80
PID 3228 wrote to memory of 4680	3228	chrome.exe	80
PID 3228 wrote to memory of 4680	3228	chrome.exe	80
PID 3228 wrote to memory of 4680	3228	chrome.exe	80
PID 3228 wrote to memory of 4680	3228	chrome.exe	80
PID 3228 wrote to memory of 4680	3228	chrome.exe	80
PID 3228 wrote to memory of 4680	3228	chrome.exe	80
PID 3228 wrote to memory of 4680	3228	chrome.exe	80
PID 3228 wrote to memory of 4680	3228	chrome.exe	80
PID 3228 wrote to memory of 4680	3228	chrome.exe	80
PID 3228 wrote to memory of 4680	3228	chrome.exe	80
PID 3228 wrote to memory of 4680	3228	chrome.exe	80
PID 3228 wrote to memory of 4680	3228	chrome.exe	80
PID 3228 wrote to memory of 4680	3228	chrome.exe	80
PID 3228 wrote to memory of 4680	3228	chrome.exe	80
PID 3228 wrote to memory of 4680	3228	chrome.exe	80
PID 3228 wrote to memory of 4680	3228	chrome.exe	80
PID 3228 wrote to memory of 4680	3228	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd77729758,0x7ffd77729768,0x7ffd77729778
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1788,i,6244372928806813988,17602850148049476432,131072 /prefetch:2
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1788,i,6244372928806813988,17602850148049476432,131072 /prefetch:8
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2160 --field-trial-handle=1788,i,6244372928806813988,17602850148049476432,131072 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1788,i,6244372928806813988,17602850148049476432,131072 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1788,i,6244372928806813988,17602850148049476432,131072 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1788,i,6244372928806813988,17602850148049476432,131072 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1788,i,6244372928806813988,17602850148049476432,131072 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3832 --field-trial-handle=1788,i,6244372928806813988,17602850148049476432,131072 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4980 --field-trial-handle=1788,i,6244372928806813988,17602850148049476432,131072 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5140 --field-trial-handle=1788,i,6244372928806813988,17602850148049476432,131072 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5260 --field-trial-handle=1788,i,6244372928806813988,17602850148049476432,131072 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5280 --field-trial-handle=1788,i,6244372928806813988,17602850148049476432,131072 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4564 --field-trial-handle=1788,i,6244372928806813988,17602850148049476432,131072 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1788,i,6244372928806813988,17602850148049476432,131072 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3580 --field-trial-handle=1788,i,6244372928806813988,17602850148049476432,131072 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5572 --field-trial-handle=1788,i,6244372928806813988,17602850148049476432,131072 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 --field-trial-handle=1788,i,6244372928806813988,17602850148049476432,131072 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 --field-trial-handle=1788,i,6244372928806813988,17602850148049476432,131072 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5772 --field-trial-handle=1788,i,6244372928806813988,17602850148049476432,131072 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4732 --field-trial-handle=1788,i,6244372928806813988,17602850148049476432,131072 /prefetch:8
  2⤵
  PID:5000
- C:\Users\Admin\Downloads\CryptoLocker.exe
  "C:\Users\Admin\Downloads\CryptoLocker.exe"
  2⤵
  - Executes dropped EXE
  PID:2008
- - C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
    "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\Downloads\CryptoLocker.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    PID:4764
  - - C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
      "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w00000234
      4⤵
      Executes dropped EXE
      PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 --field-trial-handle=1788,i,6244372928806813988,17602850148049476432,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1788,i,6244372928806813988,17602850148049476432,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1292

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\UnpublishWatch.svg
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ffd63da3cb8,0x7ffd63da3cc8,0x7ffd63da3cd8
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,2252036992258125831,37412032518674779,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,2252036992258125831,37412032518674779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,2252036992258125831,37412032518674779,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2252036992258125831,37412032518674779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2252036992258125831,37412032518674779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0ff3c086-9421-4470-aba4-ad9e4749a677.tmp

Filesize
7KB

MD5
b1b252db4c39004f10bc9edc8f6d313c

SHA1
4c0b6d0880431369fc3e17e8e8f9623f213722e4

SHA256
4bc62d1355714cc943d8a73472b2ac36c20856d350d88fb858d331753309fd94

SHA512
128947109884deedd990378075d4d71b40eaec80154718de65869c3c59609c72fd55cead92fac188f04bf509b37143fe4643a4179275ba2d0b7f3e708fda0a6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0152394c69f6de140bdd932165e5964e

SHA1
657839dbc86c0453d8f41050bd4c830e4e02691c

SHA256
36616aaba46c73546cd4bc1966eb9d2cf2ed4b5e626945c4b6b4443061ca576b

SHA512
5320ba1951b2823e5fb299ab9a86e603e30c07e1bdda8601e042e91000a198dd44da2534700af2a2eec613d1cca14b05cb3253e0ced422333758525441163ac3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
ccbac6f2afa10f439bbc68fc62fff77a

SHA1
a8f1523f413ca36a31f97b93717c34dc112f524b

SHA256
b2a1bceb2e0e46595161c6b129ecfe29b7503fb8bc602b0e11a74791118c562a

SHA512
665199a4c6ddd1f4089700f12cdb1961592ec852a0633b086ba8019fa4724c38035536e13520ec7ad4f4d310b7dfc7f13dfcefd568c8060cd164c86ffeac7d97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
29cd4b1e5fee2c0c58313d8b4b2ce3e4

SHA1
4d94cc2905b99bb811a9c56337ff3d4c6820ecf9

SHA256
d83bb76cbf6e5eb825afd47915925e9d0aa6448c7792a5ecfd4fe5d2842ad2b8

SHA512
d783c093571ba2917c547bd6f818c892bbb7c7e3b85626fe2738e7354fba7c77909851776ae4b0c9a495fa040599e8ace6b9206ad3249a9c4cb21c835ec96c8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3c05df1b94460424cd2aabab37a1fbf6

SHA1
24ed5e0e0451897cee17803197c2a9b2b6ae8497

SHA256
357617e2e57fa8c2cbd5aaaac45fe6467598b8532794c6af1dfe9387667f1d49

SHA512
e74b10a3a26475ec2c9be315ae8bffc7508765571b1f297d95c8a266a3e8b159b33333fa51ce6b23f5ef989dcb55dbf08f7a09ec709153fe8b0ebe03bee9a631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c1b4183071e6431a23f5f2f583d8d981

SHA1
2fd4c6db7743996334d7a0d53d26d36a7a18922f

SHA256
a0b734309e88856157ba2e42aef0335c4d90db638bf982e0990be0f63074b557

SHA512
779358ae0ad5d7f680cdc11abb7c2d61936e0ce8d01b49af0be78c3ccacc900bfb62c6e3b2544acff2e448f860714c1fbc64f06fa93b690bf180064e64fe2058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5528476142be0bfe2d3676b82f09cd00

SHA1
7ee1409d8dc08d3b41fb5c3bd77a4d6a1369765c

SHA256
8c1ae3c6681979e1560c1e991a40ce3953d6525f6abf32567ba3384404816546

SHA512
447ff1137978d2b10126d3a503ae15581da58300fdb7a02908293891936b1acebe87e47a14d913436a8d72d824fa52565c3d8f062fc2c6c316da9b866adfc26e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0a79a5cabf27b029c492dd55a2cd50ff

SHA1
2ffe57a0380af6c47a4b93bb361216071a4a4ed3

SHA256
5907da6fb37fe928d241bc3489e4dda7946775092541e6c46f2e676e472a7591

SHA512
e0f1ceb48ce6a1bd2710f5afef432caf7aa8363096aa4289ed3a299922141b4d57647594c708ea8320aef09a17143ea583ac2dd8caf9323e8f04283d95524a36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
37c4f72e963e1cc8cb8377703ff82fbf

SHA1
0cb55ee723908c9d7d4213cda8e365b1e911565c

SHA256
0d1d5ea2bb414dd5b833cd9d49c6739e08a057c494e4b2accd1606dc7f15de88

SHA512
be751709955581d1304f703dc5677a5a875ad12eb532aa4ddf3bd8a352161dd6e60362a03d6977bd495c70f75d0009246b5815d6d4f1e8ef9d1e139a9140c7b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3fd316aeafe07398c6ca8209da5f8115

SHA1
0c76519ff95c10954a7f1da12b86bf8c10feab80

SHA256
5a0347fcf15e5cd57c754532fd2e7f744af42b8f77cb4af18429b6ca8d5ee260

SHA512
a89d760737677bbaf8cec1970ec691210e5a68ea5da79cfb4ba6c1222b612c4d3f58ebd9791ba176fb351a998810bb8e7fa64e545d10f5151ce81f954432179d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d69f79b85fc285e4c51f5edceddf9f66

SHA1
14768b3e85987bca6666640dae6972981629c492

SHA256
ffca892d9d8a20a90cb0aea3943c71535947ceee1f48012465e183c7f7c19161

SHA512
a16012f05ab4a962b94e5a4ae9086fa9f4cb41364dd728d0dacaeeda8206330f56ea47d1ab4fc66e69f5fb5841765c8ca291ae6354b85e259be6c1d1c9a97a17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
28c55be8a37298437805ace5a6d9aa88

SHA1
a11ce2ab73a5008a99b58642544ce21a6e50a728

SHA256
d2e2178e41e479fc8b172f2ea450be87aa217cc90b5073f27dad2196e0e17bd7

SHA512
83d4a6ff58d47bc8f2c1b6b812acab52a98b6f95abd27fc26bf8dce84f9311537ae538ff360701ab3130ac0215894a1fab451a3ab53a450423f59a34828bc482

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b7b1279119e72ccdcf503055ca4123ae

SHA1
f0b35cc1995ba6306284c91d24fb7a88447e38a4

SHA256
b4d5264434e882b235dc88c74202c298835af7733865df6b0a4edc5b9735cbad

SHA512
511d71d78579d68ac8773df9ec9b31f5b211f3606ece3a5d7c65c5dc72b92e0d960fab64ce24d3403940b31491647c7073277ef12b2a4bcd89b3ed761008788d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
811492f3d494869f8943a73580f0ac0e

SHA1
a035d5c57a84e6ed95879a7278de680191d6bfc7

SHA256
140f02cb1e0877f953b65d8caea2da603481048d5aeb9894094c3d21acf3682c

SHA512
20da6917c25acb7a1161be7d5e61391887e06582a7bc01b93f9f7f56644fa3d5eeb38d54bca541e07f5af4f406e7703d8520f7a5ae408ee27c498dc3c0db243f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
2c9ff125b91ca9c0d7cecb62e59a1040

SHA1
6d36f016cc2bb2c878fa533d85bf0e75c5c5fa76

SHA256
b82a7cb38d3ad0997caf123919fcde42b65426f6f4fc1eba85cba35bfad09046

SHA512
8f8ffe15f7aeac664ca0becfa18d1931c79d20e77b77037b3bf623533a3197955730a15ad3bc0bad36c7b03ea440b9cc50128356fd8ad04261ac8cfcf60d849d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
fd74e2089f109c318886c66ba4fddaf3

SHA1
62304519f849402f65e3e05e7811ea0dc44fdeca

SHA256
81c6e5bc59a99d7b8d6b40b567530572e800b7fd272b9df9fbbc38938fb3f336

SHA512
e9e6519ddf3181cae10c59060b6bf91aafccfab7d4a522e63a8288958b771a384950f75f76e6d213229e5170c53740b9b4dc503a3079716efc2c57ce0d874caf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
404694c00bd55ccd136eb6e0ee146a2b

SHA1
51dce777205d3ee06e910e35a88c85f4eccd7133

SHA256
75ed9e39b37961de123f533faf84939415ec7cec54d8a01a7e1203b0049e3ad5

SHA512
ba2db3ab39c8690867a904dcebd354070f1b8e8e16d456b34c6e69e05e704ac2203595a164ca8757b325a3954c51b5cdb2154cc8207b934feb7e37fa90a11227

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
49dea93408d6c242f45ea60ab032f45d

SHA1
7d9fc4ff12a46453597f072179d8ba43dc58e249

SHA256
79952ab0c79840e6f113a2f2df60e6ed39dfc5af0b224cdfed0040b87bb77e31

SHA512
1ab1b94b5828ac278de9127029e2881b4e75821b220184977837871f7cf374c8bba46cc7b57fcb7a717ec55c06c84c4a474e164a3e953e88c507885eaee22c2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580059.TMP

Filesize
88KB

MD5
c560b605a86364a6199430922eeae8aa

SHA1
a7cd7e2ee21f50216e84137ad83a714c12a72969

SHA256
33a602010b6ce71d0e6786cd6431b6017d4baae5f0b1407e0b2d9bd965cffb5d

SHA512
c692a4ec514415d8af8cefc8ef36541e8b98120fdcc12c7fb0aacc9a6bc7ae02adfc5803ab66296582e688d1a20cd1865a733c2689032ac0426819b4889922a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d943a8cf4efd126466512b0952309e2a

SHA1
6a2398d0f51bd03726846cf3e63cf057c9089fb4

SHA256
193acec13684c624ad94981200e722c9acaeb9e7b9df41fcd20de8a3169c2302

SHA512
604e55c870302f893ba79432a41da9ba923001ecc7ce764d8372207cc6bcc7a5f7f44f61c14e21415f292d6746a1abe678df3f496b7231b52e571221b8fd1322

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
29827c363caa60695d34125d9465a367

SHA1
206c5cd8c24362ffabc6eedb711e18c9840780af

SHA256
f681b12bc7d82a924cc60bee481c63a35a607a7307b2e5e76806fdf23f849798

SHA512
f6d65e9eaebba59b4691a3d05520540febdc42b056e9f98d9fe3e43b39a1e860d7e188f5e6c33aec64d443d4e2c459b9bb3c3b8cf0b084d80b519837df0fb6b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
c47c1e64e9584ec8519b0086586413e3

SHA1
5c6fdc85e98a2cff84369d9ccc27093f935de28f

SHA256
637dc6751a58126ba49c0a43140086ef2b050c921bdc3684f727e17f340ce66b

SHA512
ab146c30483a9344c239fe4f53854f596b3a9c345be5b509b4e4d736f057e463a541ac65e2424f30e9affbbb1062089215da8b7bdda62be260413624cf86a96a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
bcde45463be8505c52806b0c6a664952

SHA1
ddd91d7a9db3de427bd9ee0ab66e560bc38cf345

SHA256
f183306ffe7f70438773eb611e26c5ba72f09f3db3ee562eb0f92aacc89147ce

SHA512
b28db2239b040de1ed66fe50b402cc06fbe8844358be71c0a348f63d1a2291da4c402baa3411f7433a2b151fcb11a92bcfb978c75bd9c5c62376a5b3c8275d25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c4011422ced11883bcef9e84a393797b

SHA1
70e29cc061513715dd9b3501b9056212c351d087

SHA256
99eb29869b8a1dd17dfdaadf2313f8e5097d5fd4d71155ea64885ba8bbc19ffb

SHA512
83cb5d43f3f1f11286a645696c4a08778b7165edf936341dcd4f9aef3bca66acb7fe79b3f9b991ad613dc133d99e97b294f59b740123a3058ab12b657912c9af

Download Submit
C:\Users\Admin\Downloads\CryptoLocker.exe

Filesize
338KB

MD5
04fb36199787f2e3e2135611a38321eb

SHA1
65559245709fe98052eb284577f1fd61c01ad20d

SHA256
d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9

SHA512
533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444

Download Submit