hxxp://a0945546[.]xsph[.]ru

Resubmissions

15-04-2024 18:25

240415-w25fdsfd7y 8

15-04-2024 18:23

240415-w1fqmsfd3w 6

Analysis

max time kernel
153s
max time network
157s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
15-04-2024 18:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://a0945546.xsph.ru

Score

6^/10

motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

5 https://cheats-pack.ru/webchp.html

flow	ioc
5	https://cheats-pack.ru/webchp.html

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133576789961784122"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

2948 chrome.exe
2948 chrome.exe
2948 chrome.exe
2948 chrome.exe
380 chrome.exe
380 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

chrome.exe

pid	process
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

Processes:

chrome.exe

pid	process
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

Processes:

chrome.exe

pid	process
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2948 wrote to memory of 992	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 992	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 2060	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3608	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3608	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3736	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3736	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3736	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3736	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3736	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3736	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3736	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3736	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3736	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3736	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3736	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3736	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3736	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3736	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3736	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3736	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3736	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3736	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3736	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3736	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3736	2948	chrome.exe	chrome.exe
PID 2948 wrote to memory of 3736	2948	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://a0945546.xsph.ru
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffecc329758,0x7ffecc329768,0x7ffecc329778
2⤵
PID:992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:2
2⤵
PID:2060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:8
2⤵
PID:3608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:8
2⤵
PID:3736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2604 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:1
2⤵
PID:4548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2612 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:1
2⤵
PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:8
2⤵
PID:4172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:8
2⤵
PID:4956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4692 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:1
2⤵
PID:3300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5432 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:1
2⤵
PID:2212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5408 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:1
2⤵
PID:4688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5532 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:1
2⤵
PID:2680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:8
2⤵
PID:4172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:8
2⤵
PID:2216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:8
2⤵
PID:432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4624 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:1
2⤵
PID:816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5288 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:1
2⤵
PID:3624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5096 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:1
2⤵
PID:4592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5176 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:1
2⤵
PID:4184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5576 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2472 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:1
2⤵
PID:5044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4712 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:1
2⤵
PID:3592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3612 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:1
2⤵
PID:4720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5508 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:1
2⤵
PID:988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=916 --field-trial-handle=1852,i,4099672487960059909,503398635776505379,131072 /prefetch:1
2⤵
PID:4972

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:524

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
57KB

MD5
4f7c5928c18cec61f0f1cc35dcd83420

SHA1
d09fe6e1367240073305ac79c72201479c1dc9b2

SHA256
e6219f7f99983fc99b6d2231bc6e3df367d46f3773da003886e7b436a4ceb39b

SHA512
4697bd35d0e28ed9316b2e7024ac7c8ec0d5350d848af1b2071505883a68a46609166993785880a5e34b726681a1b73f74d52dfdb88bb4ad25206a66d04ece1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
72KB

MD5
fd9d293a9b94a3f7cdf41294d0c02ba4

SHA1
64517255c79b09d1e00ff67828eaa2a53692bd9f

SHA256
bf3b52d295c249ee5ce199e5d4c4e6095fbbc27d95c1c4c7d65a4b4936d40b41

SHA512
2629ade4306d3e748048a1df9e4e9b9f47f6a484272f167be57f2f14f6d00041780ac3e0725b7e506570afc2d8b313bc8f9aa9c2e095938015f08a8b25a3ad56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
312B

MD5
8da4cb510e1075405286910f804e818d

SHA1
f19803ebce245e8481065fc48c5d38d2653f3775

SHA256
f0e27ca3c80aa90044beca8a293fcbf17b9de1b5f7e2118988e95e183bf1e932

SHA512
ed2fd0ba4c09eac6b4cdb6845a5216e703b8b2caaab7e3f47dc7ea58a9d8363cbbfcbb7ae904b4b8ab8da1681874b16f1c883e193a152a2466cf05108f09a9f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
a1376b325acde460b2a8877639f07b53

SHA1
3676a3e497f4aea8c87a164b5a841e027c82be2a

SHA256
be00d11e778a78cc1600fffff0d958d4f713f35eb303a015b71378e9f772d9d0

SHA512
0320a80d74db401f26137208a7b91ad4c63e2e5312fbebbaf17384cff6dd9362776f01cb56941b15e8bc512565470f85c280438259c441591f0df3a83ffe126a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\9caee223-ead5-41b0-b814-17325823b780.tmp
Filesize
1KB

MD5
3d39e8986ca6f22f67620aab774d6029

SHA1
c31c4e1024bec9d5c235fc5cf518a72eac38df68

SHA256
26954e15cb5c38d0178aa2a78fa831af159b70c54254ee0d92c3fabf42d98c66

SHA512
ccd1e13056fb5b1d299a33a9501fc6607c52e8fd51549f4fd4df0e1e0faee9e9634e428a3ec98b01ab54f81379cc4a4f25f982321b644902cc448fec54b53f40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
560da92628a2b74bda84e9a622f66e81

SHA1
e04bb842551210b6ba4700a960761ae8ff27a136

SHA256
c914b4657fa99ec69690e40d34ad026d1991ad466a2c8eeb2f95713226c7a6d6

SHA512
3ef5185529358701c18eccf7289b9e7b2d7bbff3fd3a30d67a9494a6d5f34e69d48b7e528703e5c8164324f6a8142362885ed4b13119b27ce1354e5f43a4a5d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
eecdf01950060eb061069781a575d2f2

SHA1
f1b58f55e57ce3e2d9a27273118e4365bf75edf6

SHA256
278fe9064799d5005aa578bf531c50fa7d028b328519061fc38701121163f651

SHA512
8e029f736b11e671fa01a84dd2cdb3f3a1ca71f29e4af1e6affeb8ebcadf6615f319f170aa21bdf2f840258b484048463a49f89a4b0b0a3533f3e5866570bdff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
45163231cd3d18b889acc26c2c72af39

SHA1
693ea8a17d6f2572cc51bbbecd3aca3d1ca5ef7e

SHA256
f1868285928fc762231d229e51090dbe8a9d933bb86f23eeb520e131f9a1e021

SHA512
1d923979326fb2b3fc0869c6f15908a80095d9d8e4fa73b1f4fe5d00dd8eaf0f0aca2abfa940b621772f28f2e6f352ee294ad2e657f0214d5ea63403756aecc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
328abc9aa710189b1a0ba7061444720e

SHA1
adb41b9d0eca463b4bbdfb8db35754aadd3a13ce

SHA256
197b3ca9eaa21d938b50f2afdd189ef98d6ca7f6485a9e9de15a40a694909daf

SHA512
f04d0a6e384f4cbb8eb75e5b39babd36a7bac3e778cd5ddb450b107a0f99ca9b9031dcc1765b0f62fbf82599f3781a8f75d9394cf893702b84db124e18a98c73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
cd3d76304ad47312f6ccfab1f0781774

SHA1
4affeb7a3ef841474d2c0157a71cf569ff4e0fef

SHA256
e65ac95ce5f850ea4375679acd49f5fa3528e63414c1fcf91e00e2cbba911b64

SHA512
ab54e4897ba39aff1ff2d3eb0287d8aa08225d4c819214b8fce43af880e9db613a1d3ee84f02f870dabf222820ce06b94536863fd9e4e153905b6aa07bde66b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
3a50a5a056ff7e7cdb83d92112dc4db3

SHA1
e6feddab5c9660b806295a482d2c890d9106b351

SHA256
fd2f51e8845a599e18c57ecb57c2f1bc4824f050fb46f168591d04290ef17877

SHA512
56362586fe4e6a6a16cf628dc0443380becc2ac63bea0eb4a9008b130ffb13f09aea48747990beac7cb9dcfaa2109c7bbd51250269f8b57f8b7e28e6b2e5f81c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
022c250cc5e27fdb344343e335ba4b23

SHA1
ccf9855d4fccc5d8b3edeee03ac688765bd7eded

SHA256
f21130bf32aa08cfe285347be3ad694282b7ac7685caefc338e5e2acf1c1655a

SHA512
328c6a5793051eaf1af1428062974bfb6924185c6f3cff61ea1fb6c843ec8cd8bcd6a8da78c6cf6372998b99621707d5b1ecb93d6b2591b06b169054221e9db6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
19737655f674399901eabc29409a6970

SHA1
964d3ae03f3e8e2a49ed349acee82b28b887c667

SHA256
f73806ce536a0e967243bc3178f6b4e78eba42f8e949c9e5abdf65efccd92d1f

SHA512
fb7611b34a5c32c5d36d82dbd8d06b6835dd65b871120010a1ea23e8d19e34a973a25aebb84f9502661e7fcb54da99143d2e52f3efa768042d34a55175e26685

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
d892ba7147e65ca942dc2f8ac07eb10a

SHA1
79379605c846770e1f48e4c92b569d506441671c

SHA256
4319f29193c44c86d938ca2b8740c656384a8ddc5b9a391ca7fbaad752fece79

SHA512
25e023f6e6cc6263db738f2c0020451e02e700db4b7e2701842a0cfd29fa767889e3a8c4e132f137bef31308a253c15bcac6112b18bfd0c0be249b3da5a6aba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
38d1b3d41b48c7c66002837d5dba9763

SHA1
9ba244608dae5ff3b6155f40eb3504c6789568c7

SHA256
f54d4ec901f8dae0146739d8a9438bfd19efa2d00f041497b55a9c7f6776ea13

SHA512
8b84e9efaab7b13bbba3a755b1bfbc074188672e871e735998a9934ade6a7824f0702031a37be9d7582f5e76d82955bee89615a506357e4bad5b258bb7dde8e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
6ca8e89db52d307e5267df44fb54c927

SHA1
0aaf97af4ad57c11d9c3b89b14155bb0d5cd6439

SHA256
73e92ce5bde7582cf14aab26eb015f1b22405936fe7631ae5b67535f4c993bc9

SHA512
77963889452ad37b37453a7b96dd4cce58b997944c8562f412852e2ecdc0439ad72543e3f46801875990aca65f3c503eeaed8500f9c3a9729d19d2d5209c5af6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
be604287fb6e409c48c1fe46a5330e6e

SHA1
c987572c10a4ea7f968e4ed697b1ace164f08369

SHA256
715551cd7e6747d502f6ba33862c2592065d33048b687bb6805ca5a5950d31e9

SHA512
498b08eaf2c66ac271fe8c4120745d21c99e3808508f530e61ab0979f1069c82fcebaeda42d314cac51c455be385b4bf467235aea433fb1ab916ef3b63cd4b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b6c8df4319ea835e6f782ec229a7fd40

SHA1
92c932f69205169dbda26dcef7a8175d7921eae8

SHA256
eae9a09ad830e6d2cb1a8635e2c0517491fd61be645813c2e47fdf1de8b7c8da

SHA512
4ab329eb6f4c4057d7a1f1cb3bfcfd05dceb6f2bc16cac2aa613ad3018e27f0fbd284642093ad2770440340b439952c0530031f4ec890f9b6474e75015abc3cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2e898b68b9a7a0160cba5cddd3e23a87

SHA1
4a4a74aa37329d7a64bbb00984dbca3239b673f5

SHA256
1ef39f530274ea9ce66809502cfa24d6968006b2bf436757c068596663fd25e9

SHA512
1c474bb821602fd4e0fd808949185fc55e1e3124e934b0a423703145b01541e20560f2d3cbcdf734b49221bf6de453ccc3f5fa01326e18b1e7bd5eae727852a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
6eea50764663b0ebf9ad8d94a31aca77

SHA1
a80023c6eeb1fdb1956ced8edf5a71293fd9b811

SHA256
db7f1a0888846c8c976069605c17eac579c8841b1aee48a549e30f4d2d44a796

SHA512
fdc55b8c3539b4592f0b9960ace02aa0b51ff7a0f039b8296c2426b97037d32963b2aae331b6a36f259a47aba6aa0b6a34c2b39e93298336bfe3f9406df1d2af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
1433bac7e6a3cacf93e4cc595b932a87

SHA1
e301842046b47a23221904e7cc3a063ddad648a6

SHA256
14ac5a81de09ad425d2a1aec45810ca44eab309f4533195a5074da43294bb8ff

SHA512
62d5b75663d29b9ed217ada333246423bc846ed663f85faf55e19a8cb6401440202f0dbd0ee45517ff375dc9bd8847eac0d373f4dc227764a9feafbb2340fafb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
137KB

MD5
494ce0999210884b89e140ee39c69221

SHA1
6f96a379d46e3487a047534209a6941100778343

SHA256
cdb39ce1ecc2717120537f7a686d63aa4134792a123bd35fec55d798a8510a14

SHA512
3adb914db2ff5796e14c2f7851eff01b62014306182220d2b6384fd887f54b789d9e637c807bf051b94831b11db3dc72ffc3d97f4050f3ffff253a525c4140e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
52cbb45727fb42fbdd2815f407d9acbf

SHA1
df60d3b30e588b0a2e8fe00b885b27dbaccd6c0d

SHA256
a6bb272fc38e64e9f0e1b365f4b98b7259ccea423f955afabb3b301dbe37ab29

SHA512
04b4faa630a190fb8662e50065db7ec01c2a3445c845f428736ccf7b52d834d8e48a9bb7ae4c306e8ce816c0b0f459f33d748909f71bb943493a503aba5282c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
dd1327de4bd6eba354ffe6283aa40cb7

SHA1
2a32ba78c7e67c7e73f482fb9c45fa660d766487

SHA256
22488cf77ba253849eb6443a38ccda0f65adafa7600cdc4bde2a11d072476798

SHA512
33c028eb1521ee71f5b09c13742ce1058623c212ffc53389f4e684fc17319cfea792948ea6667bdbe5a757ac13870339e4cd357773509274b15dacb924cf374b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
8aab992464057bd551812d61b0881ffe

SHA1
39a62b621e130aca9c3e3528ceccc397a3c37d6f

SHA256
0f844fbf89a1297031ff3c86bd9c81367967e82a9ca0f3910b29325f0f7da5a0

SHA512
a8e7c5abd6d641eb321ef13e0a27cf06105608bbb48a7fb097b511323767508be7a2ed4a4a7f82002c888d2e8954f44759e42faf268e19086bb4f356042a8d72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
d8baef224927a7003b4a4beca346c4e8

SHA1
f4805b9953e9c02332aa7c00a98c0783cd1f3903

SHA256
768368e3894601ea22c14ff0cff800c363739cb225659e3d862257414e3a8725

SHA512
a349a63784904d83d1d47573b9e58fdf564014818e4cd504d16078f58507a0a210a4a5c38192b2516e76ad27541ffd1d098fa3e421fa2503e5d0c648b3254280

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
157KB

MD5
b561b96d78539b0510b4d16633718ef3

SHA1
f38a2c9c4a0bc6e6962c189aed28de474c99a69b

SHA256
bf4fc755439df6203f9bc91c4be8fc033c94e372ad875dd7bd0c782c587f10d8

SHA512
a722be0aaf62d333be6f076af39b255ca68d578412a682c168dcf6e8054ec3a9b29b466bb140a6232932e72f342f785eae82ee1e97ffea52305a694e15a8ab9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
542426f52235357c9aa603fb0ed138c6

SHA1
b0b9e466bf4475d71045bdee7b7cc22e5abf65e4

SHA256
0f0d93139875455463abba95a281398d0367b130038e07bcdd0dbe3fd7c04f77

SHA512
26fce948ddb99e0dc81575d1d803280c70f8ea3b2942383fb25da602428b26e62366c29d9bbf890d7041336868a24d4fa2392fb21431769e085bd73869add807

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
226a3d0558cdc8551c01feac322af542

SHA1
7e0f34f76379e274ea39ce342d9e5a434d95fe74

SHA256
962df776993dbc8eba1f67fa72ccd99bd4e05b9fe3ae91a90d053fec909f2bcc

SHA512
e1966d2216ce8306e306a72e3aceba4cf285393bcc164096dc35b141b7519e1a90de721c76c5ef19346be77388c609ed6bfac33f78acea809323f31ff37f206d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
b53097d7ab2a113a92b89a62e51c2d97

SHA1
6c587eb1acb296d38a308a570b5699fd3002b917

SHA256
5a7addd492755f5450f26a036936e15015333dd30e4a8b56592a013367d8c7b3

SHA512
ed40bc3dd57fe5c97123f4f92961d31cb56a3937324384dbd55b86867cc9116fcedf2486033ed8c9d123961fe57824639db4a694cf02e0cf60fe55a397df489a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581354.TMP
Filesize
98KB

MD5
6d5d2e3808494a910c9672d7950e9f4c

SHA1
da72c9abeffad8c4e45bf765772a8429d4cb6bac

SHA256
d9c4b0f0cdfe4a1bbbe8f42390c1437ffc14dad986b018a45d4edfbc11415d37

SHA512
3954d81c7de61943ee0281b60c3b06cb04bd079f2ebe101906534de4706309f8a3f6825dd8cd5751f24e4babae8f8e21f486be385f3d1dd967f0cfe102ed9335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a6061e9d-dc96-4957-8547-ade77ff7af3b.tmp
Filesize
99KB

MD5
ea3f0c73c2048ea48d0ca0b006ce6ab7

SHA1
ac152f83228edac183178f6f50dfa4cd11f76be5

SHA256
70a09e5e3a12edcaf6d8ca8eb06f7a8ee92c271aaa2932656f6703585501e69e

SHA512
9db4b1a397c90f94eff5f0117d6bcd3819a754a283c9b262f20de9f04dd0b74e5a4d7f0a08cbadae421e195531106a921cea9cc414f3496626938bcc7d9cc30e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2948_UPPYSAWQRKRJHTMF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit