a5c904036e2803c988bb3f53b41cbe0684b115ca23d09b1ee07748588a17e6e6

Resubmissions

11/05/2024, 15:50

240511-s9166aha85 6

11/05/2024, 15:49

240511-s9de4aeb8v 6

11/05/2024, 15:36

240511-s2c5csdg5y 6

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
11/05/2024, 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Black Panther Edit.mp4
Size

22.3MB
MD5

669c154cf8c331a1d633183437c270be
SHA1

ca57aa70e6b8f2da7c6f8c6a50188f8e8294f43f
SHA256

a5c904036e2803c988bb3f53b41cbe0684b115ca23d09b1ee07748588a17e6e6
SHA512

928e88df4a34c4f68095b87fc159627419f98291e13e75d7764057b9e3a16635f20074bb37ccd3c7883d0d37da39a1bd2452e28fe2ac088bf151b559a5658e80
SSDEEP

393216:yDtH5iGz14pJt2pSyhaK1l5f8S97b3k4xLSJndFMWOZ2cl7:yeGRoYSyzV7bUbnEWOZ9

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133599154615238833"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
392	chrome.exe
392	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	900	unregmp2.exe
Token: SeCreatePagefilePrivilege	900	unregmp2.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2180	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3420 wrote to memory of 3276	3420	wmplayer.exe	79
PID 3420 wrote to memory of 3276	3420	wmplayer.exe	79
PID 3420 wrote to memory of 3276	3420	wmplayer.exe	79
PID 3420 wrote to memory of 412	3420	wmplayer.exe	80
PID 3420 wrote to memory of 412	3420	wmplayer.exe	80
PID 3420 wrote to memory of 412	3420	wmplayer.exe	80
PID 412 wrote to memory of 900	412	unregmp2.exe	81
PID 412 wrote to memory of 900	412	unregmp2.exe	81
PID 2052 wrote to memory of 3852	2052	chrome.exe	88
PID 2052 wrote to memory of 3852	2052	chrome.exe	88
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 4084	2052	chrome.exe	89
PID 2052 wrote to memory of 2276	2052	chrome.exe	90
PID 2052 wrote to memory of 2276	2052	chrome.exe	90
PID 2052 wrote to memory of 3280	2052	chrome.exe	91
PID 2052 wrote to memory of 3280	2052	chrome.exe	91
PID 2052 wrote to memory of 3280	2052	chrome.exe	91
PID 2052 wrote to memory of 3280	2052	chrome.exe	91
PID 2052 wrote to memory of 3280	2052	chrome.exe	91
PID 2052 wrote to memory of 3280	2052	chrome.exe	91
PID 2052 wrote to memory of 3280	2052	chrome.exe	91
PID 2052 wrote to memory of 3280	2052	chrome.exe	91
PID 2052 wrote to memory of 3280	2052	chrome.exe	91
PID 2052 wrote to memory of 3280	2052	chrome.exe	91
PID 2052 wrote to memory of 3280	2052	chrome.exe	91
PID 2052 wrote to memory of 3280	2052	chrome.exe	91
PID 2052 wrote to memory of 3280	2052	chrome.exe	91
PID 2052 wrote to memory of 3280	2052	chrome.exe	91
PID 2052 wrote to memory of 3280	2052	chrome.exe	91
PID 2052 wrote to memory of 3280	2052	chrome.exe	91
PID 2052 wrote to memory of 3280	2052	chrome.exe	91
PID 2052 wrote to memory of 3280	2052	chrome.exe	91
PID 2052 wrote to memory of 3280	2052	chrome.exe	91
PID 2052 wrote to memory of 3280	2052	chrome.exe	91
PID 2052 wrote to memory of 3280	2052	chrome.exe	91

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Black Panther Edit.mp4"
1⤵
- Suspicious use of WriteProcessMemory
PID:3420
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Black Panther Edit.mp4"
  2⤵
  PID:3276
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:412
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:900

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff32a8ab58,0x7fff32a8ab68,0x7fff32a8ab78
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1848,i,2552365328110856914,15580462199123530841,131072 /prefetch:2
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1848,i,2552365328110856914,15580462199123530841,131072 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1848,i,2552365328110856914,15580462199123530841,131072 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1848,i,2552365328110856914,15580462199123530841,131072 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1848,i,2552365328110856914,15580462199123530841,131072 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4228 --field-trial-handle=1848,i,2552365328110856914,15580462199123530841,131072 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4168 --field-trial-handle=1848,i,2552365328110856914,15580462199123530841,131072 /prefetch:8
  2⤵
  PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4528 --field-trial-handle=1848,i,2552365328110856914,15580462199123530841,131072 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4460 --field-trial-handle=1848,i,2552365328110856914,15580462199123530841,131072 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4584 --field-trial-handle=1848,i,2552365328110856914,15580462199123530841,131072 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1848,i,2552365328110856914,15580462199123530841,131072 /prefetch:8
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4356 --field-trial-handle=1848,i,2552365328110856914,15580462199123530841,131072 /prefetch:1
  2⤵
  PID:480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4584 --field-trial-handle=1848,i,2552365328110856914,15580462199123530841,131072 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1848,i,2552365328110856914,15580462199123530841,131072 /prefetch:8
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 --field-trial-handle=1848,i,2552365328110856914,15580462199123530841,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3048 --field-trial-handle=1848,i,2552365328110856914,15580462199123530841,131072 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3424 --field-trial-handle=1848,i,2552365328110856914,15580462199123530841,131072 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4552 --field-trial-handle=1848,i,2552365328110856914,15580462199123530841,131072 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2420 --field-trial-handle=1848,i,2552365328110856914,15580462199123530841,131072 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4952 --field-trial-handle=1848,i,2552365328110856914,15580462199123530841,131072 /prefetch:1
  2⤵
  PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5096 --field-trial-handle=1848,i,2552365328110856914,15580462199123530841,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 --field-trial-handle=1848,i,2552365328110856914,15580462199123530841,131072 /prefetch:8
  2⤵
  PID:3940

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7f9749fd-8338-4fcf-966a-02b0eafc4e0c.tmp

Filesize
131KB

MD5
c8535d048e52157bb120150893b4575e

SHA1
d9c7884054bfa2c0c56db6073141418d0a787f43

SHA256
08dad8efc566c740934c51f954d8c7a98698fd027ac5405480fae515f50fcb52

SHA512
229d9b0ba735f4370171d5fe84efc7eba5dbf4219a57a729b873c455f3bafd63744c730867c3d073744634db931ff79a940a007c7d3292e40f842a955207146f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
40KB

MD5
56e6be029d77f578e709c24b614846c9

SHA1
489c375c9f3497c386174d83cad05129e537ba2f

SHA256
25f1d7fee2bd9cf97933b907f627a6ff47534b2ad58fb99676f17b472fb1cbba

SHA512
efe69b930590d01364af98e68539d8bda4538ca7becb19b8b38f6ad6838c3f42778bd5625afb6f76c12aa360b6d3a13d42419bc0a198cd4c043852130a90e8bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
67KB

MD5
6e52a644708109836adae5b691622755

SHA1
fa6729b150828dba23c6cadd92c6b524529ccb9e

SHA256
9584d23dd0aed936a7ebb26fa2c9683d6f2290978cd080768924ec4a9202db9e

SHA512
6f8dfb1240cc28056181eaaccb156801493867a919f7c9ae386dd971eb08525d82876fedcdedb387bc7b42bae5896d0868c4ff813bb0e8db9f8fb98811d5dbbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
27KB

MD5
158a0cc3b8390b268676b3fc3644dbe3

SHA1
bf06cf6e7d96d7808b0c245be28d79c6b963a5e0

SHA256
544c11dc585731e0fb13a885e55fe671f69b9d1adb7d7f9ab3b63d5cd1886b48

SHA512
d41616ba3fd2bafd80926c890621b0bb2b0e50e7625badc6e25d86b26eefa7526451b9f0d3777c54c4cf383cb87e5e2361294b79edf19e9f514d72c4cc0d100b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2f106f9e7d29b85092d88ca7d1c8d7b8

SHA1
90166fb0c180f0af3359d798559a673c0fdd72c0

SHA256
5fcfd3e279662c2fc212ce6126aee60ae78fcee53b300d046fbb6235071389cb

SHA512
45719a415ce60fce48d60db5e974291a44294dec22c9e6eac59933ee283e11313afd550703b81d9832e086bf45ec7a9241130d3f1ea6b0542125a87f9dde59fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e730dd9b41305aeec673c4c20105926b

SHA1
988e664ce4d249624adb7aefa563feb3af2b287c

SHA256
b71d07e8ccd414d4f57e985222ed6463efbbfcb73440221d4dd6ad6eb78d3178

SHA512
0f1d0ec992f027b06acd726ae6cd0430e2040cd8b4e32dbabb052d8e5cdb3c0333ba71ab1df2e1f29fed679ee5bfb808bd2a7228267668d29fbc3af108ba9b9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
632c193f6d479216fb188a48a21bb973

SHA1
3d1672e36d12591444d7cbfb929014a03ef52b88

SHA256
51de49c647499ea1888a170e129aca18c0a23e871b99fe08ea470a5df1fcaf1a

SHA512
e23cbf9d13003b241b2e23ca4f5d7e6d4c4eb5ef89a342fef95415b65162bb5c548c94dcb8f2e4a9ab81ddd0a7141373d272fc5d2e1f733ca75bdc425ab72415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
58b232042aab1aabdd4be7c074865155

SHA1
9e8000497ee80e5abaec863a10b89fe1beb51d7e

SHA256
efb6b7643a483bd2769bea96698fdabc6613f793bd46ffbce9b9c48868b9128b

SHA512
e8ce0fe39521599c71363ae83a8cb559c79a44717336b234723a913f1e292c5f1fd8ad960760745ac57e6ddca672dd172721f79ae8ce07ab9fcaf026bbcf3a18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f9fd5deb997cf912e00d454518441141

SHA1
db982fd431ccaf86565bd8c630f9b2856fe770a5

SHA256
0132fababb5f7e4e31c2d3581ae3e439a9905fb2b8077062dad5fbbe6e14d874

SHA512
393852008fad039e3d0a5e4452a0ffb42f6eb192481e8acaac183fff6f0b275485f3c2f161cf354027f2618d27808a19af8c499f281fddca8c5a83b1abfa3a3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
48055e8b8fc6c1d30779f02cfaf5c968

SHA1
c91d76dbdab7997c2cb5cf93e614237404d6e3a0

SHA256
b776f99c3e5c5189222491775ef0d73da4c29a3684c1416fc329d56e048ff1d7

SHA512
c71e63b3922790a1b282efd90a1cec21ae0dedae6e71fadba62047e9edbbecb49c497f26efb675c60dc1daafdde6c371071c7cddcf58916134b99f295ecaff39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
26e53360a5c06b464734d8a89c998540

SHA1
b8986a024ed751025ca14450a40634824bba985f

SHA256
ff00e7453643ee98d690075dc1e49a0f96ba34b14aec224b0bce1fb9b158ee55

SHA512
72719259dd79d03a80989e773ce698a36cc7aa574af0ccd8309a3a49933c63b4b8daed21ff37dee40a2394dc0b23319b6d968e92fa6bd3d4ba350ff82bebe838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4dfcbc71d1d1a581ded784c0c089330a

SHA1
135dd8c1abed81e0539ad561d37fa6421b30b1e9

SHA256
9110836999ac227cddf287638f068e2823e02cd399f7c846d56f5e581893c79a

SHA512
3270cf0363583e97fe2fc713e4603d4daf439a600029f08d06d489e1a7686e44f095759d23b96e6b0cb2eebd6c61bf8ab98748b59d87b4312ecd9ee5dd6f19b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c877441b21686b90fa647ee1081eb147

SHA1
c4687497c7846d2b006dc29f8fb1b0e85b9132ec

SHA256
8969bda755ea07869542c03eb5ab9a9691578c903447ec2a61a21c90283e6d8b

SHA512
330b715683b0879c1be72ba293ef34401bcb848d5c01ce26c2f451c3fefc559d3d7fb1b82fe84799ad7ee35dddd44325b7d2d03c12d29d0f8bf9b842a7de8cd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3465f7da5c301b9ac22f1a9a0bd2d5b7

SHA1
fc049a62372faba0b4e96ec95480d589e2041bde

SHA256
a00447ac3708aa806b32ac253714e27c6da508bfd740b81b264bc964680baf89

SHA512
998578907c011a3673d46bd9df5f2f7a4ae58ceab593a836c2190fd4f642a0786c3fd5e46a4187e08edfaf98d22f546dbd8c4840e0479946b9e8405e609a8886

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
0e43ae82033ee6f4727cc4f17d48b389

SHA1
e79e1dd142485202e80a8cf0f885e71a57ccd391

SHA256
c20f1d758b205b976b753e21763fdb0d95c8fa2d2d0bdf1c7f7d23b9e40cda90

SHA512
5b080906e48ae04de5b5b482f4fbaf568f311d8b2fec550de56f55bfcea6ba67232998580d050120b63e20e2a40f13d719a29b511eecab00cedb7aa8969c0d9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f837f25b1e44e908c0cd8721338a25ae

SHA1
dc2a9075450679097bd03edbe8f04208d9b225a5

SHA256
2b555565d71c4faa297604a52c05025808109ffc68c6115e67200bba8d16a052

SHA512
6e8185d681baa9682652daf05d6a0070a29086c4332dd327e1d7bb79bc9902ef0f45cbc7c434cfee650636e2246147aa38584f1b44ae5385ffcaa6ee480a8eab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a5ca9ac823d4f0a93b92a1fe323b6bac

SHA1
6eb439a7742bdebff556cdb7b9cbc665be3ed325

SHA256
bee3aef60bd6dfd0a5ab56b16ea594c95a6933d4ecca769e19ba8bb6a358cefd

SHA512
a3d29d23fd3059e6f790a7cfc26fa617a97e83da649e0b3e14e3bb2e66a64a566c117610af570ee8351a997030d197c59f55df4e144b82564c624aa477b02127

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b21a2e9262f7dda3d6f2cfa27c3137d3

SHA1
aaf5918859499cc8bb705860428c2abafb7c7f4b

SHA256
aa1ecfecba08a4c6a0d467d742fbe69512390cf21f48dabf4aea65b43a430f16

SHA512
7cdade958fb499b6f573cb75034a7733c5435f3e76c21423020fc904def72b7472ad0f9a399e83883bc2e4e4ecaaef48f4ca326277a9ef78b553f020e5213a0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cabd906b6f8dafdd8cdb9d785fbfceb2

SHA1
9fe4ecfcd7897d767af85058ffb541720981b17c

SHA256
2bf9fe4bb0ee36c8121adef1c03d27a4ce5f40e568f329c0fd71668afde68ceb

SHA512
2ce33e31106801561400b84c7a3944f6418a8272fffeb1481993fe6445998f0a6e1f2b40b6bc61f26297868de0ade1c7d201ea56975e4d2965422eef910c96ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d9a5ba6cba6b54ceaef9614d71dbb541

SHA1
65c117c7bd95960ab9557aa7543dc3957654f171

SHA256
71e5814ac7ffa7e72b78ed3f4db9df4f0a3c15fa0877b4407fd6adf4d9b687e5

SHA512
4511d556d5b4d6fce17bfe58e93c8871180f1df81e60bb79892d27c933d58f9e925e333be767591629ed0b1ce8afec60b2593cc92f9822aa363933040a745cd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
0714087c4f8e6f90efc43289849a7ebf

SHA1
fd343f1ef4d226177a6fd2abcb5eb5d73b9344c8

SHA256
7bbca793ca6bd3c6f110232cbee65b9ec564146cb63c1a365840e8fe2327f085

SHA512
9073479a442684da9cadedd927aa57f7a0f6edf598cbe2ace6fa9de19130384246a47893f2f7708713d8fa8c43153a06e5c00769a84e2af804243a4513b1a89c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
7f154b9cc264c02cba8c2fd304b5daf9

SHA1
46f47a830a1013f30a5e6247b776260ec846fa92

SHA256
783196b1d2fe734e4d2305843859bc981570391eafcfdc4e816486be1817fb86

SHA512
05cbf1ff290d6dae81e269f48890a34f1a2231422d35d5efd8ec76f45a133d209eaf7edefbfd5d1be6bcc70361abc8a4269ab1d6cf63c896acd9be113d5f1f51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
312KB

MD5
c2f87b0b2520340000a8f980dfca6b48

SHA1
ffd7f7d667c48757bf770306bc34af3fcbcf7b5d

SHA256
103f6149a92d420778dea2413765f2d6f201f0f78d156631bd4f47aa19beb5a5

SHA512
1b421b133c485fed0bf77172776b637840422b50ff4642aff3614bd07e891fb75d5a40a24a8f002bfded7ead51ddd47f0bb4a9bff745051c37ed2bd288516b71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
5555458ccc73727f1250364e3f732ee2

SHA1
b830a1fcc4d7b27b76d05559c7362bfe9431e630

SHA256
36ec5b02217f35c77d4551f89e748c001043ced8fbddb3f8a40ee930e21894e7

SHA512
11fb8aa918795fd1680bbb2b32991bca1b30ec7b3920d5c114cd458929e0204a826c012c15b3d6f1291979f7c1e927b2be2e0f926becd453807ff7649291106c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
7d4247bc2750474a2e373418a3eb1218

SHA1
7bedb7cca2775691a278b03dffae3658f3493519

SHA256
7d18c063850f8740851d79c4632b98152344122c6ba0b837b51268b195c675ce

SHA512
75b09824ea97aa00a63eb4a36d84f8074ed4ee3c376588e646ad3a2ab1acf4ff2f02eebccd340af79df2091b57b7d7baa31a21b57dc4659f00a50fb3128b9a08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
c2f0feef1f9f1c0caf70ce7b9eb14001

SHA1
10445c959670caa97f6eaf6651e9cf2db87ced4d

SHA256
03b7f37f171fbd54fc0c4c2c2db65107f6c4d092e14877c426d046856a9adebf

SHA512
6098a3165270645abaeea2f71dcfde78cb809a5476aa0b20edc09115f5897ba0da6140a42b7faf516ec573c7d71e639b6ac30442be57d4631bf88287950c888b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
86KB

MD5
acd23496fb14b875ddf833c265158667

SHA1
6a8be96ec568b27a6e610aeeee26d39fe65c7ac9

SHA256
d4859c507b829514e84e68dc703537d86510f8c0ad183a69835e477e010baaa3

SHA512
b201826402c195e7ef069b6787334d88bd22c5d46af4195e57b488e0488b7fda21e56abdae80e944e32b6664666e6bf97003d69f451502af0c1de98296c3d203

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
90KB

MD5
d3dfaeb8e1235541b6ee7aa78a07e29a

SHA1
a51de0f03a9337677c53cc4684ecee88a71a3ff5

SHA256
e08a09c25d9fed8c47d30b964cf065c60281f7580b7799a6513da73bdcc22b2b

SHA512
c452acaa3f2a35e90a33d007a50048f8c2cd72b7473a9f9498930faa944c1980b9dddb7fcac216bcf6d41128a1cd465f72928080f23f28c3d64a14707a3259fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583d62.TMP

Filesize
83KB

MD5
c7dae7162f4944a34d7748b00b538fd9

SHA1
b7ab127f3fbfb116f403ab0b69126c157f518cdd

SHA256
d4f11ea085fa929a17824295ee9f5e76a04041747fd25dc9d13a4507eb99a926

SHA512
6f2e3bccd78cc2c9bfaba5ffaca5e6f1ad1e73c92a30ef1d747ca4174a0ee01a24df8b5ed228c43b32ba0e351f6039a741bf8d0f2db64f576761ac31197e9bb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
576KB

MD5
da42f40b058bbfe884ebc9eacb7ce0fb

SHA1
a823674e9f19041769d032f3b8d134c2fd1553a5

SHA256
559920c14ab4db5c2247f4fbc96a63c7d7e4a01f5f48cb2cc615ea2b1bdeb9c0

SHA512
85b1b13bc9d3a35d08bdf96c62c20647411a5ac6a09d17762df816076082020ae2f4900effcbece0a331142cd27fcebc7f22b8fdff966b62d9ac19be70e90ef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
e9aa12ff0be6d995ed86f8cf88678158

SHA1
e5ee38fc2ebef0fcbc3059dee29b39f7daf21931

SHA256
f35cd8ef03ac924a59943c5dfffc31ab67a8b5aff272e9f47ff776aabc7ee561

SHA512
95a67acd2a4784b87d73910c1f1f590937c9d9b901e98448556a37eb8137ae5f458f1c673d65a46cf7d6b90bee5fe6b102ce3eeac9e819062cd9c5c2418bcbfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
d093e2fea64ea4cbb3c8b7ecab2cbaed

SHA1
78a3e8453805c59151f321f784492dde9dd6725d

SHA256
44093a2cdeeaa7416a5c182301b795f8afe1aa8cadede6b1c7e420bc1a34d6c1

SHA512
b125662c7333733a82b03330341b8547cb0452dd720c0f0d04731c6b40ad6377cc805435c8feb030c538945bbe1b4998cb7a327e9fa5194c0bd93e4234112557

Download Submit