c295513f8039e735f708336e0a92b47ef37e37a1ce5bcbaf44b1de40deb765b7

Resubmissions

03/08/2024, 01:46

240803-b6579stdka 5

03/08/2024, 01:43

240803-b5ad7stcmf 8

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
03/08/2024, 01:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-08-02 160027.png
Size

218B
MD5

c9a2b752d6aeb7d634096d93e44c90d0
SHA1

3a14783a317dcfafe650200403df1f1858414a07
SHA256

c295513f8039e735f708336e0a92b47ef37e37a1ce5bcbaf44b1de40deb765b7
SHA512

993ce83a75f0b2ccd0603cd2e4968c034defe5d8aeb2e721564e3731478f57d4ca29fd29fa882b8a03a95f10bcec27594a01264ce7afdd250dcc59c7d81e2357

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
4960	python-3.12.4-amd64.exe
4384	python-3.12.4-amd64.exe

Loads dropped DLL 1 IoCs

pid	Process
4384	python-3.12.4-amd64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\python-3.12.4-amd64.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	python-3.12.4-amd64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	python-3.12.4-amd64.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\python-3.12.4-amd64.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3056	chrome.exe
3056	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe
1384	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 1964	3056	chrome.exe	85
PID 3056 wrote to memory of 1964	3056	chrome.exe	85
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 1020	3056	chrome.exe	86
PID 3056 wrote to memory of 2752	3056	chrome.exe	87
PID 3056 wrote to memory of 2752	3056	chrome.exe	87
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88
PID 3056 wrote to memory of 4012	3056	chrome.exe	88

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-08-02 160027.png"
1⤵
PID:1036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0d07cc40,0x7fff0d07cc4c,0x7fff0d07cc58
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,7076586860537211957,13477432377582918934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,7076586860537211957,13477432377582918934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,7076586860537211957,13477432377582918934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2188 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,7076586860537211957,13477432377582918934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,7076586860537211957,13477432377582918934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4480,i,7076586860537211957,13477432377582918934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4476,i,7076586860537211957,13477432377582918934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,7076586860537211957,13477432377582918934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4812,i,7076586860537211957,13477432377582918934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=868 /prefetch:1
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4724,i,7076586860537211957,13477432377582918934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3360,i,7076586860537211957,13477432377582918934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3456,i,7076586860537211957,13477432377582918934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5024,i,7076586860537211957,13477432377582918934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3764 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4964,i,7076586860537211957,13477432377582918934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5272,i,7076586860537211957,13477432377582918934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3452 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3764,i,7076586860537211957,13477432377582918934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4836
- C:\Users\Admin\Downloads\python-3.12.4-amd64.exe
  "C:\Users\Admin\Downloads\python-3.12.4-amd64.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4960
- - C:\Windows\Temp\{1E56C3CC-4CBF-48DE-B842-6349FB778914}\.cr\python-3.12.4-amd64.exe
    "C:\Windows\Temp\{1E56C3CC-4CBF-48DE-B842-6349FB778914}\.cr\python-3.12.4-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.12.4-amd64.exe" -burn.filehandle.attached=592 -burn.filehandle.self=752
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5368,i,7076586860537211957,13477432377582918934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5712,i,7076586860537211957,13477432377582918934,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:4932

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4832

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4140

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
32KB

MD5
b582b2eca79a750948dbb3777aeaaadb

SHA1
bf0ea1c8a7b4a55779cbb3df1f1d75cc19910e9f

SHA256
04c7f19e1ae294cc641f6c497653b5c13c41b258559f5f05b790032ccca16c82

SHA512
35cfd88afe4e4e8091d3a5c53f0f3e2dcd92aa58b7544b94d4d9d7cdf508d429c5292aa97b813c9c8ad18e4d121d4e6595c49f5ddafbeab7b39f3a7c9d0b58dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
66KB

MD5
33411bb179575dfc40cc62c61899664f

SHA1
d03c06d5893d632e1a7f826a6ffd9768ba885e11

SHA256
274befc7b39609fed270e69335bc92b3d8251545594636eb408d5d93e0ae1a4f

SHA512
dc830766c928ac84df16d094fc92586b9c2c25f819123dc9b5ec259220b4b1c45e2af28c89a710f047c00c9dcf7df8dd859a9a7a2d2228703f616df13caef2c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
100KB

MD5
99d83059c976f75e518c85b71ee80b68

SHA1
2afdc3c630ffca68ade330e2661504c5083c7910

SHA256
735b342c23b3b785a117ab20f3e36f8b2cd18d85da303f25f3ab857962f273e1

SHA512
e9666a6f5640a2c5a3be238d638c414d6d69a68c189d78ef76d7df9700847943ce21ef93f1b1a78413e97e3cfc75029b61c286c82a612c0b1f7730632370fb47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
16KB

MD5
01d5892e6e243b52998310c2925b9f3a

SHA1
58180151b6a6ee4af73583a214b68efb9e8844d4

SHA256
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d

SHA512
de6ca9d539326c1d63a79e90a87d6a69676fc77a2955050b4c5299fab12b87af63c3d7f0789d10f4be214e5c58d6271106a82944d276d5ca361b6d01f7a9f319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
267d2a24328e143499b0c1dbd7fdd484

SHA1
ee3b50df7ee5a1cc3dbdfd812fb01a6b8f8af7d3

SHA256
b50bd8d1c729f5bfcd6c43e38d0104ea34332be3fce8e0547553fdc88c1382e1

SHA512
d8a698c73450d79269abb9abeb64b3bbf765697e4b0ea441724ad7efcbb90668354d743867e672ecae73a75aa44ba5a52069a4b780648f9311086be816ba4282

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c53063edc2fb5fd0514d3d2b6a055cf4

SHA1
47bb1070a7bf4a9dba8983b5094786d9f640f8e2

SHA256
8a44d1ff5e7ce5e43e67dcfa58846d14feef2f8cf99e2066a0972038f994fed9

SHA512
83417c365c6196885eac0c7493fd0c834395871f1577705727907d770010038bc860bd64c2910d331c2de256eb6e73f12c52187cc80d0442f058decbf14ac7c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b322454cdb1552e3323944386faa5485

SHA1
5a31e884358f8b3522d840b66ae0816281248c7a

SHA256
c81de95bb9adef5d9e006311a53c7d16c4eafe1a8a5a57297d9683fa24b5ecfa

SHA512
1c5e958ccca565e20d03e756ed075e29f1b15c2b2189a82186f82d289dc8d54f97655ec0e899598d0d9ff6ddc5b8c8657d4ed6580c0296d2bfa8beefe93c8176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3e268c1f721931bef8e5adb79e8919c3

SHA1
272007949945f6983438c91985e5e73d4e5a436e

SHA256
8d039ae7cd6c00dd39210d48a598379c4350553ca8011cbcb7e86f3bc5d36145

SHA512
9418b03b1c61bb3c58993b889cbcdcc57493c39936b02aaef70687403f67e83d9a169820877e72fa8a4249553aaba44b838e12b8f7451d5e47395e9492ed8626

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f25b06d7a91279f4eacad6a92b587528

SHA1
df22aa3fda6f227dfa12792d2d50cce1cec3df4f

SHA256
d4698c24f24a6dc50961847f9c1317c4a6bcf64c87f5b085a9c5e6c381d0c27b

SHA512
91d1e02b96dcef2b6686bae55f96764612f94ee78ba3dc06ae274bcaffb4b81c213971dc4fdc02c7f96789e9c7ea95493d842559afa910d69a9e4038b988cdb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ef4cb0b1cf504d29ba8e0c3464067458

SHA1
b1ff0e2651b88e257d45853f4ad404558d3e4154

SHA256
ccdc11dedd4831e2db008f45cc4549c54d5d7df2cadc9b8c4406399e53fefca1

SHA512
878c1529a5b7b3af7a7d00cc5161507c98b6d6b89570fee4f1ec06a73b08a7fb114ffea659b69f860a215b416e69930f148cc1263f985eebb567220627a94cfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b498062c3f87bdaa199fd84b60683154

SHA1
1a5422528e47d9a83f811dafa14dd068330c1013

SHA256
06e169bd8242ed5fc84838cdd94bdef40820c83ef7df7e308de24897a4e73543

SHA512
616d45f832d51bf2f386ae8408ec694180751e82a9715dc49c493de5c945165d35ca4ac64c020097409b589909c201e0b682d847ee9c363df3a14067ecedb5d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b8c30aa10c4e645ed33b468c6b09de4c

SHA1
e68d31a951ceca3a7fa2382cea8f5c33262902ea

SHA256
3d8d95337bd452203f26e27c3aeb5d41de29ad257932cba4079a13d1e793a419

SHA512
fb3e5449dc23154c361e94d5ebf6478d31d8b8234b0cbd73bccfa5498c9f05595148a7fea3d12bc5e3cd6eabe98b0715b9b17b0e393a394f5c742da36a4d9ccf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2f1b8d0d2274a692b511ed618c035ee2

SHA1
5962e0905839a348fc21a576f6bcbf8414938156

SHA256
d005cb22890bb7696912da98d6ee28a85123f085f58f92cf8f306498bdc0b443

SHA512
3e0782513ce234d8d64d8773c2b027feca357414c1e786403a225392277c89f6fda67d067890161dfcf26e94d998c606b9df411417a497d13f749327d4b130f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
58d3c33b4fe11a4385982d6a95410d72

SHA1
3b3747e58fdd1c89365fc6e598fdad3c922b258a

SHA256
bf24fedf88714aa61066c408a1306d573d9be11504c3825a0ac77b3f7a2757fe

SHA512
2ad63987fbac15bf19b3b06f1f37643884eb85b967d3c7506707d40031c58cf9e6e7f976bb31537ee2969722200569eb51fa1c1f19cdd3c5d96e7c9908831ad1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4d0b9b83d6f2da78c2a254827f43df55

SHA1
c2bd5211a0679c2def3edd28b7d635829af901b9

SHA256
6c3d0693930f60358919c62b6f9d3a66527f3f1228abbb727c1a5e8fed7c437a

SHA512
acd577f5cedca2bbc4248675d3c31cd85813346c8e696d7b5ba9a2700ff85a669df1804d763dcabe6f30a512a6f6adeca52dcac4b5ccfb711993318a3b51b5e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2438010289aab954ae491cc1753a6333

SHA1
679e7a28da066bb1c289f98b1a4588eca2421e26

SHA256
eb5ac75b9b72135d5da1f52e9b0c6099a9296cc09587151aec14450aea50c522

SHA512
bc7f126c7b81b734fc5c61d253cec34c224fbd70420aaaa4c9357e22d971dc396f8b448f743b9b83dfdc3372b90f7d3fb476f4f57a47cd508d7f70d8f0edeb63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
574edb947ee09b93ada2489aba62b3d2

SHA1
5a31c9891b2d7178079bf168985a7991f1af9ec2

SHA256
722ec76d6a2dfcc208bb3feaef8bca8e785fdc9e72cfc9dea4dae233223ee18c

SHA512
e914427080b9e57c090cbc728a834b0d890a1881d26a5752f6ef5980ed0bddc5c5e3ac3959400901051897282cc4a470e6a35e2d7f02a8117d815c56d23738cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e37ad8a44ca2b7bd350aea192c759d9c

SHA1
09b7d4e419886bc7cd13ead59b403c3719b0a919

SHA256
61333a358098be3c3db901dc2be5068f5987bcf6b242c91384135a1707597fa8

SHA512
0dff7f12d04aae86930d2df6e80f151ed63e5460f48f16225f692a5f32e6bcb7cc1b5d3bbe978bbd336e437c62ad6dba5228cc7fc05dc0bbbe11ab6e4e18fbe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
23668bab09b319ac2eaaa0bea9770daf

SHA1
d25c43b05f7f63c63e22129321fb4fef1acbabcb

SHA256
718ab777eb39b4742dae141a0aa706cb27a55e435448bf997a0a679da4a134b4

SHA512
6a4bdaa53d9c3ba111acf6035c4b57e6f83b4ccac4a6e9b2fa3bcec44c239be7716c5926f267d43699c8db947d19271e5b43dde1f360b91e48f5675d9490f854

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
892172675d9af3ec87dc5c0ca97db2dd

SHA1
b79ef3a800a90a16460543c918e280ee31bf402d

SHA256
08d5454f852545822af458124f7f7f18d9e9690bd2824e6537ac0407f0452c99

SHA512
1020a5f430e356d588eef9ba88aac2475dda0ee09772ce2bd39e53d65af0a76fb6bfc778984886dcceafcdd0ca09e690ea769975c1c6f5b04d88ce368d4d8e7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
42bccd6fafd794d91e2f97ddc1020115

SHA1
d6ba1ec6c6d483c86e6bd72ade8cfff5e55e2c71

SHA256
f49d4567813511a67a6ffb603ee8fd6a76ddc6c5cdadcad45f8444dc7537850b

SHA512
115b13a3b280bcd515aded31204bc1be56030ee8d1f8e5088da86ad9889c55d1b104393a85e814ec57bcdec21c1064eba98b2b9929bda59d9762baf775a7c06f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
fb7fe66d8742aba91278b3165534ceb7

SHA1
b638c0fba155fbe485c130a5beba25c9b97990e5

SHA256
9dc9510d814415a6b64feabe763ccf7454e0c0d88a2eccbfb5e0436fe27c21db

SHA512
166cc6edaf167a6a427119b4d7e5ff3d717c7a5b3c5beeb23881ab94b3717397cb158588d5fe2b6fb7c6e1816735ff1a862f8d1e6626fb101abbfff6d14024a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
7f42acf01e78eefb2258baeceae090df

SHA1
53d65ea1f69402e90a3111e5edfdcee46eb33f5f

SHA256
104e0116b6b15f7ab3db5f13adb97484358d161baa2da823935f3f32ad7fa2fd

SHA512
c19fd2c99cc4184987aae0b213a260acce8e90dfd51e008adc8c2364e42f91b12806c13430a1032fbbb2e9e2867e3cc82011f74d55848fa6d59a43c681b55abe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
2d0289f091e4c38fd33808e3b450d12b

SHA1
78ac71ec331255c598991495b8e66be8e7bce7a9

SHA256
0eb449e69d0b994b60d67ab247fd5a8fb62ce90d294a814a01e063762b6a4201

SHA512
442b11c7de963380cde8ef2801d74ebc759329d949ab0a1dd19222a63fddfd205d00f366b9c8a4c861da1dc9b8ec71747814f43662b3855bb3f62ec1d54040a8

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 22340.crdownload

Filesize
25.5MB

MD5
f3df1be26cc7cbd8252ab5632b62d740

SHA1
3b1f54802b4cb8c02d1eb78fc79f95f91e8e49e4

SHA256
da5809df5cb05200b3a528a186f39b7d6186376ce051b0a393f1ddf67c995258

SHA512
2f9a11ffae6d9f1ed76bf816f28812fcba71f87080b0c92e52bfccb46243118c5803a7e25dd78003ca7d66501bfcdce8ff7c691c63c0038b0d409ca3842dcc89

Download Submit
C:\Users\Admin\Downloads\python-3.12.4-amd64.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\Temp\{1E56C3CC-4CBF-48DE-B842-6349FB778914}\.cr\python-3.12.4-amd64.exe

Filesize
858KB

MD5
504fdaeaa19b2055ffc58d23f830e104

SHA1
7071c8189d1ecd09173111f9787888723040433f

SHA256
8f211f3b8af3a2e6fd4aff1ac27a1ad9cd9737524e016b2e3bfc689dfdad95fb

SHA512
01aa983cbddfe38e69f381e8f8e66988273ef453b095012f9c0eeae01d39e32deb0e6fb369363cbb5e387485be33a53ac3ec16d3de1f42bb2cde0cfa05ceb366

Download Submit
C:\Windows\Temp\{AED6D412-E61B-45C3-88BD-6D9B9AB361F7}\.ba\PythonBA.dll

Filesize
675KB

MD5
e58bf4439057b22e6db8735be19d61ad

SHA1
415e148ecf78754a72de761d88825366aaf7afa1

SHA256
e3d3f38fd9a32720db3a65180857497d9064cffe0a54911c96b6138a17199058

SHA512
8d3523a12ee82123a17e73e507d42ae3248bd5c0aa697d5a379e61b965781bd83c0c97de41104b494b1f3b42127ab4b48ac9a071d5194a75c2af107016fc8c9c

Download Submit
C:\Windows\Temp\{AED6D412-E61B-45C3-88BD-6D9B9AB361F7}\.ba\SideBar.png

Filesize
50KB

MD5
888eb713a0095756252058c9727e088a

SHA1
c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4

SHA256
79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067

SHA512
7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

Download Submit