59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733

Analysis

max time kernel
148s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-09-2024 15:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Size

16.0MB
MD5

ff1449bd953e57ccaf2b63662ca6619b
SHA1

db6c14fe6dcd71871606f241222d4e2729ad6eeb
SHA256

59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733
SHA512

796726b743c08e7a4716fde1559da3b69c7e254b8980b5275bcbbcecf44eaffe20ecd827aa75cde32c8717f9a9773539c2a9703f361fd823f6e0ced4a8f6d178
SSDEEP

393216:0/5wWJ/LPoEDDsOjFI1mcK8OKjSk8C8sJJq:7GzP7DsOWc6vBq

Score

9^/10

credential_access discovery spyware stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
credential_access stealer

Windows Credential Manager
T1555.004
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
File opened (read-only)	\??\J:	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
File opened (read-only)	\??\L:	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
File opened (read-only)	\??\P:	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
File opened (read-only)	\??\U:	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
File opened (read-only)	\??\V:	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
File opened (read-only)	\??\X:	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
File opened (read-only)	\??\B:	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
File opened (read-only)	\??\G:	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
File opened (read-only)	\??\H:	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
File opened (read-only)	\??\N:	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
File opened (read-only)	\??\O:	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
File opened (read-only)	\??\Q:	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
File opened (read-only)	\??\R:	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
File opened (read-only)	\??\S:	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
File opened (read-only)	\??\W:	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
File opened (read-only)	\??\E:	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
File opened (read-only)	\??\I:	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
File opened (read-only)	\??\K:	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
File opened (read-only)	\??\M:	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
File opened (read-only)	\??\T:	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe

Maps connected drives based on registry 3 TTPs 5 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\Count	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\NextInstance	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe

Modifies system certificate store 2 TTPs 12 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob = 040000000100000010000000ebb04f1d3a2e372f1dda6e27d6b680fa1400000001000000140000003edf290cc1f5cc732ceb3d24e17e52dabd27e2f00b000000010000003400000056006500720069005300690067006e002000540069006d00650020005300740061006d00700069006e006700200043004100000009000000010000000c000000300a06082b0601050507030803000000010000001400000018f7c1fcc3090203fd5baa2f861a754976c8dd250f000000010000001000000065fc47520f66383962ec0b7b88a0821d190000000100000010000000e53d34cecb05c17ee332c749d78c02562000000001000000c0020000308202bc3082022502104a19d2388c82591ca55d735f155ddca3300d06092a864886f70d010104050030819e311f301d060355040a1316566572695369676e205472757374204e6574776f726b31173015060355040b130e566572695369676e2c20496e632e312c302a060355040b1323566572695369676e2054696d65205374616d70696e67205365727669636520526f6f7431343032060355040b132b4e4f204c494142494c4954592041434345505445442c20286329393720566572695369676e2c20496e632e301e170d3937303531323030303030305a170d3034303130373233353935395a30819e311f301d060355040a1316566572695369676e205472757374204e6574776f726b31173015060355040b130e566572695369676e2c20496e632e312c302a060355040b1323566572695369676e2054696d65205374616d70696e67205365727669636520526f6f7431343032060355040b132b4e4f204c494142494c4954592041434345505445442c20286329393720566572695369676e2c20496e632e30819f300d06092a864886f70d010101050003818d0030818902818100d32e20f0687c2c2d2e811cb106b2a70bb7110d57da53d875e3c9332ab2d4f6095b34f3e990fe090cd0db1b5ab9cde7f688b19dc08725eb7d5810736a78cb7115fdc658f629ab585e9604fd2d621158811cca7194d522582fd5cc14058436ba94aab44d4ae9ee3b22ad56997e219c6c86c04a47976ab4a636d5fc092dd3b4399b0203010001300d06092a864886f70d01010405000381810061550e3e7bc792127e11108e22ccd4b3132b5be844e40b789ea47ef3a707721ee259efcc84e389944cdb4e61efb3a4fb463d50340b9f7056f68e2a7f17cee563bf796907732eb095288af5edaaa9d25dcd0aca10098fceb3af2896c479298492dcffba674248a69010e4bf61f89c53e593d1733ff8fd9d4f84ac55d1fd116363	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af33313353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeBackupPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeBackupPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
Token: SeSecurityPrivilege	2280	59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe

C:\Users\Admin\AppData\Local\Temp\59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe
"C:\Users\Admin\AppData\Local\Temp\59f8d828446950ce5ff3aef928447a5ea8c857813be500e51616712cc258b733.exe"
1⤵
- Enumerates connected drives
- Maps connected drives based on registry
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Windows Credential Manager

T1555.004

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Cab870C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar87DA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\resultdata\file-895031b1649272af81e81a9eeeb8786260a9e577630e3484d29c2fe2319595.csv

Filesize
450KB

MD5
35688237858af31c9992850dcc3c198e

SHA1
e714457f733fa8809f0054487a4ce0243167005a

SHA256
358afbe51465e709f393b99752352337a65f6a07cc24623c701862e85f3bda49

SHA512
66faedeb60a8c5ae48be60ff4702ccd39f053e83066d611f719afea778e4f5ea8b515ef19fe9e7a4c12dc21a6f451a3e389009a7684bb6b20a109840ae8f2b1e

Download Submit