hxxp://alpineworks[.]nppdespro[.]com

Resubmissions

21/09/2024, 01:21

240921-bqm2raycph 5

20/09/2024, 09:30

20/09/2024, 03:43

19/09/2024, 22:59

13/09/2024, 13:38

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 13:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://alpineworks.nppdespro.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133707083545637555"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1200	msedge.exe
1200	msedge.exe
1300	msedge.exe
1300	msedge.exe
3568	identity_helper.exe
3568	identity_helper.exe
3632	chrome.exe
3632	chrome.exe
5424	msedge.exe
5424	msedge.exe
5424	msedge.exe
5424	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe
Token: SeShutdownPrivilege	3632	chrome.exe
Token: SeCreatePagefilePrivilege	3632	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
1300	msedge.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe
3632	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 4636	1300	msedge.exe	84
PID 1300 wrote to memory of 4636	1300	msedge.exe	84
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 388	1300	msedge.exe	85
PID 1300 wrote to memory of 1200	1300	msedge.exe	86
PID 1300 wrote to memory of 1200	1300	msedge.exe	86
PID 1300 wrote to memory of 1820	1300	msedge.exe	87
PID 1300 wrote to memory of 1820	1300	msedge.exe	87
PID 1300 wrote to memory of 1820	1300	msedge.exe	87
PID 1300 wrote to memory of 1820	1300	msedge.exe	87
PID 1300 wrote to memory of 1820	1300	msedge.exe	87
PID 1300 wrote to memory of 1820	1300	msedge.exe	87
PID 1300 wrote to memory of 1820	1300	msedge.exe	87
PID 1300 wrote to memory of 1820	1300	msedge.exe	87
PID 1300 wrote to memory of 1820	1300	msedge.exe	87
PID 1300 wrote to memory of 1820	1300	msedge.exe	87
PID 1300 wrote to memory of 1820	1300	msedge.exe	87
PID 1300 wrote to memory of 1820	1300	msedge.exe	87
PID 1300 wrote to memory of 1820	1300	msedge.exe	87
PID 1300 wrote to memory of 1820	1300	msedge.exe	87
PID 1300 wrote to memory of 1820	1300	msedge.exe	87
PID 1300 wrote to memory of 1820	1300	msedge.exe	87
PID 1300 wrote to memory of 1820	1300	msedge.exe	87
PID 1300 wrote to memory of 1820	1300	msedge.exe	87
PID 1300 wrote to memory of 1820	1300	msedge.exe	87
PID 1300 wrote to memory of 1820	1300	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://alpineworks.nppdespro.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb974046f8,0x7ffb97404708,0x7ffb97404718
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,15248953410666726399,9686450055521969326,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,15248953410666726399,9686450055521969326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,15248953410666726399,9686450055521969326,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,15248953410666726399,9686450055521969326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,15248953410666726399,9686450055521969326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,15248953410666726399,9686450055521969326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,15248953410666726399,9686450055521969326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,15248953410666726399,9686450055521969326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,15248953410666726399,9686450055521969326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,15248953410666726399,9686450055521969326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,15248953410666726399,9686450055521969326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,15248953410666726399,9686450055521969326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,15248953410666726399,9686450055521969326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,15248953410666726399,9686450055521969326,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5064 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb867bcc40,0x7ffb867bcc4c,0x7ffb867bcc58
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,9151772861193992232,13445419288124577658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,9151772861193992232,13445419288124577658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2420 /prefetch:3
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,9151772861193992232,13445419288124577658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2448 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,9151772861193992232,13445419288124577658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3276,i,9151772861193992232,13445419288124577658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4468,i,9151772861193992232,13445419288124577658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4920,i,9151772861193992232,13445419288124577658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5064,i,9151772861193992232,13445419288124577658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5096,i,9151772861193992232,13445419288124577658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3740,i,9151772861193992232,13445419288124577658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3568,i,9151772861193992232,13445419288124577658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5308,i,9151772861193992232,13445419288124577658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3464,i,9151772861193992232,13445419288124577658,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:5508

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5240

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
27ad17c2009195cf184902f666f69a30

SHA1
d9cda9beff2d8d8b2658b431ca03f7e42f7f7aa0

SHA256
29ac5b9f0a296849fd06afb5236b28ad7c2fa28e957d5e9afa6213db8a195d0a

SHA512
d13de6072f0b4b15f3a4fc470c7042a548d56cf1d546eac0d2b0cc0c760418799be07cccef305802130a8f0a71c9fc2273d8a691ee71ec7217488be9fb87f17b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
42cb05656cb15bb2c71085b53baf9736

SHA1
57d9440c312abbc511b16797a5e16e647a5cc439

SHA256
c72230a7d71ce1bc3aa6c588452dcba1a410e5cd1a4247bd65557caf1e547f7b

SHA512
5bde66d7bbae648a630c302fa0d75939699927ab75796e28c4d8efc762d5c78edee711a8ab6e017e34646021de00f26a2d732e9fe851fc93c396fbb36170a72a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
0119114e33555307280f7adfebe0bbf2

SHA1
7d8f93a9dc0a961ff9dac4ccbac5a5ae08032a8c

SHA256
13ac1a20a588f4981ebe678d2eaa732e855b0631f05cf060bff6b4386a8a5bc6

SHA512
18a042b2772219aa2279aaf7e0c9f88e3b7463eeb44e9cacd28f3cf40e71a80afce9c441c0b57e5efbe6414eea58948502c772f3a4dd46dd74aa4634b769f1dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3762a461a22ea18f545a55b85266c4ff

SHA1
af6e84df9c238072f373da88cd1482ef7d735da5

SHA256
c931504ac35fe30345d81e13a18a003981911d48cff9c1c4d81ccd6b6bc2024f

SHA512
ee0128169de7cd0ef5612bd2c056cfb911d49f67fcda55d28c2eed4b3092e60ad011690717555b107cd76661e9054d0071bea9567e3218e057738bd32292eb05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
29f46c399260eef6819a65763c875a2a

SHA1
78372b291bc2c37168b68a5f23719aa6dda0e1ab

SHA256
46727b7599056686b60622090dc56e95c78baaa02235bd8045b4d271c5a7fd1b

SHA512
c341041059052e3dd0c4675750fdf87662e15c44ac74d31ca5e495bd822642448e77f5963e4c6a455a7c447bf441b8dd6adf0ccb70092da7ead958566d4303a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
105de12621683da905224046ba7792f2

SHA1
d7c987775bed8a1ae993963a6b87cc350695492d

SHA256
acb34e032f13574db1a229b3b22e4f5bc23fa04a7823406ba1f7fe064f7a1e19

SHA512
6ec13ece89d6aa27c57a079f4896c0d36ce5ad5e98a72fc552bbd22c9ff12b9955a1558bcb83ba6967d561aa1e00d992ab4f65776df8f082558e86fa790f0279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
859447f4167c76163e04ae37f7c5afeb

SHA1
06c89291271984e59e22372509c600294c7b0343

SHA256
4a1285d486bd515fb41ff55be0d84fd9e005ea5a877c164625237b22d95050da

SHA512
fa671364399de46798ea27e50f378912d683b530beb9ba09ecdc2ac6031a83fa778bc48c47e607b0b66f055f06f22b28cf0c39f0188562e7991b4c8887f56249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
291a35af855ed22bebcaa96a2a5065b3

SHA1
74de9e23fca0c3c6d5ab7d67835eea2fca651726

SHA256
7332b8201472f17ff9a01be3af561600270be43311582f35c7aaf34fe206804e

SHA512
69c6fd4fc827965cdbead2181077cc73f46e67f61d6090ab83d1617c15ccf0f53afd080255977671cece100a41dca448546a9d58165f2fb955de7da75985bcea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
032285f665c7d04a7991e5e4d9627759

SHA1
0091146cc75106d9d328b926de7eff7c04a5b36d

SHA256
cf039a69dd4fc63b6bcc73c52b60d415ac25e6b951ade64c29422855d25724f2

SHA512
ee64a2f27e8126756a4b2cd1dc00a28a21df17f8b71b9fbe2414f95374ba2df1eeeb0b58a7d255e90c529676bc015f127b23b688dbb02ade8f9e1e2092160d7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b6e210ec02f29cc335d459ccb7bb7465

SHA1
a8379ab66aa948963b792578be6a47ed776b5479

SHA256
8cff6d24af572c6ce828c38b6352deb8e675c09e200489259f7193164976e3c6

SHA512
9113448145e818feb92c6ccfb8a4c99deb3a004f080a7c051da60c35a410546a0f22ac093f17ecf91157e97b4a6cd2685ae2cd88231ce1d30c2970c3a4d80aae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
335bfd8dafa37775767ec82244f230fd

SHA1
58b41168ade45c21c86d5e22fdccefacf75a6032

SHA256
ff635319806e55f3956234836b41a5883945037f47a0f869352397a199686584

SHA512
17f84d0c995ca54c78eb20492b5247212c36052e94c5e609892cfe9f54a6dcbbc30c315de078faef271d7f0c71f2c333a5a6f48e9ad8b6ddf95b1cdf7c587eb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ad6d026bd78aa75609360e1db8692ecf

SHA1
92407d9ef7a352c507cbbcfb8c63231dec0b7095

SHA256
9f925b79e025741f2309312e099ea99fe03f9d94905aaf0bd2c9eb2efcf9f59b

SHA512
c544586bb13a615c738652ffb3b598338af137ff89cc625c5929a2e5e74b8aeccfa1f9d4dccf0fd59edfdb2683164a245702b2913e29b8289ae11651b3260ba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
aef36dea7b5fb608d2374d5f4d779094

SHA1
46a02fc923872c5d7f07a033308be9fee5d6bb28

SHA256
eca9b458abcffa6f6b32025babd62d69e81611bb24afd09955bf1a4d23399275

SHA512
67288621046478c29c395afa58d93e4e3433c8498a3e86902f746d90e69c9c90ed6d12e4b68f37acb0586e35972018db7635b95af7d6c6b4889a54d4d8935ca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
975d430ea83c23fd33ca9001700f00bc

SHA1
ef13feabab1ba081f79fbdff0d860da98528fc2a

SHA256
544041c55737ed6af9cd41c890ccc105e6852786b013a61dd077b61e6e9fe738

SHA512
3ccaf741bf670c6a262475782b3c1daeb22c11d2cb39b78ac55c3eea63f7bd297e5fee3b66dacbbba62626fc57be48f2d9a26748c9fb0c96a9f04895a2a413bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
faa7bb76fbe3bffb5a392249a78deddb

SHA1
46dc57e5f7a56088157fdee0a256ba07c87202f8

SHA256
f0048a0cba1df466bf0b8b23ad29533f07220cdac643e72c235e0161b50d49ee

SHA512
b25cde71a8ab08a4b975186fc941772e9f9f8777bac030bb53c27a27706e65c983c3d537cb08ab7e0d21acff0f6501c7c150b33f7b83af106bc9bda85b0d9c68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
dbedf746239f0031f44a14976a892bee

SHA1
4bea21ce4cb5d2ba8cb854e3f0271f3c0b6da7b4

SHA256
c06d3d2f5aa5cd51b02a9944abc7d7aa03362a01449d26553415bb6d5f701778

SHA512
0d1b14144a071b138be3a74157e5fcfc5196979d012b26cb0df5311dbbf67e8aec07c90a7c73e491225e4a5f51fa11b084b2812a91b091f1c34c98ead671f395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
638B

MD5
e2378e616349081bd441103678370bda

SHA1
64d98431d77bfe683abc7ddfcf42a2f5aef0fa25

SHA256
92f44078d6bde550060bec3ae1e4d1cc88540398b94f06d9173ed0ab6373392b

SHA512
ef1311438d223e9dd41a131c6d39f06cf4aaad55e537fb0aa039737638824596cb19b91651e194e2176f195e0c4fd70521b0941f73d11078f5efe92812dda631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
26aed7c20ad6e2a91590103cb7e71505

SHA1
f1a770099ee5d61f653716e5605bf30b716b091b

SHA256
d8061b1d83e76e862991b71a0ca912c48eb0e0b275fa27d6db05d665c30db4a7

SHA512
bb4cf5e06676ef61d2386bc15d6733ee355cdd783be3b5d5858bdb5dc093e01a77afcc87a4bdfd3fefeeb3bb68a525a067dfe2267601e0d10982a05b1991ddcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
477688f680e62fadb80d1691d780bb3b

SHA1
6756d5fded0f4cb01625ae415c99762f229e219d

SHA256
9ab5efb9a8f483e2256541b4c8580c0270ae8dea7bf40ed6ff09a6dca6a7bd55

SHA512
6d746ef49aec843b412d44d1eedc11695a2ad0355464fca531caa76f37d38ca1d0b7340ebac929aaa378c1e26432a4a143751fa856dc453937b5f864e1a7fadd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
15ccb3c2d735ac17b8cd5cce147c8faa

SHA1
be34c453ce9a5ee52f7d549e195cfdbc5c3f35bf

SHA256
bc0e2248ac3977a281580890e09af9695c5b2e3cc1f6a30e39caeaeaea8d2e44

SHA512
196f6fecbc6fbfbca9985f2b50c2dc330612a6515542e366f7227706171babbb23839997cb7a244118ffefa096717bfce58bfec1bd56113b8ad64ed2100351e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6cc75ecf77a701e3169b85aaecd4fe7a

SHA1
a77a7c1b2aa2ca3f8f568d323dca9dba853b5708

SHA256
e99c0103dfcdd2860816c1c42bd43a2e734556535aba68327c65da60540331fa

SHA512
ca392ef961429e62ec76c40fde1886f7ea87d94298e0558cc0e6eb1d3293a24077bd6cf3cc419b4b86b5d7eff14cc68b69d39396bc8962406515529af9638256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\fdc33db5-ebec-4ac4-829f-4613f0dda588.tmp

Filesize
10KB

MD5
e3057a0747a4c294f0de33cab3b3c3ed

SHA1
ab3a951aa256c46a12394a4a2b52b24c0ec359b0

SHA256
ac082f1d56de9b5ca722faf9b9ac9e54fa45939c812233b0efa029a91f9350d4

SHA512
39b5b9bae1245ea4ddcf90b9815ef23b58c95d99106fcbbb60ba6767d0fa76fb7c7aa2e98d07e17f9ce96025c1127d6e53f090f4bbfda44ab6afd336655cfb80

Download Submit