hxxps://sirensdomain[.]itch[.]io/housechores

Analysis

max time kernel
518s
max time network
519s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
14/09/2024, 03:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sirensdomain.itch.io/housechores

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	House Chores - Beta 0.19.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	House Chores - Beta 0.19.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	House Chores - Beta 0.19.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	House Chores - Beta 0.19.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	House Chores - Beta 0.19.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	House Chores - Beta 0.19.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	House Chores - Beta 0.19.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-6179872-1886041298-1573312864-1000\{9C588170-DF51-4A40-948A-A06BC115F165}	House Chores - Beta 0.19.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\House Chores - Beta 0.19.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
3132	msedge.exe
3132	msedge.exe
2124	msedge.exe
2124	msedge.exe
3616	identity_helper.exe
3616	identity_helper.exe
872	msedge.exe
872	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
5032	msedge.exe
5032	msedge.exe
1928	House Chores - Beta 0.19.exe
1928	House Chores - Beta 0.19.exe
4436	House Chores - Beta 0.19.exe
4436	House Chores - Beta 0.19.exe
3752	House Chores - Beta 0.19.exe
3752	House Chores - Beta 0.19.exe
4436	House Chores - Beta 0.19.exe
4436	House Chores - Beta 0.19.exe
2408	House Chores - Beta 0.19.exe
2408	House Chores - Beta 0.19.exe
1900	House Chores - Beta 0.19.exe
1900	House Chores - Beta 0.19.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4580	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4580	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2084	2124	msedge.exe	78
PID 2124 wrote to memory of 2084	2124	msedge.exe	78
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 1484	2124	msedge.exe	79
PID 2124 wrote to memory of 3132	2124	msedge.exe	80
PID 2124 wrote to memory of 3132	2124	msedge.exe	80
PID 2124 wrote to memory of 4548	2124	msedge.exe	81
PID 2124 wrote to memory of 4548	2124	msedge.exe	81
PID 2124 wrote to memory of 4548	2124	msedge.exe	81
PID 2124 wrote to memory of 4548	2124	msedge.exe	81
PID 2124 wrote to memory of 4548	2124	msedge.exe	81
PID 2124 wrote to memory of 4548	2124	msedge.exe	81
PID 2124 wrote to memory of 4548	2124	msedge.exe	81
PID 2124 wrote to memory of 4548	2124	msedge.exe	81
PID 2124 wrote to memory of 4548	2124	msedge.exe	81
PID 2124 wrote to memory of 4548	2124	msedge.exe	81
PID 2124 wrote to memory of 4548	2124	msedge.exe	81
PID 2124 wrote to memory of 4548	2124	msedge.exe	81
PID 2124 wrote to memory of 4548	2124	msedge.exe	81
PID 2124 wrote to memory of 4548	2124	msedge.exe	81
PID 2124 wrote to memory of 4548	2124	msedge.exe	81
PID 2124 wrote to memory of 4548	2124	msedge.exe	81
PID 2124 wrote to memory of 4548	2124	msedge.exe	81
PID 2124 wrote to memory of 4548	2124	msedge.exe	81
PID 2124 wrote to memory of 4548	2124	msedge.exe	81
PID 2124 wrote to memory of 4548	2124	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sirensdomain.itch.io/housechores
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb4ba23cb8,0x7ffb4ba23cc8,0x7ffb4ba23cd8
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2500 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,18158675793966912287,617253784135274142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4348

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1944

C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe
"C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4436
- C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe
  "C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\nwjs\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\nwjs\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\nwjs\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\nwjs\User Data" --annotation=plat=Win32 --annotation=prod= --annotation=ver= --initial-client-data=0x2d8,0x2dc,0x2e0,0x2d4,0x2e4,0x752fd0e0,0x752fd0f0,0x752fd0fc
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1712
- - C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe
    "C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\nwjs\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\nwjs\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod= --annotation=ver= --initial-client-data=0x1c4,0x1c8,0x1cc,0x1bc,0x1d0,0x79d820,0x79d830,0x79d83c
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4052
- C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe
  "C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe" --type=gpu-process --field-trial-handle=1712,6286505133409886786,14666909157134859014,131072 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\User Data" --nwapp-path="C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19" --gpu-preferences=KAAAAAAAAAAABwCAAQAAAAAAAAAAAGAAAQAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor=Microsoft --gpu-driver-version=10.0.22000.1 --gpu-driver-date=6-21-2006 --user-data-dir="C:\Users\Admin\AppData\Local\User Data" --nwapp-path="C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19" --service-request-channel-token=417B4F98CC3B4B333808DB748682F47D --mojo-platform-channel-handle=1720 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1928
- C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe
  "C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe" --type=renderer --js-flags=--expose-gc --no-sandbox --no-zygote --field-trial-handle=1712,6286505133409886786,14666909157134859014,131072 --service-pipe-token=E02CBECE0C4B710F384032B8445221AA --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\User Data" --nwapp-path="C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19" --nwjs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true,cssExternalScannerNoPreload=false,cssExternalScannerPreload=true --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-checker-imaging --enable-compositor-image-animations --service-request-channel-token=E02CBECE0C4B710F384032B8445221AA --renderer-client-id=3 --mojo-platform-channel-handle=2180 /prefetch:1
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3752
- C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe
  "C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe" --type=utility --field-trial-handle=1712,6286505133409886786,14666909157134859014,131072 --lang=en-US --no-sandbox --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\User Data" --nwapp-path="C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19" --service-request-channel-token=045CA1FFA245B234373AEE8A93E40FDC --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2408
- C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe
  "C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19\House Chores - Beta 0.19.exe" --type=utility --field-trial-handle=1712,6286505133409886786,14666909157134859014,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\User Data" --nwapp-path="C:\Users\Admin\Downloads\House Chores - Beta 0.19\House Chores - Beta 0.19" --service-request-channel-token=9A0E2421BE210A2A6BFDC2071EAF8789 --mojo-platform-channel-handle=3756 /prefetch:8
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1900

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
302c3de891ef3a75b81a269db4e1cf22

SHA1
5401eb5166da78256771e8e0281ca2d1f471c76f

SHA256
1d1640e5755779c90676290853d2e3ca948f57cf5fb1df4b786e277a97757f58

SHA512
da18e7d40376fd13255f3f67a004c3a7f408466bd7ce92e36a4d0c20441279fe4b1b6e0874ab74c494663fb97bd7992b5e7c264b3fc434c1e981326595263d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9efc5ba989271670c86d3d3dd581b39

SHA1
3ad714bcf6bac85e368b8ba379540698d038084f

SHA256
c2e16990b0f6f23efdcecd99044993a4c2b8ba87bd542dd8f6256d69e24b93b3

SHA512
c1bc0dc70ab827b54feb64ad069d21e1c3c28d57d126b08314a9670437881d77dba02b5cca57ef0f2aa7f8e7d4d163fbd2c6f246ea2d51ce201d61a89015e8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
de9b8fffd92c9cefc78e253b64b87a7a

SHA1
b33130f8284362f30c3c145415ca91acb58ef0f2

SHA256
bf249bc4eaccc79b98c1a8a8d67dd238e495f2379b10a070530e8e0fd3269d73

SHA512
a8e942a325d463e762e99033147c77744a45c7297de6e3c1524a2ef71fc8e1d0517bab5dd0c1209af4bf857c6122ef49d1c01e9f98e9d344cbf981c235f1bb30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
825B

MD5
287e81adb7625ab81aa5c5505e9f5f0b

SHA1
4f2ba40fc4c976318c8d698d8cf42146e501f267

SHA256
8620653654508953d3559845b0a2ad76ab88258dc1be64b34cae8965d7d0627c

SHA512
2036b74ea1a5673b882d96a5fa0b7d1d15e218223a2c6b5ecdeedc9de27f2398d1e7870533dbc84dd7ad687aabf99b682692be19cc691e8865322ac1afb7109a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
97c30570d5071e8cf896576e66d0f34b

SHA1
e46e9564c90f0c9594b8c3ea4d6fdd6b6ee6510d

SHA256
265e9a1e992aae7228081da65df4d85c4c496ec5dfa429282e0a3e0f452b4372

SHA512
fc5454fc8d812e8d8b4b5f7bccaed9001ac200e37e8315e01147fca209248a670eaa69ceab97c2373bd07c9cb8b7b876c7069371790af727525bad8ad2258eb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e849a19877c3ffddc7b10a274f5e36c

SHA1
562f0a0f3eb768bc1b6bed99a297eb016332eb40

SHA256
018537165c331c629716833f2fb0b329c9485c6e44a7c6e27bdeb103016a84cd

SHA512
8a0fdc878de9f1649dada1c704b1292269a9f0eec5fbba9d79264e1fb91fa0d80aa8c00905e6a1588e3de9a09f25b447360b59314d1bf4f0d21e01283c1de99d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0b18fd38a5bab1cc1c46d16c2d478805

SHA1
48f6492f7ed936070f8e58b337998206e7d33b1f

SHA256
e7437225537389a7a8aedd2904f64f004ff49e6173914445fdd1c1d3a2f0ade9

SHA512
ba1d6330166fbc12d582912da4c20e48c8348392b7fcf3ef791635b1d300f553df80be89bab0a31da9fe86f46acd7ca2ff5cb91c526446a33745bda23f86a033

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
98539841766cec425daaff1d1330e533

SHA1
d35f7e11c6813823481973370696c1b6217acd52

SHA256
f812b9c7e37be0e3611e5c5370fd7ed33608dcf0eed9ee55a585cd9ae207b618

SHA512
0ca2c779e3b0987482450bdc3be03531323aa47975fa384fb82f97fec5b374f23b97d8f68466664542d2f6a4c52aa01bb54bb2c405e438a56ca88b18112129f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
45f5b92209c917953be4c638e4eb45f0

SHA1
0f5bca979e398aeba3524d6501a682486734c0fe

SHA256
637a98843df321e5f98696d894109db3c9fc416679e7f08a59ae17b1af146ef9

SHA512
72ca0f866d1b66e5a0dfbc89dfc77280a065a29189dd4fd6395b87bb8020d44a1ec0ead694eaef7385529f6c70c0d80d66816310aac018a81370dce8294ceb6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
9aa181331d49a06395460e6e238469c2

SHA1
0eb528decc7da99d2a2d79c717f5da28c85f19f1

SHA256
cd1942695a53025113baac92fd12a2edec4c655512957e3109372109e314e147

SHA512
1c548596e68a8a431d3d7d5261daa5e697bb7e227bc97b2c0ecf88336f2e197c1e177babe3e02bcc835c68974c00273ffd7ea30dd6cf917bc229e21cfa2c8273

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581587.TMP

Filesize
203B

MD5
a83dbf5f1f19ee923fe6ebde2b7ab802

SHA1
9ae0e526e907a80d9fb052a113d6750523ff9a12

SHA256
48f185e9e3ceb347611a8297a8b2ade07992ace0dc7e01719e63efaf99160c90

SHA512
e3e5c5c2ecd40639da172a4a7615bdd11f1cdff85243d3360af9975fd1ff1ca38a0e6c4882bd463ffc27919236b2a1969d87f18e735dd3ecee18c5723959fcc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
83293461b5dfcd048142fda5e53e82ce

SHA1
78be070e027eddb5918075aa867d75103c6ce427

SHA256
7830e5d892eb30cf6b58e1b260b0e43aae0e953198450c859b7c90892fdaae58

SHA512
8f75e17ff82f30f6f3569167b20ff24c41f4ec893fb8ee4275064417a0cf2496caa8aba0dfb872889f933771a109aa72dbfed934ee85b7df6eb37d25e27fbd9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
66f3f6948a4295b33a1dabd4c4cfdae3

SHA1
27da75b9be00e7f414e88a618062229139f7a88d

SHA256
9a51aead040d91b5997f3d21708d5a5c7b2e541fac8d83e6114e43685176d217

SHA512
0a9dea29d1805ccdd220decfb0b64e57bc7f54e94794cce6256927b2c1ee8d564f3788453b83d8a317c02e70a3e5c816a5b90b3357994e7941a936eb28773e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d3b25deccf1cca26251850ae9acaab28

SHA1
2f88a7a336ef1e77867e4750da330c157b88ad2e

SHA256
8f6e383e9debcb8104b897603c49933e0c406dee406adb11c2e935dda157cd01

SHA512
5761fa19aacf868f723d3f043658a0bd655c5903deffffb4500eaeb77f0f37575d2735a174d3c000bdc4722a5a55838ee58fdc1af654453d477c78f1af7beade

Download Submit
C:\Users\Admin\AppData\Local\User Data\8489be2e-72db-4c44-aadd-f1133f9da660.tmp

Filesize
1KB

MD5
e71c81fc3cd64ca057345463dc461057

SHA1
8e909415e6d4f384573247c8e635459c764ce6a7

SHA256
d802abab0f39fcb702f07899cf19ee0b6069a659407d1ceabd11bca61415275e

SHA512
badbaa76ba55580bcd5104b53b716769f973f4f87edc482dd7655dec6178a6481109646b4e303254484e7d88c885de3f1e7af953da19722cb6e005e388cfc6ae

Download Submit
C:\Users\Admin\AppData\Local\User Data\9c150a69-cc8b-46aa-9a11-3a39e0bae360.tmp

Filesize
3KB

MD5
95c0cfc51f4659c09ecd8d07de55ec35

SHA1
1ba98d62fe124f5efd13e5487cfc3f19684593b9

SHA256
86d73f215905e9fbc9ad4e4da39245f698c49167f3e2dddfb8a17138fde75acb

SHA512
63e62606b8a1186d3187f1afe5d7a45c9aec5948a02fdfbb16c2895ab714cf65a1032db7649e81e5e76085792bc7194fba6c409c0ce51b3976ffa84d81553376

Download Submit
C:\Users\Admin\AppData\Local\User Data\Default\Download Service\EntryDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\User Data\Default\Preferences~RFe5ca0ac.TMP

Filesize
1KB

MD5
a4383bcc6e00d2964f80858ecca87da8

SHA1
6fa5b8437018ea1def8add7e57616515b9bc4d2c

SHA256
a120c60a2d0df5243b4e17c37676237e9e6db195e4d2b3bb3e2817bdcfd64a51

SHA512
66977ee81283a8d5c1c0550d1407f66656f41d5381dabfcb0f6f51409f6865f66b2afa77304e843fc39bc51b722fa90220745432cce1edaff6f826c31fd36e57

Download Submit
C:\Users\Admin\AppData\Local\User Data\Default\ae67353a-ab0a-403d-a6b8-82e60ef0a7d2.tmp

Filesize
1KB

MD5
e29467f34054e02b2b32cd86f762195c

SHA1
76b748dcdbc2d2165b41708e36127197e25ec691

SHA256
ad53e8b5c11aaeea159d9eed1f6390b581841257c715293c4133944d0405ab97

SHA512
c8d49cbcc4ad8963bca34537cc97e1fd3dd70f4bc981a33f3a4b5e9b40b343ca22b60c91914bfe6ee0952c426b71696c1b9e8033340aed29f034c4725f8b4215

Download Submit
C:\Users\Admin\AppData\Local\User Data\Default\data_reduction_proxy_leveldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\User Data\Local State~RFe5c3fb0.TMP

Filesize
1KB

MD5
7ec11c2be7d2780a416db8375c47412b

SHA1
a6bf581bafbaefee3379bf2eb3f2c425e56c8e6b

SHA256
bb976230fce3b575c4e172c30eed4a80809837d09e53af287c465e5e174ed38b

SHA512
d7ada18c06909a4b46c2460a2d401722040e28edb863b10fc699d932520def519a8184da4d30c35c7f89a618b56b28fa421850cb53046fc808e1aa7f2761dfa1

Download Submit
C:\Users\Admin\AppData\Local\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\User Data\cc713349-664d-4820-9577-daa456106166.tmp

Filesize
1KB

MD5
ca4a5aedc6f73c84ea38922513dbf38e

SHA1
826771b5383a111564e1f4f7f21c31a1d0d15378

SHA256
a66031982ce5697f68391ccba3198f7d22ad9ba612942f42f6ab414051815e69

SHA512
3963fd70b1d6ccdb0cd8e663b9ef9c466e3437526f7471411c693535af4106baf43fd0935cdd391413508bcc13db81c898b38f05b84db9c6ec91bb2085e34f46

Download Submit
C:\Users\Admin\AppData\Local\nwjs\User Data\Crashpad\settings.dat

Filesize
40B

MD5
17814e7b9c3ec50beb9239fccabd79c6

SHA1
5b32ac6e45de7cedbb48cc83ca9dce77c63ea611

SHA256
64e32e27756d2183c74ff222bce13dee539fbc9c43912ec1a9aca244ceaaa0ac

SHA512
b0f8e00740cdf5a4aa210d80fa764f92695a6c10d96b0b4930201822cdfa227fafd956f7497bfb3132816a7702198c580001ef02f4371ad811b4ae8d6135d9e6

Download Submit
C:\Users\Admin\Downloads\House Chores - Beta 0.19.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit