hxxp://mypal-browser[.]org

Resubmissions

17/10/2024, 15:34

241017-szrjzawfnq 10

17/10/2024, 15:26

241017-svhq9swdpr 3

Analysis

max time kernel
73s
max time network
249s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17/10/2024, 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://mypal-browser.org

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3A6030C1-8C9C-11EF-B9F2-E62D5E492327} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c400000000020000000000106600000001000020000000a6d6b24e2c90d5a7fdfe55574a04e90816fb4aaf939d448d75cdc45db22de665000000000e8000000002000020000000034e6d2efdcd77645449e20bacdddd9183c3dd4e3529fd170f738976aaf044a220000000b942231d90eaf24763d1a507ceafff22a2a13e27ac769ef86cf0071866e6470940000000b64c9a2ebce60f1bf9e1be4dcc884998c38557c943d89ecc7b932699283e968f6acbb1944757e8f776a27b439bd1b7b3d476629559a13727ab4aa23c8853ce30	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70bbef10a920db01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435340677"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c400000000020000000000106600000001000020000000c37373f9984e54016e2e83e218a23c788994ba786340b20e2691558c8969a74b000000000e8000000002000020000000429c86c963d55bb61e50ac576435c625c3f9068cfed60feff935f444709772a890000000d4a46e0dac17b3fdc650ad59212978168b6403f6e06be90ea46a2abfad845ca547811dcb296c2f5aed29c02ff84e429b9a4515c4cd66edece6c9fa74a13558a10cf7c39913a803e9d9d41799192470489651d65585122bfdf4ada7c0626a705d4fc510bf4aa3bca3b09f3cccc8cc04740fc6d64fcbd6a6f4936a13e4b755f4d5d5ac1e798a1711353d7924786d9c70c24000000081b64cc8ae8c713ee952086bc65571e8b16090dfa11429fa7398c946b9a4e6bb8fdb1155cd78fdfeaaeecdda1392531d505df78ab30a1ffc0b34af19710a68f1	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3040	chrome.exe
3040	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1076	iexplore.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1076	iexplore.exe
1076	iexplore.exe
2420	IEXPLORE.EXE
2420	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 2420	1076	iexplore.exe	30
PID 1076 wrote to memory of 2420	1076	iexplore.exe	30
PID 1076 wrote to memory of 2420	1076	iexplore.exe	30
PID 1076 wrote to memory of 2420	1076	iexplore.exe	30
PID 3040 wrote to memory of 2772	3040	chrome.exe	33
PID 3040 wrote to memory of 2772	3040	chrome.exe	33
PID 3040 wrote to memory of 2772	3040	chrome.exe	33
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 2516	3040	chrome.exe	35
PID 3040 wrote to memory of 1032	3040	chrome.exe	36
PID 3040 wrote to memory of 1032	3040	chrome.exe	36
PID 3040 wrote to memory of 1032	3040	chrome.exe	36
PID 3040 wrote to memory of 2848	3040	chrome.exe	37
PID 3040 wrote to memory of 2848	3040	chrome.exe	37
PID 3040 wrote to memory of 2848	3040	chrome.exe	37
PID 3040 wrote to memory of 2848	3040	chrome.exe	37
PID 3040 wrote to memory of 2848	3040	chrome.exe	37
PID 3040 wrote to memory of 2848	3040	chrome.exe	37
PID 3040 wrote to memory of 2848	3040	chrome.exe	37
PID 3040 wrote to memory of 2848	3040	chrome.exe	37
PID 3040 wrote to memory of 2848	3040	chrome.exe	37
PID 3040 wrote to memory of 2848	3040	chrome.exe	37
PID 3040 wrote to memory of 2848	3040	chrome.exe	37
PID 3040 wrote to memory of 2848	3040	chrome.exe	37
PID 3040 wrote to memory of 2848	3040	chrome.exe	37
PID 3040 wrote to memory of 2848	3040	chrome.exe	37
PID 3040 wrote to memory of 2848	3040	chrome.exe	37

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://mypal-browser.org
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1076 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c89758,0x7fef6c89768,0x7fef6c89778
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:2
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:8
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1536 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2332 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1668 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:2
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2232 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:1
  2⤵
  PID:576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3424 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2720 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3664 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2300 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2036 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3964 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:1
  2⤵
  PID:308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4100 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4212 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:8
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4180 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3156 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3832 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4208 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4176 --field-trial-handle=1364,i,6243729825926345674,256571623957817952,131072 /prefetch:8
  2⤵
  PID:2948

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2100

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x488
1⤵
PID:2968

C:\Users\Admin\Desktop\mypal-68.14.4.en-US.win32 (1)\mypal\mypal.exe
"C:\Users\Admin\Desktop\mypal-68.14.4.en-US.win32 (1)\mypal\mypal.exe"
1⤵
PID:1612
- C:\Users\Admin\Desktop\mypal-68.14.4.en-US.win32 (1)\mypal\mypal.exe
  "C:\Users\Admin\Desktop\mypal-68.14.4.en-US.win32 (1)\mypal\mypal.exe" -contentproc --channel="1612.0.1970220417\992680173" -childID 1 -isForBrowser -prefsHandle MSM_15fb9a82b1f5f73f -prefMapHandle MSP_5a5d4f06969b6cc5 -prefsLen 1 -prefMapSize 182445 -parentBuildID 20240803183634 -greomni "C:\Users\Admin\Desktop\mypal-68.14.4.en-US.win32 (1)\mypal\omni.ja" -appomni "C:\Users\Admin\Desktop\mypal-68.14.4.en-US.win32 (1)\mypal\browser\omni.ja" -appdir "C:\Users\Admin\Desktop\mypal-68.14.4.en-US.win32 (1)\mypal\browser" - 1612 tab
  2⤵
  PID:1100
- C:\Users\Admin\Desktop\mypal-68.14.4.en-US.win32 (1)\mypal\mypal.exe
  "C:\Users\Admin\Desktop\mypal-68.14.4.en-US.win32 (1)\mypal\mypal.exe" -contentproc --channel="1612.4.1657553524\1053407718" -childID 2 -isForBrowser -prefsHandle MSM_05d08932f9f20d23 -prefMapHandle MSP_5a5d4f06969b6cc5 -prefsLen 45 -prefMapSize 182445 -parentBuildID 20240803183634 -greomni "C:\Users\Admin\Desktop\mypal-68.14.4.en-US.win32 (1)\mypal\omni.ja" -appomni "C:\Users\Admin\Desktop\mypal-68.14.4.en-US.win32 (1)\mypal\browser\omni.ja" -appdir "C:\Users\Admin\Desktop\mypal-68.14.4.en-US.win32 (1)\mypal\browser" - 1612 tab
  2⤵
  PID:704
- C:\Users\Admin\Desktop\mypal-68.14.4.en-US.win32 (1)\mypal\mypal.exe
  "C:\Users\Admin\Desktop\mypal-68.14.4.en-US.win32 (1)\mypal\mypal.exe" -contentproc --channel="1612.8.426980079\1857140407" -childID 3 -isForBrowser -prefsHandle MSM_b957f9e996b9d7ab -prefMapHandle MSP_5a5d4f06969b6cc5 -prefsLen 517 -prefMapSize 182445 -parentBuildID 20240803183634 -greomni "C:\Users\Admin\Desktop\mypal-68.14.4.en-US.win32 (1)\mypal\omni.ja" -appomni "C:\Users\Admin\Desktop\mypal-68.14.4.en-US.win32 (1)\mypal\browser\omni.ja" -appdir "C:\Users\Admin\Desktop\mypal-68.14.4.en-US.win32 (1)\mypal\browser" - 1612 tab
  2⤵
  PID:908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15a9791cd3348bfd2361b0bfd7968587

SHA1
c5af3d86e1c7aa2f29b058372cbd7fb659849a22

SHA256
9e8642420fbd6dcc983722ac1a1b3dbd5eb092392ca238a8de517070590c12fb

SHA512
516f0ec168db17dba30dd2c68c3d9db5f8bba436afeb9f8bb5690df1bbad02198f33aac233e247d4e727e8a44fdd91fce1dc23e667b42a2ad3ffdce5f215d52e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9c4326db5f3a7187b12eaedbaf3a726

SHA1
9f30e93456878b26f92b72e9cd1f8a523bd996f2

SHA256
6b58f06eeceb46b1704f02cef962c77ae1cf1cebb0e47a42ff063798d42d3d5d

SHA512
53b0516d4637d245e77c3b76ea62b78aa9ba5d6d478e033ef08ff0e6e71b80b123b4dda740bce0380abe66b275460570c896f34c4eba7f6db74ec6ac0265e890

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d50967da1329aa831efd6eb2127bb2d

SHA1
ea19a582467a26b5d28f241c4c9b21920d72bec1

SHA256
b1cfa257e5eef9a3b24228a1d689198ec07f3c3d516026dbab91151e8563a5fa

SHA512
8c8d6c4830c90de6cb30ed9498a09c8d58bbc8f411fdb63b18dc8fd4b3df43d635aa4f04a9161d7f5aa7e6aebbf759322611332affdc78b48a095c17590f1de3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eff921623ff043702209eb6f6ba364b1

SHA1
3fb9952ffdcbd3db7f2cda73237ab1407125ea5e

SHA256
c74ad08a4bd3b5ca02bbe4e264c6568cec3871536d55218de73c83584cd789f0

SHA512
5428d2ca2b3f89cb65531d7aab72e97e9baa9ba52ad2296382132c5fc4841e9fbff3e7511ecd81b683c22b94d32fd1cf5a5cd12ab5dd5742f1d56efcc4d8e73e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8afd3f7830de29257c06347f325e7415

SHA1
27df6eb93a4af869229c5ff7b578b2e3f57c7b1f

SHA256
6a94aea19d61c71c674dd7895c05a14bfe88bdd596fcdc837cede02074d0349a

SHA512
b9095fd0c2087c6b1aa7486a80ef7c57e217a6b73e8385401277f093d9bcad78b1d8060138cc57495043189aafdfb439dcbdbff820b4741aa17ed94cfb489011

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2a91e5968c07cc3817f67728ed362bb

SHA1
ecde90c89b49558c4d9b63ca8bbc052f2165e029

SHA256
9a396cc91ac70858f90ed252526f05c47b4b19b99f0d61e6a40b988b67f98ef8

SHA512
42ad67325ca213b1d7aabf2c14fff2293b8b3cd7a3d3f6f386687d8888006a08242a3caf567e34a9d66eef626f53dafdd9b7ca266d4a75cf94e3929ef039380e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1b082fca377deae80a237a4427586f7

SHA1
69e564c182e72e053f7d13760c6a2c6b6fcfdd19

SHA256
e330c9782daeab990dceeb91cff609510072ac012dc5c449475b6106bd4dec45

SHA512
c848f846f13e8c8ea3806fe5532aeb34f47d81af6e4306f0a1054f1b3f71f7c491ad7aa7c50a26fff35b7421d867c24089d7ec3f5bce4ae6aa8c9f7a384634af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7e69bbe01a436fb48c17c86228bd58a

SHA1
a1e8868ac3a6a2f869f8466b2cb53015a4e1d404

SHA256
7309fd80617cde3df7c79d0f5aa188f849ed29d1a0b6ababc97323eb491ccaed

SHA512
23183b4717e3b0354eb40bc68d40e27511f78bbfd823a075b237056ca2f6a680c7a7d48bbec2c8fcef3c384479f5b000b7ddc50a0652e1754a7c22245f25fae4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8100265643d89111a6f6ded38f150f75

SHA1
1e62b8036d7fa52ce03f10d96f3adebc63d7b9a6

SHA256
23817c465dfa827c0d1c5733bcaa9066de17d707ba13fba7a5f59f8776387552

SHA512
a357df8435bb6393e7616e263413946c84c95e5252f94b7d2b3502d7890bd2df0d82fac5f82bb73c23c9494552a490d8d72d34e814638a891ec2e4c43cd56292

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a7d0e3a1429da7553bd4d7358b57b22

SHA1
eba7a1f41ad8d2d1ee22fa9f99b71f49d7d5882b

SHA256
b8731663e87ea0537099edc5f09fe4852f5d856607072796f14b5b9a71036e4c

SHA512
2c69142fa0fb37aed58839aab9926932e2822f91c520498466d3e92fa656817261391b03182df9c7036a79c8ee3687e02b3dbd9b0d5d214b5d0249156525db6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26bb7066fde1a68d2c6e74f68706c989

SHA1
d2579b17a7bfbdc78f950bc3317765959114cac6

SHA256
ed9523bd15a7858b8a50e5c2ac4da94b515ace204d87c2b35e47be63c783ff62

SHA512
b3760eb69cb252c2a8816d5a2d6ff05e50477c66a975a0b997836f040a63054983bac0039c1401cb602d91ca804d726dc94ac8552aa061caa348b6b8f5f451e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98bffac867079a02ad1a6ae00c015b62

SHA1
76cd3b388bb37799a8fa4330f7e618b2e63a8c0d

SHA256
e8866a3561d630e98542934344b5c3b1cc4183e8a1db0317831794a574387c77

SHA512
511a0460ada4b31f73c8c1971f93fb8b77163832c08d5ee985972e0ea233381f665560e4c8a18068ce58c5fe969d3d2fb337130393e7a9331006c873c55acb81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d59908a665a1cf53cebedea77d26d49a

SHA1
13d5e67b508e6ff9fe619969e69de48cef453faa

SHA256
a4f7be177884b4bd564ff1a412f7927513158bae0febcb0b5f63f8309d2945f3

SHA512
5c6af15dff5b1a93403ac3546967e7cce08eae57b43ace23971a4cfbfd2a69667cdda210a9a47218b168ceb44970e0cf0b7db5c0e404cba56be49d57b9ffb6e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d98a9af7e5c19dcaaf390281b1fd5b0

SHA1
c3bbbcd2e8bca838234b984bb5e7fc42f126b7fd

SHA256
ebb09c14749b6b889301c20562659bf97e9526db4d5a285446082ecc1ecb8c0b

SHA512
ad279aefe5d1b09558819fbf27ca646d133675d560e146b892fd8804c6589d01fb22c57d296dcefc8d574adf325efac3a3647c87db7522cea9e9114574325fbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a01f5daa88f843b873759544ee101e9

SHA1
60919a8aefd5d080e2c681b97f6518922f5fbe7a

SHA256
318a2d9df3761933313f82da1e9255bec072c826f4d1698cbba613e21882e883

SHA512
ca5690e7eff2ef2c69fad69fe3b3c126854fad69fc3979bd6333b30a20d1144326cba7d4cdf4d21db0a3a19b49a72fa2395ed3ae970817746c5aebb309caccca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c327c44d4e83fa7db442828f7d012aa3

SHA1
79b60c98eabd78d8b82571ef570530636ec057b1

SHA256
54acf2cb58a1e084cd87227357489b04d55867de3b35686a62c9a057c68fbc2f

SHA512
e45751949303aafdb991a070e0c8049f2ec253895d14abd936fc60e3fe8e3bff0ecdc1af8c077bf45f50bf744c40a40f91eb1ee1464a2dc89de461901c411624

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7c1a3b470b7f6773c8c8a69ae3b7c3e

SHA1
887585a3039ed757dc7d7c12ad174d997d0488f2

SHA256
0a1aa51ee4a2b267e19ae4fe8053ce4932331b4634746e603a28fe7f053f1627

SHA512
15eb4ddca3a563e59fba1d9281ec6e2ed868d0589cff80d2094979a8c77d3795cefb4b128dfef0ec6f1a74ce542cf44e1e91e6c3907d539ba776415394967a25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
166750979bc4ec339b9033e6022efd9a

SHA1
912aa1135d8ca700fc06661a268d75d73a993ce5

SHA256
77d534bb1dcbd8f6dabb5154e4b660b33232343eeb06c74583f6e546bcadb9a0

SHA512
2489eb57036033b1d848f089875bfbb2484d4effc7a88ce4d43eba23b263e2f6fe61a6685c815e591a3da7549d68e044ded8bc6852c003e5fbd682b3f8269076

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4db904006802a017ced700235c50662c

SHA1
6996bad43debf0f7149679b78d09f85669a21c03

SHA256
0d0fa62013c9d842c5c04d58dfedb32e774be62473707048cbf0f56a50d84fbf

SHA512
c8cf3d99583af11695667d9506b27ed9a1d1db421654f08846a5bdd28e8c87a922ee342f8a09032a45f6f987cee51c9d566b78195913a9e21c21cd2d8969b586

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29ce880fd2021ebffe4c44b444561287

SHA1
6ccc10b205ac9860c38786de334845196d5f5848

SHA256
1b70c9f80d344bf5c5b387cc8fcfee93414054a7912e43238ebf2d148dc6245d

SHA512
89753f367f433a046a913f3f5b0a287b2b7af36569d0878e5dd8b8af67383db8af7fa67ac35e9c2afa5715507c6b46bb3114387d29bcc855f986c8d72cc9f4c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
20KB

MD5
654c7fac8dc0f08ff3c694e50d32428a

SHA1
700af903028b02dbc7a1cd4ce093581435dca22a

SHA256
2fa9f6cb9b44851d47dff17e270d18ebcc0703c192ad2df4b281fdbf2c82591e

SHA512
6dae6825b3e29af21bf8dd4dd2ff8438537a0c4a94228ca66845c9a49dfa8b48c74bee16fe59dfc0e5205648ece72f3cdb914c13eaec03ff6eefad267a1b1608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
efd42519fadc184d03901dff65f84374

SHA1
7445945b5b5c66d8e8b2806a6aeaa8855fd1b58e

SHA256
5bac6704cc52bcfb0a037926724235b5927ea11de6b36699360498eb3d9cc428

SHA512
50f073f92f6dfd88b4b477ca9115e37efb68305a65ea3bcd645d094d4533e650ee3292accc5205d2e217c75062c8284da096775b449e86d615597a074c0b701e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5d9cca0aafe9e4994b1470020e78ad82

SHA1
c8179b68eaffe5a18556d408d8a91f8b4e4e40a8

SHA256
d478c55d26fc002eb2cb7ee45b3f011ef4002e4de19897c169f6a222c8100be9

SHA512
f1d53e8937f69a0a548406728409ef197e13ed71b0fcfecb1588d798313045a8ed2f035247c356a36a6c845a3fcff3517495d5c418b3584ab5d91893fed473e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
af793f543e3a51f91b5a8ec2cc577bf1

SHA1
46938c72bc611c657cfa0db1ca86c40f6703870a

SHA256
0838b8572039a6e322aeb7a37253ec676d8446834e27b1352fdc9c1befd564bf

SHA512
84f9f9fb84193422a335240efe6774d7c95aaa59dd783dd75ae423ea26286482cbf107dc6eaa66c1b3706c6503f300ff8fb252082b9c9b75918f7a7b0834ae5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
9a50d517825fbf3495f2142276cd05d7

SHA1
aa2580745a34703132b940168ffb6b03ff90eb69

SHA256
2649618b0cf6e59510508ea232ed36738ae32f9c46a12e8cb96b969a20b43382

SHA512
96aa61d84ff5484317be12e6db5767bcce656223deaa3507c2b660e64b0b0d2713338519757717da0fc091b7d0fd31991e32014349537ae6a53ca4ac9c99d4f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
3323df096c4e3e795dd9f5264299c1df

SHA1
c11f43fba22fe43f7281f0a362d7d06006611f03

SHA256
1334d0d54c596bee593cbbaa7760543f7dd6dae65537ce0c25204ef918f84a5d

SHA512
7e177b00b887d3aea12e5a4460ddcec7fdb9a98906d2b173771631f22dab2e9c9f68350efa5d37e18fbda9ffb586b3973b2e1bd34e8d96ab56dcdfc399bb84ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
e75086c1d2e493b112bbad1b4c2b457f

SHA1
2afcb811894a2dc07a8896c56b723d5fdcb5e8dd

SHA256
a1744c34b69f7ecbee738d0ad1d5b610f70f951d105e09c02cfe4d0b14908340

SHA512
6797e29866b849e53947086657b90d51f06459fa3f4b01258717d3cc5c757857c5ec447e78ecad0543b2fef0329fef37d6a0f77d26e9d6c425c19dd2b86e8b26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
5ba7e52115028d7668931d8104445a82

SHA1
207062584e9fdee456d18acf3c9e991165abf463

SHA256
ec997678b9d2fad6c504e693f8ec5b624fccf6da62c2d438f6ddbaea2a3655ee

SHA512
840e1d1d65a7747dd145d9c138ef8c16aaee86fc7cfd4669e9a9d6ceb66f2be3df95508790d8e22622a8ca9b3446cec2fc634596229fa8b5775476d7e30de2af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2b64597c8b2bdf846359874b51f9c549

SHA1
044557a41cbe79b48951080f9484ca62be9331f7

SHA256
3e7b5247d1c34b55f941a4c0ab4707e1a6b106a34495c60316e1d8c8ca54a4a9

SHA512
cd4c6f37576ce97d83c1f714795232b668948950aece701c49a84b63c4f6b446ec9762339428e160aa58204a4bc0006c873813daaa15facd9687ae4fb3a1a7c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e4685225d8c9bc79d875ccd35c3350be

SHA1
5964c2730bd6ae674de29f1d936663a3b68b8d08

SHA256
63584826dcd34b842b1040766acca073de9c23071123758777600a34df1c46d6

SHA512
2ba43b089e642a2d22f9114da9f0dc8fa782b4fe4319b934f58316c01cad20f44400631ce8a7197c00c5c1bde6768fd84f5a09f42d97df622070ede606e2b4b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8ae48fa1f204c0ef74a94cbdf5900d21

SHA1
76068c6f823e430f19883814de77a79a59e1ff9a

SHA256
7ccb7acc811a2d9d79200f50399cde5a5cb9f960af943c801271f007935e6792

SHA512
de307b085eeaec025ee51c82adfadfe7c6559f27fbde040b8bcd29443a7bfe23290070229c5b2fcd5293b684deb41a83bbd51934e929cbe7dab73d09cd0bd593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2a5b1fc96345ad9e7288e62495b9f957

SHA1
e2fdd15c4145e524d6db639bbfccd57b8c4e5811

SHA256
9b09df115b4a4bb3a543afd46c3a5f273d61cb8ecdc8f0a5d8cd6830e1b6c168

SHA512
8ecb2ea9878aab72a0b3d316b85ace37d44832e751a7808497d77ad1a0d36b85716323ab208b1e2e3adacbf74b8bca24897410d6ba2c2a7d14f50691ed6ae8fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c1f9b5347ad111f822106afc4bf53cf8

SHA1
9b5341fc7c25dfdeb238eda60a182b6108129db7

SHA256
715b3c8ab6aae5a67001a404f4e1908000c84db22926cdc27353ccc4fe3a5bf2

SHA512
89835883e0c4e37ffa4920fbdbbd90ea4afa104ef8347418c8d4bf0e6fad17d7c8eb57ee2a744f429224dd0bac4334c40fbb940357e994393ae164c3e532a473

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
459751a61472fa0e6a870eb1ead24a0e

SHA1
659c391cfabcc2c26fda54d22a962356f0b5cd68

SHA256
3bd4b466f0fcb48d520f1fdf282db90d647c429ef4fefee4252f3975137457c6

SHA512
ddda7b05739c5b82c0936df194cbe95278f07aae0702381cb3c603b7767903d91db35841464e38dcdaac322b673bcb5a2ff77eba3d22b33542584102ae7d3549

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6479426dc3af3abfa3cc89ade8f42370

SHA1
74e75cd0f10fcf875ff1214e3882061911a9feda

SHA256
00b8275f13d1377ce135f2e77fd110f1b9f242d3069a1d5fc54e7a813dd8659d

SHA512
55652918d022e0202c5fb42d530fe657386f6f936d2aff8c13f525d4a756da86cd2df9864f77d2d38adf61772b275c6bc7fca7ece9473bf41b524137155cd8b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e53f8741-6152-475f-b37a-cd78ab876927.tmp

Filesize
7KB

MD5
15e13f4b48f76c65bb77b185838d60ab

SHA1
939e7cfd82c0701d1f5728567c345bf06efaa352

SHA256
f2ab3ca0ec1d6d3bfebbade92c91cc53966fe49e863c1cd13c53f03f2f8fff92

SHA512
74ef85fc1d53a4b626801290a4b4182b376bafda6769cac3db9ab1dbb5623e41b04f83e015adf834b5f70520dc76fe39136ce7855087a48c863a6e96f0600199

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
342KB

MD5
b6ee78dd73b9d87787a193d8b19020db

SHA1
7c4d5d969913fb7e79bf5dd59792cfbb5122904b

SHA256
9a3c115b206554e0e805e3967b2e2b90b4cb61fcdb03364462527381f647c694

SHA512
d1590a89ee5cf0c6e0f56fd29eca88b0900960fadba6f117c2f1fafbfb843ae8bb32a9cafc509e59dd5ac0ea05bdf1386722c5fb38a19f7209421e29b3b2f21e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
342KB

MD5
d9624202092f3ae8a750fac27ff43444

SHA1
f18bcffd93897cccf56cb98081025d043e030f19

SHA256
992b15b18828e2b0c2b4ab08a62d8166a37cdd16bc81be97273d6a484b9cbb14

SHA512
51c64716793e336a106ab96206355b18d677b041217bc683ff3f376738100b1c2fc5a60685943f9f72a39e18244472b7a5881ee80e816a0f06f603ac1a1885de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
82KB

MD5
27cb85a6868997035eae8aac1988589f

SHA1
44a0f6bfdc9f6c96f3783a766d6863e737836283

SHA256
f2d9538b3a724e8240110dd4ba9848583ab14bb870d9d1764720f187bcdf9f25

SHA512
3c733d5a36e786f34d6cb6c03a99055ab13a3aa47b09cafbde071270cd3950b809787ae66e2fe92d6e1ca11423e987376fd0adc591287ad5290aed23a00ceee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
78KB

MD5
83580413ae829ce278864107cceccd8b

SHA1
30841447da4e5d9c79d8d1082750b130b69b3663

SHA256
2b1cb3af2f0e58e6546e211a0c6fa7d4b532245b00bc5178b471047a90b9fbc1

SHA512
d5152ae6a6e4d5efb2ca0ccb7618f1d56571720eacdf21ba94cf7197e35c7ff56c431b594e62e9a6401c5e9306cdf653745eb07f44245adf17bb3d502d9dca60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
81KB

MD5
48a76631bbdf87a87270244298b9fa9b

SHA1
b57cc4a35f2ceef8fdb79265a9987f3aade60d7d

SHA256
1619e853def33ae148dc8ca56108ec450c6ac8005073aa35819ae18dc543ae05

SHA512
fe13e15cf74cabd4145b0a68cbe3e4e61af5f5b6e8d5564c7686bf8c541099eab6f4f2334bcda5879cfac5cd8762e1cc0568b6b486e8292792658b2930bbd8b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB674.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB81F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Mypal68\Profiles\MH3H7A~1.DEF\key4.db

Filesize
288KB

MD5
b65f605a5a33e524e369cabb2a80647a

SHA1
0243366abc3055946232e4318655437a71502ff4

SHA256
723be0b7ee069b0aedcea7f8c1617dc6aeb44e4df4bf6b45e554fc65cabd5368

SHA512
fadbc76e654738a7845925aad99769d365d3f97668b1db39c1a7a03a88208d611d78ea995e00ffd6d8bd9b75e9feafed21293a3ffff304341517f5551e143932

Download Submit
C:\Users\Admin\AppData\Roaming\Mypal68\Profiles\mh3h7auj.default-default\extensions.json

Filesize
8KB

MD5
3ac72c8ed188d91f70075577226ab393

SHA1
d80e6cd00170474251d507d15867c79f06582acf

SHA256
8f1c5e7f8c6635c687efe7f73d181974bcf40fd2db4543a84d82f8bff113dea8

SHA512
1576f94e0bbad9173c8163a52ddd15f49274a1c1d9e585f89ee7c94bb3cdd221efcc0f5261b7813da5b1dab888185fdd8c463322f15271dbbe49b3331de7779b

Download Submit
C:\Users\Admin\AppData\Roaming\Mypal68\Profiles\mh3h7auj.default-default\prefs-1.js

Filesize
4KB

MD5
ed96b1b4fdbfc98cfda1cb4d0b38dc29

SHA1
398144e34dd341518d1d78d72d5761abe321061b

SHA256
26d4c0a5ce2801f1fa63190c7edb1da54b921154b1401173a8624861ba56fb1c

SHA512
739c0dc21995afe4770805a910a9fa79ebff7266d732202529960e4ccfd3f0e525c3e15ac44dfd6a1048ee840c28e467a27d4631ecdd3a74346d90f71c4c86cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mypal68\Profiles\mh3h7auj.default-default\prefs-1.js

Filesize
4KB

MD5
f55da36a1f6652e459782d7ec9d1f8a2

SHA1
38cee069e62f527ce8d13fd72d3e63d3b69150b0

SHA256
2d2c69b38df12f60abf7183aeeab85f14582314d2eb4c207a8ec5b6df8c5a38d

SHA512
daf9e6843c34117f4cd5d4071eafdee222af5fe2723d9ec2e607c1cf22d25a4fdbe1d201625aef702f4c78503f2080f554c7ff05135d8e57a0208c8c10700c97

Download Submit
C:\Users\Admin\AppData\Roaming\Mypal68\Profiles\mh3h7auj.default-default\prefs.js

Filesize
3KB

MD5
f4a5368af9704c0c1932f307e493514c

SHA1
dfab235def15350ef46251718c37c349d21cdfb0

SHA256
2521e22243d6ed72ab2b1746d788c18a73d23c51b452b5390b43c0826aeeb6b9

SHA512
e3b4d24c33d61f0ee7ab89629037f2eb9e021b15c68f3d19406fee3970bab8ec13ac8501b1b5e570c2808ac68fbda81702997f4a7d80c56d972bd652da4e73f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mypal68\Profiles\mh3h7auj.default-default\prefs.js

Filesize
1KB

MD5
63d21f22d040af82524cb210952eafe1

SHA1
b61eb981717894f7f7d862cf646b6c72e5ed2a9b

SHA256
f2d85d11c2219f2115a324bcc90c94bcf73e5aa29588b7ee7263ac86cdd62dc1

SHA512
c7773ff486f2a30c1ac8d038b9ac4867b50c2c2697fe575d84981f6f3549bccf1a5503bf63524127f13ef805e6c4b71cb45327d53a42a1355462d7c689b4cc2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mypal68\Profiles\mh3h7auj.default-default\prefs.js

Filesize
4KB

MD5
b095c72729a00edb29f9da813ea2824f

SHA1
8abf444fd7f87518812510eebb11a1d8b40c800f

SHA256
58cae62f2361e7ec86226beef1c727e9cc0977428a1b39e7dfc35a53045a1bdd

SHA512
8b3df554b1b14e53d427f5b53917026a558c95ccba9760209ee002256c10216544db02ae0f2c51d3724a1904265cf2abc8fc1c56b719626b829ede555d5418cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mypal68\Profiles\mh3h7auj.default-default\prefs.js

Filesize
4KB

MD5
571a3508965dae7c5a1a91b72e9e0675

SHA1
9b87ed78f5aabcb76289f18c6de8e88eb7adfa3d

SHA256
36294186041f671978047d4c220e4d64d1cd8847ca7ceee4aa06f4c34d1841ed

SHA512
e86041ff265509a71550ea1ad8f5d6ccefcf16b7ccb3fda843a846e25a93067a70679c8582a5f76df7eb02dc707213e2bbd8e476b2079a19ea8a20147a07f02f

Download Submit
C:\Users\Admin\Downloads\mypal-68.14.4.en-US.win32.zip.crdownload

Filesize
5.9MB

MD5
c343b180cd51b8f0335ff54c7d140c2e

SHA1
ae3b86d0e3c939cc38e0b4e09a46b07bcebf50a1

SHA256
53284f08220bd8435ffd1716c2a77122c3e5928ea83d8aa45d8c2eac0c1575c8

SHA512
8ec687fed3be1e2d0fb7f825c1ed7db3b78325232bf8eff82dc76965ce72446a450cfab85661273da45c7d6023e6cb4b99390f5050092a4c086923e2dbb8d8c3

Download Submit