af677147cc70f0cadd4273c60aa5bb7e7a906119f6f8d09ee092f0350660d064

Analysis

max time kernel
329s
max time network
331s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-11-2024 03:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DOXBXM.apk
Size

2.0MB
MD5

a2a22f9e41c88a0dd67c8948d1a2b646
SHA1

7759431b4d922d1b13d8adaeb51cbf4a0879c8a3
SHA256

af677147cc70f0cadd4273c60aa5bb7e7a906119f6f8d09ee092f0350660d064
SHA512

7afac6209273402afc9e77b0d327f0af61f3fef3f0d0de9484492363af1158cce6716767136db3b04b0d11ac50cc33bdf2d229c6622f6104c09f8fe4f6393412
SSDEEP

49152:fqP4NQ/n9xyTwy53m0ZTC2XB+tDNZN1IavOho1bwo18TplP:yP4NAQwt0tZR+tBZNUhcwDP

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

174 raw.githubusercontent.com
175 raw.githubusercontent.com
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
174	raw.githubusercontent.com
175	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133750781386820428"	chrome.exe

Modifies registry class 2 IoCs

Processes:

cmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

4736 chrome.exe
4736 chrome.exe
4352 chrome.exe
4352 chrome.exe
4352 chrome.exe
4352 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

4736 chrome.exe
4736 chrome.exe
4736 chrome.exe
4736 chrome.exe
4736 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

4136 OpenWith.exe

pid	process
4136	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4736 wrote to memory of 4060	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4060	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4544	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2616	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 2616	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 4856	4736	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\DOXBXM.apk
1⤵
- Modifies registry class
PID:1268

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe3123cc40,0x7ffe3123cc4c,0x7ffe3123cc58
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1536,i,115756864677853202,5505443769950900797,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,115756864677853202,5505443769950900797,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,115756864677853202,5505443769950900797,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2240 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,115756864677853202,5505443769950900797,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,115756864677853202,5505443769950900797,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3676,i,115756864677853202,5505443769950900797,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4748,i,115756864677853202,5505443769950900797,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4800,i,115756864677853202,5505443769950900797,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4884,i,115756864677853202,5505443769950900797,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4876,i,115756864677853202,5505443769950900797,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4416 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4920,i,115756864677853202,5505443769950900797,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4760,i,115756864677853202,5505443769950900797,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3364,i,115756864677853202,5505443769950900797,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3500,i,115756864677853202,5505443769950900797,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\TheTrueDestruction.bat" "
  2⤵
  PID:1552

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2720

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\48f5edd7-4e68-45e4-871c-7fcc8e3b75d9.tmp

Filesize
9KB

MD5
645a4feae01959405fdbcd46859333e5

SHA1
eaed901241888941c30f73cbe930ebdc0300ab84

SHA256
88b6bd67c7fda249ac83c4363663cac3ba5826e317448af661878ac1cd62528c

SHA512
7219c895646d6cacb672292fd6603377c6cff751d79e27cd0fe8ff1e40298ea43f6fa614d9c15a7d330602b278931d8aae9349db12122e7269d8cc288cfb1988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4531d803a79a73e24cae83fe7a2bb7ba

SHA1
b2bf5be9593d7cfb4f4a1b0e605b1c6ff1f7d9ac

SHA256
df2d07169e23baea1e06d50b6ad97e1b9736a0ebd39503fb2e8727d1acb6e923

SHA512
b170a48e169ecde8bf67a5c33f3a6e9bdca0724b6e7eace48642b189db90f4034012f96c5396a5de27963f8e0a47c2d93807ea6d8bdc4c37909a2857bc398997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
28d0f2141e327a41d63fdab8528d584b

SHA1
5e6a1711f75019b049fb741c036599b84a6af785

SHA256
1e9b31ea5b73c5965d6c87ec99390d6b6c56b5c67da76fdc2f91a7a9a3999a7f

SHA512
97fa9c0deeb545cc38acc6a2fa1a4bb75f0dadf3bb82903d260b772fdf782a5dfd0813fbf03ae0b19d100d9fb8e6cba2eabd71731308b443762addf36c896801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
08922f980ff72726d9a9a475c4217b88

SHA1
1e91b20059a268dda7daae0a24855aa7d2145410

SHA256
bbfc665ef876a81a78ce4917d8b9cc4cceacd1507fab71ee5f44e1eaa67cae7f

SHA512
7a2663eaefdaef8045763650bb4deee75beb2221c8f5613fc3403a10b3a287ec2e4111d9180ef26b7cfbce6673c7af18456ae7e32535c8a91407ff035e88d29e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
8e223249bcb5fa4ae3c3c7df652556e7

SHA1
c3fcb4e1ad2e03a7dafa85c360d13774ef03e0f3

SHA256
dbfb5507643ecdf5fea1ed082797e0a9704426aa1d56f9e3ba8ceacce54dadf4

SHA512
5f20968858ded4c6a7e831fb2dc6d31a0c2a8ea49c934bbb8e4ba3774ee12f7b349e020356ae7ccf307cc587e4be7cdc18e2219a425f3e16b282e3394980d7d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
1422511efa49dc6fd5ccd0eb783376d9

SHA1
8311f4ce022879fb049cc8e8ba69bc7fbf7b5209

SHA256
f337a3da8a7a308ba7e8153f22bf687e2547aeebe358a5d0714c24f5357245ae

SHA512
c577c175839edf127a9ca77d0a5e20746a270897314d4dd6bcc290a2e29a7d9c9afa0ea856fabc6832e5efa0bbfd9b40181140569086bd89597e064a639a3edf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
44a7d0b754c81ea29f4e86165f9b1b41

SHA1
222e5540afd7efced127e89b521e83c29b9b4596

SHA256
c1c90527ee153828ffa8416684dd3109a8805516a98ef2b5d6fd2b929c2fc573

SHA512
f18f849fb30d71247abb7f1b0018727a49a11a69d54cc3d7efda14c89e448feea9b502d65bc243e4123a3a35f947cc8cd80c83e51f3485c64ce39a7cb89b520c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
51b7c2d7bc4f139c3ab51978061a9ebe

SHA1
3297e0dbe16cfb29b126085479b0b84d304b9a99

SHA256
108bdc2919078b2f7c9fce66e211bad35657ecf26595de06ad47f0d8690a7805

SHA512
1f5ef692a5112c76f1c09790f1eb8a14ec24eced373165007435663fc0434201e8e252d044999c359cbfc87f0e312fb5c3de9aeb4f0f6576106b221fd52d8237

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a5fe32e7731326d047a9347b0fa85523

SHA1
ae2aca2f5efe2f71334ce2be1083837e89af0613

SHA256
998d699f707e902899de885ffde9485bc5838fd631172bfd1e7f500c3a518867

SHA512
36d108cca014e672691d1a2058f98fe4e022b0dc2584cf17a99a8d9995c9d8a03b74feefc8da6192b5bafdb3d13061836eb96417ace5008842ff2f697c3eff38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d1a90739d32d0ee2e8db702c48749dde

SHA1
eddc7f9895c83997e6936fec18136ab0faaf1169

SHA256
65adbb1abd79019c50c29324c63d7814f5f02565ee51f265fc57de53ddb167aa

SHA512
b7cab1a23ef3ef81d8e2e8e64fc0b20fe521b063e1be75d5f7db474f93ec53d46aa8c02e398c73688b629fe351dfae478ca2854d6db89021fe6a35584e353a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f37911ddd2cfafd6f414ecb9f65b35e6

SHA1
c12e98b9bb599b9354c30d77bf6ed57fe6d0f9e7

SHA256
6de778aa6d15f4c42b6034f1339bc951439ccc147cf735eafcd2431fc87ee263

SHA512
4dab6ed7da12404b171227a9cc5af67d05dac8737736fc999e6f8b012dff1f8a5f6355fd38b1f923ba565ef344209ef9f991e7ed7ef9b0e8d54147d077c2073c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ed476d0dd78b4ce7f2463fffd928c66c

SHA1
13f5999df227db081c8e25bebe1a61cffcd025cf

SHA256
46122f765e40a4a9d558fd7745a63012804de4b6c06a0dbc763f8a34f226f8e3

SHA512
d53df653bc41a950f0bc1ac57cbf74107d40f8a26113023ad343b0aab0249fe8b3bc55687cc1258e079f4b522b3fab990a0d7a5dd26b75f9f902c49a15a42f88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0719073731739a2e41bedc3bd53a3ce8

SHA1
b36aaa1af4d7e92213efeae90c23f866905d1635

SHA256
ec8067fb48ef7ce0cbe2bc9f6b06c0b2677e5642cd87177f76753a9b5102ba06

SHA512
f3effd4033461390cb9cdc70e3278dea1822389d2ef7db53e7babef37bb07a6def11486635d2b1b25519e712880a5b3cd02d19055a35f3b0f65c5e33b49b043c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6ecc70456e9f846ee22665030dc15b5e

SHA1
7a6d15ec3da35b8f6545b39977c0c7ccbb4054de

SHA256
819b955e874174089b2938d8533a6151c0cf2fc3ca51563b383a9484bc45a6e9

SHA512
787897e7de701a7ab5a9eb246d66ae2424cf34a13709c425dfbad9ab0ebe9b24338b44f0488fb78dfa28f0a65848662746677dbfb1319af01d308621a7f28707

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b893f30e5d3ed6f8ba27afe9d3ff818f

SHA1
976a6607c0f3f8662ebcbcdaa085dc8c7b1edc79

SHA256
5c00973377a673eb7ceb6b43f4c704dc0dceaa8730d09940ae4cfe6b7218a1fe

SHA512
fa682ebc3f4ced94183a349935ececa20838123762dfe16a2cd99661c59739c2832c4a4c27d22eaa5ee63ae3d85e60e0a5bc33c82769679176cecfd94ff095df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f5156aa8c925244f1c55482cb3fd12b2

SHA1
3668a2dc112e3a50772d1ac51910c9b98fc58ad4

SHA256
c880d895d72ab3f647e1eadae4f2dc83859084bf5c8278640bcc5191d9adda30

SHA512
824b5e2b2c0c3afa2704251f4ca0cceedd5ce667b7eda7b406e3d7d8f2a11a776bfeb1f6b9d4f0fed9c56cd4e21f4e1be0e0c4be00e7bb1db392b7a746858e2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\fb21f578-3fd4-4e43-8091-1e90e6a0f01b.tmp

Filesize
1KB

MD5
3497ea92186e8b23111cf1ae3f62d3d7

SHA1
4cf21b8b12753e6b4a5d86c2035e782e5652ed49

SHA256
9c33dd027dc6ec9d8d642529860f28c97a796d2d2d67d2da1a3a327f99a11984

SHA512
d9a1345d3d757ffcdd3bb82319b34984b9c31a0803eb18e77a2051744a1f7be7cf39134ef36b55ebdb11c469603dc0e416163d0c977cc8cdd8018d66dd4ae3ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5fe100415a49928ad27925397d4ac27a

SHA1
0804e88eaf20dd9569c445b3b7d2254ea4f04208

SHA256
4f2f4f30e729471921d0c4d38213b5bfc74212e9a61b0886ed9d4101918bd722

SHA512
8ccee63d9a14ff865e1c620c9092a4c70221c3c10638adb1ec9609e3c1132184b4c01e3048e35438fbed61c5b5781f6b5eb97eca80adf843d71b1f8fa3a0bc8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
efc14742e26bae8d4f0a61339521e455

SHA1
fe5554098db874835caddfaf20f18e0b548beb4f

SHA256
315a1d8bfb9996b2aa94413ef84ec69f38d770eb63492d4903da3654e888e7b8

SHA512
b8b7e3213c7b76e6ddfd3dcb5dad6c02194b0f518756498e6e82edd18e3d56c113a25f06b82b8c61ba1639f6f74911a8314fe1aee173a2babe5f677cc1f6a51f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6aa12d4e83efb70f571098512ce79220

SHA1
1ef3684a9395a709eaa48e257935b3161b18825f

SHA256
7ee348e258ad8360a5aa90db48047a5d3dd14823ca8cd80d1f12bc3dc2f33338

SHA512
ca0f3ddba03940506c889452a21336e31746847039d2c7c52bcd897ed9f37f6b1afaf9c40450d039ac4da545517acdfd82e58f6f60a2a112d7450e81b90df3f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0fdc5562ca7d7a8732f59a86e8bf6469

SHA1
b49e261ec4c6714fdd9a4d46d31062ac5f1a2002

SHA256
1beb534889ebc093072e364ef0c5acf9c306215fea4ec00d3261e6c2ec3e60bd

SHA512
31f3ad8e58d456de513f793146d15f8f94e123e010a98936dbb97353c72c8fc56e953d3a463e79494b1042a80172acef02d085caa89c4ca7badeb131483fa245

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
74cdef86743817ac5204fbc2b17f4509

SHA1
53d8f1fd9b0007d07818019b17ccd67dfb4dc89a

SHA256
4b7eaff5dd970acb7167e5b19b22597ca1d42a18f969032ca144d13292e40743

SHA512
af42e355ca246bb454ecabd8cf9915f595950ad72d7c8971ddc559759a542b7bc51e55203c1ecc0dc6a213e0a64caeaab04dba5352e6f45dc24bf4b8607d100e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
08aa958eb547e5019e17e6486628304e

SHA1
488ef3b2d1a43f3d252f3ad18cf56d852271a9b8

SHA256
093ab43a8c91f724146486b56c66f52cbd415f2eb1eed4f9d373aac86affafa6

SHA512
c1b8e09731911125bf2c86d683199a5938b04e62e91fe017826beb00555c45fd76b46750f432a838ceb781b31fb7c6058d7ce7c62ff4830c0c2cc7df92d1c155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
324bf99c390e3140c15ee7e9bcb8584c

SHA1
33dd1ae9cdfeda667c07ec0115f7b4e02eea8aed

SHA256
75e9e0202aab35eb7fad96b6d872933a851e9bf7f0bd53c16ec41da330ae8ba3

SHA512
6cfb3acd1d1fd91c4d1faf5536180c0e3fa3b5ba0722d75ab127580d90e87be8168af912ee46a25871121323fb8cdba29ede075b0fd5e43b0b1605d41f4995e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2fde19014c43243a1fa877ec908c5865

SHA1
893cb9585417b72e46e5dbd3e5144011e6139ded

SHA256
fc628e439bf6774c90ba915e75d646af7ea9e9277740acc5012330a4d972073e

SHA512
e8186ea60b463e3b987fc8b68c9b874243eca77ed18c2121e8fc3bad141fb966920f590ecdb9824edb867a7afd5a0721e5da66c2e6d22970c208b6b830d33fea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2a9028e4d31075a1beda5670b8ce43dd

SHA1
b07995157bf3dea9127d2209cf2d9b321433ac50

SHA256
bda423826df9a81c33e7e5cb4be0e016af108b4996e2850cb874275f94ad00e1

SHA512
4e50e3c951949adbc419e8da3b0d79d31ca68fd93273c2339ded100c856a42a3295b1290e04f0a83544873387dd2d3b7b8c77e98cb62b129dfd3a25bfd4ac2dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
868e5b3ca9750d76e62d6944fbdd8bed

SHA1
1f041ebd53bb510bdfba9d8da9fe5473a79e0e7a

SHA256
928afa9fc00643370368ee1797303f8dbefada5a7e6f6edbac7402ecc4d03dbf

SHA512
a60707c3517e67177bcd76a6de6470bcec4750526b65066d539285e63f428d662701d23845e97519eba90660f591f74b867bf8daae78af3ec366446308d5a548

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4a7ce0b5bee7cd3e28315da9d89cf161

SHA1
ff6a1f887abc7783b80af64fe11f882b155ce8db

SHA256
1cf321789fc0d5d271530f094f7a97383da823779eb685f4bdb2dbd237a420ed

SHA512
89c4f233f0ca343c68c8536d4869e29d0c01196758d73a47890738438ce19aba8e22f9555833540f410ce51f9e96c18391bcb5238177147f484b3dc7702759a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
918718c301c01edc06d5bdd8c4499216

SHA1
88ef398be39697a78876888ec8a02ebc96e71daf

SHA256
1ddf23587958df042c9b62b0cf733f00d3153ea72d609b3c310513e06707212d

SHA512
d85426e2bd10bb48d9bcae9fde6d44ddfc933ccb21960b00131ba691c7877963f0553de82e828731918fc4c9f8f12c04a9b77271be5feb900e82463dc71790ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
35fa677b9011e814fb8bd87910e5e04c

SHA1
2eeb65d8cdc9b38ca3c3737a4d06de1bd0188ff1

SHA256
3e8035a59cffa28284cf2d33f1fcdb172c88ad0a22650ba6e0f456c3287b6a66

SHA512
7747a6d69570b30e283d8f61594c27716589abdfa76d10013761d69019148e9b684d7f495167f1ef0cde02188b159a5eff9b43652b548a64c1b00e061cba1798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1f126b8543b81dd26165fb39d3dcbbdb

SHA1
5a1c9eaf9c2fbe2ed0118dd485846d16592c2a79

SHA256
96c630b209890e0cbc9d3f7561a973d4eac1523912d2c62e46ad655ba4672855

SHA512
192914e214d71df7295b037db916e7dbffc11ae7d00ab3c320691ca1b6dd5b510fad682230ee5c3be3a5d84d4c695b18fffdc541d88e193a0ea10d9b0a960c2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a32fa37b-2385-4c20-b928-10976f3f8e81.tmp

Filesize
9KB

MD5
12ae413a8bf6f6ce28a972e567da0090

SHA1
1c86ab01d4a4195612e798873c6560cd1d90c725

SHA256
2453d000dbf6c33a13996f7af27d0973ee284db575c0c9f9ab20e330cd0f8979

SHA512
ec6adf0cd6eb7953ae66cfe0a4b35dc7fb8dc084d858c891dd368dd067ad4f9508f6ecaba086aa68eff33b4d4a4e5a368b23c26eb0093cc38dad561056f5e343

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d94c858e-a32f-4eed-a92c-5d2080313297.tmp

Filesize
10KB

MD5
c54e783e8ae6de7c345fc14d34f2c004

SHA1
c8af0f1a8420d3b6b5e7ee9d6b21f178832d72cc

SHA256
54c08304c258e6852505f446d909bb39704027c24899109ffbf9464dc80c6ac3

SHA512
8a1adec1e8ce242fbf1e94411ecbf5bffc254f40861250e6d811ba02d4d52973c2a059ff27f5633a4b8b9166c94dc60bf70e7a68b855800fd5fc9186669be306

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
229KB

MD5
8451491fd77ec4eaa9e156cf2c5fdbab

SHA1
8c15b544248dadc4d47c9a5fc728b53f8ce8657b

SHA256
d114288c59ca6d415c5d3b453a20c7530048513621e48e0390bf8f34174607b4

SHA512
bf593e76fc29f11fba2c1c08d6e3b3af21791ae37aaec574db1b4ece0f44f432af6ea577a30b6c83c0fedcdc524360d676271d14ecadb1f23df2584d226a5b6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
229KB

MD5
e075876f4bdd14b93027a55618031521

SHA1
1aaaaff3470a3f74189b86fbadddff431aef5b95

SHA256
ec0fcb5eb4b9f5b6c18838744711a647833fa14bccf21fd876be4e78ee090bf8

SHA512
945bf29623246f8bb6f1f2f8a2367fabbdb5f55e975ae4d474b812e115af60442d78179dbdea0c4a87e084c907d3ce71e7b5333814dea70991be3bc798168592

Download Submit
C:\Users\Admin\Downloads\TheTrueDestruction.bat

Filesize
62B

MD5
bda363b254a5563546ca0ddcf12c4d3c

SHA1
ee7f46a606c56cdf1bb47cc782d50a177b4cdf5d

SHA256
dd3d3cf4f0895004fbdba95189596c983f943ba53dfdc10c83567a10c4d53f1c

SHA512
1faa2077a4f9cd334c85e16598d711fb3c50c729814cf52ea6a660948172cb012b7148f371f981a83602a3124dd7a0277dda677488e26f075a92a7445e7ec595

Download Submit
\??\pipe\crashpad_4736_LKUVFXFBZEZWNTDF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit