www.trendmicro.com
Open in
urlscan Pro
23.32.242.31
Public Scan
URL:
https://www.trendmicro.com/en_us/research/23/e/investigating-blacksuit-ransomwares-similarities-to-royal.html
Submission: On June 01 via api from DE — Scanned from DE
Submission: On June 01 via api from DE — Scanned from DE
Form analysis 1 forms found in the DOM
<form class="main-menu-search" aria-label="Search Trend Micro" data-equally-id="equally_ai___2QMIZ">
<div class="main-menu-search__field-wrapper" id="cludo-search-form">
<table class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<input type="text" class="gsc-input-field" name="search" title="search" placeholder="Search" aria-label="search">
</td>
</tr>
</tbody>
</table>
</div>
</form>Text Content
Business
search close
* Solutions
* Platform
* Trend One
Our Unified Platform
Bridge threat protection and cyber risk management
Learn more
* By Challenge
* By Challenge
* By Challenge
Learn more
* Understand, Prioritize & Mitigate Risks
* Understand, Prioritize & Mitigate Risks
Improve your risk posture with attack surface management
Learn more
* Protect Cloud-Native Apps
* Protect Cloud-Native Apps
Security that enables business outcomes
Learn more
* Protect Your Hybrid World
* Protect Your Hybrid, Multi-Cloud World
Gain visibility and meet business needs with security
Learn more
* Securing Your Borderless Workforce
* Securing Your Borderless Workforce
Connect with confidence from anywhere, on any device
Learn more
* Eliminate Network Blind Spots
* Eliminate Network Blind Spots
Secure users and key operations throughout your environment
Learn more
* See More. Respond Faster.
* See More. Respond Faster.
Move faster than your adversaries with powerful purpose-built XDR,
attack surface risk management, and zero trust capabilities
Learn more
* Extend Your Team
* Extend Your Team. Respond to Threats Agilely
Maximize effectiveness with proactive risk reduction and managed
services
Learn more
* By Role
* By Role
* By Role
Learn more
* CISO
* CISO
Drive business value with measurable cybersecurity outcomes
Learn more
* SOC Manager
* SOC Manager
See more, act faster
Learn more
* Infrastructure Manager
* Infrastructure Manager
Evolve your security to mitigate threats quickly and effectively
Learn more
* Cloud Builder and Developer
* Cloud Builder and Developer
Ensure code runs only as intended
Learn more
* Cloud Security Ops
* Cloud Security Ops
Gain visibility and control with security designed for cloud
environments
Learn more
* By Industry
* By Industry
* By Industry
Learn more
* Healthcare
* Healthcare
Protect patient data, devices, and networks while meeting regulations
Learn more
* Manufacturing
* Manufacturing
Protecting your factory environments – from traditional devices to
state-of-the-art infrastructures
Learn more
* Oil & Gas
* Oil & Gas
ICS/OT Security for the oil and gas utility industry
Learn more
* Electric Utility
* Electric Utility
ICS/OT Security for the electric utility
Learn more
* Federal
* Federal
Learn more
* Automotive
* Automotive
Learn more
* 5G Networks
* 5G Networks
Learn more
* Products
* Cloud Security
* Cloud Security
* Trend Cloud One
Cloud Security Overview
The most trusted cloud security platform for developers, security
teams, and businesses
Learn more
* Workload Security
* Workload Security
Secure your data center, cloud, and containers without compromising
performance by leveraging a cloud security platform with CNAPP
capabilities
Learn more
* Cloud Security Posture Management
* Cloud Security Posture Management
Leverage complete visibility and rapid remediation
Learn more
* Container Security
* Container Security
Simplify security for your cloud-native applications with advanced
container image scanning, policy-based admission control, and container
runtime protection
Learn more
* File Storage Security
* File Storage Security
Security for cloud file/object storage services leveraging cloud-native
application architectures
Learn more
* Endpoint Security
* Endpoint Security
Defend your endpoints at every stage
Learn more
* Network Security
* Network Security
Advanced cloud-native network security detection, protection, and cyber
threat disruption for your single and multi-cloud environments.
Learn more
* Open Source Security
* Open Source Security
Visibility and monitoring of open source vulnerabilities for SecOps
Learn more
* Cloud Visibility
* Cloud Visibility
As your organization continues to move data and apps to the cloud and
transform your IT infrastructure, mitigating risk without slowing down
the business is critical.
Learn more
* Network Security
* Network Security
* Network Security Overview
Expand the power of XDR with network detection and response
Learn more
* Network Intrusion Prevention (IPS)
* Network Intrusion Prevention (IPS)
Protect against known, unknown, and undisclosed vulnerabilities in your
network
Learn more
* Breach Detection System (BDS)
* Breach Detection System (BDS)
Detect and respond to targeted attacks moving inbound, outbound, and
laterally
Learn more
* Secure Service Edge (SSE)
* Secure Service Edge (SSE)
Redefine trust and secure digital transformation with continuous risk
assessments
Learn more
* OT & ICS Security
* OT & ICS Security
Learn more
* Endpoint & Email Security
* Endpoint & Email Security
* Endpoint & Email Security Overview
Protect your users on any device, any application, anywhere with Trend
Micro Workforce One
Learn more
* Endpoint Protection
* Endpoint Protection
Learn more
* Email Security
* Email Security
Stop phishing, malware, ransomware, fraud, and targeted attacks from
infiltrating your enterprise
Learn more
* Mobile Security
* Mobile Security
On-premises and cloud protection against malware, malicious
applications, and other mobile threats
Learn more
* Security Operations
* Security Operations
* Trend Vision One
Security Operations Overview
A cloud-native security operations platform built to empower security
teams
Learn more
* Attack Surface Management
* Attack Surface Management
Operationalize a zero trust strategy
Learn more
* XDR (Extended Detection & Response)
* XDR (Extended Detection & Response)
Stop adversaries faster with a broader perspective and better context
to hunt, detect, investigate, and respond to threats from a single
platform
Learn more
* Threat Intelligence
* Threat Intelligence
Keep ahead of the latest threats and protect your critical data with
ongoing threat prevention and analysis
Learn more
* Small & Midsized Business Security
* Small & Midsized Business Security
Stop threats with comprehensive, set-it-and-forget-it protection
Learn more
* All Products, Services and Trials
* All Products, Services and Trials
Learn more
* Research
* Research
* Research
* Research
Learn more
* About Our Research
* About Our Research
Learn more
* Research, News, and Perspectives
* Research, News, and Perspectives
Learn more
* Research and Analysis
* Research and Analysis
Learn more
* Blog
* Blog
Learn more
* Security News
* Security News
Learn more
* Zero Day Initiatives (ZDI)
* Zero Day Initiatives (ZDI)
Learn more
* Services
* Our Services
* Our Services
* Our Services
Learn more
* Service Packages
* Service Packages
Augment security teams with 24/7/365 managed detection, response, and
support
Learn more
* Managed XDR
* Managed XDR
Augment threat detection with expertly managed detection and response
(MDR) for email, endpoints, servers, cloud workloads, and networks
Learn more
* Support Services
* Support Services
Learn more
* Partners
* Channel Partners
* Channel Partners
* Channel Partner Overview
Grow your business and protect your customers with the best-in-class
complete, multilayered security
Learn more
* Managed Service Provider
* Managed Service Provider
Partner with a leading expert in cybersecurity, leverage proven
solutions designed for MSPs
Learn more
* Cloud Service Provider
* Cloud Service Provider
Add market-leading security to your cloud service offerings – no matter
which platform you use
Learn more
* Professional Services
* Professional Services
Increase revenue with industry-leading security
Learn more
* Resellers
* Resellers
Discover the possibilities
Learn more
* Marketplace
* Marketplace
Learn more
* System Integrators
* System Integrators
Learn more
* Alliance Partners
* Alliance Partners
* Alliance Overview
We work with the best to help you optimize performance and value
Learn more
* Technology Alliance Partners
* Technology Alliance Partners
Learn more
* Our Alliance Partners
* Our Alliance Partners
Learn more
* Partner Tools
* Partner Tools
* Partner Tools
Learn more
* Partner Login
* Partner Login
Login
* Education and Certification
* Education and Certification
Learn more
* Partner Successes
* Partner Successes
Learn more
* Distributors
* Distributors
Learn more
* Find a Partner
* Find a Partner
Learn more
* Company
* Why Trend Micro
* Why Trend Micro
* Why Trend Micro
Learn more
* The Trend Micro Difference
* The Trend Micro Difference
Learn more
* Customer Success Stories
* Customer Success Stories
Learn more
* The Human Connection
* The Human Connection
Learn more
* Industry Accolades
* Industry Accolades
Learn more
* Strategic Alliances
* Strategic Alliances
Learn more
* About Us
* About Us
* About Us
Learn more
* Trust Center
* Trust Center
Learn more
* History
* History
Learn more
* Diversity, Equity and Inclusion
* Diversity, Equity and Inclusion
Learn more
* Corporate Social Responsibility
* Corporate Social Responsibility
Learn more
* Leadership
* Leadership
Learn more
* Security Experts
* Security Experts
Learn more
* Internet Safety and Cybersecurity Education
* Internet Safety and Cybersecurity Education
Learn more
* Legal
* Legal
Learn more
* Investors
* Investors
Learn more
* Connect with Us
* Connect with Us
* Connect with Us
Learn more
* Newsroom
* Newsroom
Learn more
* Events
* Events
Learn more
* Careers
* Careers
Learn more
* Webinars
* Webinars
Learn more
Back
Back
Back
Back
* Free Trials
* Contact Us
Looking for home solutions?
Under Attack?
1 Alerts
Back
Unread
All
* Webinar: Trend Vision One Demo Series – Risk Scoring
close
Save your spot >
Folio (0)
Support
* Business Support Portal
* Virus and Threat Help
* Renewals and Registration
* Education and Certification
* Contact Support
* Find a Support Partner
Resources
* Cyber Risk Index/Assessment
* CISO Resource Center
* DevOps Resource Center
* What Is?
* Threat Encyclopedia
* Cloud Health Assessment
* Cyber Insurance
* Glossary of Terms
* Webinars
Log In
* Support
* Partner Portal
* Cloud One
* Product Activation and Management
* Referral Affililate
Back
arrow_back
search
close
Content has been added to your Folio
Go to Folio (0) close
Ransomware
INVESTIGATING BLACKSUIT RANSOMWARE’S SIMILARITIES TO ROYAL
In this blog entry, we analyze BlackSuit ransomware and how it compares to Royal
Ransomware.
By: Katherine Casona, Ivan Nicole Chavez, Ieriz Nicolle Gonzalez, Jeffrey
Francis Bonaobra May 31, 2023 Read time: 7 min (1965 words)
Save to Folio
Subscribe
--------------------------------------------------------------------------------
Royal ransomware, which is already one of the most notable ransomware families
of 2022, has gained additional notoriety in early May 2023 after it was used to
attack IT systems in Dallas, Texas. Around the same period, several researchers
on Twitter came across a new ransomware family called BlackSuit that targeted
both Windows and Linux users. Additional Twitter posts mentioned connections
between BlackSuit and Royal, which piqued our interest. We managed to retrieve
and analyze a Windows 32-bit sample of the ransomware from Twitter.
In this blog entry, we analyze BlackSuit ransomware and how it compares to Royal
Ransomware.
ENCRYPTION AND LEAK SITE DETAILS
Before delving into the main comparison between the two ransomware families,
let’s first examine the encryption and leak site details of BlackSuit.
BlackSuit appends the blacksuit file extension to the files it encrypts, drops
its ransom note into the directory, and lists its TOR chat site in the ransom
note along with a unique ID for each of its victims.
Figure 1. The BlackSuit ransom note
Its operators also set up a data leak site as part of their two-pronged
extortion strategy to coerce victims into paying the ransom demand. Note that
there is just a single victim currently listed on the leak site as of the time
of writing.
Figure 2. The BlackSuit TOR website
COMPARISON BETWEEN ROYAL ESXI AND BLACKSUIT ESXI VARIANTS
One of the BlackSuit ransomware samples we analyzed is an x64 ESXi version
targeting Linux machines. An earlier post on Twitter revealed that YARA rules
designed for BlackSuit’s Linux variant matched samples of the Royal ransomware
Linux variant.
After comparing both samples of the Royal and BlackSuit ransomware, it became
apparent to us that they have an extremely high degree of similarity to each
other. In fact, they’re nearly identical, with 98% similarities in functions,
99.5% similarities in blocks, and 98.9% similarities in jumps based on BinDiff,
a comparison tool for binary files.
Figure 3. Comparison of the Linux variants of BlackSuit and Royal ransomware
Further analysis found that BlackSuit employs command-line arguments that have a
similar function to those used by Royal. However, there are some differences:
The strings used in the arguments are different, with BlackSuit also including
additional arguments not found in Royal.
Royal Argument BlackSuit Argument Description -id {32-byte characters} -name
{32-byte characters} Used as the victim’s ID, which will be appended to the TOR
link found in the dropped ransom note. The process exits if the argument is not
provided, or if the provided characters do not have a length of 32 bytes -ep
-percent {0-100} Used to define the encryption parameter -path {target path} -p
{target path} Used to specify a target directory to encrypt (Not in Royal)
-thrcount Used to create a specified number of threads depending on infected
machine‘s processor count (Not in Royal) -skip {text file} Used to specify a
text file containing folders to skip -stopvm -killvm Used to terminate
VM-linked processes via the EXSCLi command -vmonly -allfiles Encrypt all files
(Not in Royal) -noprotect CheckProcStarted /bin/sh -c ps > PS_list
does not drop the file PID does not check if the process has already been
started -fork -vmsyslog Used to create fork processes and terminate watchdog
timers Does not terminate processes with the string vmsyslogd in its name -logs
-demonoff Used to display terminal logs
TABLE 1. A COMPARISON OF ARGUMENTS FOR THE LINUX VERSIONS OF BLACKSUIT AND ROYAL
Figure 4. Creation of threads based on the value of “-thrcount”
Meanwhile, the skip argument is used to indicate a text file that contains a
list of folders to be skipped.
Figure 5. The “skip” argument used to enumerate folders to skip
During file enumeration and encryption, each respective ransomware family avoids
files with the following extensions and filenames:
Royal BlackSuit
* .royal_u
* .royal_w
* .sf
* .v00
* .b00
* royal_log_
* readme
* .blacksuit
* .BlackSuit
* .blacksuit_log_
* .list_
* .PID_
* .PS_list
* .PID_list_
* .CID_list_
* .sf
* .v00
* .b00
* .README.BlackSuit.txt
* .README.blacksuit.txt
TABLE 2. LIST OF EXTENSIONS AND FILENAMES SKIPPED BY BOTH BLACKSUIT AND ROYAL
BlackSuit ransomware targets the following extensions if the –allfiles argument
is not provided:
* .vmem
* .vmdk
* .nvram
* .vmsd
* .vmsn
* .vmss
* .vmtm
* .vmxf
* .vmxf
* .vmx
INTERMITTENT ENCRYPTION PROCESS
The binaries for both BlackSuit and Royal use OpenSSL’s AES for encryption and
employ similar intermittent encryption techniques to accelerate the encryption
of the victim’s files.
Figure 6. Preparing the file for encryption
Both BlackSuit and Royal prepare the files for encryption by rounding up the
file size to the nearest multiple of 16, after which 41 bytes are added,
possibly to account for the encryption header and other metadata.
Next, a check is performed for the file being encrypted to determine if it has a
size that is greater than 0x40000h (approximately 262KB). If this condition is
met, it will use the value set using -percent, which is represented here by the
i_ep variable. If not, it will use the default, which is 100.
Figure 7. Calculation of bytes to be used for intermittent encryption
The number of bytes to be used for intermittent encryption is then calculated
using the same formula found in the Linux version of Royal ransomware:
* N = (X/10)*(Original File Size / 100) then round down to multiples of 16
Where X is the value of “-percent”
The file size is again checked to calculate the amount of space to be allocated
for the data and metadata. Finally, the keys to be used for encryption are
prepared.
Figure 8. Preparation of the keys to be used for AES encyption
Figure 9. The BlackSuit ransomware’s encryption routine
In the case of BlackSuit, as we previously mentioned, it appends the extension
“.blacksuit” to encrypted files and drops a ransom note in the directory where
the files are located.
Figure 10. The folder showing the encrypted files with the appended extension
and the dropped ransom note
Figure 11. The content of the ransom note
COMPARISON BETWEEN ROYAL WIN32 AND BLACKSUIT WIN32 VARIANTS
In addition to the Linux-based sample, we also analyzed a Windows 32-bit version
of BlackSuit, which also exhibits significant similarities with its Royal
ransomware counterpart (93.2% similarity in functions, 99.3% in basic blocks,
and 98.4% in jumps based on BinDiff).
Figure 12. Comparison of the Linux variants of BlackSuit and Royal ransomware
Our analysis found that BlackSuit accepts the following command-line arguments:
Royal Arguments BlackSuit Arguments Description -path {target path} -p {target
path} If provided, will only encrypt the contents of the target path -id
{32-byte characters} -name {32-byte characters} Used as the victim’s ID, which
will be appended to the TOR link found in the dropped ransom note. The process
exits if the argument is not provided, or if the provided characters do not have
a length of 32 bytes -ep -percent {0 to 100} Used to define encyption parameters
(Not in Royal) -list {text files} Used to specify a text file containing the
target directories to encrypt (Not in Royal) -delete Used to delete itself
-networkonly -network Used to encrypt file shares connected to the system
-localonly -local Used to encrypt the local system only -disablesafeboot
-disablesafeboot Used to disable safeboot -noprotect -noprotect Used to disable
mutex creation
TABLE 3. A COMPARISON OF ARGUMENTS FOR THE WIN32 VERSIONS OF BLACKSUIT AND ROYAL
While BlackSuit introduces different argument strings compared to Royal, their
purpose remains similar. BlackSuit combines arguments from various Windows
versions of Royal Ransomware, while also introducing new arguments such as
"-delete" and "-list" that are specific to itself.
The -delete argument uses the following command to continuously check for the
existence of its file by looking for the filename:
cmd /v/c "set f={Malware File Name}&for /l %l in () do if exist !f! (del /f/a
"!f!") else (exit)"
If the file is found, it is immediately deleted. The command keeps running
indefinitely until the file is deleted, at which point the loop will exit.
The -list argument is used to specify a text file containing target directories
to encrypt. It loads the file using ReadFileFAPI then places the contents of the
text file in a buffer. Note that the loaded text file is a sample text file we
used for testing and not the format of the text file that will be loaded in an
actual attack.
Figure 13. Loading the text file. Note that we loaded the sample text file to
show that it loads the file when using the -list argument.
if –disablesafeboot is passed as an argument, it removes the "safeboot" value
from the current boot entry in the Boot Configuration Data (BCD) and performs an
immediate system restart via the following command:
“%System%\bcdedit.exe" /deletevalue {current} safeboot
shutdown.exe /r /t 0
When encrypting network shares using the -network argument, BlackSuit will check
if the IP address begins with the following numbers to ensure that it is
encrypting local systems:
* 192.168.
* 10.
* 100.
* 172.
It avoids encrypting files with the following strings in their file path:
Royal BlackSuit
* $recycle.bin
* $windows.~bt
* $windows.~ws
* boot
* google
* mozilla
* perflogs
* tor browser
* windows
* windows.old
* royal
* Windows
* ADMIN$
* IPC$
TABLE 4. ROYAL AND BLACKSUIT AVOID ENCRYPTING FILES THAT HAVE THESE STRINGS
Royal BlackSuit
* .exe
* .dll
* .bat
* .lnk
* .royal_u
* .royal_w
* .exe
* .dll
* .BlackSuit
* .blacksuit
* README.BlackSuit.txt
TABLE 5. ROYAL AND BLACKSUIT AVOID ENCRYPTING FILES THAT CONTAIN THESE
EXTENSIONS
BlackSuit ransomware also deletes shadow copies using the following command:
"%System%\vssadmin.exe" Delete Shadows /All /Quiet
CONCLUSION AND INSIGHTS
The emergence of BlackSuit ransomware (with its similarities to Royal) indicates
that it is either a new variant developed by the same authors, a copycat using
similar code, or an affiliate of the Royal ransomware gang that has implemented
modifications to the original family.
One possibility for BlackSuit’s creation is that, since the threat actors behind
Royal (and Conti before it) are one of the most active ransomware groups in
operation today, this may have led to increased attention from other
cybercriminals, who were then inspired to develop a similar ransomware in
BlackSuit. Another option is that BlackSuit emerged from a splinter group within
the original Royal ransomware gang.
Whatever the case may be, the emergence of another ransomware like BlackSuit
provides further evidence that threat actors will always try to look for more
effective tools for their attacks, from modifying existing code to developing
unique ransomware families, to profit from their victims. As such, both
organizations and individual users should remain vigilant when it comes to
protecting their files and data from ransomware attacks.
RECOMMENDATIONS AND SOLUTIONS
Organizations can defend against ransomware attacks by implementing a
comprehensive security framework that directs resources towards establishing a
strong defense strategy. Here are some recommendations:
* Create an inventory of assets and data
* Identify authorized and unauthorized devices and software
* Conduct audits of event and incident logs
* Manage hardware and software configurations
* Grant administrative privileges and access only when necessary
* Monitor network ports, protocols, and services
* Establish a whitelist of approved software applications
* Implement measures for data protection, backup, and recovery
* Enable multifactor authentication (MFA)
* Deploy up-to-date security solutions across all system layers
* Remain vigilant for early indications of an attack
By adopting a multi-pronged approach to securing potential entry points, such as
endpoints, emails, websites, and networks, organizations can detect and defend
against malicious elements and suspicious activities, effectively safeguarding
themselves from ransomware attacks.
A multilayered approach can help organizations guard possible entry points into
their system (endpoint, email, web, and network). Security solutions can detect
malicious components and suspicious behavior, which can help protect
enterprises.
* Trend Vision One™ provides multilayered protection and behavior detection,
which helps block questionable behavior and tools before the ransomware can
do any damage.
* Trend Micro Apex One™ offers next-level automated threat detection and
response against advanced concerns such as fileless threats and ransomware,
ensuring the protection of endpoints.
Indicators of Compromise (IOCs)
SHA256 Detection name
90ae0c693f6ffd6dc5bb2d5a5ef078629c3d77f874b2d2ebd9e109d8ca049f2c
Ransom.Win32.BLACKSUIT.THEODBC
1c849adcccad4643303297fb66bfe81c5536be39a87601d67664af1d14e02b9e
Ransom.Linux.BLACKSUIT.THEODBC
6ac8e7384767d1cb6792e62e09efc31a07398ca2043652ab11c090e6a585b310
Ransom.Win32.ROYAL.AA
4d7f6c6a051ecb1f8410243cd6941b339570165ebcfd3cc7db48d2a924874e99
Ransom.Win32.ROYAL.SMYECJYT
b57e5f0c857e807a03770feb4d3aa254d2c4c8c8d9e08687796be30e2093286c
Ransom.Linux.ROYAL.THBOBBC
Tags
Endpoints | Ransomware | Research | Articles, News, Reports
AUTHORS
* Katherine Casona
Threat Analyst
* Ivan Nicole Chavez
Threat Analyst
* Ieriz Nicolle Gonzalez
Threat Analyst
* Jeffrey Francis Bonaobra
Threat Research Engineer
Contact Us
Subscribe
RELATED ARTICLES
* Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’
Goals
* Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial
and Software Systems
* Health Industry Cybersecurity Best Practices 2023
See all articles
Try our services free for 30 days
* Start your free trial today
*
*
*
*
*
RESOURCES
* Blog
* Newsroom
* Threat Reports
* DevOps Resource Center
* CISO Resource Center
* Find a Partner
SUPPORT
* Business Support Portal
* Contact Us
* Downloads
* Free Trials
*
*
ABOUT TREND
* About Us
* Careers
* Locations
* Upcoming Events
* Trust Center
*
Select a country / region
United States expand_more
close
THE AMERICAS
* United States
* Brasil
* Canada
* México
MIDDLE EAST & AFRICA
* South Africa
* Middle East and North Africa
EUROPE
* België (Belgium)
* Česká Republika
* Danmark
* Deutschland, Österreich Schweiz
* España
* France
* Ireland
* Italia
* Nederland
* Norge (Norway)
* Polska (Poland)
* Suomi (Finland)
* Sverige (Sweden)
* Türkiye (Turkey)
* United Kingdom
ASIA & PACIFIC
* Australia
* Центральная Азия (Central Asia)
* Hong Kong (English)
* 香港 (中文) (Hong Kong)
* भारत गणराज्य (India)
* Indonesia
* 日本 (Japan)
* 대한민국 (South Korea)
* Malaysia
* Монголия (Mongolia) and рузия (Georgia)
* New Zealand
* Philippines
* Singapore
* 台灣 (Taiwan)
* ประเทศไทย (Thailand)
* Việt Nam
Privacy | Legal | Accessibility | Site map
Copyright ©2023 Trend Micro Incorporated. All rights reserved
sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk
This website uses cookies for website functionality, traffic analytics,
personalization, social media functionality and advertising. Our Cookie Notice
provides more information and explains how to amend your cookie settings.Learn
more
Cookies Settings Accept
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
Sumo