hxxps://docs[.]google[.]com/presentation/d/e/2PACX-1vQbuTEjfx9lvzl_j1snoEJSGCU7xojJJqLY6nIvugkDlNv8rn0UBox7w3OkJOYgi9q7DCQgIcwnBXhd/pub?start=false&loop=false&delayms=3000

Analysis

max time kernel
211s
max time network
216s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
16/11/2023, 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://docs.google.com/presentation/d/e/2PACX-1vQbuTEjfx9lvzl_j1snoEJSGCU7xojJJqLY6nIvugkDlNv8rn0UBox7w3OkJOYgi9q7DCQgIcwnBXhd/pub?start=false&loop=false&delayms=3000

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133446174762963731"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4584	chrome.exe
4584	chrome.exe
4940	msedge.exe
4940	msedge.exe
5440	msedge.exe
5440	msedge.exe
3968	identity_helper.exe
3968	identity_helper.exe
5680	chrome.exe
5680	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe
Token: SeShutdownPrivilege	4584	chrome.exe
Token: SeCreatePagefilePrivilege	4584	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4584	chrome.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4584 wrote to memory of 1072	4584	chrome.exe	86
PID 4584 wrote to memory of 1072	4584	chrome.exe	86
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 2076	4584	chrome.exe	88
PID 4584 wrote to memory of 1484	4584	chrome.exe	89
PID 4584 wrote to memory of 1484	4584	chrome.exe	89
PID 4584 wrote to memory of 4804	4584	chrome.exe	90
PID 4584 wrote to memory of 4804	4584	chrome.exe	90
PID 4584 wrote to memory of 4804	4584	chrome.exe	90
PID 4584 wrote to memory of 4804	4584	chrome.exe	90
PID 4584 wrote to memory of 4804	4584	chrome.exe	90
PID 4584 wrote to memory of 4804	4584	chrome.exe	90
PID 4584 wrote to memory of 4804	4584	chrome.exe	90
PID 4584 wrote to memory of 4804	4584	chrome.exe	90
PID 4584 wrote to memory of 4804	4584	chrome.exe	90
PID 4584 wrote to memory of 4804	4584	chrome.exe	90
PID 4584 wrote to memory of 4804	4584	chrome.exe	90
PID 4584 wrote to memory of 4804	4584	chrome.exe	90
PID 4584 wrote to memory of 4804	4584	chrome.exe	90
PID 4584 wrote to memory of 4804	4584	chrome.exe	90
PID 4584 wrote to memory of 4804	4584	chrome.exe	90
PID 4584 wrote to memory of 4804	4584	chrome.exe	90
PID 4584 wrote to memory of 4804	4584	chrome.exe	90
PID 4584 wrote to memory of 4804	4584	chrome.exe	90
PID 4584 wrote to memory of 4804	4584	chrome.exe	90
PID 4584 wrote to memory of 4804	4584	chrome.exe	90
PID 4584 wrote to memory of 4804	4584	chrome.exe	90
PID 4584 wrote to memory of 4804	4584	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://docs.google.com/presentation/d/e/2PACX-1vQbuTEjfx9lvzl_j1snoEJSGCU7xojJJqLY6nIvugkDlNv8rn0UBox7w3OkJOYgi9q7DCQgIcwnBXhd/pub?start=false&loop=false&delayms=3000
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffabcd89758,0x7ffabcd89768,0x7ffabcd89778
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1888,i,13890565473369734900,3382378870096909288,131072 /prefetch:2
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1888,i,13890565473369734900,3382378870096909288,131072 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1888,i,13890565473369734900,3382378870096909288,131072 /prefetch:8
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1888,i,13890565473369734900,3382378870096909288,131072 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1888,i,13890565473369734900,3382378870096909288,131072 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1888,i,13890565473369734900,3382378870096909288,131072 /prefetch:8
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1888,i,13890565473369734900,3382378870096909288,131072 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4536 --field-trial-handle=1888,i,13890565473369734900,3382378870096909288,131072 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4592 --field-trial-handle=1888,i,13890565473369734900,3382378870096909288,131072 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5332 --field-trial-handle=1888,i,13890565473369734900,3382378870096909288,131072 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2772 --field-trial-handle=1888,i,13890565473369734900,3382378870096909288,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5680

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaadd046f8,0x7ffaadd04708,0x7ffaadd04718
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,17728896591801873114,6142435798766855214,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,17728896591801873114,6142435798766855214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,17728896591801873114,6142435798766855214,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,17728896591801873114,6142435798766855214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,17728896591801873114,6142435798766855214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,17728896591801873114,6142435798766855214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,17728896591801873114,6142435798766855214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,17728896591801873114,6142435798766855214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3424 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,17728896591801873114,6142435798766855214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,17728896591801873114,6142435798766855214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,17728896591801873114,6142435798766855214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,17728896591801873114,6142435798766855214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,17728896591801873114,6142435798766855214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2024 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,17728896591801873114,6142435798766855214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,17728896591801873114,6142435798766855214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,17728896591801873114,6142435798766855214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,17728896591801873114,6142435798766855214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,17728896591801873114,6142435798766855214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,17728896591801873114,6142435798766855214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:5720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
eca98aa865542a043509376f21a8cef1

SHA1
916937a03aa398b5eccda47c2b655e53373220a2

SHA256
3ff175d8ad5924100190f99028da752dc2ef13cfd9d0fb49604c74c9b0ae1bfe

SHA512
c8ea7f5f11d56b0db2030bb90ba5e1e9e3cc6c1b05c2684748b146c6037b171ba254523826d07a52ea8c40f875083ebac2def181c30ea53a1a8581327863ff0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a7f0270c62b3cda8c56099021ff45666

SHA1
dbc2af697c6101273c9f46750237a95a38773382

SHA256
17b229debfb12d97eeb614bede5e6a2fdd71f5000d0453161a0667fdeb6507d8

SHA512
2c685d1c80b51a29472f85c6a963f1ccd7bf1c42cbe1d4060d07286bc01414be57e4e542ec23a2cc943bf7dd9c8f62b22a2cbb12ea19a7e51fa19d354dbf06c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
42885c27cfb7eefcd1f267f401f72d80

SHA1
6720fde733366e490f3f87a815c010ba79258e33

SHA256
751d91c71b20d4a440fa3b44897311bee124394c6ef9e412b6433abdab159a36

SHA512
d0961fc844ea26645b89396d8e97f91930ef525dfdfc8ad3971c3d9bb9cc025e3baf13b89afdebbedf995c445c3a17a6c9c1aa657fcdd96bcad1e6b8707e2bcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a710055b4fd0ffc27a1debe645c8e40a

SHA1
8b096dcc1c795e00da06176e095d88bf629c6211

SHA256
0a5bae39e83f21ff02039fe5f7b8c1b292268645560ebdefcbec4b90f71980ba

SHA512
f2363d1caf0e88e31b136e62453219c9088d4999c3e1de552df9c136c675369d50e20b24cf4d51c43c12a13337c838437d2b1bb36f8c2815e7c68b2a52a8995e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
0606655970de71ce5882f17e822625da

SHA1
8939f4ecf82f67f80f2c1d1e0c629946f4af4033

SHA256
269f7bcc94ad6a2097552e867b5561d0ed5e4f6c6cc2f4fd1c6f8480bb50359f

SHA512
77814a5c2d63bf7744b23f76ef9230cc15e0c37afe94734dc2a1e443a3fcd1777c81dcf4504597c86a1800ce71391b903e875f5ccbbcc30ddbac5fe9f833cb1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e9b4b92646b42e8e50f364ff2e95c6d4

SHA1
13513cc0ea6c8e16928096e2cd30e8798aac4cc4

SHA256
5edacf2256a96352f750a0de4460459c5d9eed52dc3f9c5c10be27852e85ab43

SHA512
1e8169d46d06a5d3d4af61be731cc94c96d5c21dcbd990f5bbdd141ad2f9d7c30b32355d7a48ab1e264ed2f962ddd313b4c393daa633d38530b1bd2ff40e9337

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c866fcb646f8bd6baea4096ec9ee4fa0

SHA1
c7f5a17b47cdccb88e6181840f5c2214a3fae90c

SHA256
438dc953d9cf50672409750df619261da05abd49bda0f55795703308aa81ba4a

SHA512
e65499418623691f69862829cef7f70051172efdb7afe1015b9e6e41fd0a63f2e8497a87d0da09042a8508131d2196ede87015dcc5b40074dfba00888764d17b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
61db1241ebc0085f2a1652e8ef8138a9

SHA1
31be7050198602987053264c540feaf11bdb2fcf

SHA256
ac79f6fd84dbd9fcc4f19ff35946fddae7065c1ca7291122676172c3aa23299b

SHA512
70810f47fcef903bfba615522ad24c73d480ea542febf55ce30e3cc4caf822f20b0a3a1711c9cb72180a6883b730583a7ff3005bdb319fd9fa99d2fa40bac164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
83f3ffba1357165f05ca1abe5c1b0f82

SHA1
fa1adf5aaf73ab92dfb36473520ca58e537b4ead

SHA256
a436042ac7ecf81ec2bed01c4ae7b66d0aacbce29bc3b50102f368ec6d0481eb

SHA512
f4333a3d2f96f5f15e37d13302d6155dd0ee1515bb96e4e48db4cf0e607d2a27b98f6aac11edfb04bbda95facd77f9cb008a6db97efc196b65530ad5a8309fd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f30b8232b170bdbc7d9c741c82c4a73

SHA1
9abfca17624e13728bd7fa6547e7e26e0695d411

SHA256
0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

SHA512
587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
f61ae77eeb355cf7d6bd909d4ac639e7

SHA1
e9f59b771ed5356f14d2e79e489f07c44c97183c

SHA256
117708e9256c28070544d70cdb6348f1d66ab1c071cf01b60150f2c66ba7145a

SHA512
df8283cfd85f620e5ac850d17060101acc204ca3ffcda7d09837970eb81af6aaf6bf3cd85c0a7b97d9fff3e484911f2f7c5439e6b20b880837e10995735e7ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
1857a870ad7a68817c1f32da0ec2751f

SHA1
d4dfc8770cd0cd040ca19802d2ec175598a12e47

SHA256
90623b8597da41973f9483766d834f46b336fc316121724f23e7e4606202f8c2

SHA512
85939a6bf59c222c553993f2070dc67bfd7ee47c71e378ba45673d3906eb6a648b65ce872a56ed442405a3182154db5162393afd5fcdbf70856d8b007d296a51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
603057e40566327a066f2b4b668aac61

SHA1
8cdb94f8a922f77be6d8002e0f4f1de56dd71b57

SHA256
b2d889106a9deeafcb271bdd73d4cd33003232e1980814464078e9daf50828d7

SHA512
63788d1189610c70ea0140bd6a586d0c6c1e2780fd9af09f56cf6ba49bd27c0aaea2dfd2434d6f708d8c22921ab04e9ac3a3fda05b142d70aa3bfd372225bde5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6d8c2fb8e2b22c30de4d3ca4e2981b5d

SHA1
8abfe181b3ea216aac736406a0837b2ad868e17a

SHA256
e85847ca9969d2dcdb0ebd4c50042a2e6c2ac21a09166fd74a788bfc6a002957

SHA512
3739df3ff5d2675ea6e26d3dec424e93d0284fdf16bd2468f01c6f339a384a0c8bc35dfd0bc089970b78732639aa1f2947ed8b968d07bc67522e5fa87301db59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bc7dc4c1445103aed8b9a4792a4cf290

SHA1
a2feb1d26aaa155a3654358c219160acbbdbfee4

SHA256
3f1d103ea6127172bdf1e27040e3299228d1a49189fb715f9ae5311bba7a2ed0

SHA512
3fbc30d8d4776972441ae8147e931e3af0b3f302f0999ea3edaa71943dab5c3cb2b3eadda3a41a5d9812dbbf3ff8aa0c5d8b6315040556a6e4cd9c57361d2cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1c0900766e9c3266cdfbbb43be91339a

SHA1
8fc0351b5c4005b7f6c23638131699b09c03bf20

SHA256
f1025905d314a9d2e63357cee698e9dae1ec666f3efb8a48ef6469ff6b145e11

SHA512
34be6a812ddd868ebb470cb364b516443bba855a184497670a1ff42929a20ffee6301bce534cf09c94d7687930b3ad084db9afd031bdff04a745c82639205327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2292443e313de9bac7892f627301fafd

SHA1
00df96053ca6ec230b99a0a078d8a1108e268f1a

SHA256
dd566294d9fb6036b596409f81ef60129bdd570f768a3b29de452cc122767ab0

SHA512
17705dfb074bf43b1e64a6df9200c0e55f29653cc74cb2d64b2f9e64e7f6805bfd79e4b54aa8f371ba4eea79a0cf92c03c85f244bd28ec596ba1a0b494157481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce706a1fb8205051d8004fa8fa0b90a1

SHA1
b356f334ea8ddebe1bdbfadd5380c1c167dfa86a

SHA256
3ac9db14f0988116114cc5721fba3338a937221b3d003dd2e82e2f385b363631

SHA512
7c483c12938f047f9cbfa8ac3c317ac629e24596d2a587d6ca2862df5b7c0199eac057a4b49be78b3bb28e301edfcd2c8a61392eb00fbeaf416d4ff1a01bf9a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0b8abe9b2d273da395ec7c5c0f376f32

SHA1
d7b266fb7310cc71ab5fdb0ef68f5788e702f2ec

SHA256
3751deeb9ad3db03e6b42dedcac68c1c9c7926a2beeaaa0820397b6ddb734a99

SHA512
3dd503ddf2585038aa2fedc53d20bb9576f4619c3dc18089d7aba2c12dc0288447b2a481327c291456d7958488ba2e2d4028af4ca2d30e92807c8b1cdcffc404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
88366a5204d83302536885078b0d621f

SHA1
d6f31101648f9f825a23f10fe0b56a9c513a826c

SHA256
262590cda3caff63a1f8c3ae86959d83361c3dbf6d0a56a32c7355fc5285096d

SHA512
847c5ab00daad43b5ce991b8dacef2c5b6afb76da782560739dd35291f1a98f98b5d65fdcc29a28ec9cda5c2325acafc4b71fb72565ac34d3a0a9a7c58afd768

Download Submit