b0a8e2d9adce9cca70cb7be4e98869bc1a1f299c94a4c2a6d748b75b70d8c912

Resubmissions

22/11/2023, 20:21

231122-y5e11sfb6s 8

22/11/2023, 20:14

231122-y1bsssed96 8

Analysis

max time kernel
79s
max time network
80s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22/11/2023, 20:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe
Size

293KB
MD5

cb7540975a2d1643707fa30760b36c7b
SHA1

5ae5cd61058dd0979e2c898bda1b07d26d041f3f
SHA256

9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf
SHA512

730d22fcf5228f7c03eb757d786e7bceebf362f63bec6d2a1c3307675bca87af580bbd0b0002f7a1cdc559928137d5e58512d90a29023b8aeb22cac2ba1d8717
SSDEEP

3072:ZbG7N2kDTHUpoui3uy1RjwOkisGB+SWl912pU38BPtmWlUlZKAOg5FVFDs2EfyHo:ZbE/HUuuaEOBkR8B1m7rKAOg5jjsL

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	AppHelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	AppHelper.exe

Executes dropped EXE 2 IoCs

pid	Process
3056	AppHelper.exe
6060	AppHelper.exe

Loads dropped DLL 17 IoCs

pid	Process
264	9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe
264	9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe
264	9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe
264	9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe
264	9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe
264	9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe
264	9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe
264	9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe
264	9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe
264	9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe
264	9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe
264	9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe
264	9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe
264	9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe
264	9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe
264	9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe
264	9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133451577025922701"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3688	chrome.exe
3688	chrome.exe
4608	msedge.exe
4608	msedge.exe
1492	msedge.exe
1492	msedge.exe
6068	identity_helper.exe
6068	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe
Token: SeShutdownPrivilege	3688	chrome.exe
Token: SeCreatePagefilePrivilege	3688	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
3688	chrome.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
3056	AppHelper.exe
6060	AppHelper.exe
6060	AppHelper.exe
6060	AppHelper.exe
6060	AppHelper.exe
6060	AppHelper.exe
6060	AppHelper.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 264 wrote to memory of 3056	264	9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe	91
PID 264 wrote to memory of 3056	264	9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe	91
PID 264 wrote to memory of 3056	264	9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe	91
PID 3056 wrote to memory of 3688	3056	AppHelper.exe	93
PID 3056 wrote to memory of 3688	3056	AppHelper.exe	93
PID 3688 wrote to memory of 3548	3688	chrome.exe	94
PID 3688 wrote to memory of 3548	3688	chrome.exe	94
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 4596	3688	chrome.exe	95
PID 3688 wrote to memory of 3580	3688	chrome.exe	97
PID 3688 wrote to memory of 3580	3688	chrome.exe	97
PID 3688 wrote to memory of 3860	3688	chrome.exe	98
PID 3688 wrote to memory of 3860	3688	chrome.exe	98
PID 3688 wrote to memory of 3860	3688	chrome.exe	98
PID 3688 wrote to memory of 3860	3688	chrome.exe	98
PID 3688 wrote to memory of 3860	3688	chrome.exe	98
PID 3688 wrote to memory of 3860	3688	chrome.exe	98
PID 3688 wrote to memory of 3860	3688	chrome.exe	98
PID 3688 wrote to memory of 3860	3688	chrome.exe	98
PID 3688 wrote to memory of 3860	3688	chrome.exe	98
PID 3688 wrote to memory of 3860	3688	chrome.exe	98
PID 3688 wrote to memory of 3860	3688	chrome.exe	98
PID 3688 wrote to memory of 3860	3688	chrome.exe	98
PID 3688 wrote to memory of 3860	3688	chrome.exe	98
PID 3688 wrote to memory of 3860	3688	chrome.exe	98
PID 3688 wrote to memory of 3860	3688	chrome.exe	98
PID 3688 wrote to memory of 3860	3688	chrome.exe	98
PID 3688 wrote to memory of 3860	3688	chrome.exe	98

C:\Users\Admin\AppData\Local\Temp\9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe
"C:\Users\Admin\AppData\Local\Temp\9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:264
- C:\Users\Admin\AppData\Local\Programs\AppHelper\Bin\AppHelper.exe
  "C:\Users\Admin\AppData\Local\Programs\AppHelper\Bin\AppHelper.exe" install sf_helper_chrome
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3056
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --force-renderer-accessibility --start-maximized https://savefrom.net/userjs-for-google-chrome.php
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3688
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb026b9758,0x7ffb026b9768,0x7ffb026b9778
      4⤵
      PID:3548
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1872,i,10821871676270812091,13337912501685288216,131072 /prefetch:2
      4⤵
      PID:4596
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1872,i,10821871676270812091,13337912501685288216,131072 /prefetch:8
      4⤵
      PID:3580
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1872,i,10821871676270812091,13337912501685288216,131072 /prefetch:8
      4⤵
      PID:3860
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1872,i,10821871676270812091,13337912501685288216,131072 /prefetch:1
      4⤵
      PID:4552
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1872,i,10821871676270812091,13337912501685288216,131072 /prefetch:1
      4⤵
      PID:2100
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3776 --field-trial-handle=1872,i,10821871676270812091,13337912501685288216,131072 /prefetch:1
      4⤵
      PID:1480
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4076 --field-trial-handle=1872,i,10821871676270812091,13337912501685288216,131072 /prefetch:8
      4⤵
      PID:4180
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1872,i,10821871676270812091,13337912501685288216,131072 /prefetch:8
      4⤵
      PID:2876
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1872,i,10821871676270812091,13337912501685288216,131072 /prefetch:8
      4⤵
      PID:1884
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3820 --field-trial-handle=1872,i,10821871676270812091,13337912501685288216,131072 /prefetch:1
      4⤵
      PID:5636
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5188 --field-trial-handle=1872,i,10821871676270812091,13337912501685288216,131072 /prefetch:1
      4⤵
      PID:5668
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5380 --field-trial-handle=1872,i,10821871676270812091,13337912501685288216,131072 /prefetch:8
      4⤵
      PID:5764
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5520 --field-trial-handle=1872,i,10821871676270812091,13337912501685288216,131072 /prefetch:8
      4⤵
      PID:5772
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5452 --field-trial-handle=1872,i,10821871676270812091,13337912501685288216,131072 /prefetch:1
      4⤵
      PID:5936
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5176 --field-trial-handle=1872,i,10821871676270812091,13337912501685288216,131072 /prefetch:1
      4⤵
      PID:6016
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3136 --field-trial-handle=1872,i,10821871676270812091,13337912501685288216,131072 /prefetch:1
      4⤵
      PID:1684
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1872,i,10821871676270812091,13337912501685288216,131072 /prefetch:8
      4⤵
      PID:3052
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4952 --field-trial-handle=1872,i,10821871676270812091,13337912501685288216,131072 /prefetch:1
      4⤵
      PID:600
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4940 --field-trial-handle=1872,i,10821871676270812091,13337912501685288216,131072 /prefetch:1
      4⤵
      PID:6044
- C:\Users\Admin\AppData\Local\Programs\AppHelper\Bin\AppHelper.exe
  "C:\Users\Admin\AppData\Local\Programs\AppHelper\Bin\AppHelper.exe" install sf_helper_edge
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:6060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --force-renderer-accessibility --start-maximized https://microsoftedge.microsoft.com/addons/detail/savefromnet-helper/hndfjogdceachkbgioglehonpejcdhem
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:1492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafcc346f8,0x7ffafcc34708,0x7ffafcc34718
      4⤵
      PID:5348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,6294494290907115590,15346110424941538377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,6294494290907115590,15346110424941538377,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
      4⤵
      PID:3380
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,6294494290907115590,15346110424941538377,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
      4⤵
      PID:6000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6294494290907115590,15346110424941538377,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
      4⤵
      PID:4016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6294494290907115590,15346110424941538377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
      4⤵
      PID:5696
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6294494290907115590,15346110424941538377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
      4⤵
      PID:1648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6294494290907115590,15346110424941538377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
      4⤵
      PID:4724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,6294494290907115590,15346110424941538377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
      4⤵
      PID:1716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,6294494290907115590,15346110424941538377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6294494290907115590,15346110424941538377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
      4⤵
      PID:5516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6294494290907115590,15346110424941538377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
      4⤵
      PID:2496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6294494290907115590,15346110424941538377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1
      4⤵
      PID:1308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6294494290907115590,15346110424941538377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
      4⤵
      PID:1112

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
e8115cd4deb7c7f08d5b40eea4c336c6

SHA1
55dc5c576eaa87bd87380f5ff11ded0bc434bfcf

SHA256
792cb4f801fd293addb64d6686077ef8b034cda21dfee3110f23a995c9dedf19

SHA512
0a3e98e2628e27263e0ec3b9370642468ca62cc03023c5a5776a776b99388b5bc266fe509f42d82855740548a8e2b13eba68f6c0c51ad4edb804c79555b1877d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
eb4ad78dc5b70ae0929430c0fe9b6b12

SHA1
5998a3c30008781a530430cbf945f3dbb440c8ec

SHA256
51b5d7cc8ca806962848b44fafe9c45b6105d02a5f7b6c93b32341fe47fa58c0

SHA512
65306bc1c2f7067827bda14da144b96ab7ac9d0ab69efee54c2aab9a50ba1491ca6aa12c75108b5a3014595cd98f17993d649c1799500fca1b47c957de6045ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
2eaaf50699e4f490ddbf651ef48efa6c

SHA1
528bb913685b0d0ea6f61ef3e66ec2e2827bf9c0

SHA256
2339a0980d68710c03fac95bcf3a5ad89f695d88098c604b6ede49b6daf27582

SHA512
562a6765e6b3a6455f928a5da5e2a8400061900973dd32603dc6b728439589fc7bdad932ef8e0517b225818eb65f6cf8f6f30f3379112ed930dd9257788e1351

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
428cb0def0fde4f1f2da4e9882f93dd3

SHA1
87563ec6ce7b6cdbabcc57382694cc283432e8cb

SHA256
e2d273d83ca1a95b205e8bb74c3c9e2f97d31c162138dc6e3bcf2b9d8e19085e

SHA512
ce0142b4c88b72e9b3a8e06a10a3f1d0087823d6749f19416c5da8f1843c99145bfeaf869b7afe40b1c3d214d97711742394b304e7672af450a58b518dd09d81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
38febfd12ec16ee4dd9ee04581cbf781

SHA1
d84d2f3bf28cb3c656849b578e7583cc60ab9fd8

SHA256
68eed80d19ee5a6b7d76e073f497aa9f35be8b42e0a3cf67b03c4ba3220b303c

SHA512
226ffe36f71a88cb05753308f17bf1d6f37fee9f8747c39047864799c9cf735aa4916c5caabf956b659754529e151219a059f6808eab660046481b54eb3c982a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
80da3f8a6aeec63b0094d616d06a3480

SHA1
061b74ab78d650f1f1a6124c3c6539a935c619c7

SHA256
11dd5eec703140fedb21a6455e1ba17dc756f23d53a523e04a94141a937707e1

SHA512
91dcb17b10d18be14e347a0b3df1835131297a55e3030f5a2c56fd3612b8e5a148a8684d86336626d44e8c34531ca8919a8c058e6d116ddef1b97bc85022f421

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
be55701eb2fc36e5ada8cb5727f03932

SHA1
a9dbeef2ef3ad0dffaafac615a7df97f35f0d5b1

SHA256
3796fda80fba91fcbe1f7cfc3bd96f1348e1260afbcf6160e3bb342fa8b173e9

SHA512
7887dacda7abaab77323293f1a5c7337af35d28e63fb8db9d3104f51533388fb6055c4a77417a8332f1eca937431ff38e2755536041c9c22e8ad3830548d8481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
76356e7bac49051c8607b70d77ffe445

SHA1
d29d90cf79383f9345215e6492e56b6399b64343

SHA256
f0d802e56f33e3de0a1093ee90b390e1caa2e08de8d9d45b5608216b12d98738

SHA512
9a19fb0c36736dad63d4728f1210f47a067cc0a1b25e01f35e74cea44c27e65aacdf4cf2211fbe386350414bf910a487ebe4dfc9ea9e946be989508c866ad798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
24f323bbbced8c41cfef45e4cfc267a8

SHA1
78d9de8dc9a18fde5cfc9738617d4cd63ec4e90a

SHA256
a99446ac150cb56b59d82e193ec6ff156fc57534e505dbf40ad424dda72019cd

SHA512
a1f767b4a169d6735bdf925dea5f3c7ba7baa989bd11deed647492630b8a74160ecc4c21c4d8700856e9d4397311a4978091109cb59e42136429441b22376eac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
02947e7b613612914bda4599f073fe46

SHA1
0114b62be51793c72be6858db879f7d62a44fd36

SHA256
327888cabf61699c9f636ef2fcac7e7dc4aa3421653b22091467fc4f89f92b19

SHA512
ae3841e4b3b514dd74ad469e973ff510b67b09b77dca6f889a7f696e8db8e74c426d6cc9c685f2d852634ac63143a996a3c50b8752d7b43c32bb90eafd53b5c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
4613641adfc910094af75f25d96c6ec1

SHA1
f26e57d3765dd29876a5edfd4498333a2c6c34f0

SHA256
7d979026995232156b60e3118021e39fde232799c4df7462820407a4e53b4817

SHA512
b6ca684d5503ebc6b401d1367bcdf7a7ef649c323c8f694f5a87db20d83e0d1ec81def60d5db01005ce4976ab93c94c524267520ef92c9a9ea3039656847b476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
24c499231e38c454141faee818f5bcb3

SHA1
d955afc87bdd01bc1b04ce4944de016e63da7858

SHA256
42805787f026c79e0ac75969029802e55efa09dc93c12472db88f6a2bd4805dc

SHA512
116189b18b0cedf146ae31528e7d1e7718992c8c50f764f6c4824dbfb0718d65a90f1c9f8f22b0665e162e9162084730127097617baa18e6bc7c60fea973ffcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
4b344ee1882336ea8e174185e6c753f8

SHA1
9f72c68675d9d29989f2913615d79a8a112765a3

SHA256
080b78926d1b650a50304aa5967f56b129617b8391655a89f03d11b921205e95

SHA512
63d549c41134d2144f1df2a00e52d0c91243b2a0cd7de5e2b8ff60574c9a1c94586b0f25b753bc55efa36cf8bc04593487727b9cd039d07bc7470357320ce5e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
9fb14369aa3808f1c7aa125e613cb882

SHA1
8ee9b2013639ef99a938a84208f3558e3bc5d25c

SHA256
d848c11fe4dfc8effe7cd2d585d0f5d67f8395eaf789ba77b7e979fb9cebea44

SHA512
3668bfb3ac64a5310d7a123c067a4182fe0481ffba27fa1dec355085e10f04c7405d8311d7d7b1840d986a860cf9bdc7560fc0c6b7bb1bb01e1179f8743844fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58a822.TMP

Filesize
96KB

MD5
cb35e72122646da852aca10eb3c8ebee

SHA1
3374b6086a7339c86219e052e7044de0c83db934

SHA256
cc3038decf5d23fbdf9aabbc253e50e7aebe839a30d3eb0f135425c7f56db949

SHA512
504d475f6a319fe43747b44dfe10b36101d86f80ce6841f44dff9f6f3b83b2977f62da31af426728d075a2e98f24364069fd988c3e2a8d23f5d1ccbc6bcada44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
b90baef636e1d9435177b0d3a2f5e40e

SHA1
34ad3d48c76cfc8b3622860cc1b8443efb5ebc1e

SHA256
e3e4f6a9fa13ea4c407dda938d432cf46a0be012ed41714391001a32c6939ed3

SHA512
f426fb122b58a668a5f32469a193d502e6f55a81ebd167db4c20a28e1265a1efe3ff2130295189ffd1d655908ee81c81e3ee831ba714374535f369cc87cc4267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e6c4390e0c1672ecdd77bcbd74ee48f2

SHA1
e62adbbf266060b0c93d7627854932c8f6a61851

SHA256
3f3c9cfd7fcc6b8468fb3e0a9187149865c3cfd74c53178d23155c8fd5baa2c9

SHA512
6b14e557bda1a08e96c4145004d868c5c21eea1de82f22dea299467229a2e2a9463ba18c8b120cbc532b3128eeb7ee2085c77ea85b81886ed5b04352af0fd8ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cc8581a5af1d0ca2fbac09a8554fa03a

SHA1
d8a1fe851485ee7770157a3d2d74a222902aaf67

SHA256
f93e824c414c0e26449f36081dc389ea6e8cee76fb29ffe8ac67b8ed9165c2c5

SHA512
42e86d9cc0d14778fec1281caf5c35ee4905e9060ed411260196278facf1883ad436b4bd993b7d63a5775e2d2c4102b02f79af2cd44987ba0a51a0c2be4f048d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
fd20981c7184673929dfcab50885629b

SHA1
14c2437aad662b119689008273844bac535f946c

SHA256
28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22

SHA512
b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a3fa827313b3ed92e6f9c983f7773efa

SHA1
005da7cb2fdc7d7423fbf72f6e267cb821054712

SHA256
ec321f61a3b85e8904630f3d6bcc65204deee0afc3d53ec9df3c793dbf9ecd60

SHA512
72ef873fc7d637957a243d97136e7e20073ecb85885a8a6115e5f20e7e619026f6075244242952e9c1d9a144d8b19632a41fef6fd3d4e93f537156da67e3ee00

Download Submit
C:\Users\Admin\AppData\Local\Programs\AppHelper\Bin\AppHelper.exe

Filesize
603KB

MD5
06e0d1a3df4601bfb421db2ef1c74f4f

SHA1
0616e3aa53d65f3c06f9d6c493d2727871aeaba1

SHA256
58aaf9d991c3143ea7b34c57e4d0e7af2af2e0a841df23c4d960d29577c9399d

SHA512
5fc1a40b9c67ca7e618ea520d0445d8fc9256a6a29438b0b662e3cade364fa7568002aaa7e73428fef47f849dce73c88d0d70184b934803d52ea98c726188c06

Download Submit
C:\Users\Admin\AppData\Local\Programs\AppHelper\Bin\AppHelper.exe

Filesize
603KB

MD5
06e0d1a3df4601bfb421db2ef1c74f4f

SHA1
0616e3aa53d65f3c06f9d6c493d2727871aeaba1

SHA256
58aaf9d991c3143ea7b34c57e4d0e7af2af2e0a841df23c4d960d29577c9399d

SHA512
5fc1a40b9c67ca7e618ea520d0445d8fc9256a6a29438b0b662e3cade364fa7568002aaa7e73428fef47f849dce73c88d0d70184b934803d52ea98c726188c06

Download Submit
C:\Users\Admin\AppData\Local\Programs\AppHelper\Bin\AppHelper.exe

Filesize
603KB

MD5
06e0d1a3df4601bfb421db2ef1c74f4f

SHA1
0616e3aa53d65f3c06f9d6c493d2727871aeaba1

SHA256
58aaf9d991c3143ea7b34c57e4d0e7af2af2e0a841df23c4d960d29577c9399d

SHA512
5fc1a40b9c67ca7e618ea520d0445d8fc9256a6a29438b0b662e3cade364fa7568002aaa7e73428fef47f849dce73c88d0d70184b934803d52ea98c726188c06

Download Submit
C:\Users\Admin\AppData\Local\Programs\AppHelper\Tools\sf-helper-default\sf-helper-default-installer.log

Filesize
974B

MD5
a303c4cd0cdfd5dd9674fc4f01f44d1e

SHA1
d37e510bbb8585770cfd81dc50273ced4db278c6

SHA256
b1d00df1700c5f6bc2f3220e84b3aa959946afb3ddd924247a7ccd987b6382c1

SHA512
ec8491818163e62bdadf2f3de18825c727580c1fb03e6afe07f8ba508a6a12d16fb921ce010f0833b85c799aa708e1486eef8b3e6fef06514a40628485e33b2f

Download Submit
C:\Users\Admin\AppData\Local\Programs\AppHelper\Tools\sf-helper-default\sf-helper-default-installer.log

Filesize
604B

MD5
a9f15a92f1619b14fbb6abcff32641ad

SHA1
805ab01bd2b0fda7a91ee99b425f54a5731a3a96

SHA256
03b77f3a058d37b8fb1a09cd69aee6f70a176c0344b7e5c51c3fe45db7fca616

SHA512
d43b3807cc1183cf0142bd4f3c2e5084d6dab28fd1c6b68e64d352810288e05b170bac68b7d7ea4b28be8a2163084840aebbdf6e93495a0e1e8c1d87265c5003

Download Submit
C:\Users\Admin\AppData\Local\Programs\AppHelper\Tools\sf-helper-default\sf-helper-default-installer.log

Filesize
4KB

MD5
510eb543abf4a48ffedcbfc3930a2319

SHA1
cdb0df17d7842b5f3c79fcfb7485dcbb5995cc88

SHA256
a09abedc91bd2ed7a567bf334a34fb009c056af60af8f22f720d5778fc52bac5

SHA512
ebf0c68050820a4e1efaee3aba494785d9ee91ace84866227f967dd3abdb6cffa4b24e366e58b3ec56f4f4ba8070906c2d0ccc73d3a974b497e74d10910eb080

Download Submit
C:\Users\Admin\AppData\Local\Programs\AppHelper\Tools\sf-helper-default\sf-helper-default-uninstaller.ini

Filesize
273B

MD5
15becb1662f5406b2581e45f94bb7ae4

SHA1
c2e1c7ef8f65ee47b10ae32bdc2ab926d0c1bea1

SHA256
3dd07c848b0b1ae52974b2d98334714e5366fb046d6c19ac074f680dc2b116c9

SHA512
73eddb479466d09cb744119152d9ea5fdf2217dc164b430af1cadd36b5fa2f3875603e58f69bc9fbe21c4cc98cfb06a1e524e4226eabee4cdcc1b55fbde251a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse8473.tmp\INetC.dll

Filesize
25KB

MD5
40d7eca32b2f4d29db98715dd45bfac5

SHA1
124df3f617f562e46095776454e1c0c7bb791cc7

SHA256
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

SHA512
5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse8473.tmp\INetC.dll

Filesize
25KB

MD5
40d7eca32b2f4d29db98715dd45bfac5

SHA1
124df3f617f562e46095776454e1c0c7bb791cc7

SHA256
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

SHA512
5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse8473.tmp\INetC.dll

Filesize
25KB

MD5
40d7eca32b2f4d29db98715dd45bfac5

SHA1
124df3f617f562e46095776454e1c0c7bb791cc7

SHA256
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

SHA512
5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse8473.tmp\INetC.dll

Filesize
25KB

MD5
40d7eca32b2f4d29db98715dd45bfac5

SHA1
124df3f617f562e46095776454e1c0c7bb791cc7

SHA256
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

SHA512
5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse8473.tmp\INetC.dll

Filesize
25KB

MD5
40d7eca32b2f4d29db98715dd45bfac5

SHA1
124df3f617f562e46095776454e1c0c7bb791cc7

SHA256
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

SHA512
5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse8473.tmp\INetC.dll

Filesize
25KB

MD5
40d7eca32b2f4d29db98715dd45bfac5

SHA1
124df3f617f562e46095776454e1c0c7bb791cc7

SHA256
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

SHA512
5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse8473.tmp\INetC.dll

Filesize
25KB

MD5
40d7eca32b2f4d29db98715dd45bfac5

SHA1
124df3f617f562e46095776454e1c0c7bb791cc7

SHA256
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

SHA512
5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse8473.tmp\INetC.dll

Filesize
25KB

MD5
40d7eca32b2f4d29db98715dd45bfac5

SHA1
124df3f617f562e46095776454e1c0c7bb791cc7

SHA256
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

SHA512
5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse8473.tmp\INetC.dll

Filesize
25KB

MD5
40d7eca32b2f4d29db98715dd45bfac5

SHA1
124df3f617f562e46095776454e1c0c7bb791cc7

SHA256
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

SHA512
5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse8473.tmp\INetC.dll

Filesize
25KB

MD5
40d7eca32b2f4d29db98715dd45bfac5

SHA1
124df3f617f562e46095776454e1c0c7bb791cc7

SHA256
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

SHA512
5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse8473.tmp\INetC.dll

Filesize
25KB

MD5
40d7eca32b2f4d29db98715dd45bfac5

SHA1
124df3f617f562e46095776454e1c0c7bb791cc7

SHA256
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

SHA512
5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse8473.tmp\INetC.dll

Filesize
25KB

MD5
40d7eca32b2f4d29db98715dd45bfac5

SHA1
124df3f617f562e46095776454e1c0c7bb791cc7

SHA256
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

SHA512
5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse8473.tmp\INetC.dll

Filesize
25KB

MD5
40d7eca32b2f4d29db98715dd45bfac5

SHA1
124df3f617f562e46095776454e1c0c7bb791cc7

SHA256
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

SHA512
5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse8473.tmp\INetC.dll

Filesize
25KB

MD5
40d7eca32b2f4d29db98715dd45bfac5

SHA1
124df3f617f562e46095776454e1c0c7bb791cc7

SHA256
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

SHA512
5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse8473.tmp\INetC.dll

Filesize
25KB

MD5
40d7eca32b2f4d29db98715dd45bfac5

SHA1
124df3f617f562e46095776454e1c0c7bb791cc7

SHA256
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

SHA512
5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse8473.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse8473.tmp\nsExec.dll

Filesize
7KB

MD5
675c4948e1efc929edcabfe67148eddd

SHA1
f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

SHA256
1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

SHA512
61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse8473.tmp\nsExec.dll

Filesize
7KB

MD5
675c4948e1efc929edcabfe67148eddd

SHA1
f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

SHA256
1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

SHA512
61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse8473.tmp\nsExec.dll

Filesize
7KB

MD5
675c4948e1efc929edcabfe67148eddd

SHA1
f5bdd2c4329ed2732ecfe3423c3cc482606eb28e

SHA256
1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906

SHA512
61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso8FE2.tmp

Filesize
35B

MD5
28d6814f309ea289f847c69cf91194c6

SHA1
0f4e929dd5bb2564f7ab9c76338e04e292a42ace

SHA256
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

SHA512
1d68b92e8d822fe82dc7563edd7b37f3418a02a89f1a9f0454cca664c2fc2565235e0d85540ff9be0b20175be3f5b7b4eae1175067465d5cca13486aab4c582c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit