hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqa3kwSnZTdlJtNWxMLW80ZDhmbTRyMFRJMEl4d3xBQ3Jtc0tsSjlheXk0OTdjQ0hlTDdaTnlRWV92MEp1UWtLNWNHQUN2WXBPZ3RzY0c0Vy02bF9FbWkwMllDZlBtS1BKdm1tMjNHSmxCSDc2VF9odE9tbVVsSFdKMGk4dThfdXoweVpkQ2g3Z1FQVldZM05pS2Mycw&q=https%3A%2F%2Fgithub[.]com%2FMist0090%2FMonoxide-peaceful%2Freleases&v=y_y_kWdOM0c

Analysis

max time kernel
140s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2024, 20:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3kwSnZTdlJtNWxMLW80ZDhmbTRyMFRJMEl4d3xBQ3Jtc0tsSjlheXk0OTdjQ0hlTDdaTnlRWV92MEp1UWtLNWNHQUN2WXBPZ3RzY0c0Vy02bF9FbWkwMllDZlBtS1BKdm1tMjNHSmxCSDc2VF9odE9tbVVsSFdKMGk4dThfdXoweVpkQ2g3Z1FQVldZM05pS2Mycw&q=https%3A%2F%2Fgithub.com%2FMist0090%2FMonoxide-peaceful%2Freleases&v=y_y_kWdOM0c

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
1676	Monoxide-GDI.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133515513013980840"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2008	chrome.exe
2008	chrome.exe
3640	msedge.exe
3640	msedge.exe
2900	msedge.exe
2900	msedge.exe
4316	identity_helper.exe
4316	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe
Token: SeShutdownPrivilege	2008	chrome.exe
Token: SeCreatePagefilePrivilege	2008	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 3004	2008	chrome.exe	18
PID 2008 wrote to memory of 3004	2008	chrome.exe	18
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 672	2008	chrome.exe	88
PID 2008 wrote to memory of 2732	2008	chrome.exe	90
PID 2008 wrote to memory of 2732	2008	chrome.exe	90
PID 2008 wrote to memory of 2544	2008	chrome.exe	89
PID 2008 wrote to memory of 2544	2008	chrome.exe	89
PID 2008 wrote to memory of 2544	2008	chrome.exe	89
PID 2008 wrote to memory of 2544	2008	chrome.exe	89
PID 2008 wrote to memory of 2544	2008	chrome.exe	89
PID 2008 wrote to memory of 2544	2008	chrome.exe	89
PID 2008 wrote to memory of 2544	2008	chrome.exe	89
PID 2008 wrote to memory of 2544	2008	chrome.exe	89
PID 2008 wrote to memory of 2544	2008	chrome.exe	89
PID 2008 wrote to memory of 2544	2008	chrome.exe	89
PID 2008 wrote to memory of 2544	2008	chrome.exe	89
PID 2008 wrote to memory of 2544	2008	chrome.exe	89
PID 2008 wrote to memory of 2544	2008	chrome.exe	89
PID 2008 wrote to memory of 2544	2008	chrome.exe	89
PID 2008 wrote to memory of 2544	2008	chrome.exe	89
PID 2008 wrote to memory of 2544	2008	chrome.exe	89
PID 2008 wrote to memory of 2544	2008	chrome.exe	89
PID 2008 wrote to memory of 2544	2008	chrome.exe	89
PID 2008 wrote to memory of 2544	2008	chrome.exe	89
PID 2008 wrote to memory of 2544	2008	chrome.exe	89
PID 2008 wrote to memory of 2544	2008	chrome.exe	89
PID 2008 wrote to memory of 2544	2008	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3kwSnZTdlJtNWxMLW80ZDhmbTRyMFRJMEl4d3xBQ3Jtc0tsSjlheXk0OTdjQ0hlTDdaTnlRWV92MEp1UWtLNWNHQUN2WXBPZ3RzY0c0Vy02bF9FbWkwMllDZlBtS1BKdm1tMjNHSmxCSDc2VF9odE9tbVVsSFdKMGk4dThfdXoweVpkQ2g3Z1FQVldZM05pS2Mycw&q=https%3A%2F%2Fgithub.com%2FMist0090%2FMonoxide-peaceful%2Freleases&v=y_y_kWdOM0c
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffcb0ad9758,0x7ffcb0ad9768,0x7ffcb0ad9778
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=408 --field-trial-handle=1848,i,11585332552596992483,17811463637793312433,131072 /prefetch:2
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1848,i,11585332552596992483,17811463637793312433,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1848,i,11585332552596992483,17811463637793312433,131072 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1848,i,11585332552596992483,17811463637793312433,131072 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1848,i,11585332552596992483,17811463637793312433,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1848,i,11585332552596992483,17811463637793312433,131072 /prefetch:8
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1848,i,11585332552596992483,17811463637793312433,131072 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4896 --field-trial-handle=1848,i,11585332552596992483,17811463637793312433,131072 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1848,i,11585332552596992483,17811463637793312433,131072 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5356 --field-trial-handle=1848,i,11585332552596992483,17811463637793312433,131072 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5324 --field-trial-handle=1848,i,11585332552596992483,17811463637793312433,131072 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3884 --field-trial-handle=1848,i,11585332552596992483,17811463637793312433,131072 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1608 --field-trial-handle=1848,i,11585332552596992483,17811463637793312433,131072 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5008 --field-trial-handle=1848,i,11585332552596992483,17811463637793312433,131072 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=1848,i,11585332552596992483,17811463637793312433,131072 /prefetch:8
  2⤵
  PID:4548
- C:\Users\Admin\Downloads\Monoxide-GDI.exe
  "C:\Users\Admin\Downloads\Monoxide-GDI.exe"
  2⤵
  - Executes dropped EXE
  PID:1676

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcb03a46f8,0x7ffcb03a4708,0x7ffcb03a4718
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,1753982903893354465,3242049705406192360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,1753982903893354465,3242049705406192360,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,1753982903893354465,3242049705406192360,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,1753982903893354465,3242049705406192360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,1753982903893354465,3242049705406192360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,1753982903893354465,3242049705406192360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,1753982903893354465,3242049705406192360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,1753982903893354465,3242049705406192360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,1753982903893354465,3242049705406192360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,1753982903893354465,3242049705406192360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,1753982903893354465,3242049705406192360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,1753982903893354465,3242049705406192360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,1753982903893354465,3242049705406192360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb03a46f8,0x7ffcb03a4708,0x7ffcb03a4718
  2⤵
  PID:764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a496fe4d76fe17a3d93e27a20bfda303

SHA1
f1c233b7723c9911f47b92c4739b5fc98a0c2e6c

SHA256
bb68b0334398da94c92114b46e60ed600ca45ea81c90ab1831b93b83ed36bdf3

SHA512
f276365f894be927e6cf77bf67dc249f5f202189ae4bedabfb7899564d1f4733b6ae4ae657cfd2be19c4b950c9c70d2bacb5b0923e0d17cdcaa399832ac2e052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
d2fd7143b8931e8352fc8bbd39668391

SHA1
5a6a63144a19362a826de351795024aad741c7de

SHA256
1ac642adf9ecedecd9f42188773a745659f62d1e4a829c5e03395b73bf436288

SHA512
0e9891d7579f053c64570e5fabae6a2f8cdff6a5b2026353e83f398e5ea1057e5f2eb93f81b0ea8f49a1345c1054b091f7505b59ec3f9851eb0712623a8d2f3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
711ae4d5ec1fd26bc14b26ab109f1de9

SHA1
dbbd86f148549e0968f0befc91159a19abcc4905

SHA256
acf8dac8e151462fddb1c4eaf6bf9cdd52a198f3bbf2dba64c6173d3d9f59753

SHA512
907d57d012aafdcae3ff33890ab1b149a5dbeef166830168be23c97f22b55ea75dce60ff183b469561f8230ad01a6c7c021a9306382c8c194c06ea4162a56a66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
47a7da6dccdf170408a61c4d56a5ef88

SHA1
610addbbaf088d762dafd846c65ad522ec8a9820

SHA256
58b5636b707024e64d61711b34e5414e8f9c840a9edcbe174196c98cb186e487

SHA512
a29f83244edfa15865dd7a8aa0773e8e4fedec17d929bf57261f5c5f190501ecb7ac7656622635b603e7a82c6dbdc1d9dc7ac3a447bb8ec5bd06b926e09fd066

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cdd64e6ef4991f07972958c9415c26f9

SHA1
2ebe64f6c7e33bdf60ea7d746d953205a91f46ac

SHA256
82012ce681b1c63aa6437cb6a767d47e7ab151480d74b3e5e62fb15fd1a49609

SHA512
5b8cf641c2148b4c0dd65fe018ec8c1223c27402de6189d03a1d0d57a9faffda6c8f23daa1a003d1bdb648f1e3232d5974841fa5cde23c62dd3e2d03caf4318a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
960dce9d004452f95212ea655be18977

SHA1
02062cc72eb2b13658b7386707e2bf9ba8ddafb5

SHA256
acd30b62b2f1aa0835aab625395bc95ba105a212f9a1b4483213b7bd19894e9f

SHA512
ab55f8748d20d35a1094fcb40a49a2be3644eb077d4234446aec3bc65d6b4202c6c0168341a86d0371bcda4eca72f75b5500051943c04c23d798759f79caa6a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2a0abae9c3da357addf1ca27f97aa5bb

SHA1
8fd0ea1e20a8376baf0e66592accd161b69d2d17

SHA256
9f32e3024c18cbe8c3b7db1e1d2f3c7a12abb5e9558e465eef3f911cef69230b

SHA512
f3d982af48c558e269e705913e6cba4123d7aac9729b2e1677a1bdbb9ccc377a8e3ab521eb9ce2cd1bb00fc7b5ec14f047eb7d7142bcf68177834a312796b73e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8df6fd44d25ed56770026cad755753be

SHA1
3e3690e35668384cf3728a5cf44fe31a1a215e40

SHA256
329d1799cd893ef4c37ed501a22ef490a33a0f710c8b960f908a5f02c610dc23

SHA512
3186a5c0fad57effbebfb4ff71f837fc9292e256452fa441dcaa147109c12ab71bccca1b32ebf6e23192e96efe8ecdbb955328f5c9b704f8e7fedebeb8375448

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
cb93960e43215bea1911fa758eb5f390

SHA1
e7d3aeeb16df4eb828f56bb835e7798722deaec6

SHA256
a0df0c5c45505088622c5d047dd17add1df8ee9a3a0886725cb3253cc2e40e93

SHA512
5e3263c99dd1f7eb29a078a34a0f3331116a592207b1fedfddc0aba3fe7e736548e15d8aabdb06d685c794a70499bc7cd1b9f2e8ec766462ce62b4da25d3bb58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
11893f4bda50db416acc7be3f58c2e75

SHA1
27ffd22a40d483d4d0c104f701cd6a20c368e6a3

SHA256
d8fc4730ba79d371057b7384d86772a55c3824ac7346cbb9eb84953bc0c65c27

SHA512
55086061242bf35542a6c2cb302efb9663390ac0974b2b1c3f2fc2c7a40cf3308c8a72c74162c2c93bea1c0b4a3a3edfad86e5909e9579d6dc180bcac2475203

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
364d0745faf7ec1f8969b94be7622f81

SHA1
9bfed579b792509b017f256c94cde5c7b5579eb2

SHA256
419eb7f4a0d0c0b506064dc0fc6c621eeacf5425ac1150f2b8931ee1dacb3d39

SHA512
41729901d4f7a1f6c1394a09dba740836389c9217d3147f461d0f10cbf2bca51fb485e628f6a6995fef4170734db890db768f8accbeea0442261c37b959eeaf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f52d.TMP

Filesize
97KB

MD5
89c7987388e79d473e2e5da25da27d96

SHA1
d2b21dd64cc7c7686c453ec4f7de2767cb2eae82

SHA256
215dbf406617a14cf4f0707679a40844fb08ebb28844f6559fb3d7d72af82754

SHA512
bc8ba3f9c50ee80522bc989ae97e5ef20c85801a1f189b8efa36930ddaf9500c7b04e7c6d60962da707d2642930f94ef730775f55f0f9e7bbb0ffb76cb072314

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e21b491845e1ff4cef772960c34897bc

SHA1
55f06a5f76056059c100d7d1a2a6cd142f3123f4

SHA256
cb8f14a47e9ba9c7878c8ccfd31f5b7b3796b0bcc77e13a5be2a70b12c3e5d0a

SHA512
4645ef2bd00e6c391f644081813603b62b603b54ecf446e966d92cc384164f5b085b5efdab99f5374df5a3dd290f3372ea2a1031d5a005f4b9d585c00bc82cf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3a57a01a17a21bfb3e921fd1261d1989

SHA1
a04097eda1b454be18258bae399d0cc6a029a470

SHA256
0061e30eb8fa7a2f7a210bf9b1d928e274a1f2a61d83b7c2bb6b7710e1f3e901

SHA512
3b9cb7147e45360e63e04accfc4a09b69e3dd291425d5396de332c1db06e0ac8f19f87e7be7078d51b479bcad152ce7587415c0484eebc1d688bf8f78e60f179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f444ad20d69121683048af58d5f38afc

SHA1
fcf361ec5d738f80a187a1ca76412fba961f15b2

SHA256
9b11599ccd2ef35117fd379a37aa2d3dace1a895e27444b14d575d1d122061ee

SHA512
d157dbb85e22ed467b71edba096bb814e921874d75e224fc504a461f8292efc3dc79794a96e3a3dc33df80467ccd2d2759290f842208fff0908d993657fefd4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
53db81a0a8b0163cf5b50c07a8b5df6b

SHA1
6607270b9dbe9a7312a8bdfa8a9013cca2c77001

SHA256
b4c71b0c0fe48e5fe5d909abf60c1194c4f29d11306f2c549ce8e5e4d0177747

SHA512
42b852f95e82d1960fd1e3c0512147b9f44de94aae1edd7f98deb0d0662a42a286ccda92b3d647550b22eb089cdcc0e942cc3fe002376110a9191aadbeb4c212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
afb9935a1d646b45df9b40efb0a5eda1

SHA1
668cc91a33da01148cc6613c288e1a0203b4b432

SHA256
b21271ea5360756c9eb4cff0e51062926334978618ade47349ace5914c4701f1

SHA512
a8442e5f5d1da91e5f45fc6e709eccd0471dd827800f9dd12a3bf65e96cf3b26240f4bcb9413fe02b50fbf56a6fe6b520a56ac8da1c915b97a8f9713fafc67d5

Download Submit
C:\Users\Admin\Downloads\Monoxide-GDI.exe

Filesize
1KB

MD5
a28a4b317d1d671d76fc44b1c7073bfe

SHA1
38377627b515dabe2b4a83336f46983f06cbffe3

SHA256
8275d0ab5096eb119eb5a36c0c1fe2fbfdf9f8ed336a6557834e5e34b19abd1f

SHA512
9174b95d3dabb2097ca839bc7a8d324ddb3377895103785996e7e986199452f0aac581a8461f607f195013921825358821d817f9a21bbe5654cb268070458be6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 383163.crdownload

Filesize
116KB

MD5
567807ffd4dc5918c342138051a07902

SHA1
b2e19490673977db2442a10cab691f6bae2a07de

SHA256
a4ad6bb531bd8268d624f264910b15600f902fd634cef18a500c0f75a25a8042

SHA512
63f776e3df52662dab41e97fe934b08b590a055126db4ba6d829208d627e79ecc367da19e433e981d7f4ea8214d9114673bf10c1b3bd88c12bef63fdbf6379fc

Download Submit