hxxps://u[.]to/CTd7IA

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2024 10:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/CTd7IA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3045580317-3728985860-206385570-1000\{FA2FBEC7-1EBC-415A-9D82-27F92015B23F}	msedge.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1280	msedge.exe
1280	msedge.exe
1264	msedge.exe
1264	msedge.exe
1064	identity_helper.exe
1064	identity_helper.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
4816	msedge.exe
4816	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5632	identity_helper.exe
5632	identity_helper.exe
4824	msedge.exe
4824	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

Processes:

msedge.exemsedge.exe

pid	process
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe

Suspicious use of FindShellTrayWindow 53 IoCs

Processes:

msedge.exemsedge.exe

pid	process
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exemsedge.exe

pid	process
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1264 wrote to memory of 4876	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 4876	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 640	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 1280	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 1280	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 2860	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 2860	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 2860	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 2860	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 2860	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 2860	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 2860	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 2860	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 2860	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 2860	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 2860	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 2860	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 2860	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 2860	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 2860	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 2860	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 2860	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 2860	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 2860	1264	msedge.exe	msedge.exe
PID 1264 wrote to memory of 2860	1264	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://u.to/CTd7IA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfc9146f8,0x7ffdfc914708,0x7ffdfc914718
2⤵
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7606837307433267112,14638901215958418222,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
2⤵
PID:640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,7606837307433267112,14638901215958418222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,7606837307433267112,14638901215958418222,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
2⤵
PID:2860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7606837307433267112,14638901215958418222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:2772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7606837307433267112,14638901215958418222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:2988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7606837307433267112,14638901215958418222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
2⤵
PID:4484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7606837307433267112,14638901215958418222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
2⤵
PID:1828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7606837307433267112,14638901215958418222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
2⤵
PID:2268

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7606837307433267112,14638901215958418222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
2⤵
PID:4348

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7606837307433267112,14638901215958418222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7606837307433267112,14638901215958418222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
2⤵
PID:4304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7606837307433267112,14638901215958418222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
2⤵
PID:4300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7606837307433267112,14638901215958418222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
2⤵
PID:5944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,7606837307433267112,14638901215958418222,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5932 /prefetch:8
2⤵
PID:3888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7606837307433267112,14638901215958418222,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1368 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdfc9146f8,0x7ffdfc914708,0x7ffdfc914718
2⤵
PID:5008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,8873565658759762592,5054536510181309822,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
2⤵
PID:2240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,8873565658759762592,5054536510181309822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,8873565658759762592,5054536510181309822,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
2⤵
PID:5612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8873565658759762592,5054536510181309822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
2⤵
PID:2168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8873565658759762592,5054536510181309822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
2⤵
PID:2188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8873565658759762592,5054536510181309822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
2⤵
PID:5172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8873565658759762592,5054536510181309822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
2⤵
PID:5156

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,8873565658759762592,5054536510181309822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3468 /prefetch:8
2⤵
PID:2208

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,8873565658759762592,5054536510181309822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3468 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8873565658759762592,5054536510181309822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
2⤵
PID:3320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8873565658759762592,5054536510181309822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
2⤵
PID:4688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8873565658759762592,5054536510181309822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
2⤵
PID:1540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8873565658759762592,5054536510181309822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
2⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8873565658759762592,5054536510181309822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
2⤵
PID:2356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8873565658759762592,5054536510181309822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
2⤵
PID:220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,8873565658759762592,5054536510181309822,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5968 /prefetch:8
2⤵
PID:3092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2156,8873565658759762592,5054536510181309822,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5716 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8873565658759762592,5054536510181309822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
2⤵
PID:2012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e494d16e4b331d7fc483b3ae3b2e0973

SHA1
d13ca61b6404902b716f7b02f0070dec7f36edbf

SHA256
a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165

SHA512
016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0764f5481d3c05f5d391a36463484b49

SHA1
2c96194f04e768ac9d7134bc242808e4d8aeb149

SHA256
cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3

SHA512
a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
aa0ad16f3562b9b898f2527c98ce182e

SHA1
813683109cde64ba42354323ea4f17c03e024ac0

SHA256
7bf4e8a0937308eeb99301940dc18324f7d1b7366c4f28fd60379876e9b99589

SHA512
202884bc1e159a19c8fe1c2b4b98d8865cf3b0f42fe9b41fa7bd3e76324eb9a91ab6a8f8c79a7712eb3741e36f7731b6e71ddc70f21b416a4abb3f291fe84147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e79f3de42e348a44ade1535a3d9cfe6a

SHA1
6296b5d1a50ba63064bab0c0646d540a103f3fcd

SHA256
4a762a3b6bde7a865b66283ee03cbdd5b3b07c58e7b96e9ce01e0fca8fe215af

SHA512
54823bd8cf638a912d9723178a130529d34908a68e0f86bc82ab02ac68a710a4abdd7fdeda5ef3574baa83b86a4a1355620ddd750026eb0d248dd1d91c649677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
864f55a7dbd9b0347d0ee756216c929b

SHA1
95f52ca379b1ba97a0fd02b12af5f2ba53af54b0

SHA256
9da432b6fc2dd8650d7613121a91f7332c399e7291cba01907367ee570565c4c

SHA512
ec663a5ebfba839d07418ff44378d9af1ad3ca9912a1f2e0191c1b6533fdc9595ba021b6696d065e094fa32568d7a532cb41d525d78ba12536c4a5fe4516a094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
540407bd0bd71c003cb4fe868ea640b0

SHA1
9e32f677c293e7dced3564323d2a2758955f88f6

SHA256
33364cb56e771752ce926bdaa6cba07cc74dece754d71350462e040c5b6f9244

SHA512
e2a2c53c8df3c7580db46aa1db5e22347b76a265dff4906a9fc91a91960acfceea12278f4221947436b2cba822fab85684484071daead134771e55b35616395c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
1.0MB

MD5
86f48dc081912de2a959a1c5551634fe

SHA1
3d7a7378f96eed2c53f3243033dd313762b3cb64

SHA256
27710fd00e2d1a91bb92a8811cc8d8d778aae404fd510b94033df30f30da634d

SHA512
16d33a8f779b17cc6349b7faaab8cda56cb9686ede0a37e09dba2b17e8a0f6f21a619334e3be77466fb388b7e8781b167311e553e1ddd94584f78ca6e5dca9ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
576KB

MD5
03d756e9f229c3527acb2441fcd1a364

SHA1
3053a30b5c50d146797a29d5e013b6a36b295e2a

SHA256
98f38a0444e69f0fc5aecafac1dabada5077f7550c7713dfbf2d85ef08f72707

SHA512
f3fe1b77dd4cebdf731f8a5ca784d17b2b368134656024b617e28e336d2750441353c81ec106fbca5b058905601d5d1f0cb3bd3b69645fb27bfa474d48de4073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
528B

MD5
fdd2045e64bdebe49ed5342385f5a4c4

SHA1
753a223575f6c1ef09936763d2233bea75fa9380

SHA256
faf689d92e0afd15adc8d51f7bfbb5ff1016603ff9f59d64242834a9ab957599

SHA512
1a803e7ffd88f168e797ef510113d764fda06741f7eb8a7dd7a981e63b038aa301b3980c4d185130d0ab4ef9551d5cdf2b7ff679c057d079d61dfbf460f04b17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
768B

MD5
e470b1a021a5ebae762a527ba2acfc71

SHA1
4c5b79a268498680b1478270bac381cd8bfb70a1

SHA256
a6227a541008c7ac46309af9a81a8138ee771f339e1f3ba950df9ccbf7116175

SHA512
5eab99855e73af5382f388933f9a38ba284b0bc7301ff39569ee280d884efde1566697bd3374d2942513c8de60d92e962c1e005403dfe65434a15df5ccea14f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
d5a6ad9a9cde95706f8fc0558626a488

SHA1
d19278d71efa95ee920ee7dedc4e0b9b48becdeb

SHA256
bd8ff83f8f0381087aa9b2d148af95feac6bbb26f01d00a9ed87754635ea62bd

SHA512
c0c823048136b4916e34614e09d40b96359f2857107224dbaf8de98667950943deff10b63e0fc36fce5b21e6287f48f2b436f81525266adce57e4ebc25a1f338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
319B

MD5
029283eb4c610a741c4c12ada971d200

SHA1
e40dc809c1415dd9b2df2b46c85730e1f9f89c9b

SHA256
b11daeb5e1c310f06f7836bb9b9301d7c36c801a12c4723f5383540e86294349

SHA512
3f042f01d5e568b8c0913c15438ef827455ffedf79c4094368a313e572ed26578d55627986da72f826ee2208adabc5617ba2d59fe5733ec36a890e34be8184f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
28KB

MD5
a77b81dd3506d2e6b5ce2e08afcb3604

SHA1
e2e0fde08d499de1619bf28d8fc55df38998986d

SHA256
25d980d1ed9d4bb1b48e0d2e1cc7344780def3ffe65c2bbc4ec9220d1290562e

SHA512
cf7903a03f006c1dbe9885f0a45cfa3af0b1c87fb0f32760e7b690bd90d7297b3368362dd0401cf75ba4644a5b4ca5177498ae393d6df318b2a8fae24bc29b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
cccd942cd75464b8a92ef6fb7f65c1d5

SHA1
d74033eaf25754b901b32ffea801a2a06dfa110e

SHA256
0b50315fa377fdf0ab13bfc4029e4f0f53ca67116915c766ba6875d56734b312

SHA512
f98c3c8709016a10a5c091d7eadf9b309ddda25784a5edf883e9e2083fdd9c9410c205134827528c7973d2386068a8e77226f852c4d5442b461e735bd00ddbe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
e54d2b8a46be5ddff5c0232af53c4af5

SHA1
01d0f8e378261e6fa6700705323ca95555eacb48

SHA256
5b8489a44bd2c348986559141acb74c44fa428ae07f8a91cab1f1d3b886f356c

SHA512
1d5e7a33aeb3fa03943f26fc00f6bbba163d929c29b283145e97f672b1303ebef1eb0b8738f1e66966904a6986d67d541ea41cbe3548bf9f255b83bfc96c5b46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
2KB

MD5
8da70ee329633f78b430c108f2ce1524

SHA1
33e4c155be1b2d8fe33b2430f267eace19de14c4

SHA256
7e51095225508b8c0beec76ccf30ea8c6e27f556e18ef22d18886c89b6bf8ceb

SHA512
ebb0a22eea78f5815a8aa551b9fd3e227e58fb52940143a5626c347d5463bb6e693bc3d302da3ef5403588709606df907b8369e6aad60b59e944fd92091ee16f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
1KB

MD5
b8550f0dfffb574cd762ddd6dbb76f0f

SHA1
6d720a512af3c9525e01d4cdf3e10db7755d805b

SHA256
b81e973d72b7bbcec6d8b3662de743b0a9db0d769b145dd728c31294032807de

SHA512
fb79e98970d1fec14957b07b9bb105333835d2c932fc3dae8bf449e67706e582459cd1a46f6f8e023eceeb53f45307d0380211f7c7eccef45750b59fc3af6bf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
199c6662f0b260a9333ec9661e43c615

SHA1
327730e4aab1f21e0966d024885c611cd9888816

SHA256
d874cdf0af49360f614bf0109aaf853fee8915e32c614be78208a72f250cf803

SHA512
1a0be98ba12d7d2dace1c769bc6495c6827639269e9a3e18e82f923de8ec6fe47e39bc64c9d350b00b3df00cdcb37558f2a393bf759ee12e3a5fa82cc02a5267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
ce734b80524b69796593c681fc78707e

SHA1
98f9bd443184ab4f96e96d395f730edeed97a83b

SHA256
ef993fc8c252c6f48ba9a649ea2dfbfb35513371b0d7e3f7c565884a1449ffb8

SHA512
4c50425e1943550ba42bcf38447d1a4d7e8fa95ae31d6d8075448a355792e2d7765f455727721d971f5da5bc81841033d3e10ce7c06c36896dded3fc1b1f7e0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
da75722aba3663fc2a2da053b613f6c7

SHA1
c63dfdf0fc3c026c7a2c803164f10e09576bdd05

SHA256
758fbab6014452fb09d6d6b1cade07d871d7eec0166ec0bd02de3e4213b3653a

SHA512
59de798b21c9ea7299a70748832ea0a3a82bfab5a8d17166868675515849dd01fb4961a413ae9a67428b20e06aaa8fb40974209460a1ff9bc3aa3f6bc5133ebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
47a57bfa55bd57c28a92c18851cd5c85

SHA1
c6cc7c1f52f95856997dfba950ea9934a741ded6

SHA256
97efe6944988e7fdeac0a854ac96a287e7f961c01128f67d00ba6ce9dae369ea

SHA512
7f2a30506e77ee5ebec2266d97f24a31fe2c895b4d83d16baf66168a43d903df5e632986c1bb1f2208f20c48b7900ea8301797ab27534dc2be4c962377099942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c5bce5db2f66a4b22a91f7f2e0874fc8

SHA1
60f1f0814d4c3e9a290ba4b2e659cfb3188877d2

SHA256
14651aaf0d9a7b737a9a682c328720bcb7fbf11eff8e8f0d81e964a2c32109c0

SHA512
41f368017b63467da1f918e2cfc0dd9bd99c508b1410fed4b0e2beeb03508db9580de4e9a27e7b4d4a3a5bd54d625b21338812957b8348f15e0959425e62820c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
dadc788d922b7b24e0301d71a38c3c30

SHA1
10d7c292471d5d1c3d18ce6ec8e30031b24c5141

SHA256
cf0e5d5067f8aa8a6fa4c0a5d6edbccbd78c514532dac8f4f2de55514fc965ea

SHA512
86819f6a388deeab3d88a79dbe94c6057b22e796dba2400fa8877ef7b91e865cbd9469161ddcf75af55ca6f5496411d4d39dfe641c2ecf692fff9b680d0e1af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
121147d0e5d73d6cfcb85c2f720e2933

SHA1
ba57fda72af70e3210172e53df1cb2139e3f137c

SHA256
e08d7da5df2eadcfa0aae7a29b695f5ec769e2a0320c44e06326795f35431fa9

SHA512
4c05102dd541f7a65c09257330363087c58630940acee930b181fa27fdf610eaecda01f7ffce2304ec2b7e23d9ed332dcb46a95b1e56d4a49ade758bcca8ef96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
a261a90dd36a6ef0f956e2effea532b5

SHA1
78c5dfd23532806e57c3c8c5bd21a42a53019494

SHA256
d6e6c84908654dbf5a57b9cbc6fa919f4c49d8f87d292002b0b8ff0b380be184

SHA512
10e0e9bc85f9bab773e2c7397bd9761b4c4ecf24f3260f684e1f8d430b8bc80c9ed0dc160946852a3d2979cf6b0e15254fbbb986bf1a9b2e85fc48a15b85141f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
fea4db82937acb9cfc758188d882bb2e

SHA1
7016ba73a7ae0605e0f9bcfce4d15deff8e28fdc

SHA256
406a5ce306018ebb18b4ff90417a275fe582677a3fba3df8907d694453175b88

SHA512
619cf6ae7eb29b22728bc5ce008985fecb94e70d7719854db6b1994bc3d7d5f61f9e4737a5a687ce318d9b8bb122af10d68a16f3b5e8be11b2f3b8c4c97279b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
8bcd7bffec8d8d7a9a5cb90202f8a8e8

SHA1
41baecc55f02ed69e063144767a3265d82ddb107

SHA256
edec1e69c25cc115af00b109380685c4f62c9f35cf8ec449f0d1c166452bc721

SHA512
608d5f58e2acdfd927e1f7f861a3e7aafe134c52d5053df2149322699fd0b8ea27671f6fde35da2956a108100db8afbf263878b7cd583c047cb8d72ca80c19e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
808f3115da76fb9934150d2dd3d60e72

SHA1
1e7c4255a33f9d62119e1f4989813cc9a28bbb3b

SHA256
241300a394cd2358f5259d678b1a770cd72d1315e5f04570d0b1e35e58a87cb4

SHA512
51b59998831441d9ee9df869d11dfec9ad1fee2c94d047991da0c1ffdf1d119688e67e92c2fb9cdc2898b591d37462352ab9ca5ee1995f7755eb973da2a3c6b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
aec9493880ea64d7a9bb6b70dc6b07d3

SHA1
ab73994532ea53e950404fd9644824f0805a79b5

SHA256
60ad8f4b805ddeabaee9b19f84e5949e21211af6bb9d5d330226ea1e56c8ee8f

SHA512
90dbedb86aaeb197dbcc840839caeb68e4bb7dd2b908239058869ccc390d06e040c41c1fbc06ee07078fd9042be40e5a4e6925b43238f7f9d74cc8c16b0e7a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
Filesize
36KB

MD5
5f3d91cb4cce6cd9b5f724ee7493842b

SHA1
f3adc4344c2183875d6d426613e48ce3abab6cc8

SHA256
e3114290890e8fefe72419fa9bafa5a044a6343190cc520d14a189d5bb6ef6e4

SHA512
e87880437d814b2614e9cdbb283a61238b1964be3da682e281f9eea94b3e65d073aa7c813b64c9464a5348c30a6cdea811e7de85c1a71371f4a0865d1da92ff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
772B

MD5
c58dee00735b6a21a1093087d72f1c51

SHA1
4509e747e688adacfe6428af171d531e7345d4aa

SHA256
93ebe89564de828902e3c9ac4ae630cc83642a7f833e95f4bdf42276a41bc8d5

SHA512
b001767a22d5355bae919727610f87eeae34429fd705c073b90a8305a1b9166ee0d500222dc9dc3fd332535c17b030a8309604570a14285748cf37cf9cfc313a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
319B

MD5
133ddd874183ade1465eda7c94976240

SHA1
4bfde6364eadacab2bde6022f3fb90d754f295dc

SHA256
7c49bc6e68d546a57ff3ab64a6c5c734dfb96617f972d79aaff948e6d74c0a2a

SHA512
a55a639979225fa4c79923a07176cc4c7d253bb9af39dafb6facd42bed442af8926158f5ae5da4c01729121a0f2cf8b613309bbe3781a457df4d8077531b6359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13355057301348665
Filesize
16KB

MD5
ba8eda8520c8b129d11d6db08b6898a6

SHA1
e8f51c5e600f92e7618321eebfee1d4d099bb8aa

SHA256
40160f96a8705f478b203a1e784e0d5ec74040579b9d479c762aad41b8e951f7

SHA512
76f1010a513fe5251bc6209fa6315b9e8b288480d8ca41c0039cd3c6294a4dee60bea89e8fc7cab07aa4c46371e79a5f7848f4c3e4f27d1d3a023f177072fced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13355057301694665
Filesize
5KB

MD5
e286cac128914b37b799ebca17e5a0e1

SHA1
a0ce1b9a395c58279c0a9cb7c57e9464e025801a

SHA256
88f65a1f7e20d256811dd5d6712aad3a95381978e2097a6256839074a863ee73

SHA512
f694b36f6cc5a5d7dba9221d65de8725ab585537583a089aeac97ac7bbde16c2873947bc618c759e38a7e7d4a9639bf4960c75381e0f8cd457a5cbf54921dc56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
184B

MD5
801a03416649eef4cb601bf32ef61aec

SHA1
265b0d768e9935ddd8f5e9085a1967b69f79c52c

SHA256
8c020b12e4b0970222eb26b3c8c7f9e1865b45fe89d9159f46588db1ac14b5d8

SHA512
e017e867bc212452f01393671f8a5cc7229c28585abe6e95550a71f2e9ecf47131f12d16382cc66bbd6b67d50ab049348bce0e579539b4fdf64a9007dac0c350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
b8ab492b63b00c39e61f97a0ad60c754

SHA1
165f863b98dc4e6c5ffd74a4537b127c9fd2764f

SHA256
45c1090af3541079f52d199587d996aacb58a6304ae5e5649c01dda4d2000297

SHA512
84a73f8bcf630f99ad26208a78e059422d2663fd137ce9f0b50dc9100c8c4e2d0161db440e38025b64b024691c533f96f013d944cfca58ef11f33e30f047dd9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
35faafb60a14aa09c6af5bfaf768d381

SHA1
a2908bac5bafc0eb94789e042b112dace337635e

SHA256
bcf6947612796b3be922b1377718fa70b8d91eb7e41627da6ccb894bc2a8c4e8

SHA512
9c3363e7072cd33d7f6ac10ef7344deed367e4917a4a2db87a878da07def9bd01d44e3c0a37d606110f229b3e6a21544822f9f800de8eee558f101baef17bbc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
874B

MD5
b6c9686be2cdb4c9d33338b59c64f50f

SHA1
241f3391aefb20cea955a5559062ce58470e94c3

SHA256
519a58e59eef3858eebcd6a2dc68f05e4674a944e00dcb2e4f7c2905e239bb06

SHA512
c6eee7c1bbb63d98f21daf37789f580a98f8702e9e6b2e7e3c52855ac1ca05580534ea0f5418795093ccd3d34bda8b6a65b2451e817d81591285b535a125b6b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
0deb65568b32735a81c5226a7c422243

SHA1
de7e2cab14d58a4ab748a18801e3ab8466291c84

SHA256
c55609bda436a8307d6a4e68708a70f52345cfea805f05f890c69d54665716f8

SHA512
496593c4eee34bd0f269602b1bdcbf1f676b87003a2742a320839a37042fd4748b2cd11a41fcbaf2cd6364eb95ab8db5b04a14a5f0503d6e27a926ce6cd626c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58dd8a.TMP
Filesize
707B

MD5
611ea8d3d6546b7885c685e3f3acde39

SHA1
b8000e994e76b0a57adc4ad58c937bde6b9f6842

SHA256
6763f648446ec53018ea01aa1200bd9b63cda3d874e83f90e1439da81148d230

SHA512
661a81b1d77ba1a4082d170ffd1d5e4404747afb369f3fb50f2500614e2f8beb2792ab1567a6020498c12ba4e51015a1c598b2885a51d771c0aed28f1707ce2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
de19dc7141e8ae71cafea5f88495bb99

SHA1
388bfc2ee1264dac9f0bf5908d91b7462c626d9d

SHA256
bf9071886176185b60a0c25a6bfe2d621c7eae040719e271945794dbd024c862

SHA512
568f34ff6126dfdd0d8e0c2ee4ff1af13b1db9f4957a95a6817ba645e69b47cf61586305273e5fe4f8e5baefa673622c9aa7de66755dfe60c0709b9028280c12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
Filesize
136B

MD5
2cc4211702f0873529804da30312a755

SHA1
f905b5f7ba3a7beef8961e21cee583318a39e5d9

SHA256
02b6c15ab1feb7ab8509e5667017a206f4ba946249fe24a6d33a70deaa9ec249

SHA512
e34b8dd2a1ab27e2c3ddbb224c34c69e1895b10e04cb28f3e6f222309979c180844ed89024011dae4233a1a4204d734b62aacdb605581992d9dbc584150e9784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
52KB

MD5
9a5a20fcab5f3cb8ac0c8e0bccf7f178

SHA1
0c9ef69ff5061a1aff5b6206faea69337696e560

SHA256
6d6ce2ce67e0bb2f86a195d584724a93b4e04f3e19af319400dbd6ba9643e527

SHA512
42115096adbcebd51b61bd25268f423877df377aa4cd524d0cae9111fae2bd1c18f6b335e0549a80568455366cf3eddd83323029393a09273646b9192a895671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
263B

MD5
8f10350a0395d17df8de30575cbc1e2b

SHA1
f3e0a19b0359ed4e9f4f733c75a1562de8c85fc9

SHA256
023597101ee9e99922664822cdfc963b6fd5e6afa8016a1ae7f23834bf3a4428

SHA512
a459a5d3d0762e48ec170030f708ca5f7eef83a372b0979aa01a83572a5079181051a18ab061610914f358921e3ede5a3f7e93d5efd3e5803724b8e6e049f0ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
319B

MD5
97180b6cb79f070f99ef39071df2aeed

SHA1
d84d1f4db5c44d0acd788013c362a2c9b68ff9bb

SHA256
d31fe55ca49701c393b0ca289dffbd76cf66253bc25bdee13385276ccb29378f

SHA512
01450941ba30152cd31a6b385981c329ef24e147c6f13e8a4f3d9feeb8291ecf21d66c3b5965d078a815ea88846f84e6e39281229eb5ff1c50bc32b473cc7cdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
594B

MD5
0638829d225fb9e445144e22dd2c4d66

SHA1
3771752591e9e62289d47b81e92fdd1c9767a2bc

SHA256
1a40b86f614a8eadac9b5ba461e29e4414538ed2a2e0d3d3a70484aaab259ff8

SHA512
1a72fc74affa41cc25aef10b1bf3e173e1dc8171b3c673a6d57ce49f286cd927531a55c45516414c1f9a75045595cb902af53638906ff7dc3029c078274ae5c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
337B

MD5
8a07c177a3696fd7b95638a41c7115eb

SHA1
79a918ed36b4b7d54a171b3ce559b371dca3faf9

SHA256
a81c840c42be52bcd6fe63466b230823324b9fb059d29ac2d961df0a6c171746

SHA512
88969407acb266c2072bc99ed43ecd9cc914f3f67ae06b0f3fe8ea8eb9ba90d62a604705dda34827354972d36f1a099bed4de1dfaaa00d6d7738473278bb36eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
e978ef8237fb7a78420fd502e6f863d2

SHA1
409d6816652565b0a46ec47b4265f383c1ef9391

SHA256
43455e61fba316838a088557e949034b28afd280b33d35bf3ea01b60ddffe68c

SHA512
a1818949e5df1982173fbc20383aa0002df9a9eadeb1fa25c134668430afd5710e9700b3f8dfc6d57fd4b2d8ecc51e5e8dca458fb4d9253dd97247e2c8552b17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
df0c16996b7d1c5de2d2dcb1241ba04f

SHA1
aadebd06b38a80a4240ed7607890db8b45cec228

SHA256
0285eb4b327c181c896ad49161185f06a90f9d4476f31bfa1c9b2b798e3055af

SHA512
dd2c8a8b3942513c0e1df03139412b41b21372d634e51f6aed32846d080ed359fc2d09036685ae0cdab6c5589c05d8b39896d3719b2fe6681ff7b5a87d4f4a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
Filesize
960KB

MD5
27710c6d997521e5cb52ea5cc32ac81c

SHA1
cd4ff1e788338183f406b2e4624045fc7a4051ce

SHA256
a2ad97ee4209c4b7349f58f98cc4cd9904b2ad7a06a46cb8b746092f40c4ae07

SHA512
e8ed8475e76ba35b90dcd82b01579fdbc861e5c72860f03c58524a63d64d9baeae02e18dd841fac928ffc1197917c5079158ee09d4b75bd3c6ec299477a9c31e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
Filesize
16KB

MD5
dffb7164984c0c892ad67aff97aab87d

SHA1
df94cce03775263525ecdf1a4f6a55adf2e0b6f8

SHA256
6103cd48521fd7b05920814ed60455f92b327e00330008ec4f161e9bf5135502

SHA512
bc8c4f3643e19b8e2ead7808a433f9b3a07b7c64409b9428ffd5ada52052516bd7eceb77f0d4de1340d0b08b4fb943aeb827667aac9935fc1aa559173daad97a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
Filesize
17KB

MD5
384e5b959ce3e59e12f93605f61043c4

SHA1
bb26bbf602cc8abcde380f1e91587f15c6485317

SHA256
b76542269d00a0859d591ec572b0dd408b2f4c15f0dae9c23be7dccfdf54e18f

SHA512
ecda40def5bc359a1b8e0e4a033f5fa68f7262f2b36e2149b1efd472a88673e24b381d34489e5bcc899ead1b057763eb940f7c3430dc88cdfcd03f47a0992e2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
c753da3fe0c6714028c57d8c3072801a

SHA1
f041201f950f9ab578c8ec9edc213c110964dd5f

SHA256
2cf3e16a2e2c96c2292dfeab5f4c866b22cfc034144693ddcb49dbbb1bacbda0

SHA512
1cd69df07a38282813adf71adf529bbbcb7fb5088c2e373659aa75e7f85858bb12386b2de010d27fff81afdeea2a9696693139f26f3f69dea0d24f04c3b545b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
cd3bd93ab4f94cede21593cfa175a42c

SHA1
ef24668c4467e601a21649ca890ae6675a55dcba

SHA256
927c38ef226550d1c1c42a0732334a0c860f99cafd9a33def07e676d53927cf4

SHA512
96dafab50e044b76bf165527a9e581fb1341c19cfe7a595d4a40fecc4dd1dcb3556ae63467c6f8d7f1297988df78d3530d257d7b7838b4b51ac53eeed6187023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
71b0a1e8e4f5f619db8f8747411a5cdc

SHA1
5e7b1c5b259d84a0757651f8415e2fc2a194c7d0

SHA256
7fcfab2425da9980a874c82106e60a28e4a34a242801d96868f006299e6c97c3

SHA512
32aeb364679e1838e032e8034953109055033327014179fb14f14ce11c886c1d743b836abfe5eec03a594e1c02f8d29703c8e1bd1191c1afc075ad4d89399c9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
Filesize
4B

MD5
708fdea6ba365c067536e27e1bd77e7d

SHA1
949d2d272ec8af4e626c330493b842890da415c8

SHA256
c502946f4191eea884f980e6d09c3395f6c23a869b04fa2478ddb2b0805a700a

SHA512
490ab8d4c08e5fdfbec3b06f6e4c3410512c7af2296a64899433f90c760b0ca59ca9f00da4052afd6bad4cee9f404c4d6a9f3f15cac148bc2166d030fa997ce0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize
4KB

MD5
67e4f42eaf12eb0e22dc19f5002a4a42

SHA1
ca2c21ddcafc5d91e813d80527dc009f99f44994

SHA256
52cce5c810b54c659cf9fe52718b640b2aad4a4a1260a42245f67414b811dba3

SHA512
406df9c40e6adbcb5846027672537e4b55223213fce37917368b2b5c5e314c5c9ede5be018439f962742c3c184a3afed54654a47189d3c4540cf2aa61a635492

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_1264_IDGYCVFIESTYAPZY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit