49d9667c5a159ae257212c0569877c9587b4eae9a129e9bc1b24782ef9f13395

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VvkxEIrL.html
Size

2KB
MD5

d05dc37df608d21ed1251bd7e3f3da83
SHA1

1aea5d34c3c9c61e36bc3f559e0d6b76d20a1045
SHA256

49d9667c5a159ae257212c0569877c9587b4eae9a129e9bc1b24782ef9f13395
SHA512

72c2735f1215cb9033c2e00c8d886e8f3b99baf0b49a947490d6cd07c257b3f4da47dff451d0031b7bd1513991d92a5ed23a3a0e741adcc208ed59c53a746b9b

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133581192479175196"	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4776	msedge.exe
4776	msedge.exe
4652	msedge.exe
4652	msedge.exe
4892	identity_helper.exe
4892	identity_helper.exe
5340	chrome.exe
5340	chrome.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
460	chrome.exe
460	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe
Token: SeShutdownPrivilege	5340	chrome.exe
Token: SeCreatePagefilePrivilege	5340	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe
5340	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4652 wrote to memory of 4616	4652	msedge.exe	87
PID 4652 wrote to memory of 4616	4652	msedge.exe	87
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 3736	4652	msedge.exe	88
PID 4652 wrote to memory of 4776	4652	msedge.exe	89
PID 4652 wrote to memory of 4776	4652	msedge.exe	89
PID 4652 wrote to memory of 2656	4652	msedge.exe	90
PID 4652 wrote to memory of 2656	4652	msedge.exe	90
PID 4652 wrote to memory of 2656	4652	msedge.exe	90
PID 4652 wrote to memory of 2656	4652	msedge.exe	90
PID 4652 wrote to memory of 2656	4652	msedge.exe	90
PID 4652 wrote to memory of 2656	4652	msedge.exe	90
PID 4652 wrote to memory of 2656	4652	msedge.exe	90
PID 4652 wrote to memory of 2656	4652	msedge.exe	90
PID 4652 wrote to memory of 2656	4652	msedge.exe	90
PID 4652 wrote to memory of 2656	4652	msedge.exe	90
PID 4652 wrote to memory of 2656	4652	msedge.exe	90
PID 4652 wrote to memory of 2656	4652	msedge.exe	90
PID 4652 wrote to memory of 2656	4652	msedge.exe	90
PID 4652 wrote to memory of 2656	4652	msedge.exe	90
PID 4652 wrote to memory of 2656	4652	msedge.exe	90
PID 4652 wrote to memory of 2656	4652	msedge.exe	90
PID 4652 wrote to memory of 2656	4652	msedge.exe	90
PID 4652 wrote to memory of 2656	4652	msedge.exe	90
PID 4652 wrote to memory of 2656	4652	msedge.exe	90
PID 4652 wrote to memory of 2656	4652	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\VvkxEIrL.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe87e46f8,0x7ffbe87e4708,0x7ffbe87e4718
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,7012103538520572398,14338481657070358044,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,7012103538520572398,14338481657070358044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,7012103538520572398,14338481657070358044,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7012103538520572398,14338481657070358044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7012103538520572398,14338481657070358044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,7012103538520572398,14338481657070358044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,7012103538520572398,14338481657070358044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7012103538520572398,14338481657070358044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7012103538520572398,14338481657070358044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7012103538520572398,14338481657070358044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7012103538520572398,14338481657070358044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,7012103538520572398,14338481657070358044,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd502ab58,0x7ffbd502ab68,0x7ffbd502ab78
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1880,i,3490685106069722295,6297516618148673446,131072 /prefetch:2
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1880,i,3490685106069722295,6297516618148673446,131072 /prefetch:8
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=1880,i,3490685106069722295,6297516618148673446,131072 /prefetch:8
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1880,i,3490685106069722295,6297516618148673446,131072 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1880,i,3490685106069722295,6297516618148673446,131072 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3600 --field-trial-handle=1880,i,3490685106069722295,6297516618148673446,131072 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4184 --field-trial-handle=1880,i,3490685106069722295,6297516618148673446,131072 /prefetch:8
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4476 --field-trial-handle=1880,i,3490685106069722295,6297516618148673446,131072 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4620 --field-trial-handle=1880,i,3490685106069722295,6297516618148673446,131072 /prefetch:8
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4460 --field-trial-handle=1880,i,3490685106069722295,6297516618148673446,131072 /prefetch:8
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4964 --field-trial-handle=1880,i,3490685106069722295,6297516618148673446,131072 /prefetch:8
  2⤵
  PID:6132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1880,i,3490685106069722295,6297516618148673446,131072 /prefetch:8
  2⤵
  PID:6232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1880,i,3490685106069722295,6297516618148673446,131072 /prefetch:8
  2⤵
  PID:6320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5540 --field-trial-handle=1880,i,3490685106069722295,6297516618148673446,131072 /prefetch:1
  2⤵
  PID:6684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5868 --field-trial-handle=1880,i,3490685106069722295,6297516618148673446,131072 /prefetch:8
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5976 --field-trial-handle=1880,i,3490685106069722295,6297516618148673446,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6136 --field-trial-handle=1880,i,3490685106069722295,6297516618148673446,131072 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3200 --field-trial-handle=1880,i,3490685106069722295,6297516618148673446,131072 /prefetch:1
  2⤵
  PID:4444

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5920

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x498
1⤵
PID:6140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
9ff2adfba90d8dafe5191a705ba27072

SHA1
1a98e4f270539ae68817db8e4ed47da77d739efc

SHA256
64872c946bddeb46f77f4ebcc98ca07add51e16543d8b00adee3a0ebb2d700f3

SHA512
2d17a7aea4b0e12722fdf6754f20c77beea478ded38f75217f1bde433782c5ddff4f09aeba959dc99b7facd37f41a05174fc7ae45dac76b82493117d3546633e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
479101900cab9a46f71315f9d0877197

SHA1
d8c28ecb1f3a8dfc8788f5edf81ec0abdcea1839

SHA256
e2eb97d9c6d3b2c916873c8ecc8020d08fc3328f25c779ab448cc76f819f1f2e

SHA512
fa2417b738f7531427c42fda4e50544c645276701024a0ad150aadf0f38db619fc1b0aed80e86d2e9e671f20b0ac84dc5e87d3d3bd2a96af524b41fb4c9fc558

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7408280017a87eb5c6e2d75b18f1d732

SHA1
25eba42e8740d9bdd6d33c117b8be33be1cc6417

SHA256
96b96d02544ee8e4be041e3ac50ad54ee4f74ebca9569b4c7f72ca9a767634eb

SHA512
4465b0d95a39d2c9d3ef16a21969538ec0df3aa13639e8980911dc3ce68b4bd0bd9898f81cca55a07f3f68f64820522564e8b8cb2a99a158d5a27db2b7a78335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
be4a7df9ba98984703fe56c3c4f5852f

SHA1
41054c06dd030bb1139b8fd6169be2fd3c93b1a4

SHA256
ad0924ac548f427b90946001be1d8ddda48275e8c19dca063f54ee0f97e3fe3f

SHA512
6b2597a3bcac1751690da40e43a9a4f90f3402426262c240c0c470cacbbc2f0e09253447646c667e35c645bdea42c0dfcaff9b3f9fc043916162b7a73e5b3e48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
90a5b1d788081cc1ae0a8d2b24049a3c

SHA1
072be9a0b21bd664a909b2c084014133099a48f4

SHA256
b14e932256b36d06324ea07321bb821c3027c11e0eb7601c1362ee9d5fb0f5c7

SHA512
f1e1b47306920406fd8035e5254c7cfbc2d03641b818a825d347212f66a0c520fd6fee417f276e40a0e156a26e06381341acdfbfb353aa5205cd277562c12fc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d8328167a4b3702ecad313d78e3b7f26

SHA1
abe9f02758a8f98e188855e95624d3b9ad6d9b51

SHA256
e215a3030124978085e4ff0f937b354c171694a67e9fe7b11ca53ada103a9453

SHA512
d0fdd8e2133e225a461f54b4b4be6507d694d0248b3d3a220d8b9961980934bebddd023ac5c4666c1fa6803e5d07f4e05c5af32079262e15be50fa5959d0eea1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f7ee8815276ae27eb21043ef86fea112

SHA1
af4f32c3329d28e86d0fe6e9ca883d1c5035bc5c

SHA256
9b4c1f2724c18e168cdb70ee6b9bf757ec5193c789d8016688e719e3bf103859

SHA512
578fbc3e6de6e8431fc49635acdf7ec8278f8f4a75a09f8d22d1ca2700326c1d4f8abf82937921313edfd500f3bae8440f3e33aace6f0f3b5209d00af0f857b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
03e131d360282c7eee76ffa64b103f69

SHA1
fb5ea07890d33e449aeb084c197c557c1eb7e5d4

SHA256
87f403881137b93faace591645e2bd6ed2d9c4114b88dd2d0a3e49a0f24bc696

SHA512
fe9d251780b4003a596ee0adae733879a65e46d01d56cc30e9908d3bda1c15c2a044d0a1bb5436e74816107af67ae48c9f5bb5acafe29715c81c1d3a5d7eff7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
c83b1ec3258c93bbc811c340e754524e

SHA1
803444179e6e9fe00dbe251b8ca9718922f594a9

SHA256
557f8fba82f3ee1b2c0b1dda74c53204cd701933072e2d72308532ac0e4ce036

SHA512
a87dfcf79baa9ed5e6a2d9e6e0c501195b2fd9fac80416ddd7ef87efa82696910578f4199db86ef1419a81d3110318f85bf5470908129314378dd6ee15f4103a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe593771.TMP

Filesize
120B

MD5
c597488573e4009f57712846eae660bf

SHA1
acf401f6e79a0e99fca1439762f7c52adc2d861b

SHA256
06f5107ead20ca87967e6a6bd707515409559a1d988e0465b5a71c2d58069608

SHA512
2c827f4ae059d72f62fef9d0e52ccdc8092a2aab50497dfff54a0c0768006893068a40f9de10a0eb169c4b9353d830b04fc1f3bab9a2e97cc920e98a7660b062

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3ae61cbf31c79e46b12054b8814c0cf8

SHA1
87dd6b988be286aff7b4b3ccfb48c536e8819429

SHA256
5b739da778d98dd00cb573785524d997a6139a79b7d41f263246c1c298b292c2

SHA512
4071e65e58817a4dd8656847d25c5cb56cf138eead44373cd8b03b87c3ea74671ec7599accb6b5984f75122b02c5724d42ce71aca8b82f2a787f4cbdea0fa907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5928ac.TMP

Filesize
48B

MD5
28d54a6c7e0eed5b5f094ffbf56a8394

SHA1
ec40a7787a95603db56eaa6872805099f1522a15

SHA256
b749d2f97364a50104fb68d8fd11b505fd5c62aabcce749cb2eb4f1b1896f666

SHA512
7f117dabd8fc5008a6dd7522848165ef15def2bd60805e0c5de29ca287c6edcfd26412df1427e350318e57970eb582646438a1af744e46259dc2a33813551864

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
e4594f356174b4a1d72055e7b5c5e33b

SHA1
4e2196a0067433cd7ec764dfe7ce0b965129dd9a

SHA256
ccc02abd6b7e66ea18429b9d8604a413e77a2d0d1d768e9f10182026f2614f58

SHA512
cf76bd22ad9e34535a65bb9dbd70cc19557d59d05b6f86530128abab5fca3e7b7526ace37fa40b685cdb50721c71095da861a7d067241e51599d42daad7d014b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b0dfbc6adb7049c8e02775f4df0692da

SHA1
d69f52ccd8de3135d4212f50993eb2b1fca22baa

SHA256
caa730ce60776180b795d5bc9e73209a393a6b733763bfeabe5535d2ee3758a0

SHA512
a1e232d083f88d567ed0040b5fd5c1d19838dafbd2e9fb9f729d798493e486820163968e71f8bc964f4f259542d2a0e17c683f32afa22306856e03abbac004d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f66d9053a251005114721309d5e58ae2

SHA1
b4d782c6ee2e4883330acee101a2e63b5742b836

SHA256
eb260a450ecfc7f0375526a0bd4fc0a8633ba41b162225016f00a38a6dc8edee

SHA512
065dd85fc91604dddfa9d9c1cd2c074325ac5efebfd4162ed342b36ec6b22d92cdfe0a918864ad837e0b47c25301de982c771638d6de09d5997a8e17ab7d68d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
35f9400263f3eb8ede4e400618e8427b

SHA1
f734b8be3c20b3e03a40793086aae49d7b00f76d

SHA256
2949822977ba45cdd95514fddefecb41ed847768e00286d4eb0161fc342ecd93

SHA512
81fee1ddc67d07900efb4333f069e0227932490701594c0e2eeaaf843465d5d5ab1df0ef9fa9aa72203a9196d6d8e4cc85a0712fe34973d7428f1fa1fd26f6a1

Download Submit