hxxps://sdertjnbv[.]xyz/XyY5xbzS

Analysis

max time kernel
270s
max time network
247s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 16:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sdertjnbv.xyz/XyY5xbzS

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133586228909618892"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4420	msedge.exe
4420	msedge.exe
5116	msedge.exe
5116	msedge.exe
3436	identity_helper.exe
3436	identity_helper.exe
3664	chrome.exe
3664	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe
5752	chrome.exe

Suspicious behavior: LoadsDriver 14 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
652	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5116 wrote to memory of 4168	5116	msedge.exe	85
PID 5116 wrote to memory of 4168	5116	msedge.exe	85
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 3156	5116	msedge.exe	86
PID 5116 wrote to memory of 4420	5116	msedge.exe	87
PID 5116 wrote to memory of 4420	5116	msedge.exe	87
PID 5116 wrote to memory of 2092	5116	msedge.exe	88
PID 5116 wrote to memory of 2092	5116	msedge.exe	88
PID 5116 wrote to memory of 2092	5116	msedge.exe	88
PID 5116 wrote to memory of 2092	5116	msedge.exe	88
PID 5116 wrote to memory of 2092	5116	msedge.exe	88
PID 5116 wrote to memory of 2092	5116	msedge.exe	88
PID 5116 wrote to memory of 2092	5116	msedge.exe	88
PID 5116 wrote to memory of 2092	5116	msedge.exe	88
PID 5116 wrote to memory of 2092	5116	msedge.exe	88
PID 5116 wrote to memory of 2092	5116	msedge.exe	88
PID 5116 wrote to memory of 2092	5116	msedge.exe	88
PID 5116 wrote to memory of 2092	5116	msedge.exe	88
PID 5116 wrote to memory of 2092	5116	msedge.exe	88
PID 5116 wrote to memory of 2092	5116	msedge.exe	88
PID 5116 wrote to memory of 2092	5116	msedge.exe	88
PID 5116 wrote to memory of 2092	5116	msedge.exe	88
PID 5116 wrote to memory of 2092	5116	msedge.exe	88
PID 5116 wrote to memory of 2092	5116	msedge.exe	88
PID 5116 wrote to memory of 2092	5116	msedge.exe	88
PID 5116 wrote to memory of 2092	5116	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sdertjnbv.xyz/XyY5xbzS
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd55cb46f8,0x7ffd55cb4708,0x7ffd55cb4718
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,1243264770437090748,13605991023811275198,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,1243264770437090748,13605991023811275198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,1243264770437090748,13605991023811275198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1243264770437090748,13605991023811275198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1243264770437090748,13605991023811275198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,1243264770437090748,13605991023811275198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,1243264770437090748,13605991023811275198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1243264770437090748,13605991023811275198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1243264770437090748,13605991023811275198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1243264770437090748,13605991023811275198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1243264770437090748,13605991023811275198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1243264770437090748,13605991023811275198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1243264770437090748,13605991023811275198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1243264770437090748,13605991023811275198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1243264770437090748,13605991023811275198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,1243264770437090748,13605991023811275198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:1
  2⤵
  PID:2988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd5572cc40,0x7ffd5572cc4c,0x7ffd5572cc58
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2016,i,14208824638765387855,3263572601622650557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,14208824638765387855,3263572601622650557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,14208824638765387855,3263572601622650557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,14208824638765387855,3263572601622650557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3228,i,14208824638765387855,3263572601622650557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4568,i,14208824638765387855,3263572601622650557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3736 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4708,i,14208824638765387855,3263572601622650557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4956,i,14208824638765387855,3263572601622650557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5160,i,14208824638765387855,3263572601622650557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4572,i,14208824638765387855,3263572601622650557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5272,i,14208824638765387855,3263572601622650557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5752

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1148

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\44612f75-cc33-4512-95d2-6300d1ee1def.tmp

Filesize
9KB

MD5
53762f9473242652018b761b4ce61648

SHA1
85705efab37256861125cd0444b2ee6c7b703ce8

SHA256
89e141aaeee9305c6f75103923a6900f93b51a733cdec86b8be30440e27bc443

SHA512
9250c2340de1715c59b303fae07723165f0c169e431a44d7e4ce39e327d63f4089bb59dcfdc19389252b6619da9acf36760666fec48843cebbc04dafee278e6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4f40ca468e6cf51aec806a13697e1d86

SHA1
b7cab4cd570732dce51d1294d6c03b7ea3fe7957

SHA256
89bba4225c6abac73e0447f2510d67daba4fec7f4950558b5e41f800cf184f4b

SHA512
f2bb8b2f3e16265e45a6a08825f294219987fb5f3cffbc583940344ff26fb138c05266ff2f73db24701fd37a2d398803faf67cbac89aa7414f5905d5b4808522

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
47e7831097f97c33f11f4e7e929697ca

SHA1
54d915b541d21a8de6d5864d69363e4727556f03

SHA256
9253c57ebb581f0b39c6167bd0b248bf3b54cdf9391ef9bc4cef515de3dc8599

SHA512
fcaa4e13f03a59643849f6f437dd885a3f7d5008c1fa867e04f3fe05e0f4788abace497087831daae95773783fcbeb1519a6c0a3f576b1fd8e1228f567b4bdff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0334ed6fde4abbe4810150dfb411b024

SHA1
82304d7bdbf997fc6b5de1ac75727397e2744bcb

SHA256
28e11c377e878ec356f911977a38aa65b0478c1e5cb3f815858130042308f25d

SHA512
056c47dc2320da605fe54063c53d45605591999d881561c8f116826386f102084f0ccdd58c7e1203a1e18dc8c7b122b7ee05fc530f427b2482077dcd8b72a21c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
df1951441316201a9bd42259169044fa

SHA1
fdc14b52924fced8b838ad2543d08dfde0620f24

SHA256
bc1e86a3d2a2370d518ac1bdfc104e0e28229a0ee679a8c1c12bf18d183e037e

SHA512
d0f39f93ee361c4592e003c6e331c333857b6312c0f1be4502a8781e2f7b78b456c5e248a561610f17cd53be2f1187a006f73aac671da26ad5a4466315a8f301

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7b13165c4a014eb270371e5c5efd72d3

SHA1
8de239d8fb8745e20cd68e3de906462ef1922fe3

SHA256
ffc18c5b3bdda55b92cf76f96df472692c04641e2754e74e637350939afefbd2

SHA512
2baa9db8a2eb7ba1d1cadf260db7e9e942a7fbc47906b8eccb187af821a11af11f434331130630bd3a9a5a9b9135c7e20d6100d71e4a91a0d06774dcd46d9c18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7af41dca97a8aecebbe4a3c6e1d990c7

SHA1
dc7860043db913e740117aadd093cff0c4ce35c7

SHA256
1d696d398cfd2661fd1cf671d9dfb1a363ac6b97da5728bff54971577225f561

SHA512
bc8a852a3b277e24fdb55f31679837e2f4f035b1ccda2c688e8ecb1501addbf5435b56f332d182d3a206a2bc991db444ba983df90d2769862f93acf96320184c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
82f9c34a8c8db1d26cda2541a57dc6b0

SHA1
8ca9d76a0a96735918e6e8726e2a09c20a335a91

SHA256
c6e3f3bcc727c21159b51601fcbbbd85e9384cf00662963865d779f2285dfa7b

SHA512
ad676718292a1daf6115a4f72408dbecf23bc5af860e423fe67c7c1c2fdf66666b6381645878228e262fc936957b510d9749d72c2b06d9d5ba4a17d8ccc38c49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3f9566724e7a0c00e671c2e62aaf190d

SHA1
450514b0e2f3f204fb4a390d881417e35557830c

SHA256
4d22b86b5d8ab58d81a53f46c98f53a785791b28c2c4c907ab6c8e2b028529bd

SHA512
2f9d64acd7850d44001be4de01c8d33bbde82a801909325aeae2c5bcbdb2b222a5125ab890f3e76789160cd266402d5dc2de9bff1e66bddfe004f63fd9594f32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb9fec7bcb524a779bc39417bd1331f2

SHA1
c29e4b77f362e5c8ee24365d5ce9964abac409e7

SHA256
d38c0c0843d6e02d27b614b20b2b54301f84c080d7789fe3b669b852b524d408

SHA512
95cee3c6d76253628be7f52c96d8bd24aec6cb60667c4e186a0588ade778e3c0bcf50cfe1db6ffe9324c75318571d1de31a11f11165189ac2c423740f016c548

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ddbc3f7cd84a3eacb4efc1351aea17d

SHA1
05527e32a88d8f08ce672077ab9cc28a5031aca0

SHA256
c8b8a3fd712dedfa49f32cc399b4ed00392d1e59edb5b9014068de2588055fce

SHA512
593d0fb0eb38fc467ad879406bf4df616a21d55c5f13fdad6098995c77e421015c506dd32e42d3cd09e54a3a32d060eed6d411977f265f36ef21dc40273d0fb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8348999c8ecbaa5329fbc18a6a4bc3ba

SHA1
f59e2db0235cd807c63433946025ae99544ed05a

SHA256
9317dfaf5ea9fd10ed37f312e08e76fd50c36c312bd9f3061dc1a9a88dcfdadd

SHA512
059f2bba4b73fa00d5b28268695dfca8c2c2cdcae648d69427a1ffeca7166e8d55b1be1d9beb3f40141daa6b5e6bf760d8cf02fc0e71340fca5b74dce2b5d216

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f1a6330aac685a76ba963e4976e08e88

SHA1
e135bda172e51a40e307e5b19c910fb8810cd5e8

SHA256
f2bb87b7c575bf2a4c6414617c5a9a1ca6942df30b820bf1409e6413c37102ab

SHA512
8fe255963bd0cf464c447a4822a24c15021352652241b4c1e3abb2e96c5283422de664786b658392a66ab3f027c62d3b26a84bd8d8ea86b973578d27f9d0224d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dab78462968aedfbc0fc4668fd98ca79

SHA1
5b07467e3cee2454fd5b9ff08a7310f5689cddd6

SHA256
0ef9557014e7da4643c3f605a333452156c8e377c258707d83895e7f86ea27ef

SHA512
c7063dceb54de444e40ad64e845c1f818a9d5d86ca6ca4b80d59c9ce253828013ff613b06a5931017dc8fe0af711438d1e7876bca00efd1a59b79cd474367fb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
78c1f17f234952944b6a6c45eadbbbd6

SHA1
8cff2472a10063837d780dada8aaf9eb958ac20d

SHA256
4ffac5ce388cab3e9a70205613b6bda6fce28eac528c626ea7e148efda21b22b

SHA512
a029b76ccf517468b0dc0a21be47f4c5bbee936514efe6976dfab548bf001f3ad507bd31b0d6fc7ab49ed3c81d812967b47bc52242f17247a1b5138d7a56d523

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
39a02aaf1324a52d48e651a1437d7bd3

SHA1
6906c94fdda768a42e472a652ed9e698356fc1d3

SHA256
14203bbd3bc066aa2bfa76722fb32326c2c456f0ed00146e77413e9f665b1a27

SHA512
b5642b2d97a301ee63a7602368a8b7c85992b7f10a082aa69e249a6d688b18697e5710df6c0df7681fcec7dcd9e76a9e2d9a31200042a62ed43682fcf432275e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f400aec37d8e6b413f5232ce40b14b1

SHA1
7b91205fd05d49d4a3f04138e690f504d50c683a

SHA256
ad14cb4d17fd68c29c7816fb2f2cb8e8f51bb954b1842f437e2b39ffbefc7d4b

SHA512
327a7fdecadbc6a49bd4bfdab347a9a2ff474fd681a76d6316f3219cbeeb9af1e4c389ce77f084c6a61691405179feee26fee0b3081254d961c23e8c40c59aef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c91b554ef28d80e6b18f3334f69f7474

SHA1
5c0e628b3e1f9e5f7197a2c830633a733ed905c8

SHA256
76cc6afb104e261d424b644827301e3a0c103c71ea5157eb2706a3413d7471bb

SHA512
89a4de31f3090fae974674b605beea1b661998e9376fe31bf7599440dc3633e0fd8319c7a0b5347177dc4139870a10897a23564316c6dd307120fe15a00c7447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1268137927814bd1f3b9086bb21165fb

SHA1
3b4701071ba8db519d6995b0dd61df1931d09dff

SHA256
f20b66efee81fb96e28746d4a8d4cb3d31555815b35f7c59592aeec0ee4df727

SHA512
645935d1338f30cfd74a00d152b0407136c41b9c73925a8f5908c6e7403bd97423247fc33eef4fe558a62cc5711e3055d881acb1732ed58d13f042afb1e813f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
da3d42ae502799bb9107823f275db667

SHA1
efa8a2ef14c0d0bdca3a78a16338c2cf1b59978f

SHA256
37f2febc574ba1891ba95d6f7a875de1cab4764c955616032c7471a672919797

SHA512
bbd1ce07d90eef00970916b4b51748a7051b3d8cac84b935fa4a8e9090a3b0abaff02ee6c5720a5e5656678ec44343e47cd5e703bef95583fd87ca733a213804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
fd9263947938dc629c4cdfe9be5ab227

SHA1
8c52f9ad746e7fced3c568eced6430999db9937f

SHA256
ba2657d005609630c29c9ad644819e6d44ca1f883a60deeeb68669b19a4ed842

SHA512
ecf5968a2b8986da44f17e990fc5d7be2ce1da11a7c8aa8dad1db4f374e2f89dbf84ae14c18f1b3e8843d87eefcdf32d9937d65c55a42ac666fe402e5f6880fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
91d6922a17c72f28bf3d89cde7fa5c92

SHA1
630cbcfa2695b261655fa9c7ecb0f0bef9a24356

SHA256
54da91ed8a04e4345a2ed55e23ba505a910fa53007c662e743fa843590ce79c3

SHA512
01b0a93d451446eb00ef49c13039f7907c4a835993cafd1c217f2753ff8d098fe885e71201bc90be6b6092c40b8dd573b25adda873aff0a9a28c82a20b34d063

Download Submit