hxxps://vencord[.]dev/download/

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 21:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://vencord.dev/download/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627889314334035"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
1672	msedge.exe
1672	msedge.exe
2724	identity_helper.exe
2724	identity_helper.exe
224	chrome.exe
224	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 3172	1672	msedge.exe	81
PID 1672 wrote to memory of 3172	1672	msedge.exe	81
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3436	1672	msedge.exe	82
PID 1672 wrote to memory of 3364	1672	msedge.exe	83
PID 1672 wrote to memory of 3364	1672	msedge.exe	83
PID 1672 wrote to memory of 1336	1672	msedge.exe	84
PID 1672 wrote to memory of 1336	1672	msedge.exe	84
PID 1672 wrote to memory of 1336	1672	msedge.exe	84
PID 1672 wrote to memory of 1336	1672	msedge.exe	84
PID 1672 wrote to memory of 1336	1672	msedge.exe	84
PID 1672 wrote to memory of 1336	1672	msedge.exe	84
PID 1672 wrote to memory of 1336	1672	msedge.exe	84
PID 1672 wrote to memory of 1336	1672	msedge.exe	84
PID 1672 wrote to memory of 1336	1672	msedge.exe	84
PID 1672 wrote to memory of 1336	1672	msedge.exe	84
PID 1672 wrote to memory of 1336	1672	msedge.exe	84
PID 1672 wrote to memory of 1336	1672	msedge.exe	84
PID 1672 wrote to memory of 1336	1672	msedge.exe	84
PID 1672 wrote to memory of 1336	1672	msedge.exe	84
PID 1672 wrote to memory of 1336	1672	msedge.exe	84
PID 1672 wrote to memory of 1336	1672	msedge.exe	84
PID 1672 wrote to memory of 1336	1672	msedge.exe	84
PID 1672 wrote to memory of 1336	1672	msedge.exe	84
PID 1672 wrote to memory of 1336	1672	msedge.exe	84
PID 1672 wrote to memory of 1336	1672	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://vencord.dev/download/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2bd746f8,0x7ffb2bd74708,0x7ffb2bd74718
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13736028471140503449,12306787821286270181,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,13736028471140503449,12306787821286270181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,13736028471140503449,12306787821286270181,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13736028471140503449,12306787821286270181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13736028471140503449,12306787821286270181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13736028471140503449,12306787821286270181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13736028471140503449,12306787821286270181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13736028471140503449,12306787821286270181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13736028471140503449,12306787821286270181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13736028471140503449,12306787821286270181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13736028471140503449,12306787821286270181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13736028471140503449,12306787821286270181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13736028471140503449,12306787821286270181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:3676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb1d3aab58,0x7ffb1d3aab68,0x7ffb1d3aab78
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1884,i,8248218572581156187,7444318483200588537,131072 /prefetch:2
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=1884,i,8248218572581156187,7444318483200588537,131072 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=1884,i,8248218572581156187,7444318483200588537,131072 /prefetch:8
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1884,i,8248218572581156187,7444318483200588537,131072 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1884,i,8248218572581156187,7444318483200588537,131072 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4424 --field-trial-handle=1884,i,8248218572581156187,7444318483200588537,131072 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1884,i,8248218572581156187,7444318483200588537,131072 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1884,i,8248218572581156187,7444318483200588537,131072 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1884,i,8248218572581156187,7444318483200588537,131072 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1884,i,8248218572581156187,7444318483200588537,131072 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5084 --field-trial-handle=1884,i,8248218572581156187,7444318483200588537,131072 /prefetch:8
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:812
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7f161ae48,0x7ff7f161ae58,0x7ff7f161ae68
    3⤵
    PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4960 --field-trial-handle=1884,i,8248218572581156187,7444318483200588537,131072 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3188 --field-trial-handle=1884,i,8248218572581156187,7444318483200588537,131072 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1696 --field-trial-handle=1884,i,8248218572581156187,7444318483200588537,131072 /prefetch:8
  2⤵
  PID:3824

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1ae59d17-62cb-46d1-a63b-56afb897d448.tmp

Filesize
276KB

MD5
27b88874a96ee4892d91775866099c87

SHA1
a9c99ef6d53fdd739c7334392cdd701497e53795

SHA256
88b8705a6cee222f5ede4cb0c81224d1cdf63caed9dcfdc1c52fcdde89ef9b8d

SHA512
50a3d864db3245a495727eb4cbc2ea1160cb9df6b2e2f300bc6b7390d89730f2a5eecb2919a5bfeb1b91e48b088fba3cc3d811945cb7b6014a141e0a58aa8dde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
bebd8c39db01f1ff2f2bb3d237ca095d

SHA1
2d362565f6b1b66d0efad8d86aa4ab261e45e8cc

SHA256
3ea7e4c5b8da8bd06a9248889241c811b6fd6da1dcf61aecd61c48a84d0fa641

SHA512
1f8b6c787b0417249ac9a7df7818d487f415c0d2cd7b737bb5ca2c0197b4cd7d32d5363e61a0d028bb2b01db48a7c9aca4db568f374156a6c878b4dd3c222fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d6827bfe0b74a6a85b4a29770b82b048

SHA1
37afd1a364807bc25de803bf55391f22620d23a4

SHA256
c3a4c5d39ad759e0ee18eafc741022409085b54ca494abde4edec21f97b10ff1

SHA512
e12a16695f1623a69f32319e312cbc80ff236f65c154ed02181c7d7d2eeffc3f66d164c7eb5ce93de47c726dfbc047b30757dbced3bc0149ac3aedc84aa30ede

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
99dc6d76f0dac662d041887158d70e68

SHA1
382d37cfe217bb45911836dca23f92297ff19aca

SHA256
b2dcfccace95c76f47e1a6b77a0a8adbe7384a0b6fb71e9df4617d60308d6790

SHA512
a206faefc8297178c87a9bf6033e62e91f3f940ef996aa54c233feb4ce84ee960d8542ab6166dd76f31c440d0d15c3c94d103494f63096e6909d15d6b4da6f52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2c4da5b04b5979c02f253968a382cde4

SHA1
8321acfc9dc3d0bcb388249bef85869512c34f0c

SHA256
76065f67e9bd7fb5e8282b168bfbe5c74961863664913ad489d6ce58b27b3c6b

SHA512
8c794457d952ffcbe7704413569688bcbec3d452d617d56eecc247a56cb94ec7dc6d47e9ddeb29a88499777684f0568103611203986025f710648007e66a0f91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
287fe25db943103ea9af59cc8d75a12e

SHA1
8421c07c7c7160aac88aacd26121af462bc7ef82

SHA256
446a265fe7760c32907cd3bc093f23692d1f6bd0fa59584461c259f884d4ff8b

SHA512
ce869fd97721954d720b4cc05b51a867a1254498da6d47c3b0c7a3c7005205851d74f5b974b14ca16b377eb5209b6028a4fc45161532485579ae913458a1e284

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a6256c9bf11b43cbb3429afa6df5228c

SHA1
fb13683d2c9942b27fbdbae9be30fd470b36e86d

SHA256
18af61944806e7fd1381b9545bf57b5b0bb4e829dcdfcfef4cb84b84162ce309

SHA512
c3785b1b02649af4a467885355053980b4e5b0635bf9a3c32ce7820dc79dc88d8c00d539532bd98907934bf91502ec6fa0aba3d40db200d69a591f50c9b0d97c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
76c9b9d3fa62711f6c5fd0ee455832f2

SHA1
289a5298463886cc5f0ffbe8610b650edf7c0f69

SHA256
d0df944c348394641f5b8c9a75ad94e35082289c3192eedc26a6f71852dd59cc

SHA512
d9b845cd293145112c0e3a2cfea3e31dc74cf1321e078c523450d78fce2a8c6e4a13288a484ac01c433746af64be7e890647e00e2b31eda9011f6218e3426b7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
69f215333fd8768611afbf6d485e7f3c

SHA1
c12c1a6f5c818a10b9c82559b37c63c3d517ee77

SHA256
9fc7af6e3fbf5ebaec179d9ac9eb7a039ed388276f6adc10fb35b89cdc958fec

SHA512
c303045aef67eb502d1ef924453771c5cf19478de614faa98dd83f63f83c01c14600a670cc3790cd8b63b4b929c2429df743bfddd6d2a1541cc569d23cc2882c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
678492b7c659e858c366a655b4b0a0ca

SHA1
474e1ffd5d18b256ebfa021ce26702b0c26e0091

SHA256
b7d92282e60ad9cd3b0859d826cdf98471d13be2fd8fd29cd390604fdf3711d3

SHA512
5929373f0795ee604b3c25d0f662aa621efe4fab347e9991bb38ab915dfea1f9f083064c8103dd5d2d8338533adce17a1c064116a5aaa775635759093ebf8c11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cbba8e352596e65c7771dcbe215869a2

SHA1
78667052dd12c38a874d095f4862a501fc4e38f6

SHA256
6d5810539e3507b5d423fdfe9688816f251ee2bde1e324727bb4c9b496f2eb20

SHA512
2850f631db4275c3eefebe34810f62a289358b91beb7abf8131238ed0006c21d94bb2c01b3f654a8d0efbe6ebcedf7a4ed6c0c3a476269108c2f0cdab392bdc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
470dcb5361431cd81cd310688c71ccab

SHA1
0536f0f90b7eaed451997b4c109de582d9860e9d

SHA256
7859484d3b74c30e08ed281ea37d4695ab9bfcfcf912ccd7ca3a0b04248b0565

SHA512
b93288987eac112d23456076c0dd90bbaff60fee244a4a43564fb9bd6293dee6d87ccc650d0479e0588012f3e249b4b276de2f97e2997aedc5ec112d3e3eb26c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6dc3aa99f9b3deb0d1aeabd3d2b71c81

SHA1
b433b65a3d9de73e3c6a301c5c60d141c3baf4df

SHA256
15a3989baf13ec479648c8aa43eddebc8e1a65e8081f78068c0171b3f2a11215

SHA512
75e95376de82e4a2f320091cbbe12cab30ad0a8993a886741176eabbd7061abab78d363fe258a554b93240b74626a7f2fee25021211e94188a4e70d972448b49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f18ff346f44edc7a99b219119f7fefb6

SHA1
982904581bd4f030677f79c8a3811832f5fcb13b

SHA256
d96550f9491a57ee51e2359fc375d977aef1153542d19b9fcd3ce0536fbbd945

SHA512
dbed5da97d265977cceb57471ccaf1b7d01433b1fc39b43552cacc9db8868def6afca3ada0286e6723434737c09ade25262277d31ae84a2f5585a14bf04dc3f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5c9b8670bf6de07f4069633d6a5e04ed

SHA1
268ae1b9885f6d4709e0dd2ad39eee627df1c038

SHA256
efad723170acad84373d80c24f254edd8f8c000dcc5faa5f5d92eaee52cfc925

SHA512
6157895dad5573a7c0c912a581baea88f42de164eba05c6f094459c756c2ae543f47d667eb7014946732be0db9412aa4b00c86310af5fe07c2a41c07aa144b6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
6bbaa31755a082154b8f280569d9dd50

SHA1
99233a7b2d00c459440b08a43aeba3de18719bfc

SHA256
ea3150be980f3b5ec4612df80d1a68b4472af5c8ad4bb323b52494e812fcda98

SHA512
0b6ba1a4dd8ebc7177bbe4f9d09f0d7c8f9101fa63abb14486c701b4ec34f537c3728f81fae9882cdf333bc9a6002ce0d7826c74fc8c072143c7e5d7ec6e4a8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
6bf150ae899911a92d6a632b2c55d0e0

SHA1
e796295f76236159f06e901fb84e6907a6815607

SHA256
4be524a891cec2e878e4f569af1a1f9090a5393425fd750b87ed59e1e271676a

SHA512
139e69838babea210f567f2b2f842f137fc547f6993da60f730c9655af91a26b8e917ed8effa22839f6daea64f7033891e63161695ede0fa52e0f2371241dee3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe591ce5.TMP

Filesize
89KB

MD5
01a2908a3185107840c1e9d0574bbe0b

SHA1
865506ee444b516bd49456bc843e95b03493ea7c

SHA256
7328f07ee13334122d5b462070a17a229472a730944035fe6bb7a0919ec164ab

SHA512
4d11664ba25d739d4eaabe41818f99262214dbf18cac0fe433185839cd62ce29cd7b565bbd7f71eec6b5ea8dd75b3ab84f153b516102b7c71fce15af51d70894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
d346ff70af616ce80d20aa6440d9614d

SHA1
a3ec0c99d4f595a28a0a39c89bfc40f720dd5279

SHA256
02bda10a6465ac081dcdd060e5cdd7bbd7769101aad706eabed7bd76e44efc6d

SHA512
777aed218b3822b441998ac82765fcb72595c333ba7841fc7808aab6386c0da17df93a378796752939ef1cab1ab1cabb60c971d081df8123b0d3f6aa08425b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
179B

MD5
743f5a9aa2c75924f6bd16df05c459a4

SHA1
677cff5d37d73415be47f36fd4d3cb08413a36d9

SHA256
aaaa49bade6f9c593dd7f5b29d7b67a67dded05decb8c550f3bca6148a01a9af

SHA512
e70bdfb172bc27f31222c97acc0a9589d49c8a669f36eeca2f446cf80fe358ed0cd42c5c6a4525952c831eeae87863156f7c60c843fca7030d99587e8d3fa9cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
678446a972f0907985ece89100068e5d

SHA1
18b15b59d8388e99bd00e518a401a890628843e6

SHA256
39efdb5526b12a57c37158979938daa935d02dd01b42f3f8a916779592b1d341

SHA512
adecc7acffc31d8c16b6f3f290474d129924298e2a1996bc37f669989829afb89ec78bc18e9b379d281c8d6f10e87a6d3390eb199df46874793197c01d89ba2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3b1132ab68feadf407278e8370d1b06a

SHA1
64d085e7bed1a30c805223630e92668a709700e5

SHA256
50887bbdc235295f906435d6d30a301a9ca9379924171a4a4703bc936fa8daa8

SHA512
1de407a2a378f3af359157854e20754180e7ec1fab86ab26adc9d7fc3dd4b343580efd99bfdf4c8cb11e97a90dfc67467684fcb2993c66bd01797fd91c3a1425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b80b9b8af4d3d8662d4f234352fd26bd

SHA1
2ddccf328ad6d98e2ba6441c9b87d7635edc167c

SHA256
f5d83b387b0433c0a17f36b434bfd1f221effe119ef0d4e5aba1c48ea998bbbb

SHA512
e83ca99ebd4e8e345886cfa99e6d02ebb390d7b011985a4f67f24554d0a5400ab46cb50d311343a6de250aa578bbec323b9b159fa802a19c7da7871ade9a9ca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d235da21ad4f102be2ed4f7448ece359

SHA1
a31a55c5c5d92dc5dcfaa23193b7c73d6256b6f8

SHA256
803201e4571e64c04cc566022984cf7385a93d6781b62325007a96a591779f3b

SHA512
346a75de9b77b4b18565979bce9078359244cac919e5fc9972ac28414c9ec2653c3d135cf7d150f5aea68225d8b728994a1d7c9e9e6e8a98b29170bbaf7b8973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
07a0585969e2a727e04b54cf2ec8602f

SHA1
43c95dcbb129dafa6990f57173c314adc0c7964e

SHA256
9fe8031d145e4a54e2eadaf86101ff33bc336a7bb72c87d5f321d47946fa02fe

SHA512
23b142f33ae2a20d49a5992ea261d7042fead4fbf51bae8e8b9075bb9f6b2e5eeeb5fdcfbe3d88ed2f8ccdceca708108bca3fcc7508ab2b1561f7f1013430fe3

Download Submit