hxxps://www[.]bing[.]com/

Analysis

max time kernel
129s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 00:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.bing.com/

Score

6^/10

execution

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
132	camo.githubusercontent.com
130	raw.githubusercontent.com
131	raw.githubusercontent.com

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3419463127-3903270268-2580331543-1000\{88265A4E-F9C2-49D7-977E-4BDDECD9BED1}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5052	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3300	msedge.exe
3300	msedge.exe
2164	msedge.exe
2164	msedge.exe
1436	identity_helper.exe
1436	identity_helper.exe
1228	msedge.exe
1228	msedge.exe
3228	msedge.exe
3228	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 1712	2164	msedge.exe	85
PID 2164 wrote to memory of 1712	2164	msedge.exe	85
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 220	2164	msedge.exe	86
PID 2164 wrote to memory of 3300	2164	msedge.exe	87
PID 2164 wrote to memory of 3300	2164	msedge.exe	87
PID 2164 wrote to memory of 4660	2164	msedge.exe	88
PID 2164 wrote to memory of 4660	2164	msedge.exe	88
PID 2164 wrote to memory of 4660	2164	msedge.exe	88
PID 2164 wrote to memory of 4660	2164	msedge.exe	88
PID 2164 wrote to memory of 4660	2164	msedge.exe	88
PID 2164 wrote to memory of 4660	2164	msedge.exe	88
PID 2164 wrote to memory of 4660	2164	msedge.exe	88
PID 2164 wrote to memory of 4660	2164	msedge.exe	88
PID 2164 wrote to memory of 4660	2164	msedge.exe	88
PID 2164 wrote to memory of 4660	2164	msedge.exe	88
PID 2164 wrote to memory of 4660	2164	msedge.exe	88
PID 2164 wrote to memory of 4660	2164	msedge.exe	88
PID 2164 wrote to memory of 4660	2164	msedge.exe	88
PID 2164 wrote to memory of 4660	2164	msedge.exe	88
PID 2164 wrote to memory of 4660	2164	msedge.exe	88
PID 2164 wrote to memory of 4660	2164	msedge.exe	88
PID 2164 wrote to memory of 4660	2164	msedge.exe	88
PID 2164 wrote to memory of 4660	2164	msedge.exe	88
PID 2164 wrote to memory of 4660	2164	msedge.exe	88
PID 2164 wrote to memory of 4660	2164	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bing.com/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff876c946f8,0x7ff876c94708,0x7ff876c94718
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3700 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6152 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4752703583582393573,4703013376527990314,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3888 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3404

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x518
1⤵
PID:4612

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2548

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_bitaddress.org-master.zip\bitaddress.org-master\Gruntfile.js"
1⤵
PID:2172

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_bitaddress.org-master.zip\bitaddress.org-master\src\main.css
1⤵
- Opens file in notepad (likely ransom note)
PID:5052

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_bitaddress.org-master.zip\bitaddress.org-master\src\bitcoinjs-lib.util.js"
1⤵
PID:5108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
41KB

MD5
78b45f66500680832e342e6fb8f0c7a0

SHA1
457528aace12ab0b6487a490d7b8a6adb13dc8f0

SHA256
5cb9b5d3fb0be382aa00936369c7589c938a438c3942c9883072dee465458c00

SHA512
6c1aad5408b7c02a828596f5030fdd310b78b79dffdf3b3dd997aa26802b55026bc18d7fff44a0e3fadef8087b43964262a9894fd4fc06de1b229bbc6d3b2b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
1.2MB

MD5
931d16be2adb03f2d5df4d249405d6e6

SHA1
7b7076fb55367b6c0b34667b54540aa722e2f55f

SHA256
b6aa0f7290e59637a70586303507208aca637b63f77b5ce1795dfe9b6a248ff3

SHA512
41d44eafc7ade079fc52553bc792dace0c3ed6ee0c30430b876b159868010b8676c5302790d49bed75fa7daa158d4285e236a4be3d13f51ff244c68ca6a479ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
23KB

MD5
ed239671d609c66bdea1297bd11879a9

SHA1
7a3ece813c6df65cad259a070a4cbf5bfac5e7a8

SHA256
fe320f1c5b67402aa8fede269a0a6d1169b478ecb4104acc79c67cbfab06cfe4

SHA512
018ac5e9e86728e6577fe9fffb254e8fe51efaaa50bcfff0a8c2fcfc21ac20af55d92b837554c3e419e47f5a8f226fe1e1e5702eb710c4c1b00b00fc9cbe3576

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2574e1f881fba25e_0

Filesize
1KB

MD5
b1dff57e1c68394c0c86509f0cc3575b

SHA1
5f5177c036efac881afc640b21ec911c859020e2

SHA256
af6df9f72a33fbbfd7cc8e340c8c3673bd209662d3dc3edbc3f16c282fadd70d

SHA512
47f4bca5ec9b6828b330a40f0f040a66a31c6842c58be14899834218681af21435dd2c7d7047b0b59d0347e0c98d43862f8ec1b63b12b2cf2c59e44ada99f632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9105667d9f16c90371b13cc79064d284

SHA1
b19de3e66662c2cba6cc0e7761a4d40786d94992

SHA256
6070bee9bd73f59a718540388fee6e2c2df713d1c18b9f0c326474188cf0a0ff

SHA512
1b073210dd5adcf23a5da4c77636acc4f2fb6f4632cf00a18982d1127aaaa7f28865d1b0796ae83e78d5fd433db980f68be62fe7ad5088ff82d923244e5710f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9c6f1784ffb4cd71ddbbea8484890a5a

SHA1
862b549c2d82f24a19cd9bfa635c6e0590b1fbde

SHA256
a6e691215a49c8f1e9aac98d02abfa0108f352a620c81c515c6d277e69f8b6bb

SHA512
871405abd6821a2326bac2a188fe96c4f40940542162f639b3b66e9424b070ccd39a3f6ca23d266f108b32546aeb209dc349ee21f7adb1c1528156da3a115e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
55e1a404c8bc6063df53e3c1efe707d3

SHA1
5d09881115820b306acc76f4dfe055833f9196ea

SHA256
31eaccce2579e2e9f1152bcb275fa2cf03d5fdd7eb402acb56d7a2d4826e5730

SHA512
fcb41c28d2fa7b011fb6b67e8f240cac3d6fb75e0cfe620c8ca207f84937ec37fcb4607407b2ae175a4be32618f4d4695f1cb2b46a15274a13bb54250d61cda7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1b4b493b591cbfdb6eb62c89407a0069

SHA1
0be46cdff8e7e065f169c2099634aba56b71ee33

SHA256
fb7c6696d725c69d694690f7a4b6dc2567fd743c7dff9c98e765a2a8cee51d1e

SHA512
68965754603f7fdaae2b8a5d486f6861d9a9ad3df3ac5b0cc4595114251c7261733169506e08522ebece3c6cf41621038d0af9d0a16657d17005ea66b1082e5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6dbed38adccc49d44418e2771d91d9d7

SHA1
959cbc3fae3250a6dee8836794b0879759d31128

SHA256
156af578272c61863d67da9cfe213ddc7ca83f4618dc7157c38cb936aefe633d

SHA512
3831a24b58fb28262933ee14327503eda98d2e9531e50e57c7c835e3f3b55db887138c8d7fa4004015bc69588b95563c00751ba02b4e68c59ee4f71bdb0f64e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
82b0eb30ee82af9329c8df8e5610da4b

SHA1
240843a9ac2a9a0d572eb29c89ece1a76992a00a

SHA256
674227c0489e053560c6921619c9e5f2b6d2d97f095844d3b5ed832e04b1a5fa

SHA512
00b541086426c9879eeefc67f14d793fda2043526aaa95983414cf12363b94b5c6e00e9c92b77b6afefaf96fb74e1ecdb8b2ea86e5a17e7b87dd2a1468957683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fd2f7d72934aa242fb5de1d9b6e86206

SHA1
bd06dd67b480fb4f9849d3d9e765a06b6f1a33c0

SHA256
f30bf0e1df5ef63f4867a17693322ad80cde9757e054b75f7f9f390fe76dece4

SHA512
856e5b36bc9e8a379694637088b277736174b702af3094626073206644ac48973a6703a5447f2224e2dfd904023092d3f1d96653c3f3040f07faf0a5b54956df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6072fc1fdd48b17cd3685658283e226e

SHA1
5b9c37ce178b18a0f7fdb638a571cac6c9230c34

SHA256
1c89e790a9da19e909ecff369bd5444bd25b2ee5b28e21f4141eed6a473435b7

SHA512
0fd6eb89902dd022bc34a44a64ce9a0e15bbb760920259632d509645659f7637a0b0eb3394f3cce422fc7f314e62923f3c32dda27b2de4bb6dd785774103a124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ff2899581e0f3985b5fc33bf6abe4861

SHA1
99096817f59b6729f11e17224323eed279a90e02

SHA256
f9610ebd49c8bf2223e4eca0b4e184b2a7c33e948f61f807e0d2d7620fb368ff

SHA512
5ab4fd9d4f55ae86773f8b90278dcd357d9dcab8734a7a8acf453cda490a20b4958cf381153ae47a85e6d7ee181f150405e94ae234d4f2bb91bfb733bbe76f9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
356da8461b8e2f1f272ea769926e86a4

SHA1
7c4e50254e55b616bcf8c77fa48ae2666ddde4fb

SHA256
27772e37460bda9b3fa408ca8a28feefb41b98af10aa110ded626d45e7503d15

SHA512
680584b5d8707732fa3ceeb6312dc711120045a98342f45f09ef7a556e838343e954f27e010f2d0741f77bde3b036b13c9ea3dc8c2661c728f44164f36cde67d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
88ae07f2872246834e67cb31e1f3cb8e

SHA1
1fd3eb29f25bd17e45bf4cfb167949e3d0966158

SHA256
67301ab0bcf85b92e7e6477a670a44629d34f897f9cf7e70c28f6333ef33aa3c

SHA512
19f14a8d4ca81013e11a16cb25ee448fa6db2ddaff3dd576857fc7779e84cb6f974a711f9564f91c8f163dcde2bae050559f0fb1388d1c1f9b0f43eef826bb63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5bddfe010d900e68c89fde14bcdce64f

SHA1
c60c6a83b30cbe833d5fe08dae34eca80ad0abfd

SHA256
92ec84592f1f4d7bebc571b223f80a02e9b0a29d44869b434fdd41bccc838b0e

SHA512
daba7e805f658b25ce721ee192c999a2645865e0667a00897d88a92e5e351356962c4914946e8c635a8efe71b5eb74d12ef0aa79ea490274c6a2544ce5da6ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b63d3c02d82f8c761b998102c7b20fe9

SHA1
d69b4170ba365536bfe994c8bdd8f4e031444cac

SHA256
21d53d6a01b784806ff95ba19450a9efc29761d4ecce408980893c2eab4431cf

SHA512
4152dc593fe1ab2713926351d59ee242b55f3a2bf71252e1f83131762517c0b0a60c57bf6bc4e85ee71250fdb7aba62f247c3df979ddbb826817fbdb12b15e87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d2066a97422a79e42a12f0980896f67b

SHA1
a23604964d186356ba8eb7ade56824bcf15edbe0

SHA256
1869255af305283bc117de6a885ea61d194343fd44dcfab7d00ab847b2778984

SHA512
877f2ff8cedf217710a6fe35502df5b6067d5d15f98be95116c6918e5e14af5b1a47044a8e8430688a8107c4ca43ed97dda06b58f89945770b887ce19438e713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
8c0d26e35d1c0dbcbc18ba5f6c3f39e8

SHA1
1e0e998c125e6d0a0dbbd56332d6c37f2bb7bbee

SHA256
6e576ebf959848b6ac5e72ba2167d9fae661f70591011f2ff2accd01027ce58e

SHA512
2bf8261be1b5a6f89bd5d4a3e43f5cc474b3cf0958790b4c4bc52e40f3bdec21288c84b0a881fe45ca440639cbf69c092e7ae85992753f8b6e05e013c4fcbb11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
733b714c715236005dcc238cb803273c

SHA1
2ba288ab00020d29036b067c6aa446b9066f7c00

SHA256
cc4eb190c1b194dccf8ad9f05d111ad4d691009e5aefc6fa40edbcd4b3c06edb

SHA512
2d640668e769ab8f58310927016b1bb4798c7301c5a9f4914cf7b43e5f93c41d78576357e5bebcccb13ce3e15e94f4ee98791907fd3fe9dddcca08414ff7434a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581f99.TMP

Filesize
538B

MD5
c5afa5bfa186ed93c3bd7fd34b340b8a

SHA1
85cdbf5be223d4f06df2cf7a31ba96c69d77288c

SHA256
c1887c8e23b63e68eb459444a1356ecb3fe497868825cf720472804bad27893b

SHA512
7ca6e3527371f068e047137967c7c640070678098e6ff166ebdb766137bac0ba82d01fe7c8657953236bdd338f72ad2c2a7033621a1391898ad25b531024b550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bd6396c8-490d-430d-85e5-c0fe46a4c1e1.tmp

Filesize
1KB

MD5
3eba36e89fdcaa387a959e3b4a4b988b

SHA1
ebc8e454f56ef5c49e7953f3272b71ab700cf9de

SHA256
710b30f05e71d0426cef7ef43576f05b7fde87bafb2c2db3385b37042e2d9cf5

SHA512
1c9c13ceaadfa55ac0b34477d342f65280338d63bc25e05427731760a16e340a90672583891d00fe43a92b888878a16a833325e145f6c3a441e6f98f77d11ed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0cf5edd0619b0e83289d1d6d11fdccc5

SHA1
9a8a9a301f8a8353ec128b9d63fccc9784c17834

SHA256
d9e0a5ae8bb19322f718730cc1f9a1c1c994ee5b343e33e02fbaa3c54dd01aa1

SHA512
4f3093c8d630aa06254ee50c629c6c015a96bb6303aacaac65ee2ee14d32bb151394c7ac68796595e92a7b39cb7d1430ce0d67f5df88820f6583a7c1dd70f3a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3fc4f368eed2cbba079fbfcbc1ed24bf

SHA1
948c5e17d02e740c1fce816d167e4fa872cd79bd

SHA256
dfe62843d10b63e7c30e1e83b39652a28c7ee86fae2c1a57ac4308447897427f

SHA512
68e4012e93dd81a555af32401acccac73e7a75d988900f6a0584662f8b6aa5b1769111945c16d33399442d5a2eedf42cfbf0c0141546ba319ae898b284840a69

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
663c0449bbb382ecdd7d2123aa0655ff

SHA1
a9e096dc44702b4897e22ee393569563e47821c3

SHA256
afc2d24773238f0751c8e53d36a53624e0b1c80e68f2bc4d73b4650f8302c207

SHA512
347ffcc08d6537fc90a8f77eee239cb60bb6d0576a8efcbf5cf1c990c0cfc1196a81a2551531683ac3df8af41b47c3cf7421db5bf4d39d6ea2cc46bea653f84f

Download Submit
C:\Users\Admin\Downloads\bitaddress.org-master.zip

Filesize
900KB

MD5
62e3f6d1d6b26db9d8d94ac36620a164

SHA1
2feb3093737a2fa0865241cfbf900ff2fe4592ab

SHA256
3c8374a8716cb5da7cb6dac9976399b12bf606da8e16c7cce97acbcdd719ff53

SHA512
4ba095cfcb253dc4d33f17f051964aa0b3da367395490f2001c17bda0e68cfa7880e4e187047b0e7f480b9294ef8322a63dc0adbd72e954964abba24bd18808e

Download Submit