baf99c993a1094965c7bf688b525f76a0cfa21848839ed58050c8f35f5c7ddb4

Analysis

max time kernel
159s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 00:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Octane.exe
Size

1.7MB
MD5

d02263c63eccd063a0387e56aff27e8b
SHA1

d4e2a58a4a8ea06d88a57f5f5206c6d2a8d97727
SHA256

baf99c993a1094965c7bf688b525f76a0cfa21848839ed58050c8f35f5c7ddb4
SHA512

dc7614dcb134c8fa6840c0f1af6fc2b4d3b762a6aafd5c388731b6c7b5636c6912b3a0391e08c397870bddf753868975091478e44d89ebb49bb72175a534b345
SSDEEP

49152:WVN9f+8t4eBEaL1KGoUi/dKdIk0B28voQ1WAp:cb+8bdL1KGoUi/dK

Score

8^/10

discovery evasion execution

Malware Config

Signatures

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
3464	sc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ProcessHacker.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
2456	taskkill.exe
4328	taskkill.exe
3636	taskkill.exe
1960	taskkill.exe
2960	taskkill.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2718105630-359604950-2820636825-1000\{DB7FB11B-5B84-46CE-A385-ED8A7226EEB0}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
1680	msedge.exe
1680	msedge.exe
4888	msedge.exe
4888	msedge.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe
4336	Octane.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
664	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

pid	Process
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeDebugPrivilege	4328	taskkill.exe
Token: SeDebugPrivilege	3636	taskkill.exe
Token: SeDebugPrivilege	1960	taskkill.exe
Token: SeDebugPrivilege	2960	taskkill.exe
Token: SeDebugPrivilege	2456	taskkill.exe
Token: SeDebugPrivilege	4568	ProcessHacker.exe
Token: SeIncBasePriorityPrivilege	4568	ProcessHacker.exe
Token: 33	4568	ProcessHacker.exe
Token: SeLoadDriverPrivilege	4568	ProcessHacker.exe
Token: SeProfSingleProcessPrivilege	4568	ProcessHacker.exe
Token: SeRestorePrivilege	4568	ProcessHacker.exe
Token: SeShutdownPrivilege	4568	ProcessHacker.exe
Token: SeTakeOwnershipPrivilege	4568	ProcessHacker.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4568	ProcessHacker.exe
4568	ProcessHacker.exe
4568	ProcessHacker.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4568	ProcessHacker.exe
4568	ProcessHacker.exe
4568	ProcessHacker.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4336 wrote to memory of 2792	4336	Octane.exe	85
PID 4336 wrote to memory of 2792	4336	Octane.exe	85
PID 4336 wrote to memory of 3700	4336	Octane.exe	86
PID 4336 wrote to memory of 3700	4336	Octane.exe	86
PID 2792 wrote to memory of 4328	2792	cmd.exe	87
PID 2792 wrote to memory of 4328	2792	cmd.exe	87
PID 4336 wrote to memory of 1128	4336	Octane.exe	89
PID 4336 wrote to memory of 1128	4336	Octane.exe	89
PID 1128 wrote to memory of 3636	1128	cmd.exe	90
PID 1128 wrote to memory of 3636	1128	cmd.exe	90
PID 3700 wrote to memory of 4888	3700	cmd.exe	91
PID 3700 wrote to memory of 4888	3700	cmd.exe	91
PID 4888 wrote to memory of 3060	4888	msedge.exe	93
PID 4888 wrote to memory of 3060	4888	msedge.exe	93
PID 4336 wrote to memory of 1172	4336	Octane.exe	94
PID 4336 wrote to memory of 1172	4336	Octane.exe	94
PID 1172 wrote to memory of 3464	1172	cmd.exe	95
PID 1172 wrote to memory of 3464	1172	cmd.exe	95
PID 4336 wrote to memory of 3160	4336	Octane.exe	96
PID 4336 wrote to memory of 3160	4336	Octane.exe	96
PID 3160 wrote to memory of 1960	3160	cmd.exe	97
PID 3160 wrote to memory of 1960	3160	cmd.exe	97
PID 4336 wrote to memory of 2760	4336	Octane.exe	98
PID 4336 wrote to memory of 2760	4336	Octane.exe	98
PID 2760 wrote to memory of 2960	2760	cmd.exe	99
PID 2760 wrote to memory of 2960	2760	cmd.exe	99
PID 4336 wrote to memory of 3824	4336	Octane.exe	100
PID 4336 wrote to memory of 3824	4336	Octane.exe	100
PID 3824 wrote to memory of 2456	3824	cmd.exe	101
PID 3824 wrote to memory of 2456	3824	cmd.exe	101
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102
PID 4888 wrote to memory of 1576	4888	msedge.exe	102

C:\Users\Admin\AppData\Local\Temp\Octane.exe
"C:\Users\Admin\AppData\Local\Temp\Octane.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2792
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://octane.lol/keysystem/1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://octane.lol/keysystem/1
    3⤵
    - Enumerates system info in registry
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff9099546f8,0x7ff909954708,0x7ff909954718
      4⤵
      PID:3060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
      4⤵
      PID:1576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
      4⤵
      PID:1604
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
      4⤵
      PID:4536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
      4⤵
      PID:3576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
      4⤵
      PID:1256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
      4⤵
      PID:1876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
      4⤵
      PID:2896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
      4⤵
      PID:644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
      4⤵
      PID:4652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
      4⤵
      PID:452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
      4⤵
      PID:2040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
      4⤵
      PID:3452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
      4⤵
      PID:2744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4712 /prefetch:8
      4⤵
      PID:5092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5736 /prefetch:8
      4⤵
      Modifies registry class
      PID:5028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
      4⤵
      PID:1648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
      4⤵
      PID:2380
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
      4⤵
      PID:4304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
      4⤵
      PID:4468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
      4⤵
      PID:216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
      4⤵
      PID:1712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
      4⤵
      PID:2744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
      4⤵
      PID:5024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
      4⤵
      PID:4356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
      4⤵
      PID:392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
      4⤵
      PID:4824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
      4⤵
      PID:1200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
      4⤵
      PID:3520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
      4⤵
      PID:5188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
      4⤵
      PID:5196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
      4⤵
      PID:5732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
      4⤵
      PID:5740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4696 /prefetch:8
      4⤵
      PID:5948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
      4⤵
      PID:5956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
      4⤵
      PID:6104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
      4⤵
      PID:6112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7464 /prefetch:8
      4⤵
      PID:2184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
      4⤵
      PID:5448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1736 /prefetch:1
      4⤵
      PID:1608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
      4⤵
      PID:6072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
      4⤵
      PID:5420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
      4⤵
      PID:5492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
      4⤵
      PID:1476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
      4⤵
      PID:5656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,6560740887451429512,13471063271424001228,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5164 /prefetch:2
      4⤵
      PID:3996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1128
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1172
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:3464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3160
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2760
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3824
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4632

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2916

C:\Users\Admin\Desktop\x64\ProcessHacker.exe
"C:\Users\Admin\Desktop\x64\ProcessHacker.exe"
1⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d18f79790bd369cd4e40987ee28ebbe8

SHA1
01d68c57e72a6c7e512c56e9d45eb57cf439e6ba

SHA256
c286da52a17e50b6ae4126e15ecb9ff580939c51bf51ae1dda8cec3de503d48b

SHA512
82376b4550c0de80d3bf0bb4fd742a2f7b48eb1eae0796e0e822cb9b1c6044a0062163de56c8afa71364a298a39c2627325c5c69e310ca94e1f1346e429ff6ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9eb20214ae533fa98dfbfdc8128e6393

SHA1
c6b5b44c9f4fff2662968c050af58957d4649b61

SHA256
b2be14a1372115d7f53c2e179b50655e0d0b06b447a9d084b13629df7eec24ab

SHA512
58648305f6a38f477d98fcc1e525b82fc0d08fb1ab7f871d20bd2977650fa7dafa3a50d9f32e07d61bd462c294e7b651dc82b6a333752ca81682329a389ae8c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
65KB

MD5
34c87c054ce7a0858205acbf1fdf8a73

SHA1
4e67ed652303184d84800db7c6edcca21100856d

SHA256
3f7c9ea1cfd0d167437d0310f21c759395d3740a8551c4d0a831f925fa85682d

SHA512
67550b54426c3c5d23f289758579f6dc9b283ac2c7443990f4c41b5efd256828e26414390c985bf71faa0a6d72756c315e95170b60d3cdb2605ccacb5286030b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
93KB

MD5
51ae200253c6a2a0d0a3e1e02c980cb4

SHA1
a0bf83264e2a11a1df2e250087169c03cc936995

SHA256
12ee3e4578063d1bfa45f2f3bce69f8f793ae7f2be65d83ac0d23d701568c4b9

SHA512
b0c7267fe6e27f334972ab76be869ec6104a7871919ed0006843cc610a5a801c1596ff7593841755480027713391c0913d12b282bd20c811a82c6b5ce5a665d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
18KB

MD5
ad4eac081793dfb93e0de9d336401bdc

SHA1
ba24136311f8397320997be46a9965b12abd26ce

SHA256
4df235c9ffb18cf91eb6e7db9b386b564523cdca8c8b5adb5655b208d2f3c483

SHA512
4d1007a9e692dd169600d03f36ec2de10d51466b8f351666ae2f11e2de9fcfe7bdc44ed2f146e434ded573b6fcdd23b020fe2c93131499aecc93c99fa4371807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
18KB

MD5
160cfd8149309447183b4180640988c7

SHA1
81831df106198fca11a37c6aeb141cc974e73ae8

SHA256
a99736d9d272489e2f41a915e01a896bcae5ca29f176f6bfa4a69504541c7444

SHA512
e72f00df98a8b26084d0e9e0272a6cc030fa58203fc78406c86bfcf3f519b224ce91817dfce212dd53189fa06c5c2a848f79717659283d14ab46d7459d8b6a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
18KB

MD5
7c7a3f407747d3d5d40b6e0460a4e3b6

SHA1
7bec927cdeb78e001daac960a403e996602f414f

SHA256
9650ab891443506622d4d5548806aabf0a9afaaaa0c6a9285bf6611d2130e1b9

SHA512
1ac046370424da04f219503c23e5d22d4b5b130e2f1502b82a06df6b8e07974e292cfec53cc4c697107b0ea6b968ecd82fa8d43984aa8f7c01800a66fc94b89c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
31KB

MD5
b86da8cb06934a979a07f72f18b88227

SHA1
732f7fcb11f22d4885a6997e4e82fb195093d493

SHA256
084ac1889189d2e21896e8451a059a09dd99e0723a782f24b3791cbdfc5e0aaf

SHA512
7dcba22a836704211a79c3e0a8e5be2b0e4bec775f6d1b61a8a820ceca83cd52ceb9d17e48be45c45e08c4e7fd97801594b9c5f5d66af2598f1446c97840fc17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
147KB

MD5
10a8a83c6230c12a4890329a352f3617

SHA1
6e3aa832e17bea6716802ee1ce873271349251a1

SHA256
3876ec1287afebfe3ade64a0fc5d75b99a2273b37c90309cb0b5ef4b056bc1b4

SHA512
49dd17a22eabc653394aa5a6c4eaf28d3d61cec7b7f835555d72a47b75d4983a98b0dcfd15abe426b83c29ccc6df062a46d972a66656872ae43b82286d3f859c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
63KB

MD5
34d5015941e4901485c7974667b85162

SHA1
cf032e42cf197dcc3022001a0bde9d74eb11ac15

SHA256
5c166a5d40aeefd0679a14f95e47ff28824e66abba82adfa30be41803cc25632

SHA512
42cef1d6847f535a6e8afc0469b9f5ef79ce4ab21512ac7eeda8ef9667d5f24bb33b30aba9a29824b3d853d41d4addf6bdee2042cf4fbd0a033b61657c671f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
62KB

MD5
0800f316866f3b20e5443bf0b6c133a2

SHA1
0c26d720ec1078b683068d5586b3a204ec118bba

SHA256
8bf6fdda34cb70a0e5abb753af6440a64d37ed2fee81ab1d9c478f7d77aff84e

SHA512
84d9961ef0b3890094c0809750708d57ab23a9e21f76fbddae37fe04443b44c693dd087e51ed06e5ea2900f1fa7f2bda76f8991d3f8396dacfaf923438e48d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
20KB

MD5
767cecd9c0a8be53fefa5147dac3cd09

SHA1
5b9584deddbfd4a6ef9b5933017dc23b4074c895

SHA256
3b73bfa7b96578014990476db66fbbfd1a24d26f873f024d8e948d0384ceebdb

SHA512
f8bbbd1522b6ef3cf9866e1c6aef8ca457d54d37143b01b23b328fea3804fc59410825ad4f10b753c5fec52f956196f531355a49178b0b6ce31e22bc1bcc1b33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
20KB

MD5
6959c9f88b6fb8554e6f425dde0672b4

SHA1
b7b9f19568b87b28475a84e85e4b21ce970a8dda

SHA256
4a1f68864b12b9dbb0d41320fbb3f6b96cae14ba4621e6b50f1de88a4ab21d15

SHA512
f91a0d3ce5764a291a0a718c4d5b94abff4f272d23586d1d46fc93807608c48e173088936833779b862b7ed661bdf03eae2185fa134dd9d4d52c4f7d82645734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
26KB

MD5
df28dcb873eb738b541879d540c100c3

SHA1
10169e9a7162b7d13a065f2e3cfba407841fb01b

SHA256
0c76b8ae1c1677aa969cbf9551c32257023b7e6ae2077eefd3119c498b978d23

SHA512
7005641cfed488c194bf24452a3c9f52ecd0ed1b8b6784b27c21a1e06d47b36076913252510a3f5e886b44fd5d65952f775dc1de9fa8ada0a6246f572f3cc83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
30KB

MD5
7fc4052cd860d6392c6c219966ae3d6f

SHA1
e08dcd144138183c8dc96162169830b5a8eb56fb

SHA256
b633d52d577214ad2d7aab92b1bc94a3817f717ec0579557078c1daecf45e0d5

SHA512
a40b27724304021cd8bae97a478981f8fa4bd17e16bacd377a81aa034ed2c5f185b206c950c0ff96ee35af5cdbb3f5bae64ba61f99f3d988e52a5a193a7c92b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
23KB

MD5
ead8a5d42c811b835d51501704c71a96

SHA1
43824a34707cdf57513fa27a756a47bc60fe73aa

SHA256
5d74873c3b510662c898b510b5277716b14ad86d87230f8315e72465fef50081

SHA512
93254f798fd3600c4b37944c0b232e73843a9174444dfb92894010c8fce8256e7b042c3349cc0a3de3686b88d32400b56d7bef2de507239e95dfb170b8f09167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0b02d357ef50b3cf_0

Filesize
3KB

MD5
9045fc4be65e93a10be728a58099dd0a

SHA1
8eecd5e8eb5bf8bb68057836b6eb5bdd1a776fdc

SHA256
fd80a69cd13056e8f857c9be113a7a79d2c71bde02e0241054f133aa48be39d6

SHA512
314531f98152dfa969fb3813ac790f651d253ef868fbd57d51a25e6d8f69c561db9132b8fedc7988b966e885ebd861d10c26bb1014845d7262fefd454303c8cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\17c6075172042133_0

Filesize
63KB

MD5
e20dd95d79a05e18683b4436fdb71264

SHA1
6bb58c421aad6cf3191db10e14f07a0b94203b14

SHA256
dafaeed15918302c2691f67289d540d0b1ef23f2994933b0e70fd6d04a4a0d89

SHA512
fbb49d6d99180918046400f3adb03d642e7a7ddaaeb9a9ae733c07e9462db4ac6e9980304ec8ab94110b33cdca975989d7197777ecbb592d70ff6878a52ee317

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7b508899820079f3_0

Filesize
54KB

MD5
f6faf3ca06bd22ab789f52c81d9275a5

SHA1
0bf8e57348fc75d38cb2b57abc0bdec61c890fb7

SHA256
270c6be2ed4266ef93445c16692c08753d053d6a2ee98a8f1b127f1a749a16ce

SHA512
1657752691eaff55aa493a9c891f11b07d498bf387d0a760aa289f1254b231f3038c8b2a4ca04b08be3a55d93e3f4f849d7e7d3bfd977a9dd078045e44004ac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a0f3d6123d47f6c7_0

Filesize
31KB

MD5
dff3f60cd6b5ab9d77cc9ca65fe0fbc8

SHA1
802e086688ab6ae327a4cc712470b1532c0ebf89

SHA256
f5c8cab11dc98cc17a6d4964a32e4a3d8f98a38503125fa0c17c4b974d74354c

SHA512
373f68d47afb116b30688f326cbdcfb3c09164fcfc08b8e646302420bf014d6e398af741057b318fae26888cf65e9de6be30ccfa8602b1883ecfec9b344171aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e25a91f78dca9b20_0

Filesize
3KB

MD5
264da132be63898d8c7c51c1c0b98714

SHA1
8057974bf687888dab7e48152feacd9982a91496

SHA256
bf3f292b19f6b1af60cbcaf2c7e4b59c085219a78aa57c95e62d033595db7117

SHA512
12561ba5940c8d9a32bc001921171a8f5c637ca978888fc6493e1d01f7ef5be419f47e807d1cd58c583f559e830fe5e1713ca5257f1f3e9771a26494e5addc30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
32d88db5990512cbafc31f2681683d38

SHA1
d4dc6c663882d79f959dc0037d5c161441e530b3

SHA256
53efcac34a2c8a304fb67a255349320e458d92507717508e736858af94d43b32

SHA512
22f77cbcebc2556b6f8a249a595886a2019a3d5d28b218ae970f28934b41baa28f4cc6f03bad0349befa1b6a1d38157168d0190c5dfa1c7bd8c1da9ffe6e633e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
686446c11c7620253ec518f856a546c9

SHA1
36415ed6322b3a296ac76c6d7a6c728e57bef3f4

SHA256
cb732e3a393c02ef50a268019bbd0f716fa5db0df7382a2a0f0ddadd01cd9f42

SHA512
b426c608fc02e36dc0e948c25e53a9a4ef589cf27cecb903474515cddaf995916c4a52b44b036669790903f11a1a95550e4fd75707ec440771037da0253b9418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d4efb248a4ea3bcf5ac2c050167b5b4e

SHA1
7395b928b6af210bee1ac89f1cfa5bfc89d9ad7d

SHA256
7ba85c30cc4fedd1d5b80524c8042ce47987ce0d7ea017d46bb932e8ec3454d4

SHA512
e4d3d7d5553526d36867571061b34b5d8b999dc197e258d4640e6b751ea982dab910ea6805cb5a93146b47e0516e25ffb1973136cb3fa52cc8ac9388214c6de1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
75b0988896f689db467b2227c60fab8f

SHA1
7fcc178caeff3cb672a6e61c265ab91bf3405126

SHA256
42c8d023a1643f9d3f2c2b21ee0839c3905c379c62e37ccb1099fbf04af940e6

SHA512
f461ea0a75732c7c8ecbc2c9b36d5f0ae0627016985e819ae51a06f8751407e8ddffb826fba6a3e0d593b81136a548a9dbe700331b7feb2f5ab896b520f56702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
131e2b72d01cfe2852baaba5ecb337d8

SHA1
8cd28d09ffba10204531ce3cfab89cb2dbf327d3

SHA256
95aa380220319c7f33f70f744e2cc0a792ff881cbeee03f4aef02d6bfc8bf9ff

SHA512
1c8bf03274e17cd1cd3c59f621b6c551a6a7648d2054a792a26df2f1b944fc223f98a9d2e511bb584ae5d922a91eeb732bd32dc367e2be17ad910336b8175c63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
62626cd882a439a47ba7e5310e04aaf0

SHA1
767c8cd34c317b96eda0459d75a411de3dac3487

SHA256
cde60cc6a79a8cdac29fe3cccde21950e8556afa446977d3b16b47494c5b6ee2

SHA512
21ad8358e51c7a5a51a80ebfa316e829660701bf0248a5c25c1ae16b1392bfd59b2ac1dfff224cc961b38c490d107f498c29f096f89922f95363cefa6b3ba90a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1286256562c0915161482fdfcd3c522b

SHA1
f49203e7ac37941efbc330dd849ef09b8eaa3095

SHA256
da331d98792ccbf61dfa735785abcba588819cf508e268c9d8845390ab1af4b0

SHA512
1b76e22a9b1038d83d76c1233e813fefbeba3bee2affbca4a0f62adcd94286dda2f20844decf3eedbc123c7bef0ed41f9ff03516478475f804896def55473a71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0bb0f4cf44a3bddef983b6cc26453f07

SHA1
3df62eda6ce4d5b19954b1947bc6891b20010b30

SHA256
3380afb28f8375d42de320a5b36fdbb474d397beb08e17038a1cc9e7a14d07ff

SHA512
d365d48608da9365afb91127f778dc4046313ec3926c55d37cfe5d522c69dd1a9490546603933633f0769102690e9b7fa16c11a0aaac2cc67dc04c049c7ea7d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e8870e27da41654f8758690b34858f31

SHA1
fb6d1cca516a43af9eb14b89e6a5008462235bcc

SHA256
674bf54831de2e7a55bebee97da15e73eb1901a3d0463ece47b976563151753b

SHA512
46b960ac84f8652c7ac92f54327de35c604018909d4c0b81916a760ad44ff984741bff19707352dd2ad346cbf3b9e02100e229f2135f433c580a0b89ff096109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
fa1500fb9e8ced042608484c49450e1a

SHA1
adee46e6474e70b2dd08f46536b4a0bfec211320

SHA256
8a4bf5ddf58a81e518790d6389eb107102c83272a7ba39f3cd2fb734a022026f

SHA512
4164f9c3f024b8592bc659fd3aa75098cf32c8a8e54b03620b774e91d133d9bc412b519ab0db745f0517af065dbc0a1664c4e66cc19716685287ba1fb15c1d20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
280c588efdd10794fa755b80dcd1b181

SHA1
bc015e6c9b6f7383e920b0b09a1390d4e4591931

SHA256
a48c9e00e39b9f62d2e02395543237e0015396dff2f834c05bd4ec1baac617b0

SHA512
792c007b91e144836c13bbfe77f7b3c988115368d20385d4757e6d7674eff04d4d365fd143b198b1aeaa4263b5ff9f10cc8479691655f0f6765b36aa4e099320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c8d48643b3dc035cb71c21e0d6b3671f

SHA1
f7f0bf5bb0218b0db937308457e4bf944efd05a0

SHA256
11cbe1fec585181ccd6e4b4b3329b588fece388d176ec967bc61b0fe8c1bbc5c

SHA512
ee31f958ee33d6d8865774ad3afb9648855ba9ebd4cb8f3d9ebafbec965573914033254f00ffa81d55cb187914650b473d7b1e71ebc8d29ddb7f14e370b748c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
bb89522102744f28a50d097f9c83b310

SHA1
f1475ebabf0db9bdfc0781c8c73ad2a13137c461

SHA256
04a4364c349c9a140939306b6924b0e300ce05decc9ca5852119b5de921d45ec

SHA512
973e664c0e4a664d001d5e4aa8433b44a5e3d316b2ad3804eba4d00bb274b6abb854936c600e01991fc3fdd3850dd8f6dfcf1d9be9df6fb3b4585ee2d45cb518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6be217d826ff7c4aa81d39663a38dc10

SHA1
b32f46cf12fc4821f702880382f18ef3714eec66

SHA256
754dca9404f119306b757d135efbab8856521366fe9a3961c5373dda2a57becd

SHA512
306a06b11f079ad10db885200c0bbe37b56bd9687024e18fa84cfb95663f8fb00debebb381e030d5e6c4daca8eddcf180a37668745ec4972ef732dcb0bd4296d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9b92c368f790b4426b40714fb1d7404f

SHA1
88af803880e31af915310e558b50009e9fa6782a

SHA256
0b031923085a7f30875a7cad91d7022fadf689a20819821f311716e28304fae3

SHA512
b15f05db869e73a119f46ba4b5a85ef32c38b64992e582b436c547ebb9a0850e34f12f9a548661ffa20cd4176671ba6ed7bad0196bc8394cfd6d31b93afd2455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
387149ef3ebb8815e549bed34d190e87

SHA1
d89a0e451291e78fa46b0d88c0f79d2b7bff7a67

SHA256
96629e7e0d465c67f98e70cbe87178841791e4d4aaa54ad92ebb3d3fe2ddff45

SHA512
cad51a3f98abc27efc4625cd8df342256cf7724234d15433ef9507b047ea32de17ba8e28b10bc2a355de37290c2b14106041262b5082cf484c259b05968d3262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
90868b220c7cce91233e55fa62f1a1e0

SHA1
385a5c332851da2b5d0cb7f0b0519d3c47f6e137

SHA256
8e42b41ee59ef0bce3ae525016f09ac145548b86733dbc582c75c42ac27398d9

SHA512
598c00541c84c5de36b24858469209d31e30a125f475a30ee20b69c3e8aac4e3395fef4d8835223529b06f4216193a6d5bd9dc740b3974259a1647d9b6079ec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f25d42a3eaafd4031215fcd56f9f69d8

SHA1
c2767c3929b9b9c18106a62a53ea951b8f7b752c

SHA256
897e4f85b9d3907800850208c6b270203c0a77ceb637bc12f880d128f5c3451b

SHA512
dff7e41fc5848c708ce9767871a0bc9d0882b1f19149376e3b8491e110e494f54b537468022902e5748900a6c6772ced4c9c56ab7bb49097669c0d6615cf5c22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fa85145cb48a2ed25904e862362a8411

SHA1
343da54b253d8e5967e8b963ca22d8497cbd1f75

SHA256
b2328a9ee9e1dab48a09d3841830dc8a264236793fd57cd9e8d1465349a4453a

SHA512
c24b1961bb311d2e342474592999fe45230363465de5f3608a87493fe2cb6c07cbc5d5be8d5f306997a4b489bdb38aacc71323735e980051b50deaed5e05943f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fb38.TMP

Filesize
1KB

MD5
3d3f45979e0da26f8329f1ed9be854ef

SHA1
62261e2aa0bd3fdf3bf36e2fea6b3427da2d7465

SHA256
75ad37072fe551dd5ee46f559cca32ed4ccb04a997386b92f56209ca8ab8ce76

SHA512
cc3bae33707fda305d9ff09f3f92164c5bcd67d869534ae4dbc55438d16e34d259a63ab01513cb8722d7aa6b79bb9f57d4e239024b828f30a77a63131e485a8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c5234aa19ac410ba74b00f0e04366f40

SHA1
6b161e7567cd5e954e92113cbf4a1f8061a17caf

SHA256
e65e199f1e923c60758e341dd50edb6dd8294e6d904fbe6dcc6694117494ca65

SHA512
ce5c91f96585fc9a1c1db2bea31700df508bfacf3d87eef939caf36b2ac06e80aa0868187d1c64135ffa542c658d2ea3414ec4682673af8c18730e1295fde223

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 438955.crdownload

Filesize
3.2MB

MD5
b444cf14642ce9b8d75e079166a5df0b

SHA1
8e8f8423d163d922242b8b7d85427664f77edc97

SHA256
2afb5303e191dde688c5626c3ee545e32e52f09da3b35b20f5e0d29a418432f5

SHA512
915b9f7c0b1374ce52fa9653ba1084741d15ff79dbb7c04d2a0f41eea8262b2f556d451bf9eefbd2d32831289908b6a1b39ce2cbcafbbfc4ae6e71d701b1aa81

Download Submit