hxxps://1337x[.]to/torrent/5731918/Disk-Drill-Enterprise-v5-3-826-0-x64-Fix-CracksHash/

Analysis

max time kernel
158s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 13:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://1337x.to/torrent/5731918/Disk-Drill-Enterprise-v5-3-826-0-x64-Fix-CracksHash/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
2708	msedge.exe
2708	msedge.exe
4204	identity_helper.exe
4204	identity_helper.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 3928	2708	msedge.exe	83
PID 2708 wrote to memory of 3928	2708	msedge.exe	83
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 3124	2708	msedge.exe	84
PID 2708 wrote to memory of 4372	2708	msedge.exe	85
PID 2708 wrote to memory of 4372	2708	msedge.exe	85
PID 2708 wrote to memory of 4352	2708	msedge.exe	86
PID 2708 wrote to memory of 4352	2708	msedge.exe	86
PID 2708 wrote to memory of 4352	2708	msedge.exe	86
PID 2708 wrote to memory of 4352	2708	msedge.exe	86
PID 2708 wrote to memory of 4352	2708	msedge.exe	86
PID 2708 wrote to memory of 4352	2708	msedge.exe	86
PID 2708 wrote to memory of 4352	2708	msedge.exe	86
PID 2708 wrote to memory of 4352	2708	msedge.exe	86
PID 2708 wrote to memory of 4352	2708	msedge.exe	86
PID 2708 wrote to memory of 4352	2708	msedge.exe	86
PID 2708 wrote to memory of 4352	2708	msedge.exe	86
PID 2708 wrote to memory of 4352	2708	msedge.exe	86
PID 2708 wrote to memory of 4352	2708	msedge.exe	86
PID 2708 wrote to memory of 4352	2708	msedge.exe	86
PID 2708 wrote to memory of 4352	2708	msedge.exe	86
PID 2708 wrote to memory of 4352	2708	msedge.exe	86
PID 2708 wrote to memory of 4352	2708	msedge.exe	86
PID 2708 wrote to memory of 4352	2708	msedge.exe	86
PID 2708 wrote to memory of 4352	2708	msedge.exe	86
PID 2708 wrote to memory of 4352	2708	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://1337x.to/torrent/5731918/Disk-Drill-Enterprise-v5-3-826-0-x64-Fix-CracksHash/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff849ee46f8,0x7ff849ee4708,0x7ff849ee4718
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1860 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17177848579123824943,7325835585505515285,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6996 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0ea737ef-7e7c-4460-b02a-2f6a30429c55.tmp

Filesize
9KB

MD5
825eebb0f78e2570ca67051986a3a117

SHA1
0e814f1b7427fb0448926bdae2dc7b597434946a

SHA256
b1efff4acba4c277cbcabd5f8148c0d569e592623041c17a191f31099f70424e

SHA512
bc947ba5af667786c047235949859278557cdbc4535133fd8ad34a9872a6d61b4c6910670e7ade1bdaf4c462f8a33a3f622ba9907b4f0beb1e0b3c60d705a503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
143KB

MD5
63ee667cbcf0116ebfe9857c1354b2bb

SHA1
8560207df32d96a582ec961ceba780dd48c4962d

SHA256
54b1d6188c36dd12c993711ee139f8afb661afa48650169731e04a732a30dcdc

SHA512
59c4aafca705f51f494082c52a785b1fc9f018b0b49c77a798133e65c8e2cf96b0eb07b4cc4526c85b678cf90e52be4f3a4e04af7da506e1dc29be78c2203527

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
32KB

MD5
b63a52af5315ffbffac7d45570379425

SHA1
b4091bac45d3800008efd65c6afb709a25999d82

SHA256
687dcfdfc3e77413a6f21140cc63c6bfebfbc36d25da5f0f8bfe9da815efc6e3

SHA512
4c3505b941a22864994a6650b49b6b30040278ee97dc8ef3d3faf97d18395bc009a861616376446fd723c3af4c38a3c747a8066f84aba250f59413011ff82dbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
126KB

MD5
8fc059a7e1758ad0c0e17be4b0575b93

SHA1
df3d910563829c3b2e6fb0767038f75af4d4fcbd

SHA256
6be2d61547095ffeb30a1fd03fd7d6aba9009edc719144812c5610bd2e27fb97

SHA512
9d08e40a15305b3a60214a0c2faaec5612d3f7506e7a08bf786600ae8aeae8b71c511666babd95d63e16aa4616b310dbd8cffe7a115f216a5e5755afa949b5f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
21KB

MD5
de4b49331a2542a0dc556eab56ecf22b

SHA1
0d3d8361d793800382505de56709f7d9030be977

SHA256
29141f18eefb4279cbc2406d5dcb83e71ad55f58c25c5fc2ec17a5819dacefc0

SHA512
2b61780632d154c1218a6ebcc60d5b59b950a28846a3446cc8e027f8a0116f7f41bced72c8bf7147573e02816ee89baca434926196cfe47cc3b80a7323149162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
22KB

MD5
d9bde58a16ea0820d2b556fa9f08a572

SHA1
ec5b51328d00de46fbcfb6e1419f3e35f3f948f5

SHA256
4d36ad35eb07f268af256379b8dc7648537875e34a54ed660250ae912f9853dc

SHA512
f7cb39a1a9d7ed7a5220156d971d17464b7386613c50947aa7c4e4b06e7efc1b0343f73e29192b62c1eb489ca2f05014d10642b02adca7fe9f1576816c3a440e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
24KB

MD5
87902e5fb8ae51f07da5bf2560cb3369

SHA1
45dd3b5eb1a9ecf32b757dbc166464804f5c0cbb

SHA256
8de81f8e976ca8c14ab4d2a17d06d84133e8979ebef5fa1df550f3580ba9646f

SHA512
74a061e74ac253a4f50ec5db9c93a15aedb74454f4dd3bef72744eb6ffccd11f01d42ad68e36db31d0ad2acf8168edccf7375ffe933bfe61f8b68a49263afb15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
26KB

MD5
d8a2a888cc069b625ead0c40371ee037

SHA1
5dd6296a8ea432ca9164de10bb38cfb07aa2d566

SHA256
e13e7ef4da2ccc92d2f9964c6ab33d7ef3fa843f41b2ef8e1c307127131fc658

SHA512
cd9ea94f0b385bfc49fb907b70386e0a6ca18408cff6cc8fe3ff8ee74d5d9ce35fb6f0c167f98101c9716a97a3c86c44854cedd8b0fff31b3f8f632d44b8c03e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
21KB

MD5
f86acf6217af54114f7a51d1219f4b6a

SHA1
2b48517bb5dd5ac238c9c788ccdbe23772ca7092

SHA256
517daedbb9ade303ed0d1f46b5b1cecefb0e1ed3027c23483572c4747084a36d

SHA512
6513d1ebfbf67241f01b8801d983b002b3bc795d4be719d7a19bcd233a2f2e03105fc2d4cf2e44b2fb0c2ef5cd0033035e53f932bd685f3cb24d105d45809d94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
83KB

MD5
0d8971e48e80e34ba26d3bccd31c294a

SHA1
e34b9ce0db53e9ee6d2912326efa8a2d352253ad

SHA256
eb00c37c1104d708f5f08fc1b02ccee727634a516299d12a1f59a40fb2416b81

SHA512
374c2fe16e5c5a899bf88c8f2f2a895730740646d868d2f29cfc7695cd103a729cc309645bcacc293cb69a944b498425fc071adfc95589439d6889cf6dbd39e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
21KB

MD5
ddc4e0f875d56ef40b07a024f534ddb7

SHA1
bfb083ae3f4551053bbbef926cc255a185c5b2de

SHA256
e8a1868b37e6e5d94d5d7555aa67028f379f008dcd4b16cbd7da8b9fe29ef141

SHA512
39d541349b33f9781222508409247b66dc868e0da33ef7ffb56a1595f47a5a83307beefe25d9c5888899701b7a83029b9ac7480d36179d1ec24fa17b73f99738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
36KB

MD5
4170f27aac2722137fe37b8d7eb0273a

SHA1
79844285390d3c865569fbf83af59414067adbb4

SHA256
d9bdb554e15c143c79b67e5ceccb8c244fcaa6d7d4aacf9507898ff39ba5dd4c

SHA512
f2e903e68607ae9d6b6090077c62c7ec93de4f6bf48c816a7b66551c2e1b8ede94843abd12a3b37a9afd4980c5a218e8aec6ff09eac40619f203915903315259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
906e3c9acb17b44409d7f4c7f4a200b3

SHA1
ac8e92ddaeb3c28c3614bf502203f5fac73106d3

SHA256
f592eced190e81558c5424caa4be1b0b58a492b4d250fa2117b10ed01f39f1ee

SHA512
a60ddb41ba7ee4b3da1bf4ae6e3a45afbce963db02a56b6eb431185957fc96214e2838caa113d25ca48cbfe0e90088d2954756c746bbdd2ec62297b4a67c86a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
12f1a8b6d84083da268c7dcd533155e8

SHA1
f7086f5f6566f4bc6dd6ecb7e3aab75c1dc8bb49

SHA256
a883dd622ebdd63dd2f7ce41648599113f9af33c3596dfaf5c3dd9b372b58f48

SHA512
588674df0d448f12f1365cce46bfb263665b0a7b4766c11f72fad3ed072f6e072eaa7bd1c2f98ad88fe83dc2af2316584551c04cfd529f1b747c019a9ad7b997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
4c3b1c5056e969de596d4c8c598eda3c

SHA1
06cb9e532c7e29802f6cfe5a09abfe91565aadd2

SHA256
666d7f953e78b585daae325b5448c018cbb87c2cca661d63ab914b16ad76f52c

SHA512
fa60c420e07d1221646b3d4c1007d5d1adff61ab515bd9dfdfdcbd379d19e16b92f3ba98d1b91633b80f8e69e5885e79fc8d70717a22267595808f0d18a6df70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
222e3836cf6aa04b654e32d2f718bb9a

SHA1
4a46690ca84a5bae2b5600daf6e2e2cb4339c9ae

SHA256
823c7543cffa3fbdbbb45aefcad6fe53ecbeb0bf1772962996e2a5ec4beaa698

SHA512
7c533bd4ef151ada6f5b427c16bf0b1650fff6571146c92241427b4fa61b4c7b8283eb5d4e1ec86c7d2d3eca8635cfdae956a53cc02251271472783a2663ef9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f1af4c6fb31356900eab58e4ba7eb5d4

SHA1
fe442c9b75eeecdf0eac0f9b990abbfb979127cc

SHA256
ae0f11e4d79d092f18e1a6bfc4e611d432648b22e9c2cb051dddcf2e19a55503

SHA512
7627ca01f10f39a82ae47a03f179dc291430fcc6ade7fac28df59a840b93b11955eb0e5bebfb0ebdb1a357133359d16c4d875efafe0b6fc7858c7d995e023f1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a1a22eac1ac36fddccb5154fd5cefd82

SHA1
334cce5f6355e9f451cbf6702346a83e7c1c486d

SHA256
309c226c2fa40b9c206db9e58266eda3f13a2fafad3484791c4c7d6a757f9d34

SHA512
c305ffcbe93684d6cc1942d85f3d2419793dd06d6a26b25ad6ee24916e6e771b15885d3797b4ccf97e94dd26b3aa6b484e47ed77b8d145eeadd712e8eadc2fae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
58925bc196f9275058c7e2c13857d6b5

SHA1
56b8f797960776176b31066a2c30ffde7e04ad22

SHA256
d6adf73f10f5e5c17b55b815be00dd624cfd7a41ba0b31b3d06ea13336eca2f9

SHA512
921e8db9f57bd5da67085588beaf48cd3c351158e5021c992f9122bfd9c6fdd3dd9f596b54f8e56996a286173b375133d01bb204229de7065307aaf5b0a9f1c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b545725af85691f6dc068f16c3fde658

SHA1
d2bf1003ea920e446a85b47c058b725113647398

SHA256
1c07a1c3df30b9c9d15d45aec39c74a5cbe8852bba8afc51094c025d277c13fd

SHA512
a067f85415412e69917c501e7947c318305da582e1e6ec74c4d8427b2f0c24d63ba63304f454f9b618ff6512b354da9d32eee44e2b6a79d8dffe9763978ac705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
07e69a24bff3262c969d623e68a664bd

SHA1
37fd8635867353fc655526b41cb8f495435da7da

SHA256
e06dfe027d8537a366c21474846f066d8015aa858e05eac89df07c9a129beaef

SHA512
64f882f14d344ff6853154d3aaccfad0acf38171b15dfba7ff6ef50ee2ec3403b06c3a54a48178bd438bae9142593cbfb2a9b44c6395d1c6b7953cba55ca6481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9f969e73e49a406a2d1b9e99ed350cef

SHA1
89766ef67d72a9e1913a750da04fc58260a7a80d

SHA256
d1d3b2145bd79e89fb31de2da5c7f5f180a6c9e1adc73677fa6525605402ce8c

SHA512
ee8f746739d9b73fe9dc4962b6305fffe4fcd0b0123091997d1d9270a8831ccbab304383472262603865a919f83042cc9e9779fd7537d665041e6c173e72660e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4ccc2dcb23a6e287d4ea63704c8c6c93

SHA1
2ee53c9ee2a68ddad4d4d03ac4a3c5cc3cfe8332

SHA256
15368ba80e2b9ac4d4cc0e5bb9143360b74029cf88c28ac21508ce6e394ab62f

SHA512
83d1639fe1a613df52a8c85fe237aa06d4724089f4a4e931f3b7ff1c116d8bc1ce676612e735e9a5bb7389eac9f6667698956dfb7a5ce3a79ca70fcb976f85ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
08087a4a087676136521e342e2f5c5cc

SHA1
6d0a1e1eb6622a358b2b937f76fa31de3d91d7f6

SHA256
3545950ec3e5be6245b3d2d7b766bcc805cec467c16d66921612590ce52ba632

SHA512
fbfb93588a3fcff4384e119205d856765cc19c52a9044d048f14eb3a12f1761a383e3d92ac8f70606e1d3c01e4d619bc32abd504073c1fc175b9f3e137191ff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
5193e3815288af66c1c02dfc14d61160

SHA1
7678f3b20b7750dece322191346b6a010219584c

SHA256
4e3869342d2446871feb5406bc35d8b8f66824fd2227ffb9a5ceec6e0bbaa69d

SHA512
12bd81cad9405f54196d1beffac7bfb3dfdcc0d46f3171ea3ebf96a7c2a1c558ae7154ca189524a7dad5791bcb0c79890f5deaf035b89f3fd904eab3410d6271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584699.TMP

Filesize
48B

MD5
699cdc61b79aded7c18005b15629d274

SHA1
6ee4d6d13eeda3324eb5d4aad2f94a178c52e97d

SHA256
4b920c257e73e3422183f5ec54cb26adabfefb650ff070da562166879b268a8f

SHA512
2cc99185f6936dacc8a0ac5c841f77baa5821b8be70754193fd7c170ef69ab9433f57a73b5c36b52235fa71873fb044c4fee0ec903bd1b7fb65aae0efc5303db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
559cd194e6c1c10db63dbc93b275cc65

SHA1
fcd15e5cc144593b4e07cbd86943345f31e12bb2

SHA256
1243f1f726a81acd7ddbdb40a80609216c9bf5d7d1eb16f0d1221abbfa354fce

SHA512
9a40b90704e7416fbe392522c486a27bba45238d682c2fcfe29f10f49f80e6869bf1891ce60736b77d045e7653b6c798a9a858fe1a2918498f2af95bd8471da2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8365fa2abb3fab85e88b6cf5ddf36070

SHA1
b640e0685d88d1f8f12dcc3c7209baf376df9909

SHA256
00d6555fea887ffce4c2406c006fca6802d393a9c7d1c18986580f524aac2cee

SHA512
167ce030dd0c17ca00d7077a7502ce5c3f221014249115e0dbd1c396eb90ad84b35a2a3540311228a49d6dcf58cc54d64ac979ef7cbd739d7efaba35e0150b42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fe5094b8b6a40005e6cad6a4b51c6ad4

SHA1
e7f06894ced43902608e2d858c1e31a945a5ebef

SHA256
a24db8e5acdd5bc4babbc966f6d5eca029d443b1baa42913c405321b2ca84767

SHA512
578c45e3f89d726033232f465305313a813be396d47f51c5853629de28c95d751b3f8d0248868601b667027d8f9a89cebd55e4bfb7b58021a06026bbfa8b0830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
97acc19da8ccb31d1122050a49a19e06

SHA1
17af417858dd97469f90f4b25467e77b964f11f9

SHA256
3af39ae79cf04cfbb07647175af56b1e7bf14855808b057d93f39365814c8c89

SHA512
2cdb919285e14f4105a233d69000b3be99ad8198e7220af2b53142181814406adc170b289fbbe3eba410fb483c1b701c9738ec257977d89b25c296a08cc7e0a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
d0782598a25bd89a87474f77096e422b

SHA1
7838f8887eac934bf6f825c0ee5204c2e6b1c92b

SHA256
29c1885c8b346ba8afbd598c65e26551ca9959ea08ba7c0ceda16be0d4f9d56d

SHA512
bec8a2bfafd7cabb1c9baf6e545cd3a615f95ee89b0c9c32897ce44212151d824ce0fee703dd3858f698730bece4a9587f8e57f748f511350951fcce56c40272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f26e.TMP

Filesize
539B

MD5
fa1c93e920cdb160ce18033a83f297db

SHA1
65eac80ba74240f1c7138836ba86160747170e37

SHA256
66c9057a76869cba25aae9ad7a84ddd206c83bf5c81b02d47574ed95c1d0c46d

SHA512
c1cb1d575e407b31724f32c7282bd850b4c57169714b170d960e4c66bc6fe7a4ac629b1e25cac22c8a65384d9004b9373718acbb640efd722ecda1dc9ad600b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6bef2187c59b047dcb4445c6a08f7d2c

SHA1
e5f4260f876c1c645542a44fb1c288a49feda3ff

SHA256
19b1d99f2c3d0c76b6074d792184332964716b0232405e317e5f548bbd321fa8

SHA512
1efb1c9f11137be5c0fd75b1b071db052f37623f607c64d98380c831f8f2470bd2d7152e04e835dff95daca5e14cb104333c1d3bb3eabedeb7050f41ce369534

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
05f9115342908b6cd4dfd17554ee95a2

SHA1
cee4201b2ac0a6aa1117b8548102a2012bb51bc9

SHA256
587076b53e8538cbd1afc93181e6fea8c2ae18a7692942c178e69c3ab12a6dc2

SHA512
29526af4d8367892d9e7089a4f9071706651612fa8378b293b164a412974d4600b1a0b497886339c723c2cfaf62b79b87a21cee54285bc0d0088e0b376e0bfa2

Download Submit