hxxps://cdn[.]discordapp[.]com/attachments/1264630613491712122/1264880379781709844/jet_raider[.]rar?ex=66bc7c26&is=66bb2aa6&hm=1a133d6f4705e037429132234ff19637a1de438f26c8cabd2e36cfc7a46badf6&

Resubmissions

13/08/2024, 20:40

240813-zfxefazcjm 5

13/08/2024, 19:00

240813-xnn2xsvhkm 3

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/08/2024, 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1264630613491712122/1264880379781709844/jet_raider.rar?ex=66bc7c26&is=66bb2aa6&hm=1a133d6f4705e037429132234ff19637a1de438f26c8cabd2e36cfc7a46badf6&

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133680552240098744"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3716	chrome.exe
3716	chrome.exe
536	msedge.exe
536	msedge.exe
508	msedge.exe
508	msedge.exe
5796	identity_helper.exe
5796	identity_helper.exe
5928	chrome.exe
5928	chrome.exe
5928	chrome.exe
5928	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4684	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeRestorePrivilege	4684	7zFM.exe
Token: 35	4684	7zFM.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe

Suspicious use of SendNotifyMessage 54 IoCs

pid	Process
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe
508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3716 wrote to memory of 3384	3716	chrome.exe	85
PID 3716 wrote to memory of 3384	3716	chrome.exe	85
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 2284	3716	chrome.exe	86
PID 3716 wrote to memory of 1232	3716	chrome.exe	87
PID 3716 wrote to memory of 1232	3716	chrome.exe	87
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88
PID 3716 wrote to memory of 3416	3716	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1264630613491712122/1264880379781709844/jet_raider.rar?ex=66bc7c26&is=66bb2aa6&hm=1a133d6f4705e037429132234ff19637a1de438f26c8cabd2e36cfc7a46badf6&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9723ccc40,0x7ff9723ccc4c,0x7ff9723ccc58
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2008,i,2739120800807700623,10948610166414628863,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1952,i,2739120800807700623,10948610166414628863,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,2739120800807700623,10948610166414628863,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,2739120800807700623,10948610166414628863,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,2739120800807700623,10948610166414628863,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4800,i,2739120800807700623,10948610166414628863,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3684,i,2739120800807700623,10948610166414628863,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4472 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4472,i,2739120800807700623,10948610166414628863,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5092,i,2739120800807700623,10948610166414628863,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3860 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5204,i,2739120800807700623,10948610166414628863,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5336,i,2739120800807700623,10948610166414628863,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5740,i,2739120800807700623,10948610166414628863,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5528,i,2739120800807700623,10948610166414628863,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5928

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3684

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2572

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:4684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ff960b146f8,0x7ff960b14708,0x7ff960b14718
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,14750534242788867263,577105746378700523,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,14750534242788867263,577105746378700523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,14750534242788867263,577105746378700523,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14750534242788867263,577105746378700523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14750534242788867263,577105746378700523,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14750534242788867263,577105746378700523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14750534242788867263,577105746378700523,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,14750534242788867263,577105746378700523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3752 /prefetch:8
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,14750534242788867263,577105746378700523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3752 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14750534242788867263,577105746378700523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14750534242788867263,577105746378700523,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,14750534242788867263,577105746378700523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
  2⤵
  PID:6104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\030e7ec6-e983-4cb4-a7d2-be1c1b6b0fd8.tmp

Filesize
9KB

MD5
dbb4794adc47df82716370377bf3ef24

SHA1
7f1cba3996a6899852b1db148fc74f18d40be62b

SHA256
2e657c088758be8c1d60cc3f7e0e521625fcdeb3a3fd30ecb86bdac6e2374433

SHA512
c61e5e3d0bac95af090675ee1c0edb7b6439ffa66aa181802433a87c35e08f179ae85ba20522cbe6ec5b5412af25b128758150ac4adec29a2c41bcd7a4a32917

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2d9cabaf-1dd3-46c2-a15e-97f56026a5d1.tmp

Filesize
9KB

MD5
6267796a5b8fb3a8c259179e76ef3d7c

SHA1
ce3f66573fd3e1314365eb42ea9de1a59c5c8fb4

SHA256
4baa2b0e641e66e4af5d143e091df77c2f01bbdeba4c03f5628a2804595e2822

SHA512
0cc0ba5c288107de528a7cebf5a12dc9130dc9ee1a07bb2bc9cb1ee97e25b6d15d2752fe5be0f1962f74d426dde39b2be5cabc13f479850dff5148f82a4bfed0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b7cf4d91b96102adae1378992b26bbad

SHA1
21cf1245cea386d694321a730da16e45500dfc47

SHA256
3da6fe4d92dbd75a31423c04947c898f725b3b9c9171d164bda1a83796390e55

SHA512
ce28acb09fd5040995feee683edf7fca800498045fc7c55a24afa44f27d0cafcba4fd183cadce372c97e9ac4a95c3d4867f9faef0859b15f4d165437b9a8506e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
893e18e4c1b03fde33b2654e19c7244a

SHA1
e874d21e34186001ae19bedfc0d4d149278f5030

SHA256
970df0b602164a3acebee79bb1ec813cca2009178d9606bcd4ccf082e9c355aa

SHA512
806f9ed14d4954927cbb7c1db1395c45ee2e81931649c06ba7a6a80e3f16e6940d10831fe089a719b8b340d5689fc00acf2279d900cc40386f59c1956071bfe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
7d8ff0b35e6d5ba6dca93d0148ca7a55

SHA1
1d8478111d0ef27b1394ea1445b12f6ab5ddc9dc

SHA256
9ebe81fccb13317e34b7d20c2c5ee7a7e8f5c6bf6a59b7385265be1a6a79f73c

SHA512
10fdb1eba4d74152b151ec29c4d1be36860394d8bd19a3529fa76834a8a59308359a28e7482b15760c05afcb8d268710dcba72f0c721b19222ed37c12247ba3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1be1e719cd79dbb5be41987f1f3c0231

SHA1
461b30b8417a27efbf75d7b83683bde0e9938607

SHA256
760bc92ab6f0eeedc5fe11c8d7099e415edafffea46d471128567c921e032cbf

SHA512
f9452da551257c470292127ddb96ec10632ba06ff16b066e84f179c284293d01d8d8adf9b86b0ae5fe4c3cab36268a828e2c1dc95087eb7e82016807df832d76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e021dfe9e913c44380de010d0b7e2a17

SHA1
c4fe23206fa7cd1c9c886eaa344b1ef08b2f6606

SHA256
55bc1c5016ec9a21883b19c5bd93f4796bc824a906d90c7c2277f551a131668b

SHA512
1ce5c0df99938a72973476135ce4395de61357fc923de2437a471a99e97575eca334a06ad9ef1a15a0fc4fe76134fda84dc5c3e11c24fe3f3c0d071c9445f7fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
835768f92eebac0208388d43f566e61d

SHA1
a646240fdb89f74c49aeffaf520ceabca640475d

SHA256
1bf5c7b460bea8345552a97a28028cb54bd035af8790f56f7a020bc302df2f51

SHA512
4d9e24e249a36d82ff89094fae14740314910a5255dcc70f36e7c83e7595a9aea86b364994552cd5133b92778b6d3fc756f1f6ae1d2fb55d2f918ab8c606583d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2f0e5affd39eecb360e9c9aba63bfcc7

SHA1
c298cb9017eb7aa239b63d3c324c5d23c2b21c5e

SHA256
004359a0db8af1f2b695378c461ff29a10754a306af98ba8fec0bdb13d2fbe64

SHA512
6fd9da3073123bdf924752ca8d6b8ae11a89a7e68e691f5c603ce4109eaf83c0165449d01966d0b0675ce7809dcf1583771679721f52529d10ccb9a1b37c7d67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6c491b19e54c03539f0542fec8f041cb

SHA1
9e16c34896218276533ca087b3d5d9db1d42ac76

SHA256
cbf1d77eceee949da6577bd2c3c696ddce7056225246dd263aacff5cbbae449c

SHA512
5f44e058d8ad2dd018e00800dc3da9e8fe180ff8b31a134856401be8437a36570218ddda6396b31c6357b4dd97b27ba68d8d244a8e19f669a8bd0e35b7663992

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ebd82dd737904c7262c0808406c38ae6

SHA1
9f2fa4b9a81c1564246288e1857b0e24af548d18

SHA256
8d0b72a77c6f888f5898341de76f44f4af9fe781bf542a3b0b454471e10c89d3

SHA512
b8935ce27d5f0d382c81cb80cfa2cdcd4538bb19c2287e52cad97d83e62db79377595f089e25d39daf0e46e0f3fbb3c695b20a62d4322c4641ccdfc58d5e13f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7aa00d074484379d57dd5d5338612d26

SHA1
72ce2e8fb38378f7e48abae24f44376c74b99607

SHA256
65df0b91c752be12d018de0ab89a21c91a49fa11d090b0c17a874a15b268f65f

SHA512
47fed256df0c7bf263675843f8e7ddd692f900bc0c31e09b66363913712798ad2c5901d17e51fa3bb2abebb90d567a432ad30ad5d739c457d4c5014842ab7337

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7163d551fca1924191e2137aebccc8fc

SHA1
f26e04d5914857434e7cdaa5f3f57fd8e8b9e1d3

SHA256
32bd0247f51af424f89de60a805aa3261fbae6aaf1cb9e33151b35a456a890d2

SHA512
c304e28d99e2a185d8f4ecb8370af97f93847512e69809951d1d263955a6641d4ef53630c8c29a62918247a5241767122fbe8b0d9727b14b1df958423bbb7fb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
369100c2f5c337c6218be8659e378302

SHA1
1158a8fb38975e98b54501bdfc8a945ca323cabb

SHA256
4fdcbe39b65d6bbe3a2601cfa4182d9a87029e8a0326eb2764ff29b83e80b3ab

SHA512
e47ee55ecc952d5b99450073689631aef04bd766b229aebae63d6a96d9bb454769c8c53f5235c8108049a56b5f10490ff4a8ed2ddf4573ece2959d3c2609962a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
72145a24c021abcfd559d0ed3dda25b0

SHA1
ebcda574d42c294b0951cf75e16d1932549687a9

SHA256
f5891f04de6fe0808682409477bbb7b49ee48645297522b445a9c3fd71288e05

SHA512
79812fe8802b2e5ed0ad0cd281a5d61f3965989a9460bd705f455e1ebca24d18c9b1053b0a042960e7bdf26a1a017566b2853177f961d50ecf90660ebad2d938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
45f3ca7d7c2ccf9c8daaef96a34f47c7

SHA1
77602045398f6956371d8e9e62e356052351f9aa

SHA256
eaa30e62559f6fb13598e9fca96f2be48994f1f9d06b865c47504c723bbfede8

SHA512
64f44b196cb15b366317ed0028cedc32b134fb6765b0acc17a108477539326571690134e14c893cbeca4d7d1b8d0e027800ad05f01ad74e7f7f860eaebb04ea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
993b8e6e7debf4ba032a1c9461a8bb4d

SHA1
3ae1170bb38eb38b466932e0e88353a645f71edc

SHA256
a0b73772464fe748190d093b06347e28a47c4c4a7f8a1121a93721b7648fc836

SHA512
692489a3a96392838d6a8f09e12dfdd111ebd914527e0f6444f2b456ad2b2041ab0733af415684b1e33f1439eda67f1242c931e5b60215e6659fd45e02147bf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
64e87edc530d99a86ea87d73c405be52

SHA1
221e688051bbca34eef42c91ab048f67596fd357

SHA256
0aa5690636fa48ed5cf507f06b05f5776860e00df03c6880cd354bdb958401e4

SHA512
8386e0213b1108b74eb56c1cb000ae81f925ce2ace4066d28cd89018cc9f1a56d13ddeec70f091a8586514d94ce8a65ce4ceb0add66b801d9717e304e782026a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8fbdd677-d749-453f-9182-bd4bddb27b51.tmp

Filesize
6KB

MD5
3981302e629adc0766372feac62f249c

SHA1
75cba983f2183841fb03dc20de53e8c6925e64cf

SHA256
55ced1c15756b714e967eccbc8f171d6d82ce37ac76c6577a277f07e1b18854e

SHA512
c2b9376d92e93f736a2339811d1d97f003e695069129c58fff7313cdc607ed1ba9f5904bd4074c5d68772d2f77ab5847129d3e034a253408c8b09cdbf93f74e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea21afd98cb1deaaf335641a1612da98

SHA1
7c5e8c16a1ebe7948e6a4c2d6629f69e5e6ebc0b

SHA256
bfb13c7b0941768abd442b59c87e9509bf43b8b54a07c088418a24defca0c733

SHA512
7e1c30e15286d0e2f70575020c882f6c42a03819aa6a8a96f687e3f3d89bfb59ebcb5a54020e5506f8c0f7d2c1e5c2a7367d34cf5583660487f8ab29bc0f79f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b919a2b9fd714c6a872060f34f48ea5b

SHA1
a80032c001dc8a06b54cd12376b2f2ef4259ffdf

SHA256
859c8b09daaa3fbdf698207d14705f0d07194aae4443bbfce89f804420b21f14

SHA512
fc99d5676a40a588d276847e346359b6e84d7381b33ec1794f35b700431b01d65bc68d3e17767901648162ee4accaa350dd3f293d3f6babab7398b6bc8bd82df

Download Submit