d9c05090433caea1849dfdadceaecd9385e4fb593d0d76e7d2eefb977071b5c0

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 21:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d9c05090433caea1849dfdadceaecd9385e4fb593d0d76e7d2eefb977071b5c0.exe
Size

89KB
MD5

b20868615d9868afa091b8abe8da7e14
SHA1

d706cf4b078abda631a75fa0d92fdb39fdd4144e
SHA256

d9c05090433caea1849dfdadceaecd9385e4fb593d0d76e7d2eefb977071b5c0
SHA512

befd8a04fbc33de1c7c62404eb80663a8d5647007371b8cebfb9b90c476c5cbee89c4db39b00439aeecc50d4d039ea8d8cb420a3bd7cb634ef507aa2d37a81a8
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIffxPbJO+:Hq6+ouCpk2mpcWJ0r+QNTBffFP

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	d9c05090433caea1849dfdadceaecd9385e4fb593d0d76e7d2eefb977071b5c0.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d9c05090433caea1849dfdadceaecd9385e4fb593d0d76e7d2eefb977071b5c0.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133687489953225471"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2412658365-3084825385-3340777666-1000\{129AA74C-8F5B-4104-A304-F8073CFFA168}	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4428	msedge.exe
4428	msedge.exe
940	msedge.exe
940	msedge.exe
884	chrome.exe
884	chrome.exe
1272	chrome.exe
1272	chrome.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
932	msedge.exe
1272	chrome.exe
1272	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
940	msedge.exe
940	msedge.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeDebugPrivilege	1992	firefox.exe
Token: SeDebugPrivilege	1992	firefox.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
1992	firefox.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1992	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 384	2296	d9c05090433caea1849dfdadceaecd9385e4fb593d0d76e7d2eefb977071b5c0.exe	85
PID 2296 wrote to memory of 384	2296	d9c05090433caea1849dfdadceaecd9385e4fb593d0d76e7d2eefb977071b5c0.exe	85
PID 384 wrote to memory of 884	384	cmd.exe	88
PID 384 wrote to memory of 884	384	cmd.exe	88
PID 384 wrote to memory of 940	384	cmd.exe	89
PID 384 wrote to memory of 940	384	cmd.exe	89
PID 384 wrote to memory of 2536	384	cmd.exe	90
PID 384 wrote to memory of 2536	384	cmd.exe	90
PID 884 wrote to memory of 704	884	chrome.exe	91
PID 884 wrote to memory of 704	884	chrome.exe	91
PID 940 wrote to memory of 1000	940	msedge.exe	92
PID 940 wrote to memory of 1000	940	msedge.exe	92
PID 2536 wrote to memory of 1992	2536	firefox.exe	93
PID 2536 wrote to memory of 1992	2536	firefox.exe	93
PID 2536 wrote to memory of 1992	2536	firefox.exe	93
PID 2536 wrote to memory of 1992	2536	firefox.exe	93
PID 2536 wrote to memory of 1992	2536	firefox.exe	93
PID 2536 wrote to memory of 1992	2536	firefox.exe	93
PID 2536 wrote to memory of 1992	2536	firefox.exe	93
PID 2536 wrote to memory of 1992	2536	firefox.exe	93
PID 2536 wrote to memory of 1992	2536	firefox.exe	93
PID 2536 wrote to memory of 1992	2536	firefox.exe	93
PID 2536 wrote to memory of 1992	2536	firefox.exe	93
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94
PID 1992 wrote to memory of 3600	1992	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\d9c05090433caea1849dfdadceaecd9385e4fb593d0d76e7d2eefb977071b5c0.exe
"C:\Users\Admin\AppData\Local\Temp\d9c05090433caea1849dfdadceaecd9385e4fb593d0d76e7d2eefb977071b5c0.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6B3D.tmp\6B3E.tmp\6B3F.bat C:\Users\Admin\AppData\Local\Temp\d9c05090433caea1849dfdadceaecd9385e4fb593d0d76e7d2eefb977071b5c0.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:384
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:884
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9e790cc40,0x7ff9e790cc4c,0x7ff9e790cc58
      4⤵
      PID:704
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,10606577918311651433,6464378439961170960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1920 /prefetch:2
      4⤵
      PID:1028
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,10606577918311651433,6464378439961170960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:3
      4⤵
      PID:4472
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,10606577918311651433,6464378439961170960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2256 /prefetch:8
      4⤵
      PID:1416
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,10606577918311651433,6464378439961170960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
      4⤵
      PID:6108
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,10606577918311651433,6464378439961170960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3328 /prefetch:1
      4⤵
      PID:5380
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4292,i,10606577918311651433,6464378439961170960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4272 /prefetch:8
      4⤵
      PID:5144
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4612,i,10606577918311651433,6464378439961170960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4520 /prefetch:1
      4⤵
      PID:5928
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4688,i,10606577918311651433,6464378439961170960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4692 /prefetch:8
      4⤵
      PID:5352
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4864,i,10606577918311651433,6464378439961170960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4756 /prefetch:8
      4⤵
      Modifies registry class
      PID:5580
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5360,i,10606577918311651433,6464378439961170960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5440 /prefetch:8
      4⤵
      PID:6608
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5236,i,10606577918311651433,6464378439961170960,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5260 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:1272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff9e77c46f8,0x7ff9e77c4708,0x7ff9e77c4718
      4⤵
      PID:1000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,4494497133160181576,18072026165964406022,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
      4⤵
      PID:2976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,4494497133160181576,18072026165964406022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,4494497133160181576,18072026165964406022,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
      4⤵
      PID:1956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4494497133160181576,18072026165964406022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
      4⤵
      PID:3096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4494497133160181576,18072026165964406022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
      4⤵
      PID:2964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,4494497133160181576,18072026165964406022,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3000 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2536
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1992
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1916 -parentBuildID 20240401114208 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82affa16-11c1-4543-b0b5-11258c1306ce} 1992 "\\.\pipe\gecko-crash-server-pipe.1992" gpu
        5⤵
        
        PID:3600
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fd7f0de-06cb-4f3e-8052-6c02d76c584b} 1992 "\\.\pipe\gecko-crash-server-pipe.1992" socket
        5⤵
        
        PID:912
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3212 -childID 1 -isForBrowser -prefsHandle 3156 -prefMapHandle 3132 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0057ead-1b8a-477e-bb2e-e54e51b3ae8d} 1992 "\\.\pipe\gecko-crash-server-pipe.1992" tab
        5⤵
        
        PID:2492
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3048 -childID 2 -isForBrowser -prefsHandle 3644 -prefMapHandle 3608 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63584a47-6f7e-4c38-b5ba-6379fc1dad8b} 1992 "\\.\pipe\gecko-crash-server-pipe.1992" tab
        5⤵
        
        PID:5304
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4284 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4220 -prefMapHandle 4276 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bda6ff1f-d80b-4378-a380-d894cd93f3db} 1992 "\\.\pipe\gecko-crash-server-pipe.1992" utility
        5⤵
        Checks processor information in registry
        
        PID:4996
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5548 -childID 3 -isForBrowser -prefsHandle 5516 -prefMapHandle 5520 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4875e1ad-dc0c-4d95-a722-9dc8328f9cf0} 1992 "\\.\pipe\gecko-crash-server-pipe.1992" tab
        5⤵
        
        PID:5816
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5704 -childID 4 -isForBrowser -prefsHandle 5780 -prefMapHandle 5776 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23c21a49-bb67-421b-8b0d-2e44112d68d6} 1992 "\\.\pipe\gecko-crash-server-pipe.1992" tab
        5⤵
        
        PID:5420
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5892 -childID 5 -isForBrowser -prefsHandle 5896 -prefMapHandle 5900 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5990510e-9da9-4c7b-9926-f3d00b2c84b0} 1992 "\\.\pipe\gecko-crash-server-pipe.1992" tab
        5⤵
        
        PID:5908
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5964 -childID 6 -isForBrowser -prefsHandle 5960 -prefMapHandle 4708 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7354323-3cf2-411d-b27b-8fd6f8b23ec7} 1992 "\\.\pipe\gecko-crash-server-pipe.1992" tab
        5⤵
        
        PID:6584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4896

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5560

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0e7c3eb22a11aaeb1ffaa27e1aadba2c

SHA1
28e0e708d6152a31ba1cc1cb784e48e3e13f07cb

SHA256
bb3ceecda98e57ad4a6752eff52aeac1d86977788074e8944d7202e3a6c33c0b

SHA512
00a552057f257054c975f3047626ab9831b734fe62538b1d5b2dae15a9dbfe941ed26a606cfa9530f56a196231785345f25bb3dc1931246db5bdce528fdcf136

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
3190fb626ad8bda653bdfc5d69cac9b1

SHA1
8984f248c34616749c6e73b4067a5803d1025003

SHA256
9fa84bc679c946c4bb071226f893eb423f83ecfba1e2b396b2cb527a328d7c5e

SHA512
7c664c3a2e015783737590dfd4a5c848df77cc40388f27da91e991a8dcd2c6c614848a45b4122bdcd31e13bcae4e78aafdeb17631552354f88de67b2c00d9647

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f87bb6f3e7ee1da0e220f6c63c1ceeaf

SHA1
0829995076489549f7b304838eb74904afd9c58f

SHA256
6423ba1c189ae16347ced3bba540ea8fea25832bc42bafe42b32f967f5e3a331

SHA512
75a09bad03d2b50317e7cf75828ebcf37287132694f2fb3c43271bd89e173a76bcd3fb2dc99439079ca6a385d317c14bf797467b1f30886ed22bff8b5c866ab3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
753d73951ee77dc766e25b316603e9bf

SHA1
e1d4e8dbf0b49f948c847307c90d9ff4b2987b83

SHA256
31b7e0649aa68eaa41e6a768bed93330f7494905d113b3a572154bc4a45d9fab

SHA512
87487c822a51b4ed16b66223b8fe6730266621e48d0321c2871ccf76bffeea013886f8fe808db4ad0ca9a5c7181897bafd73679c5e7b0f6d7cafbe391fc81596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
d6caea0e0646738e8615a322a2dd2f0d

SHA1
b4f333b5cfc4aabc2352f31da899a436e7511024

SHA256
dde5b9563f15969040c40d0851ad382affa2a842af20816e4b18ea5c20753c9b

SHA512
153b208580a28a2888ff503bb899cadfbf2d452daf827764bc1a3c4703f6c0236920ac148d248f9f8eafed55960d49596662f0cea85b2665e8063581b11b7068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7b33a92ad3d7078433c19faec890c306

SHA1
b3c02a8349cbfa338c258276e8a0269084f0cadf

SHA256
e3b18f44e480c4c15e98f874dfda315e36b679d4efebd9f34e7dcb1f0829ff23

SHA512
1d623ca21a544ef328ebcc0a6a0482df899febd66d73b0e5996511c1826566211ca36c3e4667546e2af3f78afcc995e3d116d9547d32cc165a08366f8b6db6fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ef944afd824764986f90b54585d56216

SHA1
7265a5ef9d2fbe531e1bc99e4187fb3ff3f7a9bb

SHA256
99c31fe323c2f8950d94f9be4aa5b5cdfbf6f5f834c45826149f38ef25f588da

SHA512
95554ef8d726bf1cdbb10a53757c51ee80feed1dc01b9b08dbac1088d1b0d1f025ef8733897bb5412fe0cabe28e6b3a3226c974b34277fcd96566e7a2f2026a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3e132dc5509f002ed9b02669a1a2e15e

SHA1
9169f6afe5750e06ee6358e97a2ef190d89ece01

SHA256
9f40700d87a88da394052e5a6a852d0f337a4e8d7a14fd04c2b407d36435f3ab

SHA512
4c1ab4e6f892e2dd76a81b93dc99c1ea9eea078e2b6ec7f203445e3b1747658f3881d77091827d01c757eaae566f49ef7af759ede6acc735299888f5d4ce4073

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a90ecc13a9acd83a14ac83c35f68715e

SHA1
69b7a5198236192fe6f5b21384f0f239413adff2

SHA256
4e64bdcc2c7e30674c7e9eba5f3b1a74c8bbfb2fc1bebc27e21dda7a0cb95bb5

SHA512
940db6528504095e763d8eb132b78ee6a567306871c9ea5df30f815a970a8a815453ca9723a3ee617f6f2e29861af5ed8ee99d1eb88f9914ff6a222954e43ced

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aab2daf906f6eb6d76c3002df4d0281f

SHA1
42677a1998aa0736fc7a2b4b50034f40412149a1

SHA256
7faa4a4bb6c2b0f8a24fc55c360b83769f7b7ef77cdf9fd989024a1e3d3570ea

SHA512
8508573566bfc74635a47d216d1cf589d701f61eb3cfd9de03e154691dc5364b517dc0275be000138ed4436e033ed7944d313f02b4a4d74ca3ccf6618c56000f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
06019d6904cf0e49be97a1d2787f6b54

SHA1
e0408910873f9547e846850a2719dc5e863783c5

SHA256
5506914bdf3686e379c37dac4c9cc3a2bf12c3d1c7503b096864827f29df03f2

SHA512
2f119e14ccfb8b3acf5dfd98415150577914251f631d629df98e8d836dc28ce00dd8391c7e63d7e622410aa121d9fc9827561d3797fba206bcffbbee54fb8778

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b1a693bc926a9897ffe9271c0098736f

SHA1
11ec3c5c7e82386e3ea8c2b261e164192882dc1c

SHA256
a9b2f0f8404ec5d4bdd413937381df231c11c6dfb348b7663c173f02f7e7aa0e

SHA512
2c42fbe80f00fd1fcdb6058cfe9f2e55319324619262707b63b859d12518af4cae33cf4ecf0ab225f657be17cca2af5c1d415e71bf4ad0a534b267d8b4ed6607

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e70974377cf83cb354ef82e8ce19726e

SHA1
995481fc50dcb56cbae1c522114b453ca912c9b1

SHA256
73ed74c1d760d23e4ee080a8f491438dd392cceb9df84ab142f6421073d1e358

SHA512
c8137d84365541f8485e91b8c709a7d970018426ef661e66aa2ae6e6361c176b9268e8ae3af889bad1f7365d4f3248b6f45188deca03651f5e58747b0c580ddf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9c6abce63d737199420fe858490b5c36

SHA1
b10bc94ee9dec40eccdfc9071c83d8f1a7609ec7

SHA256
cbbcc9112eb7d8da5643c67ebf21170ed1e86020e8190f7dc5fd38ece83dbd7b

SHA512
c6b67210e4c462eee163f4d4713e6ce1390634c68aa1569e754d6d7a80e31fd22484bcc4b55eaa7e4eb8a9a744adbc1b73ea6522cfa6c023caf69fdf5e2a52ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
987cadbd952cb97f01a58c6c369587bf

SHA1
bdb267982b9f4ad764c6185d1e04566c2e189a69

SHA256
ab7915a6da5fdb4a3d63ae3905f0c1950afc8ea5ac0c979d9c39875675c3d383

SHA512
c41260fafcc0d62237f802a57835ac9ccd03013651956969dd71c3f870fac0a74ab8d9c6e2aed33abc67a0b7d3b318ca124b3dfd4ce1500907ba2f7c0cdaa2aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d8735b4b0e1430423aa21c344febe4cb

SHA1
c9ea07a2d6c8b2a2e1af9800dbf38faba39e2bec

SHA256
2ba04f390aad97d9768407a9092930d860298b928eab2085b8b1bac75ccf62fb

SHA512
39c152c5d56c8f85e3bb1ddd6e94e5aee734ec1bcf9596bb68f88e1e8ebfe7fac53093c135673c6e5d79e14d7c24f1f3746c6ee996ead73ea866f6458913e449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ba72d87b-a626-4d42-a12e-329dce2ef407.tmp

Filesize
13KB

MD5
4b332f99881c9d288f3810d6ac71eb86

SHA1
d5422327f4d3b28f63f83229a1c0e5209c399ba3

SHA256
fe162f9f421e0aff3c29bc4163ea78c2e5877b28233392d131090af28cd14376

SHA512
f60fb5c6b2ef7c20801bfb497a90245c1b57b3f545712bf403a875fc421677a6d50b0089bef30ccd0e9466e8ba3c3a671e0fe0e4a0ffae9210fe96e1dc533653

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
922df7f9ac8bd1730a6fd96f04807e39

SHA1
0652017b50a22adbe719c9a8a4e82c6b128bfd79

SHA256
303a4594112d1168e4c33c0f27842959fc2e514ff0428308e96a68468c71088b

SHA512
b0475900c19c7c1df1632ea4ef084d6d2a179538e75f427aebdfa5130ee8670639d69deb754a3cd18f0ed8305242b4379f34f9e3c39f848037ae5055db47cf1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
a5fd9a94568a9b44a604c65a32a8b414

SHA1
8650af4e7a3c82ddd57858c1f9ab9ec8b332e58e

SHA256
48fe353c0bd30ae717979fb934931e6e05b4dc62bfebb461dfb7bd004fd801b4

SHA512
3b87e499eee28c718663864982bda3fb6e509fe1a05640e7619faf6d2c6399408c836fd521d6c7ac844ce7c2c2b963e4b6d7ac9e5353a70a33bd4c63020c97ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
c1d08c8fd5b2b9da5c9c5d275f9d4b46

SHA1
7506c81d211856692a3b8959d56f06e14d37e367

SHA256
9bcee8dabbe11702d5dd408ef075dc15570b0426b75746d0d2fb325f27ff0c13

SHA512
108aafbe75afc36f74277201ccc4a44a9960ac1d5accc322d2f41dc178d252f22b73849d5de63c8bdb966084f730861e2a0f2a527bc6b418856f23fb263956b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
41ad565277f7bbb766a3d7fb010f199d

SHA1
5f7f0d122983d235dc2d169d9382e6d34778a18b

SHA256
06621f67649ac4380539e2155f0febb9f57ab87bdad2deb269ff0de5447f254a

SHA512
560a1a16936f9d634b044eb59dc083849979a2fb42ca9b6d2315285dbafdf8c2195cac724b46800f26b87a4d13e04a15eb1c2734d549086046773a96ec540124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ccb3176228cd097c8c2b7350a5235262

SHA1
4c0e2560cfb2f89bdb5558294c36f2ecf1e25816

SHA256
069147f4ee46fa5a439ff1a5ea0fdcebd70b3262289ab2139e4b12aa2c0d0504

SHA512
fe97b2ffade3c5b47154cd04e38ad1e450930d9baa09ed864dda3d1d985f1f944bfc08c4283b13a3009dc2bc1a589fbf6fdd5edefc41dd6efb47894afdcedd7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5f4cd16c19a45ded2fbfe1dd4d22a676

SHA1
57199aea528c674755322a9f72a9c07da6df8200

SHA256
e8d25e632b2ffa2c8cfc34426acfdce2a79de020c0974c7f2e061c8b8c8e81ee

SHA512
3d3ba342a5313e69de583fc95243c562b920cb7b086797814f616022bc7ba22be4a396e11589ac70340ef7907a4056c33f658a0c0130797f3b8b2af57c446b0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b3ba7bda2f8b850e3bad7d09b7de1aad

SHA1
0d78fda894a31093b687461cbeca9712f694ab7f

SHA256
1c411e8fcd682365f4e89f50c93da3d884a58cc0bca4cc1296969f369a4cf1e4

SHA512
bd2982a977ef3cd78316541c2edd5ac7cf1873242e0cafcac714ed101265b129c4073a55f3d5eae1292178cf18200a0846dc6d1a883bfaccade23ec3b3e654ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dc2aa36e0770d2d74b44a267624edd60

SHA1
f1a36f8a21c94ac3cf0f847ffa941439b2655a3c

SHA256
50ede09d79d77e522476b4409316a960445c7b8fb8a8d5913f79d2f3b7a840a4

SHA512
0babce03be840b0931eec5c0f6f62b2a2759fa217358cf3541f8f80a4e481535611f672630c8f1506fa2bc231236d60642217051740e5b5d5989c517dc13baee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
701440ddc31617a84398a613eacb3488

SHA1
f5fd91a66eaeb3fb8aff87160a1964b7d24e6034

SHA256
06dca5d7278e018e68027b27631698c7449470f1578946dd64603a6482987383

SHA512
20650bc8fad6af383f04d2ab23434c10091785fb6d4ffef65cd74cf415a3b9aa3701fcabed8142efe8b3911ddb224d4cc8912f031ad380eef3605e98e3ff86d3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

Filesize
13KB

MD5
824f119316e74d25e727d5fec952c770

SHA1
4c20fb293bef2fd9d339344cb994e9ad0da6e997

SHA256
b865fbf6151562d1169fec2ff86fc8a309728f9554f6fb5c2db95930efa15e0c

SHA512
7057b847d7be122dede2f07726c76d900cb5adfb28d57c515ee30da51e01a5ada44defdf9b4f83d610a7d9200775d14d687301e8c4a05c21fc53e31d5571985e

Download Submit
C:\Users\Admin\AppData\Local\Temp\6B3D.tmp\6B3E.tmp\6B3F.bat

Filesize
2KB

MD5
31c09b550c61042384ef240a1cd226df

SHA1
731fbe63179f646915f8fa37ca9f8c85fdb9b48a

SHA256
752a176e12900c9f3cf947bc36d506e360f86da00a2dbc1e5fa821f2584c75db

SHA512
8fcd654736e4b71765b5379c6e1699771e83c5c1df1b5e3fa7f74e4d3b5629ffa1f54aaedfdf9979416d3704bcfb38d73dba7c36c7b6f1ac9804737e7af698a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin

Filesize
10KB

MD5
3288304de9ebbf9f3854bb80f5177707

SHA1
2f54065a18552e3bba84ec3dedab16aa92c1f23f

SHA256
0e943117a61264f2269379586c7accc1d27d005f1a65eb08f83ca87bad2bc222

SHA512
c0cd064a868d8cda7241fbd02c8e49068ec2e22d258adf7e19f05057028f7af79476b1c64a1edb1c6e12f8332b66e75bb17915f529b439ca835f794ad110596f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
a9c2c52bed0652e7012526c75978edfd

SHA1
e9164b97328f2c2f8289647b1109746a57483049

SHA256
12124b9fa01dbf29ed7b9bffe0d4d2d7ce0b0570529d23862fe7ba973f7d83fb

SHA512
93197950c79abab29005981c03aee39069fe1942d6311ec32a88eb3b22aba9e8650155e507e7e5ba467a12a95b800e0eeecb4119475eb68064a279e82190a1a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
4b163816cb0faab691ed71de5c14a32f

SHA1
60b9622c3ea7876f885dd1e54180e3aebf228aa0

SHA256
c2ac29f5316518ff8e32ea90bf4cd3822321ce03e13731d9174e01c5d6075d2f

SHA512
f53c7300d0388285b43e40091c4be25073b6ad1c433b770f46e6f4fa0f47c123694f8b4c0403e3295b94f1d8b5ef94dd4a32e689a0f3b8f2cd4876ecdc66da4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\482ab1e0-9224-4ed6-9b19-92ecbb66e7d1

Filesize
26KB

MD5
62fe91c3eb614789a4b483a2c88d1921

SHA1
2d7bd50e1a4aaf192bd44301fa0bc3bf0c79b0c8

SHA256
b318f275001bbf5a89da8c5fc48536a1f7548576f5e2ec66baaf7713c6aeec00

SHA512
cfa23c2b0b1454679c82a4f5caf6779b20cc3dc66b94b8d217c068e4b90be8ca42d2778c0e52e539f578475befd5a12f878afbee896b7f6bfa629d50b582f1bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\52786c2b-1d74-48c8-9566-c5a466cc5815

Filesize
671B

MD5
844f13af855f898769db09762c4df09d

SHA1
383b6d4862abcef864cfcf42ef5cf06ed5f22e86

SHA256
cca5edf208440733a442b72593613fc2267f7a972a1245bd1f0a23941c86352b

SHA512
519c2ab57502d1b83c6f439603b29a0528da83211facfed711deed031e8237d83cd255b510c6bd67b7ed6a306b78897da0cbd25dc1c1a818e688843c51ae2f18

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\88eec3e6-c4f3-4069-80c2-88df2ad842f2

Filesize
982B

MD5
667a3663d98127009d4dd5e40663f8e2

SHA1
2c50db69e0e4a563787a33c5320f2e5ac3041090

SHA256
a7e626f7554f2e811818f878d17c5b64031cca8ffac9ee02fd96111277303c95

SHA512
4309aaae1cdb363f3c9522cb381600bc899c2252936499338ba966316d9a283a66ce39919cba4e0a2383e33e68d3bdb4ddcdad04b6c2b02e92e657993c6b10b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js

Filesize
11KB

MD5
ea78a8c6622f266af9d6aafa32eec80c

SHA1
e6e684a0216681b20cab3de89c8a1e1de2f81bf8

SHA256
57b798b37eb28359c56727cb300253f55c813d74dbb0b8fa5d8ed799ffcac50c

SHA512
8c18be6fe831041cadba3e589b4523801e809f12e8e8979685177f52147ddc530ed9dd2102cbebea87a282ffcac00980e408faaa1a097e86c673acfe1124ddf0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js

Filesize
14KB

MD5
6a397210fcfc88d5121c6d9c8482e37b

SHA1
9e25ac32f749c498ba3d8f4fc707205a356e61e7

SHA256
d06edf7b2a93004c703af2609604239208b1882435c79c3c86c9cb6cb241b613

SHA512
b30575e4c04ce1ea5b820ba6b83ad82f21f4393aab264e0025bf247f7235cf07893b404469950e5009046ae3d4bcef71221dfe610abd479381866f14d721c3b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs.js

Filesize
11KB

MD5
74a3d4411dd8899f50cfcb03908ed817

SHA1
c6cb78382f45adccbf86702092dc93929c30b8c3

SHA256
591dabd46b809eda9792403a0210f3bc71ffbb337c52fc79c00de8e6fdd7a841

SHA512
264f033a52d79d389e289bb09214ce066c72d989ee50861b53546c1624b00ed252d31c58ee0397bf210dd3dab3ad78fd12fbb668d08fa2c0e336ba18ac02c4cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs.js

Filesize
11KB

MD5
b60099a79a9f1853f67edbf35582c10b

SHA1
879661d7213c83486f1aebc92de9a6cce7e6f347

SHA256
292ba578d892817267fefbe9d4fa0c391b63d34ca4f9c8cf2df199b0990a0b6d

SHA512
1ca3cfee8c089020fea03dcdf861ccfd2d2943a51b1135da2beb19730d953ce5e5543e98e4eb5daa9b1815a0f41278d81ea987a1a0209bda5d7c6482f9356eb5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs.js

Filesize
11KB

MD5
42dc416b03d94c6616784dbaf87bcb18

SHA1
6d95022b24eae5075f252b49ed6cc12319e7716b

SHA256
a405072b359dc4c799137dcdf58cf1def98ed950f4e038390351221cc5285575

SHA512
1117298fb6c9a8a84f2c02e4e67a45ccf7d6c77cc04389d9c11a8d8874d3b22079b76f665f12d5034ed6127297b6aa86f94829d25c324f7624d9fdb46a00ec10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
8b515ade7c57da0c91a6f852d07c9a2c

SHA1
1bee4087baf56a9df649bfe477c33165eaf747c5

SHA256
468405b2f9230af436bf0e038b0c38a5af3247a8145f66179b1621d0897b0711

SHA512
7254ff94301b232146ca7573d042d07db20cb906fa077702e900e2f6df16ca02fc6b414dfa0f98bd8d87c4efa8a7aca2d166b943ac18f2fe504c1ce0ddafb7f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.5MB

MD5
2dcce4cdf691131773a895db9b6c871d

SHA1
9ebae79ca641db70de75c5720a2ea724587be01e

SHA256
478c2cd93ad92bf7478d9f05a3b8aab1948beda67c3fdbce821d2b1d44d7510f

SHA512
a19b57aa49956a649942af8e4aff1bbc787df418a4616edb67f25b444753525a7e6bc9a6cf8dc01986606213004c1cee9bed550aed808f1368e769c8db29c632

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.1MB

MD5
757c1c58471bdd2bb7fa4ea777e445ce

SHA1
378d110e71ca6020955ca3af6c249c588f4c2296

SHA256
ce11448d4cd9a9e05de8557b9a117450038d1bcb64dcf0ae944eee95dce15b98

SHA512
9a1b24887aafe97b396842a44aba27532ca28504d3cd0395d54565dbd1bc19f4ac5621865bb3b576fb4b8a8a779511986bac6b974128d76015f9c5267ec74497

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.7MB

MD5
1c808554e22bf302f33367e7fea2a4f9

SHA1
ebd772449011ccdf369da3cbedaf25c131335804

SHA256
4ee584c0d4aeebcd0b826e51fbbfe176cb32c36da3e2a15f8a9e2186fc1aef18

SHA512
8da9f06fa4bdbd18df6debc4b5fcdbc601231e0a1216b837d87b62d9a25e71360f0ddcf5de6794bb9ff3def04808e46f7cba043762efd27bf9eefeb918744f88

Download Submit