hxxps://mega[.]nz/file/8zdVADbQ#zgBChae6OAWDlXIIXvyN2uTShbQUcxQkIfMD9eQhdQM

max time kernel
1200s
max time network
1203s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
29/08/2024, 08:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/8zdVADbQ#zgBChae6OAWDlXIIXvyN2uTShbQUcxQkIfMD9eQhdQM

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3007475212-2160282277-2943627620-1000\{F3A8C397-C5B0-4BA6-976D-7A604D3B2378}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\nexus.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1416	msedge.exe
1416	msedge.exe
1616	msedge.exe
1616	msedge.exe
2184	identity_helper.exe
2184	identity_helper.exe
5112	msedge.exe
5112	msedge.exe
1248	msedge.exe
1248	msedge.exe
3624	msedge.exe
3624	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4444	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4444	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 5072	1616	msedge.exe	81
PID 1616 wrote to memory of 5072	1616	msedge.exe	81
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 772	1616	msedge.exe	83
PID 1616 wrote to memory of 1416	1616	msedge.exe	84
PID 1616 wrote to memory of 1416	1616	msedge.exe	84
PID 1616 wrote to memory of 4776	1616	msedge.exe	85
PID 1616 wrote to memory of 4776	1616	msedge.exe	85
PID 1616 wrote to memory of 4776	1616	msedge.exe	85
PID 1616 wrote to memory of 4776	1616	msedge.exe	85
PID 1616 wrote to memory of 4776	1616	msedge.exe	85
PID 1616 wrote to memory of 4776	1616	msedge.exe	85
PID 1616 wrote to memory of 4776	1616	msedge.exe	85
PID 1616 wrote to memory of 4776	1616	msedge.exe	85
PID 1616 wrote to memory of 4776	1616	msedge.exe	85
PID 1616 wrote to memory of 4776	1616	msedge.exe	85
PID 1616 wrote to memory of 4776	1616	msedge.exe	85
PID 1616 wrote to memory of 4776	1616	msedge.exe	85
PID 1616 wrote to memory of 4776	1616	msedge.exe	85
PID 1616 wrote to memory of 4776	1616	msedge.exe	85
PID 1616 wrote to memory of 4776	1616	msedge.exe	85
PID 1616 wrote to memory of 4776	1616	msedge.exe	85
PID 1616 wrote to memory of 4776	1616	msedge.exe	85
PID 1616 wrote to memory of 4776	1616	msedge.exe	85
PID 1616 wrote to memory of 4776	1616	msedge.exe	85
PID 1616 wrote to memory of 4776	1616	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/8zdVADbQ#zgBChae6OAWDlXIIXvyN2uTShbQUcxQkIfMD9eQhdQM
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffffad03cb8,0x7ffffad03cc8,0x7ffffad03cd8
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6656 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7116 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1540622578242080821,12890057861320838777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3680

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C4 0x00000000000004B4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4ae6009e2df12ce252d03722e8f4288

SHA1
44de96f65d69cbae416767040f887f68f8035928

SHA256
7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d

SHA512
bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4bf4b59c3deb1688a480f8e56aab059d

SHA1
612c83e7027b3bfb0e9d2c9efad43c5318e731bb

SHA256
867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82

SHA512
2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
17KB

MD5
f84839a66cfa6e400c8356101ccc76f4

SHA1
5db86c3e55a951801a43996643b52c000974d559

SHA256
888fea4957ea758ac1692a1b02e08e923c882fe2b4125c93ab5b95752cbf8a9c

SHA512
18cefbbfdb572250d6b2bda60a05614118cd10b5620ef0b7b63f27f6053c92017d0b8648e874a22c08f21f8a4dbbfa5ca4e72955250a949b14b3e409fa69bbd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
16KB

MD5
17642a65d26526c1daffd4e2cc616095

SHA1
4c0f8532d20c282f7ac4ab3810bfd2ac2eb68b3e

SHA256
323d0acd8b4c0e63c5d7d2e12432bb95a0342a7935c02d4ee725f0a0a92e182b

SHA512
6eea19ca228e6033abc5e5ad452b5c5f6192e2f37a43f5d65a90b52c7d7c71f1b1e6dce13708910d81cd70202f0cfecc5e163cf03f2a5c5e725e021be462b28e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
31KB

MD5
a5000941d6fcf9782819c5af267378e3

SHA1
4e438025036f937afffab4e152004a2dd2a24206

SHA256
0862ec5b3a05cb86d40f6f6eacf7b71e13130fb6efee40c1abc3d6c27d800c6d

SHA512
794a2fbcb0352857e4b830da2a1e99dd4c404c6840204fe623214b7b671cd00c23cd6253126465da8f614584bf3461543f2083460758c3471a10ebea5221ab0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000116

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06de37724221a002_0

Filesize
19KB

MD5
9f477739957fbd52f88672bc114cd1a3

SHA1
c21053062371870745de19058c9158762db002a8

SHA256
de5eab80550e49f6dedbc8bac3d3579a63f4d5e4a13149e7a336648c90055259

SHA512
97de4debc8e6280d6ea7e3a40bd7c1508ef8c3e834d09141a5c182e71899d377279e69d7d090b5f61fc133378ada22b7152816870331ef4538665c15cbf5b686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0ef371de0d55283a_0

Filesize
18KB

MD5
96a4d3848d2f2135d55c231a7fa40e88

SHA1
3138da269db8fe2c237323fb2eb2f06f4d8fe9dd

SHA256
be36f1fd9507bc2486b02ba7bd705813dfd054a5f31b4503107774b2cfaa39a7

SHA512
d50c051da92b9530b6cd7d92cd643fb9554aa04b7639ea53faa41674babf846eae00c3c2773c560948ac6acbbfa6e178752f0da7b0b415414619718cc8e2edc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2290745e33d42907_0

Filesize
289B

MD5
7f842b84f4cf1d2613c72d948a216331

SHA1
42cf2af11ba14d2eec313a20cb67c2115ecf10fb

SHA256
f6d7648fc3663b6e1473770266148a2d8842e201002fcda9789e15b756756ef2

SHA512
8561da04ea98078c0c5a65d68360a178d18a4fcab59346d5a57b7cb834f6cc9aa3c407dc6fefc6c08abf26e1460aa6df7e62eacdeb50edb185471554f3bbd880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\22c9cd543e2b1bb4_0

Filesize
582KB

MD5
d9dd3b4a4ce72263f3ab59ddee014cbf

SHA1
b3d246d364899d97ef74802052f83e6cf55fd75d

SHA256
d23ffec7949446fb240030229242924bba76e7e2006c0dc7580076c6260b7185

SHA512
b10f8ba27103a781a14095555eaa4b906f3e5438fce03636e818a9b52aeb37d1f1fdbd44bc8aa198fee92b331b62d3da5692eb2f3370efcd5017995905801e9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26026d8502b75f0e_0

Filesize
25KB

MD5
45d085049bd07b4b5b3dc613de1d34c3

SHA1
91c1b245ab02a7499965ee6dae23956ce473e157

SHA256
2724c64e3744db8a5b5b2403e9740f56868b0de75f15f85a978987eb2c463fe1

SHA512
66ff3b2f9955fcfbad6e1d4cf7dbf6f87012019999a3d319062771f9f73b955908bbba04cf5e2ed19cd8b806d442043afbfa1a666944d278feee11bcbfdcd336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2829bb2026979a21_0

Filesize
4KB

MD5
f156cf3ac93270ea831b0aed84844afe

SHA1
cd0e74c5b5d2b7cd32a19f0fca4dea84c6037f36

SHA256
a80337d0cccfb5692105c3b455ecd4dabf45d65571403b0b4c58ccf6d5973e3d

SHA512
933ffb2cf0c3bc5b00477cdf2adb163ea3dfdd4855b7c3ac49c1437c8fca9a2ce104c9a7730948996fb9d9a176451619a6a9969e6743380ad9aa7aef8f378613

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2c7c65233c18fc80_0

Filesize
1KB

MD5
c47b7bc12744430a3669cba2d5b0d77e

SHA1
0b7b2c3945c7f3a134f8cb3d3953b812f838064b

SHA256
38a2e523365c79912e30ccf70602150ffa4406f4f98897daef4c03a95a83e6f6

SHA512
0fffbaa1218f05b15f987528c460a2823f64de553d1dc1347886808966f566165125341c0c121393c44b60fa34c5899a427c0a2251fd1e4588588179fbd54216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48dc3ea9fc124e7b_0

Filesize
641KB

MD5
c7d3ed3fab47ac0ba7c353d27c35daf9

SHA1
fda11296c4f26a0ef484e296a9f24c9f3404d79d

SHA256
334420a027a36f09b97efae32006c127c4d9fa05142882834ba354f77745b8f8

SHA512
cc1fae17fd27489ca7572cd6cee45efaf1e9fc85612b2e6b4f5a6e5a7229621d8daddc6989c46436442af0cef5f7888f3527444c96ea5d5fc44b25166985667d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\501b46bcb88fe5fd_0

Filesize
89KB

MD5
6b98db31f644cf31dfdd0268609d1f15

SHA1
6d199c8531ee43f20284845f671b4256d2c2dcdd

SHA256
3460852dd67558389e846a04dff93a148858d5e9d05f036e62568708104fa70e

SHA512
49b67145aedd46beffa39b6aff42e061b9f6a9b562b4e37c2d067da5f43c19f8c8cfbd40f61665b642b8b633640d76592f6405e5577804f936cdbd67d2303523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\522b2402ddc94a60_0

Filesize
289B

MD5
1e2cffa3e2eabfb3a01b7d1127b813b8

SHA1
bb77b8e307dbaf6ef40b1c07225c79f5e28f3cbb

SHA256
cd492e8bfc75fcaaf3de077175f3baa3956eb762af88014b1355ed4d6163dd74

SHA512
75ae415df52ec7074fded6d992a9fb8ee09c44c584e8a530a85bc65fa0b003e8e131b85bd98d1317b035c3ac90508aff02c080c1e3b4f61dedaeaefcf423a912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6f85294d10a0d6d0_0

Filesize
14KB

MD5
b8c0ebdb3af6d368269f313d456567e3

SHA1
de1e365bcfff9594a2acd6e5b218291a1f45fa0e

SHA256
bb291a32d329030e44df3f5b46f6a62cddc15b59bddca1a71631bfaf97c7ee6f

SHA512
bac79fb5d7801bd801464207a2c5221902e917cf2045cb4c8f9354d108accdd35f411d66c327fe9b9e03b2cfc2c9145a952487ad0588e8d364a615da244e647c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\81e64727e1ad59d3_0

Filesize
249B

MD5
e6f058176a9eb9051fcb7c5f04f6da97

SHA1
0c1dc8c2ed69015c7d30002e097f4c799ddeb797

SHA256
c6122ff0475a84d91ec03f26939de576257b554e155197a1d9092d33f8b947bb

SHA512
27b320693570c9d40466462bf2191967e9427e2f60c2fb2d08dd30935fae70c36e5b7c86fa48229204ff39b298daae2e2dcac9376aa7756a124584066cec21f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
8e7d9f42cdfa8ca032b6ecd5786ed530

SHA1
2d3d27862417edef95aa8caf147533103e5d98d7

SHA256
9d0ebaa36ddc433e257b85af0d227c60f3a5b200d5c4c28a07f13134a9b8430b

SHA512
d835fa26030876b2573f5084773cff8f31aeecfee58b06c64df7574bf4ec5c82d8e399faf397eb0a3b97aecc9c85341ab43245f2a9cea9ca13e65292372c52d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0858a4b2ffb3451d57a57bb7957ca7b0

SHA1
501510c3dd3a5a5d90ba54ebccebc826366165a4

SHA256
bf4b5357fb8ed579fc6fdd95a68bd53c9642e290ce3af9b1b10220360470f77f

SHA512
6328a7b2469cc4c0cba666512c9feeaaa5a45ac5c9efc57e29606c5f1a6f28a0777677ce6799a68a66c9e2d81a488e36ee22d3cd636f880e62950723f5b52495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9a5046a453e80c9fb73617e4e28c353c

SHA1
0ab069798d071130a0545482e7882fbf5d264cba

SHA256
17f1929b088b4fe6e83aec4b7a5e8a549935dcb67351a533938d93d38c372627

SHA512
257112ad9ba4ccef3bb8c755ed1c5bde83aecfefa97d7365607a86d2484365494e93e5e12bf15ed1aadce45dac5ea7a6bb50a43fe981e676c081ab19731e2862

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a213a7c01d6600e964681de7eb9d11dc

SHA1
7e67fd8d178f4248685b8e598be484e5da31fbc4

SHA256
696cd6f1572029cbc8477004370a27970cb0f862ebb95396ddd995eb5df29e67

SHA512
ffc735a4c0216d9ea1e589907b22412213e774fb032859f4b4c9f805aa4811bbc0a238aeb5ab769057f52fb43e4477ebea29b39ffc8fe007cf0c1b7108a8ece6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a0819b2a3bf8b72c9166982bfd419042

SHA1
505ab6d3953b73372390c4af885c412b1ef449d3

SHA256
da978dd711b350940dba84ccf5829f9e242f32071d2fba35b1a0ad2b29486478

SHA512
bae37e6588a5176cde83b2447455f8d265e1fb37f481638fd615785f450af5dedfe86b65b981d030a709e1edaf21e13cbac6cccc182d2c500f811881cf903e6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4bdc162fce0dc63c3ddb28644a569d12

SHA1
63df367026152bf282a816d91c455172b5a1fc64

SHA256
4ce68afdc987ae14d9fa41a7cda461749ec6a43d8fcea665d68b113a2daff6ea

SHA512
6f4c5206b7a098e08f45e254cac020f584e634d5e6dbc592d055dced7daf102d128576cc934a5c88b477feaad40db454ef882e81e69e3855422800f9810e1e20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
60f833b191cb58d857b7b3f7dd8f1756

SHA1
bbf77c02df4726e831beb27c102a39d6b71b4150

SHA256
dd694e168ba26de98f34b2fb8f580963a21a565c0b8112209d94e2e10c898d68

SHA512
60d19c7134f09586c43ebaa053eeaa4b2f45d46f32f71f65120377e62904ba9ad3a999404fac947fe4611faf7bfd7dbe155cd5fa549f261407b4c41b79543999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3d57eaef9131bd35ede7b17d846dcda7

SHA1
1b266b50abc36c25ce5f2fdd0115d5d43873cfb9

SHA256
8b96aed252c803ff9e865051780aa577d741cf1f19af42e3d582beb6555bfe18

SHA512
83165966c2589aea710fc04003564a3fbe0c233c189d24a66059d55d365726f68e091beda4326e366c19b850f945ffe7fb787e9c4e6fa6621abccd31ff9534e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
271666f5ab422ebfc6f0a6275d907605

SHA1
7245c51c38919234b44733a84f40c4d34f52e623

SHA256
92c748f438d43f8213bb7d66b2733276917e7d36becddee98eb6a8ad738e7e00

SHA512
257c5d16e1ab12ce217ac8651b28e332773c3192a98d12f22aab6bb0390aa3f71bbc0b840f91b77f34a783452b90b7e674e796e39336dd5da6afdecd01b02088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f5ef7ee6073ba3b31fb62a6e500a3bbe

SHA1
eb219a3fef30b3e5b3821afe183a13817f39ca6e

SHA256
2b8147271d5f1307b8796215526d3066cb8e1ac8303b138f7c1e031aa7f4b6f9

SHA512
b77a1453e4a7e81e0f2ed4d006852a37d3719b5a37455034a10acdf4fe7bf33e0073d71cca72a4828d69e091306bf1788c7c9c67fb7ce6c71458a4b787125ebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
481fc12a09e9e401541ff9ed0dd90f71

SHA1
bff7b8d1fffb6bf6dd049ff42da1e726ef1542a6

SHA256
ff3e7de8efbe1295c24b84b0e78befa9fa15dd7131fcdc833c1e5da917c02d88

SHA512
4dcb75836f7544961bcd277085757cd7c18d8453b7226d403884bde526383ec21366c547fccd85aaf22a467f0d51072e4b1b7730b337a7461b8ce54b6a634370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8858dc83c0300d80edc920664ea40d96

SHA1
a0d64c1381c6d98fa8baf32d071d2c47c0a62c05

SHA256
996bcf743aee4558a0b62909ddd52ad8e54def48fcc2a9cd9ec87c701b3397f4

SHA512
0f5557644c13f63a40b55d8a18bc77919534e56d8e3e94130c744753958ff7bfc8eb3acd9688ffdc4d9cbf1587c0e1f23f7142983126f07fa26f63e325cff648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5e0945.TMP

Filesize
1KB

MD5
fa4e00adf58923599e5582e01a289f36

SHA1
f0a280bc1a7851a5956b32b7d9bf64ab11035027

SHA256
042582a90a9a3113c6b26a9d96c0a5710f01dee7c34f833d1d143a5f234659f4

SHA512
9350472ac8a3fe907852c0635740dd6b524eeeea9359fbe09dda29c6531063ccb53ea5c470fa6f9dc01908f632b69a8664f365d82208616e7780f804f3296418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
97c3027eb9148a759e2d2cebece2986e

SHA1
d1680d794ddac4ddb23a402e2f223318d5270e36

SHA256
ff2fd478385439a6497db0b2bdb064e4715e1a9d3d511c54d01de636764de9c9

SHA512
a21510f5c5f89bf81b938867e6804e264ee68e5efcfdf9344c966f5a04cf9256979aed9506888be6847b57b28c277c966e93a91646ee89873e4d4f52f9a8ccec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4ae5e21221f0b39caa2d3cfb66720446

SHA1
1e7a0bd9e5a74ff2eaa4d1d4ea6fd140fe12e092

SHA256
ac7166e3d2096c77c13a9d26d0b54db0465880832621aa03d946d449d5de22aa

SHA512
d2e4b03a90badc5fea2de0ffd4c51c610018302ec93050c345caf481b82a3e4c252d756a565b312ecce6a3428dc79abdf8e1287346db4546f8f926d09084a6b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
57ee0b6616305abdb3e8f1a2887ee682

SHA1
63e6eb975fa6a58c879d564acbc87a834d5afd9a

SHA256
ec7180b38f09ea06df4e76bdd83268e6d21f747a561304bdd7a4e3f3723f818f

SHA512
92febfe8acdb6bc2e615c066a1dcce953267252bbe61df6f6a0c6494b428791eaafa9a9a1e1a1ac13459a754713812100de917793ae352db43df1dd38120bce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
959e4600b0a56444521acff3fbdeccec

SHA1
04a9b155786155cb3b4cab2fd9b1812199000cc4

SHA256
cf7f8cf33905da06f6815552de96d1f1af8aabf1a39019b329b39d8bd9ace463

SHA512
2241313a8a2d9fc1fc86be57a10a036e0d3aa388fad8d132fbb888611dd46d93c15d41085f746c2522b73d657fa9d6ed8f8f929288ab55aa37856294797a826b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b7ed4e64f842ff06b8ba780f61b4cb76

SHA1
8cb99de3951aa966d18ea6d120a73906ede5e8a3

SHA256
fc8d25deb1fbcc0356cc3763a8961d4f5db0429a8135199e7515b0ff4d298f4a

SHA512
9d56eae96224b0d94ae16998922596d565b11de0f25e4e28cb139fb282d4b10426531b89e8c4dd08cfe714e8bbe956c12ccc6a8fd2b8b280f028659bdb653200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1761d59ab411b4721d45e1447e78abb2

SHA1
472c3b97f17cc6a3d2f5306d96f00bbceffcc61c

SHA256
18b51d1956f38c2ab2accd3fec30dded05faf16ba47d20c2486d5c37b6d588d9

SHA512
237329bf66aaec5ae273dbf65efa9f1b75ff78af2d925007cabb1557463ea7bba68e6b229419aa706462d03a18303333ecd85e65119a839a8212efa9e4d75ee6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
475ec3111905d59ff82545c846edbdd0

SHA1
f22227776b4660f0ad2969cbf8da45ec9989defe

SHA256
f77d259bb4510dd8ef30e584da796ea8e23faf9e6e2315c5cf02d50511386d20

SHA512
3fa2e9341728771bc11b271e96166b7cd1ac07509d6e03e07efb01a027fa1dc779f03161308bbad057621a9206e0f427a534c39be83293d6d349c4a2a1cf384d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
74abee3a8b0b530d3148c0128ccb9099

SHA1
00145390479aa6942af3875f309633010170b90b

SHA256
332c23898ab449b2e579df5de343c54becd297d7b227ea830d98301325189e43

SHA512
1ecfb11fe392c8f39f6ed60ef36bfb0cf41d5d244c909d3db683aedd3c920de6b1c92d390b47ea5d63b3c1155dd2c393631bec015f6b305b5a56d1abe2276afb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
518c187b1d027268a810574c107264d8

SHA1
264d40f0430c3c877080157d5c1245d5a9e83d53

SHA256
29eb08b3e2d030da1f232e5dc5a313f4a7cdc0b2644211da94af174d4df2c8cf

SHA512
35e3063f3d5398c2b3fde6f5480c27fbe73ecd37e61811f994e6e43c9a11141525c97a135f21db138e1c67e4adbf4436f75b3876cd44a5ffc6490e63476f935e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
825ac2d9381af0ad609109b4bd11f537

SHA1
f7e39bfe7b993eddbd2eb382593c99dc137a33c9

SHA256
f3a0912652c1636ffcf589709901a8c8e0a28b683cfc2310e67dcceb4fdaca58

SHA512
9f107cfe9a2ee308d112bc0502b5ae4a205c3da8a68b067a6ffa3a7aacce9a6a98e550eecf63a6c494beafae12a543c033d651e0688def94325fd2f7c0cc894a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
164a9b89f8e88848db09cede76cebfa3

SHA1
25800c73ce55a504dfbb0c22a398c7aa910e6ae6

SHA256
4cf10af391222e17a5253d55d22a3721dd1d2204aaf765b6e6490c603f940a1a

SHA512
6f6a16b57d6810daf44a4d77056c2f159b2b9b00fc6e2bb57efc836b7a6f9ab83506a3ca9dd954d7e38a06a08dc21b24db35ef80a3832009629e7c6fe1db08f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6c414158130f2771f4e28f6c863dc333

SHA1
a3e689fb7cc3590f3c4468f5d2d8ab8052aa8a95

SHA256
ec1c7294c29f778743318b1bfb6f498e5a7a70621f2c9021fd50f171d5b8111a

SHA512
21108ee87193f4501eaaef40daeacb448a3b821016496383e39abfaac7af41538625c24a113c6bacf769ce39c7f8e138e13ed3b809412b8531de557ad9fb6997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d20101bfd639a129b892e8fbe98c02a0

SHA1
2af2a727c338fc4e814f6bc3d123243d679c7000

SHA256
815c35e3d1f8a48563c82d7e85bd0a1eb6ae4f2aa3c4c75fd0296dea896e420b

SHA512
f2d643d5ec5541ec50d284291d75f0c23bf6694e7b0994459013696a3b8a815b55948d374724243374dc79037125b5c55b8355229513915df2a87b04a5a850d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
aaacf45f146ab5eb3354e04facf1ebf2

SHA1
87e18539d3806a9bc3a14bdd2b5d7a4faba3e9b0

SHA256
32c317772a4d1ae3a6def31e46a608e02483bc8085565fb12adf9f7272378474

SHA512
8ca2da9375b2123d79a53b59ef703bb4e1f882a72058bf7b98025e7fffc283579400773e9eb25fe2608b5ec8e0b09c8f8d28bba252c0f6cef94168bcea905241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8b150fee728d0b7e70b9ba2487aa1195

SHA1
8fed40f44ea7a5bbed0f727d2881b4fc2a1530fb

SHA256
fa5d6f9df7c61ed772dad2a690954366f4d59f6154a51ee848acbf16ed1317d3

SHA512
21bb2d42c534a7a214251d699b52f4aaa88e609eb0ff624dc0a7e023170059f490babc0fbe280f9769a2fe95ea31c83ab1845d34d233cc871d0542679d1f729c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
568c4051a4159577ba181c275b332ccf

SHA1
eb383e398a29fbca8bd39ee46bfd4ee6e2488bfd

SHA256
caf306e6a2a9105038a11cb900befd36348c54fbfc0a8abb4359855f55ee4b66

SHA512
24783c2ca48f7379904458b916579e66f71bfe52d65f35e6dd97ee9b9b46be2d31cefbc4aa0af1c45aed3774c5aace3a4e71e2b6c382e04ca6e166b8556926f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f4219200393b94ce2760b01e52346f70

SHA1
af68a47f131cc653abe5cdbc706edcde24b8bac8

SHA256
5d06ecae2b3f3c3140f3bbd6b5ac9d3d22c91ec2e434af99964f5299203ede75

SHA512
d43a25385cdc1f1dc61d9c0cf6946eddcf7b6a7fb29dabb570fab30c1e36e588556e85c4d8d011ba73c07114a75150690a361a27da1013b7f9d3a2b914124b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
177e45e264ebdd605fe174580eefbaff

SHA1
b8e0c05a01b528c3396819d166415ca458bb19f8

SHA256
f95c9178a8b72d729846527482f22356193ce83c890991cde6bccdc09439cda5

SHA512
4855ff42efe2cc21051d21b402cfc093f1ccd58c9abdbe86569640238d5f10a8eecb4060ec9d3d2c0756efe1a194f9b5fa8a02f70faa387f46572216ebb3ca5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d910efe96a1b3e9ef06a031bf98747e5

SHA1
da8a855243097b3bb0309565f5c3a44737c1f7ae

SHA256
f25cc6189dc4c462faa9c6f2d5ff0e9aed02f09d35fa73ded330a66af986d745

SHA512
996f57eda4f855ed326b2721dca838d9aaaf003e40dcb9192ed84424f81afe8fc624a1926711c1afef24d86facf589e9176bf6ab553f2c70be1650f8a6e070cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d2e0.TMP

Filesize
48B

MD5
6ef13b9facc1aa5e19881b7abf2226f2

SHA1
95d8c4f02a611fbde459f6224751f488dea07d4a

SHA256
4a9498e44d36ae65e5f3a0f9dc1bc57fdb4e005a47ddab116ee2b2b2d2800d2e

SHA512
d76e443937e7081ccaf819a0af5e2f7af76f26818e621c88177265ab27f22c31d184517f2bf44145f1d1a27b5499de133cd24dc4b6075e18708786c6ed8323e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7e6c08974d82210052a9b992ac4e016b

SHA1
cde223eba3d8cd6067c7a25ede86058a7625f5fb

SHA256
77afe2a7be37456e418e59e49498dc4f2c0530d23ecc0613d6484343a62fe009

SHA512
4d01088bedd95ce84a6d5de477aca7803a4de4f5011845cb78af9721afed591a2620c02adf787d9ea2db0e911a4ed85bcd3a27ee1b0e9360df5f9afd3bf97d1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
90062b6ed73b1537d6a94f8c4a30f3d2

SHA1
c92ef01fbc1f550523ed9d8a0c72b3aeb44373ee

SHA256
a993551e37349f7fae3ccb225e4cfd9bb8db9a444e0ea502d990ac332a4e2d51

SHA512
6d47554f79ab6c7daf8406f50ae0e8e9a54c0460610a4971dc1347d93abfcf93d4dddf2caccaf02d9cad8e6ce6e40d8f87e012ca869cd1589e75eae5a69ebeaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4aaf6ad2f631ddc942b71308213235a0

SHA1
5b766e2a4af3544c58ab10914292a173d22b69de

SHA256
ab494143503f9b2d2e2f7376e5e633f48733fa2d317e70af41f88879d4bc10c6

SHA512
2c0d5d56d06c8ea0514b63780bfb077f9f605649fff7c26989c095377cc04b11f6bb3c14835fc630f75fd9cb0c80301c473f9ce11022e36146f9a759b2c10034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2dbe226721ed6226a5b2524f555bbab3

SHA1
2099da68fd5cff4504467c6c57bb20feecb70cfc

SHA256
cabf27cff2583b7960298c771dde970b04e2be371ef6492b3bcd8b088b8244f3

SHA512
6babf07f59e64aab04607e0769130ec4e371ebdf9d671978bcb868d0dc141c880e8e543e72fd2727ffae58abf009d724b1a5582f4f8232af0520d54ab896e534

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e533fd661c5c19eba234850f81636644

SHA1
77f00f09e7c833f96c03833143fe6bc7798e55d3

SHA256
21545c640d64c283b74fc789cdbd3c13a85c516d442f4ae8f29f9119e7cc11a5

SHA512
8a66602cba4fed0913760c0ad0cfbf4095d42205113b86caf125e1de178bf9144a37bc9594287c2eb5339194b0dc04fc768c2bafb1e3088fd199915aa8b13481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
99711faa1e88b52967b40dcee09a09c5

SHA1
6ee115af27fb3525bacd820589da983b49bb7156

SHA256
cd48ed0d9d8c2c327aa5ada68ac29f0c367f795ba2520415bf92c0f840874276

SHA512
c082453320f97bb59543f41c7082e0e0681b2949c13c6dbbac9fc539b22999b1f22ca90eba8a622bfc9806353a0c29804ea9330cffa4005b607061be4d973f1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
238e4c3cbbda6b5be3035500d6c6221c

SHA1
40ef1c1d2c2fe1ec771936a693ce6161493184f1

SHA256
b0e49e620a72defc979e7ac9dc3585795b0c0d74e4b294bbfad7160b65965539

SHA512
38baf976305c70dc8f55ed5c2976978e16cd8c1b94b2ccb8d204c85669ce854dc8096e7995a139424f44da90fde2dedd9330331d799408a7ebe36df62255aafc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dc623a73485245a5f18388cd57738a23

SHA1
eb797e39815381cadc36f000607b7fcdb71b4fd2

SHA256
d1da3250ee7772501f5054953914db6d26b5211f9279da1280a23b05d4b458c7

SHA512
2576e45db2624535645e5d9611d5798cdd49f39d2a2a083296b7f87d915a67b3445b6e87258a20e7c42c60c9d3a36eae79c4baaebc6d9a03783dbfdef4bc3c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
33a61ae0f1e41de6fb9ab85631ccdb21

SHA1
b4e79de966e5bb118275af3f2aea2956e6a373f0

SHA256
682e8b66cdb31e5a8bb6592cf2d768357af2c0a267f6910994fcb47f6c1c6c43

SHA512
3788cbe3fd8247f1174b39431dbd670220f280df7608c3343e066e215fd0c0c719247be4cc76d3d3c40b390ac0eba3d7a77458ed8c8ff618dd0de6399871ec38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57de1b.TMP

Filesize
203B

MD5
1766f7a9eebe6f1cea3e18814bec2d21

SHA1
782de865ca0e45ff650f77a99e5d03c5643a2359

SHA256
7ba3c7313aa0eccc5e6fca1821180eb1d52a0f3f5893abf46d9432e7f3b9d38d

SHA512
5f2d220d8a00efd54d8b7338fb26ecee31319d3b81e2413ba27225f88291eabade0645d3c6c1074a3bcf3310e68bef679a5769cefadc718603f97dcf4cba9347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f662f29e56be9ec6458a6a9310fe92f7

SHA1
4e4efbe3a76014b0f8ac6f6b07463486c482dc97

SHA256
e435cc2c77bf3eb32ce9d6f423f21bdcdcbb48213e9b41d40d26257facb30b9e

SHA512
b03fbacdd341d17522477a09d7d45145b66a9e7028c1596ef845164e032de39da672a820c54f9b1060dbb8ee4b5be543e4573ae97e19f0348b3473ca3c21ea32

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\nexus.zip:Zone.Identifier

Filesize
52B

MD5
dfcb8dc1e74a5f6f8845bcdf1e3dee6c

SHA1
ba515dc430c8634db4900a72e99d76135145d154

SHA256
161510bd3ea26ff17303de536054637ef1de87a9bd6966134e85d47fc4448b67

SHA512
c0eff5861c2df0828f1c1526536ec6a5a2e625a60ab75e7051a54e6575460c3af93d1452e75ca9a2110f38a84696c7e0e1e44fb13daa630ffcdda83db08ff78d

Download Submit