hxxps://mboost[.]me/a/cH8

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2024, 13:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mboost.me/a/cH8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
1932	msedge.exe
1932	msedge.exe
3388	identity_helper.exe
3388	identity_helper.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3712	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3712	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe
1932	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 5104	1932	msedge.exe	83
PID 1932 wrote to memory of 5104	1932	msedge.exe	83
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4904	1932	msedge.exe	84
PID 1932 wrote to memory of 4696	1932	msedge.exe	85
PID 1932 wrote to memory of 4696	1932	msedge.exe	85
PID 1932 wrote to memory of 2728	1932	msedge.exe	86
PID 1932 wrote to memory of 2728	1932	msedge.exe	86
PID 1932 wrote to memory of 2728	1932	msedge.exe	86
PID 1932 wrote to memory of 2728	1932	msedge.exe	86
PID 1932 wrote to memory of 2728	1932	msedge.exe	86
PID 1932 wrote to memory of 2728	1932	msedge.exe	86
PID 1932 wrote to memory of 2728	1932	msedge.exe	86
PID 1932 wrote to memory of 2728	1932	msedge.exe	86
PID 1932 wrote to memory of 2728	1932	msedge.exe	86
PID 1932 wrote to memory of 2728	1932	msedge.exe	86
PID 1932 wrote to memory of 2728	1932	msedge.exe	86
PID 1932 wrote to memory of 2728	1932	msedge.exe	86
PID 1932 wrote to memory of 2728	1932	msedge.exe	86
PID 1932 wrote to memory of 2728	1932	msedge.exe	86
PID 1932 wrote to memory of 2728	1932	msedge.exe	86
PID 1932 wrote to memory of 2728	1932	msedge.exe	86
PID 1932 wrote to memory of 2728	1932	msedge.exe	86
PID 1932 wrote to memory of 2728	1932	msedge.exe	86
PID 1932 wrote to memory of 2728	1932	msedge.exe	86
PID 1932 wrote to memory of 2728	1932	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mboost.me/a/cH8
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8931346f8,0x7ff893134708,0x7ff893134718
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6475292909866973669,13120566995683328844,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6568 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3012

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x4f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
20KB

MD5
b746213834ccd3df7d3bc63349b27c5f

SHA1
220084981c726f4a8a1a09171bc4eecbbdccff11

SHA256
56cf3767b76d6e0ad568fe063de41f6b4e2cdef66d271b89eeb715651adfc304

SHA512
b779f0b06f9d87cc1dd93c43715cde8bfad7d609fc7cfceb1a398bb2da8fc272c3914b8fca7f43f144eba38a8e23dea3a7fe95a748a8707b885100d1cdf1d0eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
c0f926c89df8d41627be58beb646e870

SHA1
7afe9717bee434e3fb72ff72d9529916643b93ff

SHA256
4dd02820b154e3c829b6ce72eb1f5ca85f4a2ba9590536dff8027d97f9da60eb

SHA512
871ea597c89af68bfee67e552b6a69d45d01031fd9dce250b9ef411c32e15a6568f3c38b8ebd79aa37f9f894424eeb2ef87a20aa1c1c5825b4d2166f6f17a79a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c13141b44c25c518638f0341526c6b26

SHA1
68f58ee6d836e15aacedefd0bcdb9b54a4caeea7

SHA256
15ce7f7cc03902ede76dd03922c4ae0fdfcfeb6d72bcfcd81fb09b1a96d41666

SHA512
2d1ed4db6f934249285af03ed955b68d711b59659de4f9f21d90b2f6b98b72d90227c9be4775b64d44f69598ec46982a752658c3a48a05c0c420c51d951a2d43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
1df34132c45ecb7cdb23160a16c4ff99

SHA1
26bd08c521255acff750f61473f445e10d2692b0

SHA256
8548c64df1e004c9df5fdc1e874a8e3bf44c75298ce6f687fc46bd3eb0fa305d

SHA512
a4ad29b6c151d4068afd296496604184382208894507eeae3473533e5782cf7694c9928044bd4adf2ea91d257e51ff0a6e388474ee37cb0a49da44287049a4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
1ec5040eacbaad3f1c9ef68d05c0f520

SHA1
3add60fc471cede64b74ece51e6856feca8d7e52

SHA256
f60fed17679386aaead24d859e06c625645736592159d8fc78e2f9d3de064ccb

SHA512
d05998e0c0d23edc6ddfe7025029ec28ac0c89783c8f3d1a248d15d5e205e8ff14ba5f718fafbdabd952d68349fbab8fd55fdc79bba605f594fce15749e706a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
99a6202c353a6b196d2f439e5c9307f9

SHA1
42b43eb2d460637a1cd26641281c8545d48ddfb8

SHA256
0e35022bbbc77c5077fc56b881f2216cfae225e38fd0706f4434f5ee8ef338f5

SHA512
05fe73c1eda9e4921f80aca97e98039824dafb8f1ae60b60eb27d07cbc7f824a0b2b1097db24f7a9eba7e517efb6b363443d0622e2d62a5bed27fd2ba5d10b25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4ab609710f53f88f62f5f16e03899f7b

SHA1
224cd95fc7575a00bb24b14fd24ab91a2d5d7876

SHA256
d994ab876d5f968eb031e874077e76e322231fa99ea8c70554fe09481771551b

SHA512
0758dfe00393b6d1ddcf2932b5dadc918ccc7b54b70c8ad123aa29078078787929b60992b3491ff6d9c3c78de477ac32d9be5385ab03d4de3ef32b2c39b8c549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7b8436d9036f6aa64674eafc5a8f104a

SHA1
aebe0b268172a725b95dab53159b33cf90ca5e33

SHA256
8142d5be652434901bddb382d43e741dab97589c43ac8ecd899512757e92cd08

SHA512
29c732a220d713d44c773ba3ddfccd86e16c075ee7e9762acf2ce8a757a29edd49d5d1bfb55f9176664873f6ea99d746b0c28af7c7592617de0675d8598fb327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8ff8d473e5295906828ce970125a6c2e

SHA1
9eab040f9ae5e687de063d729565ab8895f2b345

SHA256
56ebd46ab59409225938b5db1136f95886cef6854309ce7762a9e487df6194ec

SHA512
5a269b86b84be22c605cc2c954f724f3dbc5f614316f827c1dd66d0e216cdb2b0bfe1065ef8989855f4032e55c2c8c50dc7bed08603bcf760cef69e437a3af8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b2b0da7a5b37def71e2138d720b07634

SHA1
b1f6da0bc6bec4b2d04fb895c9a0d1cb4ef6a4c1

SHA256
2aced9c31433a13f69b763c79095e1aa99b9c12aa1a7d42ef4b0099aa3c64b89

SHA512
76bdb969dfbeceac22e859f251e1474c2e268ff4ac624ab69212d2c522363aed1b5ed6690ff966467fdb5b615b6b0380b1d5fa2e99a6b9beefb017753bbde2eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3dbc232e-9df3-4169-a238-0f1d8a1acf08\index-dir\the-real-index

Filesize
2KB

MD5
e18fce4a0b40f1c8b9c816797933b8b1

SHA1
d2d2f14ac7d3f90ebcc7877d175071d230637758

SHA256
4ca3319b8e6f7bf421e91c07bcf8b5a287c421b059d5413d8cc1968237adf5c6

SHA512
b633397e9b88018c6cf0b222f1ca3b7566043e054866bf58d9646e619d5503c3e81cbb4e0bf191bc95541ab3a16948cb164f7abb70cd0a6af8f893e7975169d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3dbc232e-9df3-4169-a238-0f1d8a1acf08\index-dir\the-real-index~RFe58c167.TMP

Filesize
48B

MD5
084333f956c951ed2192b2ad63c35052

SHA1
a51d8ab0ff2952f228a940a9ead5a88996dc3593

SHA256
1b58613bcc7423a8007f3fad2d987dd696ab669e8a0f60ea75cf996d0a202657

SHA512
2ee5f5fd90af817b713644602038d64833284c1c40125f12f3462f960ccdfbd46ebd62d4b1755ae72d3f62fcb407734156462a17327ea7daaee5bf3b2bb36c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3e48327f-7f3e-4fcd-9f9d-b7687849f7df\index-dir\the-real-index

Filesize
624B

MD5
397843ce5097dbfe99db44445aa79c58

SHA1
2bd8c6eff031d05f06f4649ba605eefe8638c05d

SHA256
8790ea1859dafb608bde99d3dea55b762f0eb52bae8b737124bfc2c3ec61a798

SHA512
8bc8a7f8435308ffbd94ae97a82bc7a5f9d39eb91724180776c12813080f48e5df9b69d0ee9df7de2603ed9dc708fe83ecac460ed24328806aba47638a62e441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3e48327f-7f3e-4fcd-9f9d-b7687849f7df\index-dir\the-real-index~RFe58acb6.TMP

Filesize
48B

MD5
8de8b7f6bfecafc7d49b9bc9b3a25f0c

SHA1
2b32bd006ee10c317d453df43413f60273a0d0dc

SHA256
8267861491137f6478b01b02c147d3130d1ed96448c30830493c7200892f7f8a

SHA512
b0822f59cf5f90a477b58ca88f45130e5a2c9b16615040d8b9cc98126bc607ca97df02b09a23cd7929cccbb1bf4beb19a5caf137bd61d953785e9e50d31d456b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\79d48b60-0c16-43bd-aa3e-a9fed381ce87\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
9f4b5ff2d8e636d0a4e81627471038bc

SHA1
c1690f0cea4d1af3b19577aa3e5e82aaa719f28c

SHA256
a6f28e48437cc5c84366c97e56b281acec89ec49400689bc81edabc0b0d31ec5

SHA512
02a576b02cd1c55c005702d76817e28c6bf4745432a62075f99789f0cb8322d0c46dcdf1e6abd9d387c17a9b8087fb37971859f41d5fef7acc1cf011e5f52a36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
cde9c1ca275711a12ed400a6e36dd814

SHA1
5dd89fcd8647f7d712ed5de9537aa506998d356e

SHA256
8341cfc21459490f8c6b6242372c64bd768a439d8e3e5e0c0cea18ece05261d3

SHA512
6dc03e59c8216b05daf209920b507c316764fda6938c6e8757a1eedcefee37563e7a939862716ab925f6e4119f90e253479b976ba3939d304bdb8fc351b5f8a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
f9ad0ead80b2a4b95ec293e6a4a117d2

SHA1
b7423401c4dd1fe09a69a4871b84657ed0f743c0

SHA256
03f316fde39fca59ab6cdfb39ceb562602363de1ccb44efc177f298ca563a782

SHA512
0e0ffd4094188363d2d47f86fa3f63b4b9e2206b2a5bcc1fb1a6542173bbe4f6957b402ce39545190fc744bac67f541f706b7bfb06f34e697cd9e78087a1398c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
c69f0d5c073e4c98bd6dabda625e3964

SHA1
df2a8f1c8d718c10943547125eef5b7c5f4629fb

SHA256
d9baefda265cacae6fbf91d252c56e45adae840146cbbe17b7149935e651f956

SHA512
37e6cc4fff0853f59bc2bc9dbae89d92a083deee37883b9108e1a5263cc497928d5e14ec53c8f547621df5ea7963e4786092449a4213a86a6d172c53aad26416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
ad1d6aaec16831b262e9d4bd8e392e29

SHA1
91e8fa1ba878002925924768b3d1675c2bdb4072

SHA256
a03989fab2f86d95980860951804da98b832719a1193d8d29bc362f708f2bcb8

SHA512
8748109699171d1808265b0e2aceb96d0dcdd1933231add1288f0d16fe00293f4c65f7bee11188a78248cf577e8ccee7f8518299cd05aee68a90feee65e314c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
61f9f74aeaba5be62425b3eba76ded0b

SHA1
372cfc22d99c99339a29d17666e0077b6b1f0039

SHA256
f8a870182adec806fc799b8aa2ad01a836bb764ac08010c26b4f8330f02676ed

SHA512
6f0e35c7e7f844aadfcfa6e322b471ed9027a71f760850a75f902d58be2129625789bde596ba0c7d1ee77750be79ef2806a0e9cb3950a89c82d522c0c964c43d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

Filesize
153B

MD5
f6180a1c746d07e3102cd113c8dbde3f

SHA1
1a6f8b247fee31f85e8b9429531de37f3d4d3d6d

SHA256
0b2aedded5b90ad9edfc84d6ea22d229bc2ca346e9d81023d0a7e651d159812c

SHA512
9154f818e65f319754d69cd4cc1cb0d4a9641e02d8f593c4b02197e95d68bf24aa46bc02080a127ff7b9af08141afe67c437b0054faab56cfe91ec12a2688e88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
e027dc6307fcc6bd79dd3e331a73ff2e

SHA1
4c84076ebd5dbe656c7b3928cebefecad52f6225

SHA256
b79aaf927a2c385a1a76c5932124e7d4e3fb1966ee08053fd3710a939254e36d

SHA512
21fe3fcf0b6e61e2e90eb2d4b94f656058b43cff49859daf2d08410e6ea76252902ee67b325afe2c6624cdb4924197da4ef70ca1fe9f4e5395b85a534696251b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58a515.TMP

Filesize
48B

MD5
c41eeb0ac1617512b6d8595391df4685

SHA1
703ac789b97f7e963b727b4bdb7d31be88114f76

SHA256
60c75ee35f5db9ab6fee081c9630111b699a03e664c60e5ed8cd6230fd57e479

SHA512
f3f60c2e04295093f929fa833f9debd3e48396f7e5348fb4dca83ad182df8d4c7de1018a4e370ba919472bf0623c3f9c15fccca6ebb80e181dc2c2c3967f4550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
522de592112ecbbfc7137f10d09f0d53

SHA1
f7dce49c31a7edb474e013a6884c2b802a1f1f98

SHA256
99f7dce2a70cc28c0dd74be6cca18829f6488f90e0ef48306bc65b2f5bad826c

SHA512
e98ae548de5c88802c485016b9eb766e1ecddf93e3a072d23decf6a0dfe33dcdad0b974d61a3d3fa3ffacb788cbfa37c7f0a1ac4393b6c6f374151eabd9ae26d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e9a5ff47a615363734822c4a7672e61d

SHA1
649af4d9f9dbb0db444900d956196854c44a3c6a

SHA256
f73a72243eddd99d52fc77519774837b8891f6d074e6c28c99feda27f16366a7

SHA512
c2ddd8db6def4fb9e84f7749fbe8be8cd1db8f1c0e0a5befb07a4d12e47cb381a81429515ebfa1df1dec3cc58ee0938d9840cf7837730d72468f03d73708fa7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4b01a9a03210a24898048c0535cc2234

SHA1
b1d37d78f27be0134335ceb2de54b90b77f24ead

SHA256
acc5db1f946d020c1c43d1ec26aacaac960d7c74f7bec913a4dab4428151dcd0

SHA512
b085406ccd5bc592cf9b561ad8bba71ece4059ec787b3b6dbb26d9fcb8c6761933b9b02b1a45fa173dcfc480fe842651fcbc0c3c123d2194630b3dc72f34c402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
516fb42c67e79a92b899a012b74c7f33

SHA1
c3239250dd7bd187b0819ada7c2e1dfc6cb16a46

SHA256
aefe28320348474f46a8f86a6ea18c988376baacb7f3ff3bead8ba33c8a66531

SHA512
8cafb62a327742fa69d15faea24db8cdba17cb7fac40b17d7cb0d49a80b389a8b667c1508ebd72a202db8b31e814a482ab17611fe8ff23a33287963c402db069

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583bdb.TMP

Filesize
868B

MD5
c0b6786ead250598786226cac7c9317c

SHA1
548f797c42f2540def9ea5d8fb824bb1c681e20c

SHA256
69d557deeae502b3529a6a6e2e72a041aa511c3af876a709ff41f8d4aac90e5a

SHA512
ba5077f12d34e72d8be48a6655771853b05a8c51550f973fa0d2bfc06b971361de9af63694eed96cc1bfe733ecd584342145abb59b508e7cf18627fc6e15d85a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8320f4bf7b0849e88ac89665bf040883

SHA1
5ce96ab2c8e9a178aad857ae23eaa3b2f81e7515

SHA256
599ae3c28a978721e7883c23750723ddeb135f6a44a458709b38a90e4652b5e4

SHA512
fa95702a90c7e1d4e7d2fcb2fec1ab760ab86d698d5fe0b306969d206dbe2e0fe7a12e1461f116d8e2817d0f6b3a8a77439017f1931f315f7526163faad47ede

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
614ec3ff0f4f8be37eb80feb6c45a51c

SHA1
6e55762324a017e8d95b7ba3bda5153c6dd791c3

SHA256
4736f065f5efd5308fdd2e61ca5165cda81768f695e7ff53d179fa7a8d4222e2

SHA512
b1cabcd87979335adf941af433bd2be9ee7fe62c3e61d52915cfde3fca97840665101644847ebf68b4a2dd9ac80b5fcb21c1ca8e46aab6f115b851ad18760690

Download Submit