Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
27-11-2024 12:52
General
-
Target
https://github.com/MalwareStudio/Virus_Destructive
Malware Config
Signatures
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt 4 IoCs
-
Modifies file permissions 1 TTPs 4 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 33 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 42 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 21 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/MalwareStudio/Virus_Destructive1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9108946f8,0x7ff910894708,0x7ff9108947182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5216 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4144 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6276 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6336 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6644 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6656 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7645087827963146389,13227644532310826010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_Virus_Destructive_open_source (1).zip\Virus_Destructive\Virus_Destructive.sln2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:568 CREDAT:17410 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Virus_Destructive_open_source (1).zip\Virus_Destructive\Virus_Destructive\obj\Debug\Virus_Destructive.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Virus_Destructive_open_source (1).zip\Virus_Destructive\Virus_Destructive\obj\Debug\Virus_Destructive.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k color 47 && takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant %username%:F && takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant %username%:F && Exit2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System323⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32 /grant Admin:F3⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\takeown.exetakeown /f C:\Windows\System32\drivers3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\icacls.exeicacls C:\Windows\System32\drivers /grant Admin:F3⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UCviSYAcwdnDX1UoRzAHYgNg2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9108946f8,0x7ff910894708,0x7ff9108947183⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?sxsrf=ALeKk03p6_nh5gjKk_7WWWGDr0qYtnieXg%3A1605092222038&ei=fsOrX5rzAY63kwWYq56IDg&q=my+mum+is+gay&oq=my+mum+is+gay&gs_lcp=CgZwc3ktYWIQAzIKCAAQFhAKEB4QEzIKCAAQFhAKEB4QEzoJCCMQ6gIQJxATOgcIIxDqAhAnOgQIIxAnOgUIABCxAzoCCAA6CAgAELEDEIMBOgIILjoECAAQQzoHCC4QsQMQQzoECC4QQzoFCC4QsQM6CAguELEDEIMBOgUILhCTAjoECC4QCjoECAAQCjoFCC4QywE6BQgAEMsBOggILhDLARCTAjoGCAAQFhAeOggIABAWEAoQHlD_GliuO2D3PGgCcAB4AIABiwKIAeAOkgEGMS4xMi4xmAEAoAEBqgEHZ3dzLXdperABCsABAQ&sclient=psy-ab&ved=0ahUKEwiaque9qvrsAhWO26QKHZiVB-EQ4dUDCA0&uact=52⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9108946f8,0x7ff910894708,0x7ff9108947183⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?sxsrf=ALeKk007atE4-A-mD40nsEcYaIJklYlv_g%3A1605092231197&ei=h8OrX5XEC4mdkwXO84XoAg&q=how+2+cut+leg&oq=how+2+cut+leg&gs_lcp=CgZwc3ktYWIQDDIICCEQFhAdEB4yCAghEBYQHRAeMggIIRAWEB0QHjIICCEQFhAdEB4yCAghEBYQHRAeMggIIRAWEB0QHjIICCEQFhAdEB4yCAghEBYQHRAeMggIIRAWEB0QHjoJCCMQ6gIQJxATOgcIIxDqAhAnOgQIIxAnOgQIABBDOgUIABCxAzoKCAAQsQMQgwEQQzoCCC46CAguELEDEIMBOgIIADoFCC4QsQM6BQguEMsBOgUIABDLAToGCAAQFhAeOggIABAWEAoQHlDzaFiDigFg86UBaANwAHgAgAHzAYgB7w2SAQYwLjEyLjGYAQCgAQGqAQdnd3Mtd2l6sAEKwAEB&sclient=psy-ab&ved=0ahUKEwjVo5bCqvrsAhWJzqQKHc55AS0Q4dUDCA02⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9108946f8,0x7ff910894708,0x7ff9108947183⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UCviSYAcwdnDX1UoRzAHYgNg2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9108946f8,0x7ff910894708,0x7ff9108947183⤵
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x500 0x34c1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD5727502204382b6a0e9f37b23770de919
SHA19908cc81a6df6b6a87b4b1b4bf1bf73e5563c17b
SHA256fcd39934f0f1ebb25c1ab45a163d637c065078ea587842920ddda24c02bddb2e
SHA512ee7970856535063d741ad4c2bcef445224406ffb5aacb173a9fe91ab4a6b8b31d073934e6bab81dacb70391aebb8453ff8e93a55b9f82726f847a7fba0a34746
-
Filesize
152B
MD5fab8d8d865e33fe195732aa7dcb91c30
SHA12637e832f38acc70af3e511f5eba80fbd7461f2c
SHA2561b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA51239a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43
-
Filesize
152B
MD536988ca14952e1848e81a959880ea217
SHA1a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173
-
Filesize
215KB
MD52be38925751dc3580e84c3af3a87f98d
SHA18a390d24e6588bef5da1d3db713784c11ca58921
SHA2561412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b
SHA5121341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2
-
Filesize
41KB
MD5e319c7af7370ac080fbc66374603ed3a
SHA14f0cd3c48c2e82a167384d967c210bdacc6904f9
SHA2565ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132
SHA5124681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011
-
Filesize
1KB
MD58a67cf51ff085ea4d74c7cd3ff01ed66
SHA139d4b389a272f39ca24d0856402db84a1c32fd5f
SHA2569cdca84419cc3f5a3a0066aa437ca1f129e021502b042f5bfe36107f06e2fe2e
SHA5120f31e60562a3f206d124256625c6aeffccdf2a2f1b63438893a149010b752eadff2c30d3aa4434f70b62b6220cb1ac066efab3a702652f7c84eda395c6c03151
-
Filesize
579B
MD53770a4fa4ac9bd887c2a0e37d27a14a7
SHA134367c04f57b3df0da2f83169dee5a1b5af5be13
SHA256efd69f92c1fc8d1ec111bc08dd33aeee67657cea16ac5a587398e28796df149c
SHA512691f1aafafc28fd499eebb1d3f1dd72981618725331e4b2f68cee6cf81222e7600bcfd9bd20e59fd56e526c45ff1ca5ad18177183d3cad999f627a99239255cd
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
7KB
MD55d654b0ef47d0fd5e048c637670d86ea
SHA18ac7380a35b768444e4cdd814e2af16944755b03
SHA256baaf0df3c7ec57898ab26f4b4dae0392b187dab8a5d5df0c01628bddf495c2f9
SHA5124e5ca38d305e7bbdddc4a919009313587830a7fac55fb4f0113b4b00ea3b0b05e381ec6e85b97f529e588b837c38dca550a57bcc79a7e074bf939d104a11204b
-
Filesize
6KB
MD57ac2ea2fc0fa57edacee478906609c90
SHA1c102a2651305953a0739128d13d03e2758d9e1b0
SHA256834258576985100993f68b7e7f1618740f1fce5fbe12402970797e0bf8a838aa
SHA5122f816029d6f1d2c1ff5dfe27f99b1205e31fd52d09a193d46fbd61bb4a675c16836dc35a68d5bef0c6769a3d78386975b238820ca9f65c8ea0aad28d8148f4e9
-
Filesize
6KB
MD5c3e45ffedf908fcdee3b3e27b6fc9d6f
SHA10e50db7099d69f9dfc56ea4b59ec265e7fed9718
SHA256f5b5b4349f2206cb16e3d55bd12a04f41cc9ed4e1a1d6e08d352dbe487344cb5
SHA5124d0a0f927eecead33fb4d76487903c1759a78e9eb6cb6fff51f434982a691153934ef74ddd2b77f64f1c961d1c0e51f394c5d1510708f0bd9635b607f08cbe88
-
Filesize
5KB
MD5ae82b6b6713ddecd15de92935778a021
SHA1e123ef13485c3120bf13b8154581700622578408
SHA256569cd01599ca902b99e0f7146d0e0cb15e5d148eb53c1d7ae6ecede351a92ea3
SHA512f54e1b0f118bc26c5752633662fa70d9885b2aefa27bd3d2029e5da5d5a8fecc1b67bc860f373a5a358b8cb21e85aeeaa5ff8d12b598c17fe9f28897b2488522
-
Filesize
8KB
MD5daf1e61882755ca90a175dfd81af70fc
SHA103c871c9f3280ced3ba940642f9faf1926a01781
SHA256225fab44c14b288c96b4a782c9b6d8eb73b86fcf0b0a095f253d9d2f5f17e090
SHA512e5e4d5be4b50e3415ba90c1f4d0779f9cd889bc5539c7f0c9383cc9fa3af1f53c68e301002b313baa8f4a324a09a08748134ecc0416c8a6314759550472ac6b1
-
Filesize
24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
Filesize
2KB
MD51d38f61ab76a80b640cdad4ee9bf0e36
SHA19cff71f2e53388fac28a5f75a94dd78efbd64a41
SHA25642a3bb7a3e6e729b4318c7348f380aff9c281b09d93d184fa14b7c4a9c3a568f
SHA512643be1b673686d3b6dd0e1cc9567568d8c162b0dc9bab4667d7161dc2d42e34c5554328a89b38d9df16204d7690e607b25be0e2333b0acd8352e7b0bfcfb4144
-
Filesize
48B
MD5844d4f95c9b32ddd04480189b3223b9c
SHA106da9489ada9b12fe053b43c2729d0d9f2c09041
SHA256fe7f946621e500845a350a19fa3c2abdb50ac7d704e410d0ecd1c98f25a4dfcc
SHA512a8c913f865345b856bea1cfa9be262ce074c0f914b43800ade4240f5f21bea21062e809681458cd1f79e5e00720b18ac6145ba79a76d76c5b277f0cf85c9b4d9
-
Filesize
624B
MD51a9636e3bfb8fcf6102a7bb0dff8d05d
SHA119f0e3384e2a74c29fc8ead772a1f4381617ddd2
SHA25649377a61bc5fa579d77e9d2852cbba1428d9c9d82cb90f9b9d03df2f9adfde44
SHA512dad659b2153c3c00b4e5b208416c826ad32f7d0343c067097ecd4acf5ed0ab796d56abc572d4265eaba8a580d9db30ba6f62d2d955cff44d0ec7476135fe9a91
-
Filesize
48B
MD5d4efbee88e623bd002ad8558b5815782
SHA1e2df2cd98cd787b8810fcf74ef845c6ef5069a4d
SHA25643fa9338c8b505ad8ce281b4c87ed0f48fe77f92d515d32383fa193d1dda129a
SHA5128441c9056460f7f2fc84c97eee55ea5e8fbd9556f09ecfb86f500b9468e06dd6b1b6aac6753fadd4104f3b31ddbe4cf4c1dbf959d23f8da683abcdcd0daac928
-
Filesize
217B
MD5d3413d6f5fb370c15a3c62ef5f1a4509
SHA172be4832869532b3b6af76f7decbc74cf3a65fe5
SHA25603f04a5400fdf4e9f003acff5c0a5e59fcf08cae424f5e5dbd69a8d6e10ad633
SHA512845ed0d5fa14dcdee3f2896934cf3c7d832ed01543e062c8601b17926dde16e382cdfdd45c20ecd5cc5b8da36692d2de33bb5ce52f2b9f275ff2e32bb9b4d726
-
Filesize
146B
MD524dbcfdcb18524ad55da0c6f2420f799
SHA134d56940d41f912020e78e4fc98dc319117c4f49
SHA25630949d5f6c5f14a69cf69f95b441eea6d39b668a6227d9915d37383e64f48a4c
SHA512fb149f0701281b6983ef171b83cdda3bc6599f3fd1c27dbb5942c55ec57d792d9d77f4263a68b3735d213fbb2edf1b2c6516a1c7ffb408db8e59584643f8261f
-
Filesize
155B
MD595e94024c29f0da61e3c375759aa5531
SHA14c2a946cb4813e0f4272e00cb6c87bd34cc1987f
SHA2566423b10b69db00da90814a3e141605f17210b5030de8dcc2f69f12228e1ba7e6
SHA5127fc63911971a0bda34f1abfe5ca8c5d36ab5d21ee8b59cc7c43e838c38799f62cebb3ca458ebc2ef8fc5e0aa7fda0264846ed87f3574a7ba144d3f6e67d642d0
-
Filesize
153B
MD5770c0533b17ae3b254511bf91ed02790
SHA15f47d2651e7b403ea70ffe592908f7d0cdc1e36a
SHA25617c60a99760726f81c65dbc0189d164d775742cc0a7a1032dc7f06bd720ec8d2
SHA512d5cb5df72e69e531232d7aa843c46f7a0e097ebd18d4b4d97e800064b7dea00c2f8e6a911735d6b8abb49602c871b19b09a3b2dd8612d71300545ea056c2f8b0
-
Filesize
82B
MD530d946066191ec312d880fc38d30ad78
SHA1b5a3ae049578c8a9f319ff6a2c58a3dbfa2a85fd
SHA2563c4a3761ad003ac7a90e5615bd40ace705febc1da4aff348226fb2c1ec6f8150
SHA512d0c46e6b67d20ac10e9ca15c815b67f765afc3407790bae803d2218dfae06d60bf90348833eaeb54e19a992cf9502134805a00b9fc5bd8e679d813a3a82da2de
-
Filesize
89B
MD518000c31f4376426a7cbeab6c0799db0
SHA1ad1b295d3345bc36b7c86f5b34b07051f94c6856
SHA25650d0a287f2a25ce3329567efe921329fa7d150657b3ce0878ff71d0c1e94eeba
SHA512c27e05ceed4a340e76611b2ce3be502fa6c8fe2eca5b41850df82a4f67faeeee309034cbf47b14196d4faae4b2b967bee4f024eb10cc668507d7c398d8ffe97b
-
Filesize
96B
MD595b405d76ef469391281c5f663382d9c
SHA11c712ffb3ef27e3957bd1e94ef94237ea1f67555
SHA256c534dbaa9886418059790141adf646764f5a0944455fe52c2b99ba5b2d2633ad
SHA512a27d9fc1457364eabef9f1831d22b77f0bf0cbc3520e87d5a13e3e031d346be4425e8b52193772098c3844bcd4440b29b4d9f342b4c629732d6130e46aaddd3e
-
Filesize
48B
MD5f54d142ecb83709bb436fde371462fb4
SHA1eb7c8794b2a5d438e21e9ba527cd45eeb49bd04f
SHA256abb202f2019d34e07dd5fd4a75e8ac6faa6c07be474f3c973d79d1358fa313dc
SHA5129f079ec0d96fae029ff7ec9d4a35dc80fe69399e200b5d64758f95579a35bd8e15bcde2449e4df6060c07e7e0e34cf870dabaa892e6271e5a5817ebe0c8ecf07
-
Filesize
1KB
MD56e17329ea87d198176c6a7cfe5eaee30
SHA17af3e7ec4398c0ffa1ff66c7eb117565e5b27363
SHA256f3c9b9e72a3e3464832dcf4fcf6ba9682105847fc9b7511271011721db8b0e2a
SHA5126b236c341c7847d71524b28093e3b328336d0a1ab9f4ba34f8a4815fc4e4949a86e4f7a9f85ed72cea2d72b937d10a6893f2db68aa56de1e51646b007421a300
-
Filesize
1KB
MD59ae8fb98ddc91f7053b04a9f27f38e95
SHA1ef2167de9540fdcdade1e072742bc7aca13ad716
SHA256641792db8e7cb1a047a479f4a55ce2ac6c651ae1d72884b8038b34a090e64cd7
SHA512fa75fb26d8dba7415c3d60170c2ea5eb553409f74bb910852da1cce9ebb0d3db587f0a8f326db39296e973939d4184dfacc0a92bae9eda21d94bc61bb0613b7c
-
Filesize
1KB
MD501521a3f38c2375f1bb4f836fa1c0cfa
SHA1c8f38cf093378d94ee3ebaa210e7d93d36cefb1c
SHA25631f971f7953c4222029769f90177814559eb7c38f2ded4655faeca1214b4924f
SHA5128508bce7abab88087daef3abac20603c1f9234fa7ccffc58dc39fcf24a63f551ab890762d29c1a0599e804df1d5a9f8befcf88d2c08254c53d8bbde85dab76cd
-
Filesize
1KB
MD5a9c7a279f1bc78e59ce5274e8aae1056
SHA169f0ba1e4dc12a5640dfacc34da9a9e0b13dce4e
SHA256747205a57a09f2fa8b18930161aa22186b83f7f45813e46260bd40d07861c73e
SHA512079bee44805e1d176840da6aefd11b6d2c1024143e21306abbc185ba1cea6884bb59905f538a5a3c75be7a0786733639997a470f4d184963fc41f02819adf6f7
-
Filesize
1KB
MD5e22bde3a2c2efbf1e71b2b56caf2b3eb
SHA1cd6a8db0f6d9f69750329545076283d5b875bf1e
SHA25692d3fd6a3f3630180586d15865510dd5b7deeb14b8363b298f9ff85270f8a8a5
SHA5121726f634b865c2214ab9690eff5006c75134767518115ce6b6c229d684377bf8809ebdfe09caa239530579e3565be412c1d78b82e85b89d896989f2573fd1d36
-
Filesize
1KB
MD5fac5c43de9102d6df7ada79c7766cb06
SHA1e5c89e040282e4ada6f1ddda09028519a85118d5
SHA25620cfed06ad1669f63b3bfa6cf0c5c3a80d90f8d35f6ac3767e29e09932b79cdf
SHA512a3763634a0c67bead260e08be337a66bb1f09416bb1036ee85e6e1233f48a7fef2e28869cd806ac4522b769283c2b20620e05895b34d2295dee6addd06d61da6
-
Filesize
1KB
MD5fd0f089b32eeb1e95f20ac44cc4c1187
SHA1e60c96916163b3aa28d60e4f2709bce2d4a6ca37
SHA256aa280f0f7a19f2c224740b7391fec5ee822fbf462e7556926e1a5e78cbf44b5a
SHA512f8ff5ca97d8d5f23bd8bb5166e7c78a19f2c3675404ebadd86464d6465c087aacde99213ff1f8948fce056bf3268cea5c1395625ef560826036443e2d8b1c9b9
-
Filesize
1KB
MD53ff15458c5d41c34aa3727c232d9892d
SHA1922dc51860a8ebed0fa1ba53e342eddbc13ce48a
SHA256a95044d739aa706c05f8e28b23f06321a756f7975090d23323b4aeca17e4831e
SHA512f6b962e1425ee658f96b5e28a7153101dc34a6868d5bc53f9ddf4daa278701f24ed399ef18ddd750b5bfc56583dc3d54068afa2f0cb3205a8c7340429bfceafc
-
Filesize
1KB
MD52546f52cf967064b58d64cafed73a870
SHA1716727b53b0481b79699841b54fee3c44f6a5045
SHA256c63ac08db057b47afdec0988f17991c77cd2a27fb293c7e92a690c1fbd51b43d
SHA51288a90eee885189f39fe345ee774c2bcf5d72c69409c3299f3811c23111bb2949890adaa997040e31f140c718acbd9e049235d0ae10aec2a0007c3a54162682bf
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD541b3028ffc6fdd021e823b69373776bd
SHA15ebe2cdcdd2435bf7c87985c7bfdfd65d9d16c27
SHA256e89d578eb40f304fce17b912f69b7529ee1419399198702ec0b64200e3193aea
SHA5126927ce7996e92af76de98301e0e5fa1a1855399b2c57e1f74c304d26fecc653aab539fafdc221360011c98d3dce7a554114135421e09fba147f2ffff826a5a15
-
Filesize
10KB
MD5be497fee54019a5c00a73db763f7a186
SHA159626dbe55e5c00ad96a0402a78c59dd8257d87d
SHA2565cd4feace1d2c0902bee4f14afe08bd20546a5ad95b17b0a6201e0a10efea57f
SHA5125b6576e4243851b48d1e9a34029c1d3b76830db0324185ea7892c9a6eeedf06ec18eda5e6036685563e922afebd119959a236be664ea2fa64a79075c8bff6c29
-
Filesize
12KB
MD575c08b10bc144828e2917738addbb7d8
SHA1ed2731b2c12deec90269ff7139d49da5fd31b311
SHA256937d8a8880609d2e97f580e1bc8209de87bc54cd1a01e3b5771ffd017db84751
SHA5127934f043142daafdf464af976c58073ee22cb30d3c08d056249f1a9aa8801a7f1c77d01ece7335dd94094fdd2c0e9b701d6313c52a80fd2c59800ba9311604c9
-
Filesize
12KB
MD53ecdd1fe6a17c950cde4e130594b8e2a
SHA18509b04234eb30daf40705e0bc5e5d11811685c9
SHA256287e1d97a06fb12a206797e6a30f4f752fb98318c698e3468d6ac0f7549dfab1
SHA51232ffa7f5aa00270963f5c1f892a9e5a1953d1169318459a951b99eec065120182178ddad905dcebfffc08f87f4005f5b5d5eec2a152b2281150314c29d884431
-
Filesize
283KB
MD50592f326bdc30a76214b2a145f6ef04e
SHA13d7f82338a8ec90d3effb7d3f123c4e05a3b6178
SHA256bc4e2e5e6b47482339f33f041636fc1b03f7ae31c7aaf575ebc3a090fdd51d32
SHA512161646245dec8cb4f9a6195968eba8fb721c613b4ed6736ecfa6198e67fa894ac49247d026d814e19ecd5b9b03ef86a8d63b1b510b81b3329269434c1104b122
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
272KB