hxxp://www[.]crocodilenights[.]com

Analysis

max time kernel
157s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2024 13:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.crocodilenights.com

Score

6^/10

discovery motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
89	https://platform.twitter.com/widgets/follow_button.a64cf823bcb784855b86e2970134bd2a.en.html#_=1440449120106&dnt=false&id=twitter-widget-0&lang=en&screen_name=tewy&show_count=true&show_screen_name=true&size=m

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1712	msedge.exe
1712	msedge.exe
4440	msedge.exe
4440	msedge.exe
3820	identity_helper.exe
3820	identity_helper.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4440 wrote to memory of 2432	4440	msedge.exe	84
PID 4440 wrote to memory of 2432	4440	msedge.exe	84
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 3724	4440	msedge.exe	85
PID 4440 wrote to memory of 1712	4440	msedge.exe	86
PID 4440 wrote to memory of 1712	4440	msedge.exe	86
PID 4440 wrote to memory of 1536	4440	msedge.exe	87
PID 4440 wrote to memory of 1536	4440	msedge.exe	87
PID 4440 wrote to memory of 1536	4440	msedge.exe	87
PID 4440 wrote to memory of 1536	4440	msedge.exe	87
PID 4440 wrote to memory of 1536	4440	msedge.exe	87
PID 4440 wrote to memory of 1536	4440	msedge.exe	87
PID 4440 wrote to memory of 1536	4440	msedge.exe	87
PID 4440 wrote to memory of 1536	4440	msedge.exe	87
PID 4440 wrote to memory of 1536	4440	msedge.exe	87
PID 4440 wrote to memory of 1536	4440	msedge.exe	87
PID 4440 wrote to memory of 1536	4440	msedge.exe	87
PID 4440 wrote to memory of 1536	4440	msedge.exe	87
PID 4440 wrote to memory of 1536	4440	msedge.exe	87
PID 4440 wrote to memory of 1536	4440	msedge.exe	87
PID 4440 wrote to memory of 1536	4440	msedge.exe	87
PID 4440 wrote to memory of 1536	4440	msedge.exe	87
PID 4440 wrote to memory of 1536	4440	msedge.exe	87
PID 4440 wrote to memory of 1536	4440	msedge.exe	87
PID 4440 wrote to memory of 1536	4440	msedge.exe	87
PID 4440 wrote to memory of 1536	4440	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://www.crocodilenights.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9da5d46f8,0x7ff9da5d4708,0x7ff9da5d4718
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1768 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1396 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16469008390257316234,6145229173770819393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:5004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
21KB

MD5
3956be491e3fb7d7be6d4704ee0a25f6

SHA1
a387a7c14eae88b18a95a6d0010c8341f613f736

SHA256
49db00df7e9f2ddf8ed7236b80b46f5da5d85a6e8d148bc2f84f772e2f60c340

SHA512
d8868322d167d00b07d12dc1557f1c69948e2fa4e035c961f3dfc10e1bfda2ff6306df804da01a6e690fdd38e631a98a61f0499b85c89542cc02c2a99e4517be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
50KB

MD5
8c3bfd3fd97c5fe425bdd3c54d54c78e

SHA1
5df45753cff39f19384dba0e1320e1176a3d6632

SHA256
3ced07b1e0e4e5b9d90e8401fc4b54a43c3982ec8787982e105231e9a4e9f951

SHA512
b8589b2fb8ecd8ac00e53d9483676cdd35a0971799005c7d133bb91ded5245c7a6125e34f4381660516965d163f2fc1c20322c6699c17dd27e9eaed86e26cc8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
108KB

MD5
c2ca4b62632bcd394b4a325497b37ed1

SHA1
fda7098c89d4ea3cd51c253d27c0a00dfbd605b6

SHA256
d21eb030341099106861b27a9c46f56926739df5c14b4b87d5e8050564e91f42

SHA512
b05a1d7714f2109e0425bbc148b40fc81908e2ac21d00de62c068a2cc45447ace40bbb85cbfafd00567da0682ebe91cb69098f86cb1a78de1c88d116351805bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
588KB

MD5
a66d982b0c0c74e1f86fa56c72c9a901

SHA1
d5f47f11e43ea41018cfee7194379ff0345e1a72

SHA256
1c3521e01bc4df0c63f3c50cab32062b2802c868e1f8376e49a447e9d11f19c5

SHA512
f91984ecc9faaeb168f1da29f145fcecf347c17dbabb0e1eb994a2714ac3b4479129e07af519ddbff9164791bee7b63c00e02ecfb2f06f2651514338d771279b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
97KB

MD5
6b62c6c46a06badbbdff8d036c11b836

SHA1
ce4ef52a1670a56e6c8c96fe7868bebe5a8282a6

SHA256
e0e5b7e3b76ae032658d3c596faf31e635de076f0d637cb7b7c79abde4ff0de4

SHA512
31cf9139a2f9f7105dcb4332d4c00f55e2d7191713986ac7ca637d5355c2e537bb346e919dd6200e7b0707dbec1c76acadf4fdbc70581fa7b39e4ad83513d2af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
396KB

MD5
952bdb0a7584cbe051d6824ec03da658

SHA1
a8ef5c26e13a382c6245433d8664a8e2e8697720

SHA256
994168aef02a85f1b157c0c9401844c0202b4bf9e0258916409c47a64b3fa2cf

SHA512
b77d4a9ca9af54c155598363758f446340b2bd471b2b367192955676a640c83ada4cd8c741b1a2022d20976cd73060ff651bf7be6e0e0510ab5220f6e2a0a501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7a1265456a39da2ed51856f535b8f785

SHA1
4e751f96a947f7a63c487d0aa513ca4c2c959e80

SHA256
03c7ecbde31ab5241bd84397ce23937f5549c7d83abcc46ec060a325c2af75c7

SHA512
ac0b933e6db8f978f504d80151677b3b3cab92e841ac0ba40b3839c551952e3d516f2b10ca565ac848b3736a5b25c6a79675ef6e3af2717e7ab233848a8317c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
efd073b2c4aab1efbdf0de46a51147f2

SHA1
30c28a137037b140b00e5d56362c03e67e06f7d9

SHA256
e13b63261ed875bbc6f471fb9a170752ae9413ff77e164fa3e77ba6de8d27b09

SHA512
293e9e5936ff4cb19b3b2a86127d837ff03570509099a24cfbb2ff3db2ff25e9ca10caa3c53be78e58e330a5a5a7f62e6ae99f8bcd6ceff76d14880c12a8fb9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
86ebe93df45b32c5d0637219e7d145d0

SHA1
bc2bd483143c77ef8ec5c82d0ec0d3060ffa8e9a

SHA256
fc25ee8b55f9f0f71f3526171869074133154bf0563584f338109598ffddfa6d

SHA512
6168377dfd0a791a2fbc531ac363be95c6e564c13b9a9a1cec2b4cbfd4ed16ad2ba0ba0aba1a01a3da05ab81a81f056b57fe147d4f976d9ab72976f86a0eae00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c13c76f6d49a1c91658eda43c5c346c2

SHA1
a3f0b8dec95a8dacf04f933b9552419b8b41364a

SHA256
92ffcf19af242750f9fa56677c1bc3e9091eac8c8cdc925921366aa7fb58abef

SHA512
981294213b514cba8ddcf0f28a43e82041f1655642bd44b9655b3b743a47a58ee625e0d88d391cdac7ae072b40a2013fba8a58b0f444f096046862e83f946cbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e7e48926dbbe103e23e7a36070cfe566

SHA1
50ce0afd71948cad921a0a1b91e5b5edf377cb44

SHA256
bc108aa16af256ace1fb3c76cff616932d79a52aa8873f04a4414aeee793b6e6

SHA512
d1df15927cb6edff234af970050ac6f5f070999eaa3e2f613477d6c1dfa7099b91338e95fb5f984d3027ecb985d8ab70df1dfe1bc4a46cccd620486b50789f53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
523ee3f5abe0a880ddf5b4918b6b1dfb

SHA1
386a16ad0e5de21848eb1264f8f1ee245492bb27

SHA256
aad5171226b12567d3e9bb600746d141ab8d8bfe0ac4e827fa60ab6db79b1e41

SHA512
16b61e457b7c4fa060d12be476e77048e9d4c3908c8f54e21ab7690142c6ba53907ffc36f24c7d783ddf2d03c3bc6c03ab4d7e4fcc2ce32bb1471b0c26bc4f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ffc5119fb245b03166f61fa321848627

SHA1
d854e69fed28370798d3b174269b0d77bfdab040

SHA256
64a520eca832502f198f640998a385abbc419c921e43fede432be8ee4fd1d724

SHA512
3b91d436012fbaaabe182cc3e481d7f642c87b7bfd6457a4b059a38409d5b278574631d760a40182045415bbf0e5affba4578b4d4c9640124f4d10053166bda4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d626f98cbe2dc0c581f677c972d820c4

SHA1
684638f38f29e3c86958f008dd3b3046ce754dd0

SHA256
e9e6d432eeb95c32b59c2e2a94e8c5a6f54ec13cf76fe374f6a0f1cd63ec3f05

SHA512
f4d7c49ded392aae76fff88d40d958ef6c2e0e7964f9f8dbed2cba87c598701dfb9c668fdd75f0f3d702a8600fa9710a9a06eebcb00d66c58de2614e1499309b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2d6b9a4da9a94f908fb318a38fe1c05b

SHA1
a7ca0840ae384a9e20df9ff88d778ece6551510a

SHA256
6f0cb8d5a2b83faf3b97dbe6bf2268e11d557552aa4b9068c85d7eb9f0d86abc

SHA512
a89fbc0497a442027f84d7f7ee514f182fbfee68bede86ffb7079909cc5fbff08679b4aec1562118c00837c788216c567a71b06155e2a15e50508221f842fc88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
add62bd2f7eb052cb1a912a009a8b67f

SHA1
bc46750ee7283e2fa1abde2ca819e13f0aa6acac

SHA256
156a898da2ba94e3ec0736530b08d205a3d623b7b5a088e671b343adf56e6f1c

SHA512
703d38d2fb46be700a73eee4a6ed9633a5917d8ed2c55bb1d2d884d508822d0b8c9727a553fc9d0f775435dfa5517f86602ea4729fa6ae4b8e5cca27d2bfc00b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
db6b970cf2e7d3f456a93e640f5dd4d9

SHA1
61ea922eb23e0d80e3c7195ccb84a1314a9ecf80

SHA256
17bf2557209ba3d57a058b3fbed65cf108af2aa0dba9fafd50d599cd433a28db

SHA512
cca812ce590b3d65d885056f6d2d037d6e57d0dab78e163e2160be3e91680a3f03d034f62ab2b22452894ef86ba9e2f49f2338b589a9ec40ebe2d8b9ec50b72b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
01bac0994bc060d31a43054809e96384

SHA1
8d889f1b0ed6a608dcb549e0d2764b891664ed5a

SHA256
6181810956be6f73682be33ae9ce8fa1b9f37b65fed4b8679624e46609c7628c

SHA512
37fd9f163fa5ed0b7b815c931bca50e595f320192aedf2d7c6f50d0452b36eb2c706c74d13069be0f376e79ed09077ff541e0d2da6634ac3b522f6592f24d256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2de6675f2e95bec63e22034799fbc59c

SHA1
01797462c7f031f2456b006c207b03d0295048cf

SHA256
d68b2501822f2f48356615c73cf9222e6e618208ee52d516dce076a00bf39b1e

SHA512
d82a3624e988e45913d828b511c9d67e72055647c411d44eda4ecd2a1224b3a647fba27bb1e9ae5f6db8b05a854467745d4bd00be2a79606fb9b7bfe2f5413eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b17852a23a17e88c848f1e3d8dd7006f

SHA1
d043b3bd0735b666eecf05e3a9d5e04d8a591997

SHA256
16bf936fa78c1b1f81fcd4dd4c730c96acaaf6c7e9b53fe9eb0187700a0c1840

SHA512
f80ce964309f629c494ca68188525410c89326298a7311cab9249ac78f5f260ba4fa2ab05c28720993cffaace598c1f15613ba792fd8c2c68dde39caba4aa0b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
ba6e7b69ca1966b948c8cabae746d146

SHA1
4fb7322e89260023de02dda5a1ed34464165f01e

SHA256
a858150ee20ae5e30f06c0c0ef67e713ad91abb13993316e816751c64bacae32

SHA512
03eb3dd1cab892b0067a695626e4f5f1e71d79aca758046c40d54d0033b25a1c1c406a8c0a5a1f2f1df4efacb6146df8d447d7f3b7186415e8b4fb150babdd5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
13e80c869fc91a9c30bf626db22882dd

SHA1
1f7e4948afdb51ab998362241ec96a960b1be87b

SHA256
742afa04ef17cf20dd641bb77dbbc739ec0e0a072987ebdb52ab988ec8bb79d3

SHA512
b6df7b1366eec158b4844a95003d6d04aa48561ada0e83d675e3e2da62ddbcf7a05f02d5f955ea19c878cf7f6c2e6d584c78f2ff0acc2e4f04e1183b5620320e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588e41.TMP

Filesize
538B

MD5
196501c7c2e9f02410dc2212c3ff3513

SHA1
ec6d518231aab2def3ab6464ce13dfa1ba4ecb20

SHA256
f1a9d38aef719c3cbe155a2a3b4c39dfb6275b0b1aa735aa7d6cdc4ecd1dc6a7

SHA512
50aa6e2127354b82139f50108d99c645ae874696318c6779f5161bc2e92f1b99977d5383a486343eb940e30215c08b3cfa5a3f621c82bc2144e64c4b353019e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
edf77732b6a6faf521f0fb26193bd569

SHA1
e4fa33ebc009f8734eecc8d68a1e34b987bd8d80

SHA256
6ab50b32ffac0199de707785822d103ca0bbb710da8af039be782b85cfe871fd

SHA512
e4e9673796a7cddc2ddab8c9f778afc09393256db895739b5c017bfda443cd481a5beffefe8ca2eae7745f7c866df7cbc244b8df4bd62e70d4795c5f8e755991

Download Submit