hxxp://microsoft-teams-meets[.]com

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-12-2024 05:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://microsoft-teams-meets.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
368	msedge.exe
368	msedge.exe
3808	msedge.exe
3808	msedge.exe
4928	identity_helper.exe
4928	identity_helper.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3808	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3808 wrote to memory of 2968	3808	msedge.exe	83
PID 3808 wrote to memory of 2968	3808	msedge.exe	83
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 4412	3808	msedge.exe	85
PID 3808 wrote to memory of 368	3808	msedge.exe	86
PID 3808 wrote to memory of 368	3808	msedge.exe	86
PID 3808 wrote to memory of 1960	3808	msedge.exe	87
PID 3808 wrote to memory of 1960	3808	msedge.exe	87
PID 3808 wrote to memory of 1960	3808	msedge.exe	87
PID 3808 wrote to memory of 1960	3808	msedge.exe	87
PID 3808 wrote to memory of 1960	3808	msedge.exe	87
PID 3808 wrote to memory of 1960	3808	msedge.exe	87
PID 3808 wrote to memory of 1960	3808	msedge.exe	87
PID 3808 wrote to memory of 1960	3808	msedge.exe	87
PID 3808 wrote to memory of 1960	3808	msedge.exe	87
PID 3808 wrote to memory of 1960	3808	msedge.exe	87
PID 3808 wrote to memory of 1960	3808	msedge.exe	87
PID 3808 wrote to memory of 1960	3808	msedge.exe	87
PID 3808 wrote to memory of 1960	3808	msedge.exe	87
PID 3808 wrote to memory of 1960	3808	msedge.exe	87
PID 3808 wrote to memory of 1960	3808	msedge.exe	87
PID 3808 wrote to memory of 1960	3808	msedge.exe	87
PID 3808 wrote to memory of 1960	3808	msedge.exe	87
PID 3808 wrote to memory of 1960	3808	msedge.exe	87
PID 3808 wrote to memory of 1960	3808	msedge.exe	87
PID 3808 wrote to memory of 1960	3808	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://microsoft-teams-meets.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe245046f8,0x7ffe24504708,0x7ffe24504718
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2380 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1760 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,6673903159874502080,3653845817514169603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:2460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5cfaecd8-11f2-4ba8-b86b-829f7e5ce8b8.tmp

Filesize
10KB

MD5
d54c4097e5bff601e7618ae6bbf5aff7

SHA1
af4fe45b3f27a0b13c211812910755b650e13497

SHA256
6fc0801928369b8b623e9af12ad34785566e5845d498f58eedefcce3d540c9a7

SHA512
dbc1839ccfd98c208919b1368e2d80ba4a639112eaa9aa11341ccb5694e7bf25df981deb3c7f2669a813c8bf7094e6d2bb06eb388b66754ec54582ecc97085bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
25KB

MD5
d0263dc03be4c393a90bda733c57d6db

SHA1
8a032b6deab53a33234c735133b48518f8643b92

SHA256
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

SHA512
9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c9037f27e8788c221de48371d2377f29

SHA1
37efed254956bd80391db94b3f909a177283ec2e

SHA256
b6bbf4a42bf616e191039c316807b27f6fe4070462ff508695c9482f6141bbe0

SHA512
12f14e1a554969ef24717efc88641f56560dd48059310c771e0918358e2380b642b1b15112f079a995b8756a7cf3e89816fd07517a168793c1e456e9cd428caf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
a5b07cf8ebbfc8a9c03e90748c4aec95

SHA1
2b28a04ed3bd05a84731e59b797342e380f326a8

SHA256
55e10c0d10bba34da9af27fe4c6b6cafb8f90601883d625687347b45eb76df64

SHA512
102581c084719289cc2df14cd176159820ac4f12027710ac91dd7d38f19dc83ec370eb7df6c5da647cf987202be9c1b823f00cc29c2b751e57997f3b440784bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
828f215bc264ac5fe880eb62bf607d8c

SHA1
cd99340b29b8e931ba0b400c500a68de69056b6c

SHA256
cba43b9eb3acf1146e893af303c093660cb065a7d24efac1890f99434de33024

SHA512
9f0a2161252a53220fe0702b4c541c114b376f4058149e3111fac14256989aa5c70c8dcfd8bdb4b7b5722591006d2d6a641eb1cb8951990b88dd04526a841af0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
810B

MD5
52cb05cc9f7235500b467fdfac7988c4

SHA1
9d1a48201ebb2a23a98762e83a92cd8fbb6ee7a7

SHA256
97f16ac33eec36a73687a916a1aeb0a9f2fad55e2c08d042ed780af9e6a559ac

SHA512
06365999261cfc9a791d9cd2f9a334c25f377f73b828024e7d5cb4d01a305411273e8abc88919d79e98ab805f620858b1797424929652e03fdfcf2965211a962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2349eb301bdb432557322b92de6ab6cb

SHA1
fbc6498331c72a2e94b13339105c58cb8496db12

SHA256
387ec2fab3cd723a48c284b2e003dc424ee1cb74b967698d5a9a044f2fa34b2b

SHA512
6f97f63ca122245dde96fb75edffcff379826ec301b9b1fb27d7716bf6e1bc6ac3894ecf862c645b03992a69606fb38415fad4c1e8425797c6cf3a38853b5615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e58ce2d18de3223d258629bb4bf0a994

SHA1
b42bb4be0fa234e645ea6d29c8d5e037a9b78e6f

SHA256
828f61479f4b89441513bbc0b5464ed42541f95eff5b287aaa001e252f8e5af6

SHA512
dd15939dd292008ac812bff0e47cf03c76ee496b24493e7b5e0e0f6f98369df0cbf76a7ea1a251f2e51edfbd78e778be48edc38333f9ad85b676f858da93b247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3af98b10791daa30bcf01bd7ab3cb41c

SHA1
58bc016334854e547e74cc72e1e379cdbe8406be

SHA256
1857a19d385db2d3d3e7825a4107685d0f5216aef2039b98303c90c29ba7278d

SHA512
0572ba6934637176da07477f55e58440e942049c3db202850dc1bf81592129925c4ad054dc694ff0038a08cf1cf0eecbf8eb56e9bbc8727c01c5989fd5e556fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9fcb0462eeb83fc7886f3bbe6c9b1f84

SHA1
22da1bf44a9544df08728ca04d812453c542c8d5

SHA256
8a7439ad462586e911d0cab416c305c485d8b950ab265b1a1b92c4f95e79a971

SHA512
37dc97e8d28ec46184e2164dadd9a1cbf12373940d6cbf879fdd26f5c2e9e109d9bb79e77a32fb52696a35edb63540617f788a20d504bc4642d49d9b8b51f1fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
72914047aa7f8f3edf03fe67d4a340b9

SHA1
01681fd2e4b6a8147b32d8c19979e0c5721a4c84

SHA256
3142227d2d4ebc670b89cc4835e8ebe99971b80043d81ffacc6a6aae90cf02ce

SHA512
e746c53189bb3b431f73357e054a4ea635c824d8c39cfea6836b4ce377592a3e540ca624bdf7a4ea81f990149c21307d4c9b9ac3eb228f33fdb69d692ee6a32e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
78f7a2565dec67b160d2ad37361b7155

SHA1
0dca3810597bb3ea8e242947c4cf64f3828b40cd

SHA256
9fcebd07a8016315a177692e9cd8f7719e8251dac38c0369da0056b17ea5bb12

SHA512
f9b9c718c3fc950fef73d4562a791b31b4cf60040181c5433d37c03af3c263e1c268a504dcaa27ced70e859408c165ab7f4503bd0383e8f03cf0c218d2e4ed35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
997eb8e524e0bee2be23a4c8feb70930

SHA1
d6436c01684399a6a45d8b98fcd351cc08628690

SHA256
e80eb32611b5a373a3ecc0b2987d70f4d07a0327c748b04c21478c7fe49679c3

SHA512
abd7f0fe54575f6f5378bf2003dfd2927dc4d5ddc19e5320cd2bcb5437ffcca12170efbce12175842a49600ea41752024dbeb535d154e80e59a1821e7ed87496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\1d9b50e7-373e-431f-9aa3-36f8d7f6692c\index-dir\the-real-index

Filesize
96B

MD5
8db0d8f23d2e7d11f164f26d74febb84

SHA1
5050f30f10d3c252ef18c7f548956a59ef1f5610

SHA256
e98d4af4d98213b7dd8942b5ca1ccede66d1d724422a0fa189522bdd423a6ba6

SHA512
5f6153087806110b0852b114f206b7d102102af4df6ec494bb2f214d7906fa8cbb8a445a753029c4d819bd3c27a12844ce3d122f21f2443e36ae67cbc706cf96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\1d9b50e7-373e-431f-9aa3-36f8d7f6692c\index-dir\the-real-index~RFe59ac44.TMP

Filesize
48B

MD5
9dbdde5de7f775b377917eb368d94643

SHA1
444ce9c76acb92d7929d48d95f5df9e5783ef481

SHA256
98f6f40609d3642858757907321b639d71b5edbb6f2a672316d5d962e6e3b259

SHA512
38640ae7ec420ca3f79172fba9037a48d778208af4ab812509d00a154cbb3e5a51269d16832aeec81af5e7532c0804d09178657d07dff26f679383efb3a2fdc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\ec41264b-567d-4dec-8b49-85dd1ed1ed7d\index-dir\the-real-index

Filesize
96B

MD5
5335aa70dfd3bd7ac0aee512d49d9768

SHA1
1399c1d2dbe0e0815ad7c78d153ebd853cd8a5e0

SHA256
ea96e36042d3c9ac4bd61c48443ce74e08d32c9199c66dfb894d672212f98432

SHA512
4534834e395d39bf09986ea44df17b082af995cc7d9cdbe28e0c25792988cc4d0ef5dea6ffdae5c0191e46b32a2df47b696979c612cf9015ad68500bc3f7ab4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\ec41264b-567d-4dec-8b49-85dd1ed1ed7d\index-dir\the-real-index~RFe59ac44.TMP

Filesize
48B

MD5
76daea00d0993423397719296009ac4d

SHA1
057767877ee9cb4ed7919e23163dc0ac11bb4548

SHA256
9c6f172a90b046a2b3d6e94e5b1dd5762c7f1a475d63f2988309cf90bda59eff

SHA512
35392426c07f29d9a8c63c20bde13b5dd849c8f1b359092f7d2b31cd1a0c41320108df68666c742f8c017b5f7f68ed75d1863a1125990eacf4b84acb46357547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt

Filesize
107B

MD5
f85146a270c28a32ff9d2c194b832034

SHA1
b0e596a812ea8783cb03d72cd6c4ec20ba92a324

SHA256
fc6140d5ddd59ef4187d9f970c522e87fdfc768f770b0c3b191d079f2462387a

SHA512
74d362c6118a77786b9187fa07dba7475b561927edc98400ee71004d440210667fe02e74a4d6329e4ad2dfce5e16d807aa3bae5fbf0ed50561117d046b11ccff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt

Filesize
179B

MD5
e926ecea522d7aab15a71e7f7430d66b

SHA1
3d72eeb0e587ad4d832e9a44f04dd0cfbfbcf11f

SHA256
00e9ea5fdf19cf93acf57da7bb20b561b79c4dfc60ddb65cd3b1a9d2a29db663

SHA512
2ecd9b536b220ec8293818d177881427c2181b51ee6cff5d94d7923d9b9241c60bee8a8edea76e068005ab34f43915b84db6b9b8196627af358eb06231a20aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
123c14aa46d6c70483363baf9c98c6e9

SHA1
7e6c291e18fb071fa7c55d5bbc2f08d89bcec3f6

SHA256
08c85295b8f000dcc4a00575d4fffccc976a192b58eb19fc743fe5e243dd0beb

SHA512
1e826f9d106f8537accc7d5872b22feabb029949b6c9652c7cf0b52e1f4857e16bacf44c2b72192208bb59694538e7a223decdb78c593c8a8da0d957f48b2b55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2b4ef03104b81dd5bc2c3a900daedfbc

SHA1
438bec4d944d6706f274d648b82d6ea9221d6554

SHA256
ca73f344efaf40ae52d3c559a99c49a85c5f7cb85941a646c1761c0f192c6cb6

SHA512
6f7615e36dadd9905185db5088e29620b61d6bec33fa41119932e04fa7b2b103a5ac0abedff6fd1539bd7a27a818a64d232537f64fd8800d1bb427257282bd89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
492e623d12373720cf2b68ce0af7a198

SHA1
5553ce654af13005787e043397c6c8b45f08e3f9

SHA256
b3d25e6064434892cbe568459e5e637ced6c9d3178ddbf68d0148cde605917b9

SHA512
00ef2c9ded4220a283fe8b3988c5fc618592788ca1ad0ebe6349714e9462ca806801bbb7b4257cf679ed1fbad8c21d6679878c5ecf1199cc7e256c7615243582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9558d70ac124b86f2c00b5aa12013b2c

SHA1
3d7bc736a4074e5228ffa55e8c6948a59446b945

SHA256
f9a2fa4a9fb6607f4f229382cc7c9dc48398fd9a7fcc669aa15a7f4dd9b525d5

SHA512
fdb624e76e82b99d9efd9a8678373cc69da4c22d057906c25c49e1c4ddf3acdfafe47142e5a0080a7d8e52f6df3c2c43fd5cfab9ea8c4c0667a6881ec2ea129b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
860e50cf3facc06c3aed4ccef36a49c4

SHA1
f5bbd679e65326b024fe6dc46b65691be7e1fb5f

SHA256
087c1b6fc812521f8d327fef02210731591659ae0006082d530b95e3d38c9b5d

SHA512
feff5b6070d701fec933542e48750903850bdabc4727ecce81daefa38f4670fbfcfa826b3b933d81ac8ba3a55264fe7d0e9cc2ca2d1cc4a43c3caaaf5b654b57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
142fd62daa97d30f98317fbccda20574

SHA1
332c670bbe93b161751748dd76f989d65ec16416

SHA256
6bd4c0e64b16af22b978f2ace0861d91723c84f2187bf9d28582db2a12eb8bce

SHA512
96d85f4d9e4a0e662de4c127fa66670cdbc6870a42277865a2ef2aa7690218cd1d390ebeb15cd4d9135b3c0f257ea34ecc5c19f1d3a3df79c16f33b77ac84932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9f948790ff987501c28481b336ba638e

SHA1
4acb3cbd9813c2310949b6ef05c609edf07dacf5

SHA256
87c16a914cbae3ff142ffb70450b7bf77f73e9d84fefd01e8f57596de24485ec

SHA512
d4a16eb299a8debb5fb42a49ffaa363c76da86150460c9b2c60c3fa493789a6d9b47e898e4293ccc9b41941ab6168dc56c2cd72fe36c0642a1d02601ed0ecafa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e8aa.TMP

Filesize
539B

MD5
34c18ac140a44646a7429f852dcad21a

SHA1
7a403084aa397296219883ee8f2a8fd89d49a90e

SHA256
1482f34c20d68f1abed94fe1468c6f368c7e0759f881afa9aec710afb0202f90

SHA512
c0a93341d7a1b8ff7a9416eb6910b7ee235f94057471d01e9bd42c25e73d1affada60024ad7766a4d415bd481a2513aefbf1ba980957ef01daef966f7ff99274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1ddf104ccf4d1361358086b730116e86

SHA1
d915e7ea44de84daf686cd939bb15316e3011ca7

SHA256
2ac0495f21154341794b4f08b934367052c945358695b210df173f70c2275a5e

SHA512
7ee0e75dea9d7e0ac3330262080afd732b463858c7f0d2998d9c14826244bfc083df60ff13d1d058b25e843efe848b52f3df19ddda5d72d78240e58241b7dd51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c709b827-b6f5-4452-99b1-9885d391d5b3.tmp

Filesize
11KB

MD5
e3c967324428ada81dc5817264bf1445

SHA1
2194fb46ad80476a74e2f33c127d8b31c850db4e

SHA256
871b16d4292ea79522e0bd6c1c58b4f16c5b34891e37b052d634dac0c433b90f

SHA512
fab53a77ea737d31483bf2fb472d5750619ceccf3578040c022c50d5d630a8307a019a35a90a7356a98b82f8604cdf95ef40c72ee1327d81c21054ec4e5d0460

Download Submit