hxxps://did[.]li/hkFIw

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-01-2025 19:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://did.li/hkFIw

Score

10^/10

google discovery phishing

Malware Config

Signatures

Detected google phishing page
phishing google
A potential corporate email address has been identified in the URL: [email protected]
phishing

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
178	drive.google.com
179	drive.google.com
181	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1700	msedge.exe
1700	msedge.exe
3000	msedge.exe
3000	msedge.exe
4200	identity_helper.exe
4200	identity_helper.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 1648	3000	msedge.exe	83
PID 3000 wrote to memory of 1648	3000	msedge.exe	83
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 5032	3000	msedge.exe	84
PID 3000 wrote to memory of 1700	3000	msedge.exe	85
PID 3000 wrote to memory of 1700	3000	msedge.exe	85
PID 3000 wrote to memory of 4740	3000	msedge.exe	86
PID 3000 wrote to memory of 4740	3000	msedge.exe	86
PID 3000 wrote to memory of 4740	3000	msedge.exe	86
PID 3000 wrote to memory of 4740	3000	msedge.exe	86
PID 3000 wrote to memory of 4740	3000	msedge.exe	86
PID 3000 wrote to memory of 4740	3000	msedge.exe	86
PID 3000 wrote to memory of 4740	3000	msedge.exe	86
PID 3000 wrote to memory of 4740	3000	msedge.exe	86
PID 3000 wrote to memory of 4740	3000	msedge.exe	86
PID 3000 wrote to memory of 4740	3000	msedge.exe	86
PID 3000 wrote to memory of 4740	3000	msedge.exe	86
PID 3000 wrote to memory of 4740	3000	msedge.exe	86
PID 3000 wrote to memory of 4740	3000	msedge.exe	86
PID 3000 wrote to memory of 4740	3000	msedge.exe	86
PID 3000 wrote to memory of 4740	3000	msedge.exe	86
PID 3000 wrote to memory of 4740	3000	msedge.exe	86
PID 3000 wrote to memory of 4740	3000	msedge.exe	86
PID 3000 wrote to memory of 4740	3000	msedge.exe	86
PID 3000 wrote to memory of 4740	3000	msedge.exe	86
PID 3000 wrote to memory of 4740	3000	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://did.li/hkFIw
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7c1246f8,0x7ffd7c124708,0x7ffd7c124718
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2460 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4972 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9375434143287061760,9719382053404634720,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
115KB

MD5
4456144a5339ed2ad305b53d1ad994a3

SHA1
a23ac05d1ae23b4d78f9ed698798cc4a5260afa7

SHA256
29047d3e7b482604bf9981cc40ebcd4f1b22c897da6abb11e5f9d314130c0e2f

SHA512
ac72dbdc5cf930b733a2fa6c8a147a00dce614275b2e4abd8a0e39a93c7e070f118e79348e1a78252f9ff69469f0e2e37ecf3b5b52c2faad3a22a8df08bec422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
392KB

MD5
45ecf06455b9c672a1deceb52ae89dce

SHA1
f61730d985f458b89603dd56aa44fd633dbff92c

SHA256
0c85bc2d307d5bb029cc37a03cf794e45e3dd29535f8ef6efd1a85456bc3f1f0

SHA512
915166ac8e89c081c808e09d9e4b09aafdf9152aa5d94fef51753db0c70c83ea83b7930d82d263f2e4a54feb148d68ebde9a9fd931aec5a3bbfc2853dee75902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e6ecb20ee50bf51efb708a438ad8edea

SHA1
758412f01e6ddbe8954998e5500fc84a9566d74d

SHA256
5960e613754d82442dcdb879bf27c7a06ec46352b356b646c5b636bd70218286

SHA512
32616b20536664e60d17f0d7840a206a531fdc19c000e12d1fc4f4f283f7a640f2c33a2ab07a4e2540c792d5354db816fd8c43e812958916b9ce750c33c92aec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a98f1e696392dd549f8c7573afb71198

SHA1
a6a52d60ba29ca713e95236fb77aee547cbd8f5c

SHA256
3cebe75a12c3621dbb36d20984a054d9ec575e17df01e6a5f78860003d6f31f1

SHA512
e6aa1d8e1d37e224d3c9e093dbf430e3d814bf8e9d171cc9dca1d69da97074a3b970275c79e02f4b9a30168c5be0d75bada20077fdd7a18955972fc5bdb5f81d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
dcb3ab33825ddd09cb4261416d5efae9

SHA1
6061932f8e8d2a15ce3b686c973ee7c83ee01826

SHA256
7317ef908ba736483191928741478bbef94ff8974098c7f2969f7f7e89567e55

SHA512
4e14e10e2771b162c93009cdcced962c4d151bb1b3ec46c1a85cde0da9f0736c4afdcaa03e86d26b4fe98daa8bafaef062660ba2ff94a4b288909e1a9b393d0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dface2daba93b1d983530a59ad63552a

SHA1
4ec6c6541acd2bfa1d744ea80e7bb34ce46c49f2

SHA256
d4ddd4f06b5c05f059392d08df57a40094bdbb197f96efc9e90c06c8412c152a

SHA512
88174f0c333d884ebe6242fcaaa148485cc8182d6c79f9a651c9d73df10acfddfe6becbbe786483353bd0f0d86d1f6635b9988e20f46058629f2fe9378b2af49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9577021dd691d435a9d2b89dfa21d641

SHA1
b1046bb077b34bf4122a2a32ad3c1548b873833b

SHA256
7d8ad1ba9f09878a507a44cd6017ecb7f0da2427417c21bcc0f47ba8509353d5

SHA512
e2c2c87742a93a2dca493f19b08d8f2287ba10699f1b6bf55a807424061d068098e447908041bba464aae721f6d020446bb377e48762a9466c1130030902fcc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f3e496d9fe17f2950aefc38755c58945

SHA1
3af791dca59144f48399f80317b99a3afa2f8b5a

SHA256
37e294f854fad01f4c62caf37db5d29eaebefef4b4b2cf83d0650dfc675e15be

SHA512
3e4151ecf6c12f1844e060a4d4f9769f467702d69d54d8678b65ee3cbe68ec9df6813de78fec1c2b71df1c397dcaa1de521b8d21d3a500d3370a9565ebde3f13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
04aa57d1d89af25df4f2112c9b7a065c

SHA1
860f7344898005160ae31c4978378135acd681d1

SHA256
bab71ba92b7e1dcb73eb5d5c5142ec8fa3cc193d0ea37158a01976013e58d3db

SHA512
6d0cc689e04b3817372402a74cfd317bdf26d4b58bc3e20df4f8f7b6a36ee32881bb7f1f7ad78c0192261c806f4246aaa26952274c2f61ace4c35aec0f9b28ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
96f9ebc1cb62d8f1481e6bbe1c1f6e09

SHA1
dcba5a17a9ff6ff247923b701d93c979f64ddb3c

SHA256
925f1a9caf5f2197a827fb7b792e1f4e12a500650fe21b3cea0dedc63ccf13b2

SHA512
7eec0bcd4e98ebef5a93a94e975b8cd9d08c07d14715cf480733dd723120b6af4ec681dd3b89ab47fab5bbc24787642d4fceae58507d9eafb6f47d3873a4cd51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
22d8863f261a4a739dc238b456cfb4b5

SHA1
f61c26efb9f826a06805ff243754f5c43f666b65

SHA256
17cac1f81bd173a0849a83f3fac397f66d0aafc585ccc40c3519812835e05af4

SHA512
e5ec4f3b67784bcd830321dcd16b46f403e890fdf7c133af276c61dd93b1ed63ca4739bf0fa9a413a8df0bc4341f730a92cbfb6189a080ffa2c2fb70b6dbb775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c382fc0b0a6562bb10363a06e0d0fd2f

SHA1
5a8072a9ea6f91007f2dcc7a9c31437a11fe01c2

SHA256
fdcf654e755b285183bddbd8a2b6d8947b7bdd03e8081ce088d592fbb38f1eb2

SHA512
f2788db7119f7cf5185bc594a5ce9563603217caaea6dec700fef3112a23f5834786578ec5a115f7d96cf1fb6773de31b8ef059304f8209b776959258e451487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\155077d7-04f3-4849-916a-c0f1920a3905\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\30fcdb48-2a9d-47f8-b340-27d2e4f689c1\index-dir\the-real-index

Filesize
120B

MD5
36cbe6cd43d3f8c187458219cc5cf8b5

SHA1
81bb48a00ca4779dd9a99fd425db080d2f6230ca

SHA256
f41a0f65bde929ad63684b1bdaa8b91831690cf6d02bbd79eddfc120b2421eaa

SHA512
8dd38271c0b97c88c06e111daf8598c005ac3af46fae9a513d95ed695817c4a9927cf43a1b0a7be425cc38144c7e4075af4bdd7c6d9dc96d29753af3323ce315

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\30fcdb48-2a9d-47f8-b340-27d2e4f689c1\index-dir\the-real-index~RFe59405b.TMP

Filesize
48B

MD5
e39af206d8312e6d3267785a98c63de2

SHA1
b3a435bd27abcd775d1fdec9719c0a757345c6a8

SHA256
990309f10bd956c6d9520aa2fd121d66d4ed0c0879124121f08629e2f76d2fdc

SHA512
321709eae404d7f947f3aa4b1fc670e110c84f63e533bffc51ed5d985564fd18f128904daef772fad4169e6f1594f8b6f74a37d440e6c0faef30249fc73cda7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\6ac2e84d-1e47-416e-b09c-e6cf8da7af77\index-dir\the-real-index

Filesize
144B

MD5
09d231990d1e6e036cae854a2ea840cd

SHA1
fe046169e8e038fd31a79bd7c25d4df9db66939c

SHA256
53603cfd05a56c32d6e7581cf2427a371f0f963fa298c31ef0531b78af2227a6

SHA512
0cf51e224ddeadea4be66f26b97f4aa4221d63d67243c142cbf9cdbb5dd201a1156d54ae6280be4858e0d2cce3690c68d4cd640af122bace78c1a1c714c8f057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\6ac2e84d-1e47-416e-b09c-e6cf8da7af77\index-dir\the-real-index~RFe593cc1.TMP

Filesize
48B

MD5
677f4205f9f3b3c84aeec17269582111

SHA1
4f6e79b751c0cf7a48a5e67cb955541ea9d01745

SHA256
0725492f5eaa28f4c7194101c8e296b76280040756758ddc492d76623489d706

SHA512
c26c081af846099439a80f574d0968b70cda12563b35bd5f4c81237df673748f4aff753796b7f50b0fb419a72387b6175e9699d589cab28ce2673898a1faa677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\df0b20df-e4c6-4245-9a6f-5ef4b3ab8f7a\index-dir\the-real-index

Filesize
72B

MD5
7f29464d251d39e8f228241c3d08f1be

SHA1
4c5b47954f5ba2ff917ff71d9787ed645a7cc49a

SHA256
82a7ccc1821d556610e7f0b446c9e686546a5bc6819fe5d12e35c2e6c9991dda

SHA512
404aeb0ba827116aa670734ed8f9edae6457cbaa73d645641d650a2c83687d625730b1cb1d8d432c8468a661c0a720773ddb7873407da92a8ee42442630bdd13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\df0b20df-e4c6-4245-9a6f-5ef4b3ab8f7a\index-dir\the-real-index~RFe59407a.TMP

Filesize
48B

MD5
1cd9a8ff888c69560bed4f675e2f84db

SHA1
b61908a843201c802683af72eda82b1c7de93989

SHA256
74ec2b149ccd2e71d31a9a7033497b9e945affc26306f8fb271229b80dd4b31f

SHA512
8df3054ca392f8fd9ec55ad8209a13d972c51156aff77624f85f38cda5c9a7816302e4d938b6b0023a1034a1890508f0308dc3e8985e7fbdba6b1c7a3babc8fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

Filesize
129B

MD5
871b2ba2fe9e9fcff655e831ee31082e

SHA1
cd4d39fe91a36965f15d9cde4dec2b557737c131

SHA256
2609e99ef28f60f86075c6f75cd39845cfbc2718ca9a6051ba7ae87e70741f64

SHA512
522f3bbb59fa0e779807a0675d4f4e53f8e220bc85fba29cc944999f3dc25beefc4612b59542cfa890cef78b9df3c63db4a13fdc9d7508ec5c306595e56c7b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

Filesize
225B

MD5
857c9d7a44f7b10fbfc16eab3910949c

SHA1
814c5ba62bcb63a3e230cd5e44b834bb40418f4a

SHA256
41611a7cb0d306dacb033a229e04f48908a75deea4bd42fa440a58f5d3cfc3d5

SHA512
9c3fc9167dd2327a300eff49268a0f76fb675780626c4659f1fb436ece18f8deefbdf506560c1eaeb93b5fa07a9fd758a665ca52b8d3e49f45ba26dee3674bb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

Filesize
289B

MD5
65bdaa520e23ff244ae111c0d4528b37

SHA1
71eb1b786527feb35406bef25f7ce27aae82cde7

SHA256
a847d3a76c930c7793515a2044893a5e31cb67c7e974159a8630b42c7a77fadf

SHA512
01d22fac2266336bc6d21bedb0c8f7b59c8bbe67a3f7effebb17daff0ffd730e45a83f19a80512b08840a7cef068330c2b4a2cccf7153a840404d786a9d3c9fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\index.txt

Filesize
358B

MD5
f6f56a76135e676fbb10a1f50d0235f0

SHA1
80d23a0bcd9771ef87954188280e74fb5bcf1278

SHA256
44dbfe2d0b8544efb7404b7cf6f7dedb8cfc2b921289080206b7b2aeb89908cb

SHA512
b281f87c0549a42945e61d5fa886a7eff7cfc65803f2d12f97b96de540b5f12843d97d19d71fba6e8da6856d797c6ed2f113662f9316eaf65f34c29c388ebf34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9e00dac796ccb87ad84c85580bbaeb35

SHA1
6b3459c7d30bd2be03143a4f31bea3134d0ad233

SHA256
dfcf6320bcbe63bfaee2f30765a1f103cc694a7fe5e36f09cf91186b7262bccf

SHA512
3cb4c4f951fc8cc874380e775f48720efd24794dcdd8bee86a8d56bf47e0fccb31192ddbcdb5a0097a5a0251c07d64f9d2657c75b1691ff6856f281450b3bf9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe593956.TMP

Filesize
48B

MD5
dfcb9bfdbfc0091b410ff0603d44951a

SHA1
3c7f3a1f6678c1a417f9021779c640bb6ecc5420

SHA256
2fbb5e8db21f52b803c00f1241079be19fa3f9ce7e37f7a86370680504a07a02

SHA512
70deadb836438ca97e81d507052456dab03ae91535cabb799d6ccdcdc2c1e5696c4c32f17fa6bfbf8c607bc86e4072ac28fcd9082afc630ef55c2ad1387f00bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
ead09384fe2dbddddfcc8de84221f7ee

SHA1
8aa6ccca0e0c345c53cbbf1553a3e91496ca04f6

SHA256
5337b07b51ccd5b5fd45d4d7b8308522e357bdb9c026d4a3a30a9ec881cad2f8

SHA512
c5d4dbc61e5fe53b47e54fd8685db6798a10ddfd8a9a5b392c7f98458735b6ef49345203148b7ebed48267535abd4fb43161fa400e5e63b5b9c34c145ff00c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
23b2c689f57af79f1477e96e6431e2eb

SHA1
30f0614950010fe17a1205a415739c4add3f4bcd

SHA256
946be35eb9ca3414942676e63747ae0e1677eaa346fc6a8f7165e552a659a088

SHA512
615eaae55037b82800e4d5bd6bce10ecfd6c6845706bf3c82027fe8e3a4991cf7bd8ff36c931282734c204a406bc2af5200ab02ffb51e509415b5ca40496509f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
84a707c60440532d7e600feff7a61100

SHA1
b0c44e1d12cc1b162e9023da93afcd97b0ca251a

SHA256
0882cc908f87c7ba5c0cd36fac2ae79a0774e7fff69a3ec35604995cace0e1b7

SHA512
ed768cd438d9f1f75f01d84ef5162030575ae13e64d709fee75f14c2d570ea9f3d1587a62771ed4d82310f9d83cd9262e7c68ee2f85265dd3249604ee6ebd6ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
294b1518a3f7f1f426a02bea7720b908

SHA1
49cbae92a88d7200ddaaaf747ce7da377a1a18cb

SHA256
d746d00286aa261cdba717b39910e6694a1e2d863c81cb9b4061215b62cdf4f8

SHA512
48adbe93eef82e096083ead1623a65a4c7d0f23c6d4f98655ffcdbca1ff84937a84454a0a78bbba78f54bc1be084136b6251e5bcb83768dc912ffbf49362c48d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
15959e8d1c0e940b37f15797a99a036c

SHA1
f2622720c61bbc8f46882caf2b216c433d739d9c

SHA256
49317adfe47b31faa5d1d78fc04fee145caf682a2cd2a3bfe848b9abc26a3730

SHA512
19e03c4f98c24532885d90dbad6879d2056293cdacea4852fd91070ea6883046b3ce96731654cb2cd9fdc4001a854da9d263896a2aca33f1538f74fa69c7ffc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4f2988c1b6b24a962b0bd53a9deb7668

SHA1
840513169e0f59dd2fa43d83ac916c5969b41bc1

SHA256
471fa71fd76ba1a344346afec4068964abd3c31aa13033f87d5979f0e5d35521

SHA512
1698dc8859f5dc9fc0ced55a316350ee3697cd5afb651284546fbc73e52f0b86ab2e9527a2014d908002920875de8bd9fe57c9fb05c9b5e01ffa9ba8088c8c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58586c.TMP

Filesize
705B

MD5
56c96ad7c30d4bfc554489ed5c885b1b

SHA1
d44550a48723600085fc0603d34eec72a1a3076b

SHA256
acbded74baadd9ea7dc88d14584332e0394bc4746b1397d685f2189fc64de453

SHA512
b3bdcdff0a781d8162e775e32767abee91d5e0592dc903926ed20d4e3742f98a001a65d71b509b199f13977421b5569d02b2b1179d5071704c656cbc35cd804b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
de7e2c388862fd70c72f713689d73a6a

SHA1
51de2856f067005e1cac5107944a0d760af3cb83

SHA256
0ba4e2fe443740cce96a3664ea252f7aab346103c02deb4ce20d7e66bc636000

SHA512
57a4916395bc66b365a0c262db55a096b072e028e0a8057bf5e479e0fe2a78b69dd0ad1599bd77a9489f7654bd15d428efb0368c0a51adb05bc1ab8d6a451f5c

Download Submit