hxxps://steamcommunity[.]com/gift-card/pay/50

Analysis

max time kernel
366s
max time network
368s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
25-01-2025 21:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommunity.com/gift-card/pay/50

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
67	4984	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

NTFS ADS 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\download (2).htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\download (3).htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\download (4).htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\download.htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\download (1).htm:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 23 IoCs

pid	Process
4984	msedge.exe
4984	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
1608	identity_helper.exe
1608	identity_helper.exe
872	msedge.exe
872	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
3112	msedge.exe
3112	msedge.exe
4596	msedge.exe
4596	msedge.exe
1400	msedge.exe
1400	msedge.exe
4584	msedge.exe
4584	msedge.exe
2812	msedge.exe
2812	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3696 wrote to memory of 4052	3696	msedge.exe	77
PID 3696 wrote to memory of 4052	3696	msedge.exe	77
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 2692	3696	msedge.exe	78
PID 3696 wrote to memory of 4984	3696	msedge.exe	79
PID 3696 wrote to memory of 4984	3696	msedge.exe	79
PID 3696 wrote to memory of 1464	3696	msedge.exe	80
PID 3696 wrote to memory of 1464	3696	msedge.exe	80
PID 3696 wrote to memory of 1464	3696	msedge.exe	80
PID 3696 wrote to memory of 1464	3696	msedge.exe	80
PID 3696 wrote to memory of 1464	3696	msedge.exe	80
PID 3696 wrote to memory of 1464	3696	msedge.exe	80
PID 3696 wrote to memory of 1464	3696	msedge.exe	80
PID 3696 wrote to memory of 1464	3696	msedge.exe	80
PID 3696 wrote to memory of 1464	3696	msedge.exe	80
PID 3696 wrote to memory of 1464	3696	msedge.exe	80
PID 3696 wrote to memory of 1464	3696	msedge.exe	80
PID 3696 wrote to memory of 1464	3696	msedge.exe	80
PID 3696 wrote to memory of 1464	3696	msedge.exe	80
PID 3696 wrote to memory of 1464	3696	msedge.exe	80
PID 3696 wrote to memory of 1464	3696	msedge.exe	80
PID 3696 wrote to memory of 1464	3696	msedge.exe	80
PID 3696 wrote to memory of 1464	3696	msedge.exe	80
PID 3696 wrote to memory of 1464	3696	msedge.exe	80
PID 3696 wrote to memory of 1464	3696	msedge.exe	80
PID 3696 wrote to memory of 1464	3696	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steamcommunity.com/gift-card/pay/50
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe87503cb8,0x7ffe87503cc8,0x7ffe87503cd8
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  - Suspicious behavior: EnumeratesProcesses
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3344 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6440 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8840280750117097537,951982389151810793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:1576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
19KB

MD5
3e7e1e400d14e56197fd989b2f2e1365

SHA1
8323a4e76e7f67a7a250b64f03aecd5eedb8bc48

SHA256
174a5fd4947101492926a9547cb568a9827807bc61dbf73ba3624a7c07a41152

SHA512
f3632feced2de0286419d29d99d59084de8fc48a76140ae255d029b29fddbdf9aa33f97b7cb403e4d26e13573cacbc4a1da1bde48009da5fb8db0f178043c85a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
218KB

MD5
471d81d6c8f78c9a89fffcb29e10c7e4

SHA1
bba859080c08790205e851a9222e37fcb2eb55c8

SHA256
1e065b75471094e34b51d8bf141075d7e4e745edce8bb6f9913e40320eb3b525

SHA512
62f51cfbf48e3f7dbd9d5cb2df788ead1599f288b77f187496e677ecb71dadf98ef038c5d320c829653840786a0b12bd63727d6e93d0c4883a8d9e0f1e3fab1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
205KB

MD5
4a34d2b44120b8b518dbae030c15fb5c

SHA1
69e747723f2a9f14d4a0ff6a859043d7509e0325

SHA256
6f324daf146cd0dcc2c99ccaa8f5bcd6d0a3e52e5fdde560295cf2d7ba6324c7

SHA512
48c539b0cf4790f5c764285a8f23af3c3196eab7e4ec34c609ae4c1a41b4cc6d013b24d5db53e4fbf1c56c8c283debc9d275e78133fafd22bc69734e3086ea72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
229KB

MD5
aa7a2e2fa5fc160dd404f8c214506c83

SHA1
71bcade3236bb0c84efb41ca0ca16757b9a3b21c

SHA256
759cbf9b002a4b7649478bd8eb1dac3bd4790103ddc01e558e6990370061254b

SHA512
a93a8c6fd752caaeac324caeccdde3279ba64e0bc5f957d34c8d293d7fc9c06b74ba0953953bea920e5c8fc0948cdfefdbdf9441668c4f170aca7766772bee0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
17KB

MD5
d7f20e7973c054a1f9b6889b0d6c32b9

SHA1
5f7cd72f492ed2d6d5f7b325ca4a27588c35c3d4

SHA256
518bd81a163e773988a481b6a364dea4ec9963cd666a12833064bb6879f79619

SHA512
f26a0a45cb7072bde26cbaa9e18cdb72407cefb2f00c3b3b6e4d738544ddba2d48adc78dbd6f6ce3c3262da261c1d71b383f8653da6ec262da5770e150527aeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

Filesize
30KB

MD5
8dd0f80de826bc2fe213d526eff65b76

SHA1
96d5b411fd81e734d53ef30d0c1d41ae05fa5092

SHA256
6dea7254f903a2b4dc7aa6a8e82920e68a5688d88ba840dfd2a71d5fea8e541f

SHA512
0414d4f2aa92420debad51fbc8a6fff4ac040bab42cf4feab461806559436bbbec5f36b839ab7a65b5aa4a68786176e7eef2f2935d649a16dc0ececea0271aef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
87a176170345b57cada7e4f54fa0d8ce

SHA1
b76adca64a4a7d25cb39773563dfdcd5bee19958

SHA256
59ec0b14d11ef2b3a32e3197d9129511270d1bfcc49c3fcd8eb44e98b84d8022

SHA512
d35749a8c79c0d38e3f66ca6f15b7288ef7770ef8ff8c0b725e813a07a4df753b1d70b9ef58567bb6df7ac5b1c4efeb85c469d35271517fdba79dbaa02f24eff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
0e8f158ba5c41d73ed7d3caafcecaaea

SHA1
c04b2f476758eb1dad24427e969f7734c26200c5

SHA256
b43c0fc828f3820186795b281761d32380ed5314757998362288e672af367b04

SHA512
58f65c250f4f7de1e9c415d3fb4223e792f7e46b00c9a633120de79f190b6a7d4bfe885ab4b118e0b3417587de5bccb2b689ecbc2c2b7cbfb71dea2dd0a552cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
806B

MD5
137d4869b76ccd3d5d32ec2eda4d52d4

SHA1
9c066f588490404a06c3661677eea644fb735a23

SHA256
80fd0cd9d77b7c24a790c495c4cff20f1374cfab92338aa256064fbc4b63fc15

SHA512
8e97714c21d388dc2e2a564532a796a1e5920b1ab807910012d3f6cc6a0c80a24408d9a80e194b75b1994c33accf6be44689c120652bfc6317d152c050ccaf24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
972B

MD5
ccd9ccb5ecf81a7a3e933410fe82fb43

SHA1
cb58c8ec179eeb1c4d41fb24efbf06953fd09e0d

SHA256
d57e134324bbae1631718417fe3a89756da43e11565f6b6a71dbd6b41bee0a89

SHA512
bba85c13d42263c28c321e22a7818d9c14eb96dbff0b78ed0cf89aacfe3ab8d369ad5a9c5bbdeb177fcc39a7576ff22e45540c70a51bc7db8358beb7dd5fcecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
41aa907fd575c669779633195c213979

SHA1
db69e269efebc3af83c963a7d6a70ddd506e0ee1

SHA256
505f78a77445c62b2fdf1f73b9093041cd98b0d97dabd4f56b46dda8a98cf1b0

SHA512
49638e9d9cf0243d4afaeebbdd750b2ef0b8e89d5c089a3028c4c4b8e2358a6a95a82dc8bc20da52db461c53c3ff75a1a1055fb25ff6b851b672f9f5f7d4d2b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c137e84a2bc403f57552778375e95ad3

SHA1
5a30ef0ce11e40eecc3dc891cbd59e54eec75ef4

SHA256
f68c3fee35f229e6ed5694ed54f17c3d0a17a6b47eb48ffbc39d3e8c7f3ccea0

SHA512
9aa8a6bfaa66438b95304204d2e811e84b7bba3d70445c819f7c95ee3403ba273820cccf65803fcf128e2358bf8c074be316b092c44137cf19328693758f0be2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
40c1ca54351faf879c8f816ae4300755

SHA1
bf40be0df4d21ad9329d4c6b733754b8a123334a

SHA256
f2a7aa9df8fdce5767e4383a446953b6ee86cdc832d2e5a96af0f61def6b2b4a

SHA512
7e001779f79c9d68e3f3d2fc0019981a75c85aad98beb03a99125ecaf36f0905c50c42d7dcff5b1cfc9465e650595225afc888258fa45100dc29219ff7f9ebb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d9a4aab2b11c1458438a78ed07917e85

SHA1
c3d759643124b09db3b63e94db43b23c9093d3e8

SHA256
5d87fc52089a11f32fa91cae98853d561e0898bb7cf84f420f3ef543e62e28e8

SHA512
856abdf1408a889c176148121abb2c7f34bfa763df81614e01e73d4f0dbace6ae13f626eaffe7765110b7291362735891ca9f789ae8d18e5f6ccb5669b46d540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
38db2a3efd256fb9663a856af4c57a6c

SHA1
d3fbd3fcae2f6a7d2b1d0042c6a99446008203ae

SHA256
83e099685bec5d6548164eee5c3fb8cc31fa8e1179649389f05aedcd449bdf49

SHA512
9387504eb52c300fa09c4b169b49f41e732acd65e1735a7950168fc5fe03015ef5b462a2c01b047ca578f9806ded9913995934b1c091b936413bc5a23241b41b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f6d16a4ca33423ac4dc8914aef99af4a

SHA1
8f80615214c158327f3493d1ce18d30d7c8164da

SHA256
f22abfffc08496dc4a4452bfbedfcc3c6755eb7584746eafbb0d90eb9b199ede

SHA512
7af45b5af61aed36a259127a08d55f9b4d692408577c68a78b954a734b39c2abbd769acde0d70f6a3d8cf43c35ea1434890f2d629c5b4b6a8f98066b1137fa88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc7f9820757e8ef829a17369f3498e15

SHA1
2ee263604a8a51b0fa6f7d2b01aedebfd8c977fd

SHA256
528dd9fd74df7e5d50c520908e5bc2636ea40d8398064c71d7978fc9361b4dd9

SHA512
02b0a1a3d350fa5bc01f6afe03d7dbaae71baebfd0af45068c8fce5449fc0af268fb6e895f9a65c96468fad13567e4be8904f20d117fdbd1a7506786d439b206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
ca6821a0e0e16b1320ffd238d94001e6

SHA1
94619b87847df62c141ef7dbdffed97d9a608a59

SHA256
d09dafd7a741cc5cb8a1b6cc79e5d95c5e7d28452509d2d5cb26a6591be3d539

SHA512
a47a868603cf3e78572bd36bffe471c4a509acdca0ba25777cc2ffdb4c14fab0c2a5089f48a77d10c65d6533db441f016533951870093b8d83a857c3ed5dfbe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
f322f4bd71648dbfe59a38a49cdf4627

SHA1
f99908ad7742d0cbba64cc028757a8f11340e248

SHA256
9307cde99ccd3e98a6768a2692f3f879005b5ed2b48202e26750288a4d9e3637

SHA512
d9a0cd571cf866571b18ad1356c3947f96c9d82fa0e877a3c1e477e55580ac4d1a13a0342852a444f4101d7db06e627829bd2c7374cb06d6055ba3401e1ee8ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
0caaebb38ad4a244cca0b5b253a6e955

SHA1
c91ba1e4076bd578af18ee7d3a363362dec6d737

SHA256
601f6a299ab038ad060a4de95302c3d637569c721be76c21567a78a208e0ef08

SHA512
5a62f98bd19e6057b14717e061dd0405316cd4446dc6acc60894247b0ec613f2c96ba5564df7ea91491b52badd38340e24f079498acdfbce5134e94a63ad2eaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
5d59f83177625fb00ad642d627a1f2f9

SHA1
a4365eb4b5ad2a104316ddc6875460dcbee64886

SHA256
7dcde44f2698c680dfe5e386b651bbf0a506699618402a13eec446b047daceb9

SHA512
5adfa712870d644e9bbcd2dd94c0836e5411332eb25d7989feff039ef232e5a8070a1f6cd4c3bea952dc5712347914899b5591b3ac721d741b8c6b421026dce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a8648.TMP

Filesize
371B

MD5
12c2b87dec74a834e2a559c9de513c24

SHA1
e5856e9992acb3e734b08298208e6a31fbbc43e9

SHA256
20fc5b316e30bb8471c553f65ce47e18a7e6bfce824cd042982a6c0f20e6ddfa

SHA512
86a8be4287b9142b84c3fa3b91f203a18cc261f5c0d16828bf5d99ad9b36e1140004b83a7277777cfdd4932e57955a3a49635714b277f49d038cbf7ea833979b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dc2a00dba4b0a5ae3ec89f4ccf45ce75

SHA1
880d85ff58fae5c9ff948e28725e1dd51f22fbf0

SHA256
d341f45248c9621301ce17599da985cfd2c31682cccf3c80dc1edbe1d0a57ba7

SHA512
8fbc862aef5c4455f8c8bd4dbc1363b31ff22562ffdba856f22f7050e421bdea10cc52ffa490d39fc06f01ddcdc02f1b1c17ee46a50fb8e916b33a159c594065

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9df5faa219f23de43dafe13e85a8d20e

SHA1
cad9cdaa80fc1cb2a0384fc257d8ca7db33201c5

SHA256
010c68afdf671fae26d1d357fdc7e894659f85117f75eb7d59e40d93246dbcd6

SHA512
04607a1f32ab26c56ddc2c22e0000149f36ee0e3e99b6ff7debe9fdaca0bfb7c1f586d630dcdbc265b1e66d8b773535a059cccd687c438388e8ed9c2fcce2fc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
92015a855b85ad4717ac5ce4faa55c0d

SHA1
9034bb233512baef2d3be47afa938ab31c713feb

SHA256
a0de20d8254da672e6f8be9458076a8b2a7bf635c480aff988b0b66741341df8

SHA512
3b8dcd58a28236d0550a5b40bdaca5fd76349f662b6cca8ba23ef3a5260418b333ea9f67d090055ac4299b6d5a84a63bbaf6776012031c05f09d166f56095857

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
9fcb37706fb1f45d37682fb934a8e29b

SHA1
32fb251e8836f315b43ae66e599462e7c8f8f35c

SHA256
a80d8fd1e4b8d52d9b4b7b97f7f5efed64b72c642dd7bda097e61fc136e54e95

SHA512
b65e888671b3b743100811db58f79dbf3a51746d3766b23adb327d0b25e37fbb3eeda3644721e07c40385945e6596e4782d399f1c127d5ae75c257baf1a7aa16

Download Submit
C:\Users\Admin\Downloads\c9244751-c4eb-4576-8f76-d2ac1f0ca33d.tmp

Filesize
117KB

MD5
24bb7fe5c5cde28ff6bb32ac9c783394

SHA1
9c3e444538af336f4b42a662674425b2aac85cfc

SHA256
5d5717d197d3a009f48b25c75926a5329d369ab27d9534fdaac20c44a9de14fa

SHA512
c2822aaa14ecc92f66dfd8873695c1b968922d933218550a3ab58250b4375b1c30b115f7385632c7b9d15f9ca01db12b0b3181c85dabb40c6df4c0716772c324

Download Submit
C:\Users\Admin\Downloads\download (1).htm:Zone.Identifier

Filesize
108B

MD5
2ad3213bb5f39eba36ac69f013d1d9ad

SHA1
07899d199161f52fbd87bae5e1bc349a00995a19

SHA256
38fd96d5805d27cf11fa986c55e2edfe51de97796442896deff4535061e37140

SHA512
23096a4de8804e84e6201c6f814d2fa01fd2337a90685cf3a0bc8c12d6009ea34be8140c852c350232035048681e03778f13a4616495d1cb0c7bb86dbb83c279

Download Submit
C:\Users\Admin\Downloads\download (3).htm:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\download.htm

Filesize
808KB

MD5
59f99e9ff6e87b3c6bf8ec72285eaaf6

SHA1
a09fb092037226336e8da35f87374b7668381bc8

SHA256
62b30b96d538eed92db053338ffabe5635389a8f052ce2e4809f6fa75ffa0b78

SHA512
cef32ebfd0d5c2920f1ae5ef6ed1a99d55dd7cd2337f478ddfe67d29171a2a0b28c836e1bede1cffc393c56f0df43d3246245be63c49127566830dbb986e5ae3

Download Submit
C:\Users\Admin\Downloads\download.htm:Zone.Identifier

Filesize
67B

MD5
a764c6499aa110aa9f9e7f692fa79106

SHA1
dc80762c886121cb80c3ac437fe228d059a3f45f

SHA256
55237a1763b0687e2b7b79b2b82fc2c9cac2f9429574754bc3a210536f6034ec

SHA512
5c552eb09250b4572a8ef6bff3036f9dd793cab784d923615f2bdbdfb94a2e8ad4776d91169c6e8fc7c1e12d73763a71053f6dffc6572b845385887e1cc4c760

Download Submit