41f5035bd0070cd9b240d684e1b055d9d76140ab53196cac1a6172b9490a3063

Resubmissions

01-02-2025 20:13

250201-yzt8razpaq 8

01-02-2025 18:19

250201-wymq6svjbs 10

Analysis

max time kernel
857s
max time network
895s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
01-02-2025 18:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GoDm/.git/hooks/applypatch-msg.sample
Size

478B
MD5

ce562e08d8098926a3862fc6e7905199
SHA1

4de88eb95a5e93fd27e78b5fb3b5231a8d8917dd
SHA256

0223497a0b8b033aa58a3a521b8629869386cf7ab0e2f101963d328aa62193f7
SHA512

536cce804d84e25813993efdd240537b52d00ce9cdcecf1982f85096d56a521290104c825c00b370b2752201952a9616a3f4e28c5d27a5b4e4842101a2ff9bee

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
104	discord.com
106	discord.com
86	camo.githubusercontent.com
95	discord.com
96	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3048	msedge.exe
3048	msedge.exe
1056	msedge.exe
1056	msedge.exe
2036	identity_helper.exe
2036	identity_helper.exe
4088	msedge.exe
4088	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3332	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe

Suspicious use of SetWindowsHookEx 27 IoCs

pid	Process
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe
3332	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 2980	1056	msedge.exe	92
PID 1056 wrote to memory of 2980	1056	msedge.exe	92
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 2828	1056	msedge.exe	93
PID 1056 wrote to memory of 3048	1056	msedge.exe	94
PID 1056 wrote to memory of 3048	1056	msedge.exe	94
PID 1056 wrote to memory of 4108	1056	msedge.exe	95
PID 1056 wrote to memory of 4108	1056	msedge.exe	95
PID 1056 wrote to memory of 4108	1056	msedge.exe	95
PID 1056 wrote to memory of 4108	1056	msedge.exe	95
PID 1056 wrote to memory of 4108	1056	msedge.exe	95
PID 1056 wrote to memory of 4108	1056	msedge.exe	95
PID 1056 wrote to memory of 4108	1056	msedge.exe	95
PID 1056 wrote to memory of 4108	1056	msedge.exe	95
PID 1056 wrote to memory of 4108	1056	msedge.exe	95
PID 1056 wrote to memory of 4108	1056	msedge.exe	95
PID 1056 wrote to memory of 4108	1056	msedge.exe	95
PID 1056 wrote to memory of 4108	1056	msedge.exe	95
PID 1056 wrote to memory of 4108	1056	msedge.exe	95
PID 1056 wrote to memory of 4108	1056	msedge.exe	95
PID 1056 wrote to memory of 4108	1056	msedge.exe	95
PID 1056 wrote to memory of 4108	1056	msedge.exe	95
PID 1056 wrote to memory of 4108	1056	msedge.exe	95
PID 1056 wrote to memory of 4108	1056	msedge.exe	95
PID 1056 wrote to memory of 4108	1056	msedge.exe	95
PID 1056 wrote to memory of 4108	1056	msedge.exe	95

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\GoDm\.git\hooks\applypatch-msg.sample
1⤵
- Modifies registry class
PID:4040

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3332

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b98046f8,0x7ff8b9804708,0x7ff8b9804718
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,5529022342341798421,4305577167532621741,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,5529022342341798421,4305577167532621741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,5529022342341798421,4305577167532621741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5529022342341798421,4305577167532621741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5529022342341798421,4305577167532621741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5529022342341798421,4305577167532621741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5529022342341798421,4305577167532621741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,5529022342341798421,4305577167532621741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,5529022342341798421,4305577167532621741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5529022342341798421,4305577167532621741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5529022342341798421,4305577167532621741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5529022342341798421,4305577167532621741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5529022342341798421,4305577167532621741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5529022342341798421,4305577167532621741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,5529022342341798421,4305577167532621741,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5529022342341798421,4305577167532621741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5529022342341798421,4305577167532621741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5529022342341798421,4305577167532621741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5529022342341798421,4305577167532621741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5529022342341798421,4305577167532621741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,5529022342341798421,4305577167532621741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,5529022342341798421,4305577167532621741,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5500 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2400

C:\Users\Admin\Downloads\GoDm\GoDm\source.exe
"C:\Users\Admin\Downloads\GoDm\GoDm\source.exe"
1⤵
PID:4172
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:2400

C:\Users\Admin\Downloads\GoDm\GoDm\source.exe
"C:\Users\Admin\Downloads\GoDm\GoDm\source.exe"
1⤵
PID:3736
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:4616
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:3536
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:3776

C:\Users\Admin\Downloads\GoDm\GoDm\source.exe
"C:\Users\Admin\Downloads\GoDm\GoDm\source.exe"
1⤵
PID:5084
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:4084
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:3616
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:4088
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:880
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:3676
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:2684
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:4628
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:1128
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:1592
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:4200
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:2240
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:2960
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:1348
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:180
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:1188
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:428
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:1232
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:3804
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:1052
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:3068
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:4408
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:4164
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:3120
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:4152
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:3700
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:4032
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:4364
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:3000
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:3408
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:2808
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:4532
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:4760
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:2276
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:1396
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:2164
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:2216
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:4892
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:1084
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:4584
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:3688
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:2644
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:2392
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:3280
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:976
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:2132
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:4536
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:1664
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:1596
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:412
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:2016
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:2196
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:5108
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:1948
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:1820
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:752
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:1300
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:4272
- C:\Windows\system32\cmd.exe
  cmd /c cls
  2⤵
  PID:3996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9bfb45e464f029b27cd825568bc06765

SHA1
a4962b4fd45004732f071e16977522709ab0ce60

SHA256
ceb8f1b0aaa1ba575c3704e73fd77edf932d68c8be902b33f1ba3b1d130cd139

SHA512
f87cce8bb5489b56027f5a285b948b639a1c7b0f213a111f057235177e5bffc537627c82586736704e398a0185cf2ad8ba8cdee788531fb753a2d08f16e906c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae2a8f2ebc841509f7b978edf590d3cd

SHA1
91358152e27c0165334913228005540756c35bd3

SHA256
631550765e3db02be0709748c0634a2cfdab711cea94f5890854d0c1dfbcb214

SHA512
e52180dd175f1e6ff72d76400085869387cd70da33919de219a04dc26871e8421e93b22e7c59125c19c6ee54a8a8f742d796ac68ea9077c9dab5f03b80967d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e891fb2412267e935e9939624fac947c

SHA1
4dafec382181fb1c4580b33a7413d574a29c3921

SHA256
2927e6df3bc72cafeee208e20975c6555616feebae882abad9fd1c8d806c10ba

SHA512
c19db826bbebc34cee18b7ec2654730e40df34f1005c81fd2229f1b4c09d18191edce2fa115043ec348e675a69f31ebd6be9bd59e6209d64ad29d167744ae49a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bb1ce3776d62a2f78173a7b4a7cf34e6

SHA1
5acf44cd9679a8b65ebf304e50d3585564a4d6c6

SHA256
1834191336bad8b2f1ae26adb80a586997755e87e1d20f385fee9e3bf753c09c

SHA512
94a1fbcf97eaab5ad119fa6a693ba19be51dab1c0a2c6a767be5acc0665813da32b3f0bd685f10c91dfd0956facdb7ed4597c8ed95836dade9077abf1f4e0ffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f19fd0d0034d96d5d16cbb8cc7ab22b9

SHA1
039b37a8a691ad09c19b6459202042003f083c1d

SHA256
d46a4fb0ca2414c45106a788dfcd0a893a030aaabdecc3f7f4bbaaa98a3d9b7e

SHA512
85e104d43e5b257c8ce65398c28293edb1695d7fb0bb8a3cc55d17ee5ac697e38b24f18e942e5b79178bf4e077a959d0511f04ef447150e14a154d755274d7db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b55db737f1e83b82ee67c276057155ea

SHA1
8b6ac3b46798188a867b65877c319ad4ad7e2752

SHA256
742c2d794223e537548e48a83ae8b69ed8700a6b474c95260d46f9f74bcb54d6

SHA512
bc3305cc7f9c38c901770644323c87bbe58112c2fa3b430622861710ca18736404ca27670850924f93e2b98891d353227297a9d5fc4d7f8e1624ca2d05b90120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
66a1ed7c6270be2d489c47bfa917b212

SHA1
30d8be17c2961fda89d73d24f443ffd9a7b82d90

SHA256
3e7082d953c688bb8aac7133f7a12590cfb60c35a6df78b51e45b56234e2606c

SHA512
85a0d0b4d9dc3c02e6fe351a1a1650ecd53afd635b39fb7cb7d18ae77cf569a63e34d2d95e7ffcc6054cd59ddfbbb629af4c20ba7f083667ad6b6776af8aeeb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
954B

MD5
cfbcaaa0adaabf7569452f2d8f026e3a

SHA1
c398029c2edfbad37e7404d839e9f8e7f68caa26

SHA256
0680c9474066a71af4b6ea8c0285f4722bde68edb7be3849a4c2ff423d5347fa

SHA512
c9f553fa7afcd651a82671d6fab6d8dc920610c5bf555f0669f2d946d975e4a1d12b988113f1350ccda2fa33e2f62a742e919f30fd7a6599bf7ea9046fcb5e2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0e15481e0120a6f42ccdae605010d44e

SHA1
c36dbbaa934e51ba0eed6dc5df540dc73e4c5cd4

SHA256
f9048c610d1c3d6058969d610602e3ed11cbe615262737d170b1fdd2a2a50a3a

SHA512
2852847cc219f038429b0e8f84a233af6b0c11d1a2fbf8dfa613e5c912ae5d3a08e3d19055f95029a88db50aacaedb6da79fb40ead5a84d31b47b60c965c45e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
73b255015ae27dfed987d3dcce6e3b97

SHA1
0aa989c1d133a3ed7760c9ef7581847df6f810b9

SHA256
c13cae0be3b234f6d88073b399d46c21b93155c3cd62fbb8cbad3a9a9828f1fb

SHA512
b247d64396aa2501e35f1f742f10cf53c9948d44bfb3f2d698294dc34e4824a580abc70c328e8d84217fe29355417536b158367f7092d9c3ed425e4b8007d76a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
200238b1ea1a2b4df1f4cd984d938ccb

SHA1
c60b813ac5bf9cf3a97fb8bce3b86fac557c40be

SHA256
f6c14cc46559a236b4827675f9abf664d097b6bac90345fc424c19eb8411ccd4

SHA512
844191a32fbb883253682519fd75e1e27e2c6a9cfbd34e8081224c73ce9f12fc7471c84eb808a020b88089ff783b9e90d51cc36b41d435d4f0fbf55ca93da463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c5390a0c87384e0666bc9e21153371d

SHA1
a8942f96aaf6b1976fa2ade14334f5dffe5dda07

SHA256
08c6eef17bd0c80ffe82603f9043ee1660bd3ab629389a599b6936a17fc644f6

SHA512
c0dddb4f77b505cd20026c325daf6077c0875c8b1ac0139207dc674c91ef2a02f4b2b83dfd922370269df963c7052b08a58d0a80b090681a3a2c719bdb74e675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
35c11c31c589e669315065526c9ff185

SHA1
5850c174c8a63bcf6f9fe4d634c05a0b52d4d5d5

SHA256
7ef4d0b14d088d1f8ec688d24561be113731afe4ba41d526095ad3c5d0991ba9

SHA512
c61331fa09e7890cb4dd2c6f389ebaa4bf633831140c5eb8227e29a95f0df6f215038f1605197bc38ceaef5f5c7ace80bfc506f790a52ee97e445672eed1cccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
672844213c7e9e18aa9fc873fa605938

SHA1
44283dc0e83293ee4561843b8a3ac5f574ba457b

SHA256
b90e8a3734a785613d12d61354ca9a46071a00356822beeae0dd60ac713e328d

SHA512
a25e954b099033868e4e8933bce0e2f0a4a2ea3ca64c37b73bc14edaaa2a8905af05343ca7efd6352196ed3786329a9e53df29a771defdd0bb5a7b976a89cbbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ae60df7609146e8ac630b41b3cbd1ce3

SHA1
07994a66b0c7a82cf6010aa1c2583bec185319eb

SHA256
ca50750d6393a24a6c42a925ffb09187dc5be5dc3aa3766b8f81f2533e8f5f39

SHA512
53082b2c44e60cfdb22115a28452d7ce5e10923630cb032e81bac8a1f92cef7fbf866cb968f078d155a75d15caf5a577b6e5012b7e8fd01529cf94d461fdbd86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1c21b7853a43cc5632c761dcbe24fcd0

SHA1
869af1f4697b20aca6881e05b551f041002f6920

SHA256
d8cf3bd9827835aa1dfb48ffaeae5626d6288e86678797fe89e3cdb141072ce2

SHA512
96819f6e86d7bca41e875b856ce8dc57e7578d9d6c4f3fe531657f3f889c7bcaf6bbf1d1557cef7ecfc6008abe52375b80555f2d87858efad988b6bd00e0f406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58748f.TMP

Filesize
1KB

MD5
3691587b67db62ee583b07497cf19785

SHA1
2e8d8695a87d4d475d7d9899bad1f12d4d13bcae

SHA256
cfd1625074b5969a009de7558ed255719ad66bd737d954b5ddbc0bb6e93580d0

SHA512
bd48fc6362d89733b424f70be0de537711ceb0aeb3bf13ec94fb4268432014fcc6fd3332262e73ffc84edccb140a3ab52441b0cd06d8070abc3be94cd005dced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2ad1dad8e8ecf161b5ab7d0fa68fc47b

SHA1
63a3cf6a0ea4eca32a42cc38f63efa6b3e845ad2

SHA256
a67fe716b4ab6713c807242b610664f122b61605c5e50b4db7c8581a2a1f50de

SHA512
a050c3d56d023b48bc302330d9b033cdeeb03253edc090854cd22f0df4e27ff3671f2d33c167cba058fdbb9439250fbe499d9ac5bdc20639070343a442ede54e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
13aad40fcf3f1e59f6173725ffe3a129

SHA1
9ccb7819229108a761f21f3fc470eb5486bf2624

SHA256
c38dd2d00c621d124a69f405d2c8c3fe6ad64cc1dd6b57600d49a2b020c80cd0

SHA512
cd7ba0fa9de87ad6b773a4a5ad62d58311c8d729154868bd7ae9052b6aaff90ab72dcf2c9997d5c3a97e68c7e47fa7f18d9f89b0d5ecb5d94f9a6469753f001c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 657004.crdownload

Filesize
7.7MB

MD5
ce486f16b14240fa3c9da7dbf0883e35

SHA1
9b2843811b7cee87138a675dead3d891a48b9be9

SHA256
41f5035bd0070cd9b240d684e1b055d9d76140ab53196cac1a6172b9490a3063

SHA512
fe35664b3fb8c1e4cee9a56b5f2c0963a55ffdfebe4b619c4070c70d6c6a316b08f410b1519cf3774762b28c5d3bd8895e831caedee89fba9ed961c02648e4ff

Download Submit