hxxp://youtube[.]com

Resubmissions

16/03/2025, 09:49

250316-ltrjfsxybv 7

15/03/2025, 21:53

250315-1rsfasvsbx 10

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
16/03/2025, 09:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3720	msedge.exe

Drops file in Program Files directory 16 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3720_266795669\well_known_domains.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3720_266795669\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3720_1708807310\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3720_1708807310\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3720_924856472\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3720_266795669\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3720_1708807310\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3720_1518008380\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3720_924856472\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3720_1708807310\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3720_1708807310\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3720_1518008380\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3720_924856472\crs.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3720_924856472\kp_pinslist.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3720_1518008380\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3720_924856472\ct_config.pb	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133865921977070362"	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{8497EC45-554D-4473-AE91-758F64C7D43A}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{0052D0C4-28E4-4634-915F-4391EA10CFC6}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5692	msedge.exe
5692	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	440	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	440	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3720 wrote to memory of 5436	3720	msedge.exe	85
PID 3720 wrote to memory of 5436	3720	msedge.exe	85
PID 3720 wrote to memory of 644	3720	msedge.exe	86
PID 3720 wrote to memory of 644	3720	msedge.exe	86
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 5568	3720	msedge.exe	87
PID 3720 wrote to memory of 2904	3720	msedge.exe	88
PID 3720 wrote to memory of 2904	3720	msedge.exe	88
PID 3720 wrote to memory of 2904	3720	msedge.exe	88
PID 3720 wrote to memory of 2904	3720	msedge.exe	88
PID 3720 wrote to memory of 2904	3720	msedge.exe	88
PID 3720 wrote to memory of 2904	3720	msedge.exe	88
PID 3720 wrote to memory of 2904	3720	msedge.exe	88
PID 3720 wrote to memory of 2904	3720	msedge.exe	88
PID 3720 wrote to memory of 2904	3720	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://youtube.com
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ff8d120f208,0x7ff8d120f214,0x7ff8d120f220
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1924,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2232,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2580,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3520,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3528,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4992,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4332,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3656,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:8
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5412,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4916,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5532,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5520,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6244,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:8
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6244,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:8
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6364,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=6372 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6348,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=3820 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6280,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6284,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=6600 /prefetch:8
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5668,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6016,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=6840 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2920,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=6836 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6932,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=6960 /prefetch:8
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6844,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=7064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6320,i,1952443592894539109,16952173229206514748,262144 --variations-seed-version --mojo-platform-channel-handle=3236 /prefetch:8
  2⤵
  PID:6108

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4616

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping3720_266795669\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3720_924856472\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3720_924856472\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
690f9d619434781cadb75580a074a84d

SHA1
9c952a5597941ab800cae7262842ab6ac0b82ab1

SHA256
fc2e4954dbe6b72d5b09e1dc6360ea699437a2551355c2950da0b3d3a4779fc1

SHA512
d6b1da8e7febf926e8b6c316164efbbac22c7c3d9e4933a19fffba3d1667e1993cdeb5064aa53816c0c53f9d2c53e204772de987eb18adbb094a0fb84ae61fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
31629b139486f821d9bf568b5a3840c9

SHA1
493a5312082cb232bb458a611e13ff16a19ab84a

SHA256
06710c66beaacc8177894cbf9f132a3d3fd0b6d6dfa98154cf6d9416c9a8d7cb

SHA512
1cfd983a0664c7e73dc3b24fdc9af79370745a424cda1f8587eb9121eae54901ce12b863ee10924bb78227f0039ea67745c5c8c7afba1a8ceedc31a4c7a2ac5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57bd93.TMP

Filesize
3KB

MD5
5e20f59c2b5b8bf770d5cdbd44dbb049

SHA1
257cb5c32ea74ce6eae7639f2cc69c9b1a39689b

SHA256
59a046ac70fe0709f9cdaaa1746f6103076209a7b6471fd8550964f6ae0e183a

SHA512
86da4be2800109c3801836af46b86efd54f169a337ff424ee9b6f6aa96a7c4bd538c6186536eea13a202eb4b29de99c98d3491c58205ba2c66488511bea17423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2b8d93bd40de1fbc52e31eb5f4080c52

SHA1
d1bb593c65e2cb7e0a3d4afccc952ecfb9caeb47

SHA256
da43d565ee2e01d36066cce9331bd7f6d066be8a4c2ed2bc3992984e211fde8c

SHA512
8d94c5115c3a6b0f104e6f8122677fa75815bd33d2b6308df8a75093bf26abab33bbef4af5ea68f87e458481bda757ad1752629f56df573a4470c9ab9343085e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
57885f45d558083073981edf807b1b23

SHA1
540790012604e73a7b76a60c1ecc899e4fc22190

SHA256
e9f38d814c1659a31cd886e9ade18efbd2b690a271d29e413a1de1e288bab2b5

SHA512
aefd0390519e5ae35eaedcee467189ce63a45c5eba8e0fef28c49c8278065cac6b6866ea64735681c04ae01baa82ccd60d745ab57c0f21e3aabab43902b48238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
72e8b420f41ecfb873921a8226b75427

SHA1
229c22f5fd4baaab72615e19fb2f0710c5ba6dba

SHA256
22ae09cfb42b82580d423fdb711d1cad1b918ca348e8f7f6831e761223f796e5

SHA512
baf0da94e8dbeeac50b63acb6ff32bf62bd47e97fc41e58cbf0963ea54454379d34aa179c9862d207d37f827ad5059f03bd7cb02b3d976ee45c1ec22c01a287d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
7a33f788feaebdd0471471575e0612c9

SHA1
ad717fb6531536bd62f6ac5ad464e5685bed91f4

SHA256
b9fa62cc304a9b4e06eab7945b2bd9ea52553f8ef25b74c1011dbd1ff282a281

SHA512
c7bf61615a2227e40342f659192b9ba3a244b26490b94a3873e2ae71c0dad57a8f12cfd59c9aaa7d290637e969696b681a9919815a54b0da5017234a25644bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fadadd3e-b4be-4344-9d60-fd0956a23725\index-dir\the-real-index

Filesize
2KB

MD5
71282a57c58fe8e9bd8354dba983fb72

SHA1
db00f507e99945f7d4fb3df5b9b600896039556c

SHA256
872b51946ce95466052bfcc807d9eeab85f426459e78ae1bde9a5825fa3f4d97

SHA512
733e87514db9433634c6b721f8be31e9e7af2e550cae67d67a1286c03fbc027a271dd6e1d10926055b9c8239ee07ad41b26351f546f20ca565a4b8c63ff842d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fadadd3e-b4be-4344-9d60-fd0956a23725\index-dir\the-real-index~RFe57a930.TMP

Filesize
48B

MD5
0c048369935a82bffbf7cf77af1f1768

SHA1
3c48754c088c81cdabcf4670b7647317c7a993e7

SHA256
653eae45d4cd86e4fa95fcc28a9c9ec4c7a64a16de283449bbb5f7b99c74dacb

SHA512
9f7e5aa8b149da8b32d039575e6100affa4cde88f7d974f3657c611b9cd81c617752b5065cab25e24bf2de7c33bd7463817d38648c77c035af47ae67f84292cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
44abf01467e9ac380ee6568aee829682

SHA1
3083fe7ce72dbf696e798d1d1407c9a9789dcadf

SHA256
f596f10aa1bb84b4d3ec3c7a194d7b4b8b45157d548302471458ff7ed573dba4

SHA512
59921d3c89ec91ecea34044fabd633014bc2b1ec608f3abd362f86d525ae5044a9f58fd8e980e0b8b6eafadc556601e4467c904e7025b2b39cf63ebe6ca4a861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
eba4fe512eb2a328149c339b0497a4a5

SHA1
df611a4043162a9b046ad650ff5b91c4d7af456e

SHA256
3583b1a6931b2c20649295679cbbce8406b2f0c3230ed6abea827bbbab398d0b

SHA512
daf95dae54441206ea42eae13693e0abfd460dea6decd7703f5d7859fb2f7ae779f3ba86e6db5a25526f5a4c74e12ac52480285fce34016ef0fc641530408c1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
24f650fbf7bee4fda7d9a774a4587016

SHA1
764708fd51e25933cd965c354d2640387fd33bdc

SHA256
51adc562ea500e46b71c68c549992071016abd62be00435142b737ebce1fb639

SHA512
81a2a477a1b003d0ed23b4d548afae5e2d8367146fbeff5d845d76633010d9c8c4c98c1eb12b29f83c6b306f8e17698c2df33e3172a083545005c6393454bf89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe575592.TMP

Filesize
119B

MD5
6162e4a21c01d1a2971a12d78185a92b

SHA1
20233d901e5dab5837cff8a648da4ad912767361

SHA256
d8c4abb614c99ad692778fc1051ad6921a7dd63ce7a42a3d7cc807d1b88c3a45

SHA512
60765be0df378962af9f2420c96246be1a9ec3e92c358d20901b127866ab4316d349bd9ed9926ac97f735259819edaceb3057138906ba55120c2ba3fe51af44b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c7a92b765591d27ef27130dd57dda0b5

SHA1
fbda625bcc78aeb0839b8aa61181caffad449a3f

SHA256
54759529a12f9a23afc788837b32cba31e0b95e06e08c6a9bccf0d9ef592d33f

SHA512
d65021ea357fbde76ae8ff289acb41b88e83014c5f29f3c5f0a1f304d16f95d5e2862ff58779dc15000d5fad1235d817d9772dce26d7d702c40c08d2a3c5e5b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a43f.TMP

Filesize
48B

MD5
31a88d18e6412b3b733b99c8360e2175

SHA1
4f65a97dc7b393abf6d4ba8b865b4ebdbd60cd47

SHA256
ec6ff20e1c3d841ccd05c23edf722be146676f7b168d8f6073b2a2cf267da3c5

SHA512
5a736b3eab7aa4a101a9e620c6a4fee74f160fb97b332d38544a55df4552f467ad627bfc6e610cae5439052b4bb689345f8a480c34e9d170436fa92e8d1e4ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
fe333c3663576e6c370e09ff70c61bc7

SHA1
808bba499635e396ea9be80f12f50af0b8e86471

SHA256
198455955cc2d9367f6c234b14006a18ebbf9748d5fdd0402e6bdf90e7c2cd8e

SHA512
4b3ca5f0c535378da43090456aa6d01489d35f02c8ce13509bfd4f23e86f3db995169efb3552645b277bbeb39f2bd791bdac9a906197536967d4ae1776c732db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
462B

MD5
09d3bc0480dfacadc6d248d07801a23f

SHA1
e0a5fd886e6d333ebac805e38fcb9b04f219a9d8

SHA256
33dd2e979bd4a7adff81cefc0b1e968c2ac7fc670f9a2a1935851a6003232e9b

SHA512
4296592fc024cd79b5f70c934d344e84bc6b91c1987964c5089ff9bb19d6994882c06aaaa31e74a0f42bc882e42fb10fa1f0cf9bce934a0fe5de59839e9bb318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
51f1f492da975b0c2e79e3470eb9d893

SHA1
c4738fd97bad85bd9a477d41d6607f920dce49eb

SHA256
b7c87b7f5ac331374e19b3ca7eabb120f9543bcc94f7437aa1738cdbf921a61a

SHA512
5992160d9b8f6ba60d9300df5714930e656a76cbbefaee392250d08626d1e7f633b0cf34ae6721dbb0a8e39b88c7e9e3026e3a8e09f8739ff871a74d436975ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
64fcb5ac533d6c708bf4b8c5873565b9

SHA1
93c902613e90e3e28010a6fea2e58d29957f89c5

SHA256
6a28f48003b858023011274ce21495712f9f4e1965b815dd00764ba26e9a1a0e

SHA512
91b96f70c471651a9d1eec7335cfa5c931793af78e3410e5abf975ee714c19add7aaf77c70b0cd6793748beaf3128e7472f683f18483cab81f781a3f3e6af88a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
00d6e45dd5e3907e36ea6de438ad7664

SHA1
7d958083144446c9093a876e33f989cd61709ef2

SHA256
e709c265cf89b9a9011f7eb56341a6805d2c040ecfa524bbe97eb76da2c79697

SHA512
c8d98a1e2afa4cdf4d46740bb7243867673e3a5310b547337a4c9482788411584f645e5f47939cb28dd3560a23a1f1b8601833dd68a738d409ec3ae9a1be66a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
07c36636ad8bcc0a41d1f8b8b436d10a

SHA1
27706ce297810815e8130a8ec392f7fc2daf5354

SHA256
9112becfbb963c9f2aa719eddbc25e202a07d9b67cea0760f16263678579a6f9

SHA512
4f3524ba6fb6f874a83224ba28d61f720b7745cabbcdce5884aba8585c30e30d1187ca0aee271c9aba2441ee5b6371f79d2bb52c77c468463702e7fd9a7e5a85

Download Submit