e36962c7613c7cec9e09e4e20d044d59f48fd5b7f969bdc0251703f2dd0998bd

Analysis

max time kernel
147s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
16/03/2025, 11:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

R.E.P.O/OnlineFix.url
Size

46B
MD5

59bf167dc52a52f6e45f418f8c73ffa1
SHA1

fa006950a6a971e89d4a1c23070d458a30463999
SHA256

3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
SHA512

00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
4920	msedge.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
62	discord.com
63	discord.com

Drops file in Program Files directory 16 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4920_118083628\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4920_2009539438\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4920_2009539438\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4920_1388994481\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4920_118083628\kp_pinslist.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4920_118083628\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4920_1332858161\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4920_2009539438\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4920_2009539438\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4920_118083628\crs.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4920_1332858161\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4920_1388994481\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4920_1388994481\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4920_118083628\ct_config.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4920_1332858161\well_known_domains.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4920_2009539438\sets.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133866002953190719"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{8E594C23-DD62-4CA9-91A8-3D76CCC57B33}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2548	msedge.exe
2548	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4920	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4980 wrote to memory of 4856	4980	rundll32.exe	85
PID 4980 wrote to memory of 4856	4980	rundll32.exe	85
PID 4856 wrote to memory of 4920	4856	msedge.exe	87
PID 4856 wrote to memory of 4920	4856	msedge.exe	87
PID 4920 wrote to memory of 5088	4920	msedge.exe	88
PID 4920 wrote to memory of 5088	4920	msedge.exe	88
PID 4920 wrote to memory of 1456	4920	msedge.exe	89
PID 4920 wrote to memory of 1456	4920	msedge.exe	89
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 1708	4920	msedge.exe	90
PID 4920 wrote to memory of 5008	4920	msedge.exe	91
PID 4920 wrote to memory of 5008	4920	msedge.exe	91
PID 4920 wrote to memory of 5008	4920	msedge.exe	91
PID 4920 wrote to memory of 5008	4920	msedge.exe	91
PID 4920 wrote to memory of 5008	4920	msedge.exe	91

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\R.E.P.O\OnlineFix.url
1⤵
- Suspicious use of WriteProcessMemory
PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online-fix.me/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://online-fix.me/
    3⤵
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:4920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x254,0x7ff9693bf208,0x7ff9693bf214,0x7ff9693bf220
      4⤵
      PID:5088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1904,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:3
      4⤵
      PID:1456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2188,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=2184 /prefetch:2
      4⤵
      PID:1708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2456,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=2500 /prefetch:8
      4⤵
      PID:5008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3444,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1
      4⤵
      PID:4364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3484,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:1
      4⤵
      PID:3904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4996,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=5004 /prefetch:1
      4⤵
      PID:636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5176,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=5184 /prefetch:1
      4⤵
      PID:4292
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5364,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=5396 /prefetch:1
      4⤵
      PID:5632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6092,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=6088 /prefetch:8
      4⤵
      PID:3672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5704,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=4780 /prefetch:1
      4⤵
      PID:388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6032,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=5984 /prefetch:8
      4⤵
      PID:1988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=5256,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=4904 /prefetch:1
      4⤵
      PID:3420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6204,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=6200 /prefetch:8
      4⤵
      PID:4100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3548,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:8
      4⤵
      PID:4040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6220,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=6312 /prefetch:8
      4⤵
      PID:1664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6332,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=6256 /prefetch:8
      4⤵
      PID:2356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6212,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=2104 /prefetch:8
      4⤵
      PID:4076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6716,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=6648 /prefetch:8
      4⤵
      PID:2004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7072,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=6320 /prefetch:8
      4⤵
      PID:2576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7072,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=6320 /prefetch:8
      4⤵
      PID:2988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5716,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=5936 /prefetch:8
      4⤵
      PID:772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6528,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=6572 /prefetch:8
      4⤵
      PID:4932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=6128,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:1
      4⤵
      PID:5000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5448,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=5508 /prefetch:8
      4⤵
      PID:1540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6436,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=6468 /prefetch:8
      4⤵
      PID:1908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=760,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=6740 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6620,i,6740630695885601851,7011854140499730273,262144 --variations-seed-version --mojo-platform-channel-handle=3300 /prefetch:8
      4⤵
      PID:5172

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1944

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f8 0x2fc
1⤵
PID:4564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping4920_118083628\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4920_1332858161\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4920_1388994481\manifest.fingerprint

Filesize
66B

MD5
a9ad1318d1471dd1400e12e76d7a2c0c

SHA1
4fcb197b74943af818f72405ae2b4c0057bf47a9

SHA256
434cd3a6a04ec7395a5414afc841ce3757feac54a3bfe9173823a79e5751a55a

SHA512
341b4c3bb5792cbb8b092351fc0ff38a5698cc79d041fee9023fba37e7131b53de7c2b619a7b6c18e7d77973158fdfb94c8b76ecb617bace97f0c00155f7d5a0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4920_1388994481\manifest.json

Filesize
118B

MD5
ffa5fcfeb00002903f6cf667e9fe6a3c

SHA1
ad765ea344c8cfd95a591da8259fe412e52d13b0

SHA256
dd0679c622258bad2e2ddaec3470297259dc68b55b8c4f4d7f2f28a378826217

SHA512
8da9b780e9bc6785efbd56b51a4decc8703c9f1d41b33469153cc0aea8190c1b6a9001128c6022756a66ee539086ad6f787da84b6b7082dc51939077365e7beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
df2d1721cd4e4eff7049314710dc7c11

SHA1
f5aed0158b2c0a00302f743841188881d811637a

SHA256
ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93

SHA512
11fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\90c4de90-8485-4df8-99fa-37a96bd419de.tmp

Filesize
18KB

MD5
9ac3db3eccecebc4bd32b040a48df973

SHA1
265ea6694ca5fbf76a2c3bc5640fdea187ad7389

SHA256
e750ee276e66f59298c7ea6ea61f0a4a6208947c762fd4012ad51b284820f38f

SHA512
c521b70df9153c428f2cea972a62c6d362c8813dabb86d0aab3aa9aad8e6b632e10b131107e037022dbb86d009e765d7426ead63a6b7ca77ec70b297901145da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000109

Filesize
255KB

MD5
e80cdded42978faae0ba033638a524ef

SHA1
4bc7ca1769ae8f7d4ae1abbe58776aefb4d0beb1

SHA256
f53ea4b855088dce71229d9760b4c6afef96a764daf95b5e3852cfdcc38e69cb

SHA512
b02648b654c1223ebecba8fbb8509b8e608760f6f8063acc3bc39511e9bf58d20a47d3f81cb627e9cd0d3a86a6ac554a51aff1648723cf20e61775e79982a999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
8ae514d7ca93f60c9f1947f0458e3e54

SHA1
ec2047f6694f0e437159864a5a5d35973a5abaeb

SHA256
01dd242949f4136082f631c47490acc6a5ddccfa3f06305f3446cf4280c932c0

SHA512
b790f920e07177deb0ce30905e736d13026e43a0fc1c7238c8147627064d53490cbbe00ab44236bb7d198481127125e7d6a9f90748694710bb58953661a8df47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7cf8dc2ad374d675cc1edf252aa397a1

SHA1
10f5a48a5a6ed3efe0431cc089698aa714a967c6

SHA256
87077c5b0f6baddd2935d6f515ef9bfec018bd8420d6d4e049ef09e73ac3e173

SHA512
2de7fc22489a619a297978d31b10931a8ebff40fd58e26d92127cfe07403894741643c0590f3ee24dc1fb8aa2dc0fa62dc2fbb3eb70b6447a09b36854e7cc50a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58650e.TMP

Filesize
3KB

MD5
a02cd70d1ed0c12586742ef672d3c90e

SHA1
9a3725144f6e8950a3c302851e60636bd940207a

SHA256
4d9c80f94ff79e5c7e7c02d0f4a545a1f72569a80e8f524a855e62617e91e347

SHA512
fcc6079969fbaac9bbf327f3fba626a9ec61635278e0d8de237d84bc9af3b2a4ef765bd6bc604dd0a01717bc01798737a65c2c28d30428696494b39973c54dfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
6de5f1ac1759a5606f4f287778928655

SHA1
ad654da4df6af4ffa5135988e8edd93bcbd8326f

SHA256
983d2ddb0ce8fe50353816ca70ecd8509da6f60ec68b7d03e40ff15b3a587e9c

SHA512
beda12de14e995d5d6de683a476f75ae0860c6e077268daf3fd9e73d4478122a308a42c8c177db9585f16c22939c52f13d93b11b69b56f02feeb688fb0bbcbb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
c182c1c6948f92a3d3062ffecf5e510d

SHA1
c7ed8e48a6f6e4181f4a8ce458506d5e48879482

SHA256
ca9366fedd41495aac9873e6ee1105bd56246029f660c5dd3eef71b4d947ca9a

SHA512
62fb2a1afd525048ade196b58bbb7f8b244bad3ca8421283334f6f93191ed7a87a8545693c39c82cd5d63645fbf2b458348cc6f3c55138059860c1aba0381518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
34a4364979cc9ab7518c31f27dcca6e7

SHA1
8f668a1664e425ec13578ea9a5c8a45b154ac0b7

SHA256
00f43804a19a9eb62793b693ac18e15f1055ef2663e09c360c43ad8b976a91ac

SHA512
6e3d3bbe95927bbec877d700a465665ed2d1667cf20f2f03df23d570c1a2c3aa3c78eac5da384135757fab8ab73e18fb0a477c987dfc711fb660db021d7b4728

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
65f0a55350ea7d00064ec21aa9ee8ad5

SHA1
c9e1462ed7f0fe00879e101f4b2964aa9cd9431b

SHA256
ac9aa10699e2b19b3407bde3ddc0cd6eea08889fa351023545e660f779b8a9cd

SHA512
b05dad52c763019e89e6c0943ef90156e819583d5b91bbbf475db55ca3bd262bcd24f498f8680afd511cbe24c892a8b0a2a2e6ff18a11ced610c55767b9cb610

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d15d82f2-1179-4a4f-828a-76d9e6a2e953.tmp

Filesize
18KB

MD5
e40119b882fbbcdd77a34a713ff584d2

SHA1
d42e0f3fd55adc3f4e5ef355befacb22ffa00d02

SHA256
65759bd5e3e7eb2f32136a3fe2e393ca6e1dac1124fc5cccfb47fe4e8e023dea

SHA512
5bf8941f1e1b948158edeb49aeb9d990b816b75b6d8d1704b64b958d835a3063f2577617357bfd65dc8f95c51a53f1c05e71bcfa963a2d584978532cc112b6b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
462B

MD5
537f6818a19ebd41d26bcde4cc5100ab

SHA1
0916be6ef8a255c7675771c6dfd8b134b8be6d2d

SHA256
e5dde67a0e79f749f5c75290e9038f97f06774ea25dd57a290b561a15911587e

SHA512
20dfe60995cb8d1b911b66f4d32bd53a3aa208b32680c254e64588e3ff6c0bb02f0b544b18f63cc5c63c0be20015e6d4d38403573d26df30750bc03206f1435e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
25788547997ccf4d1a86b253357d61e4

SHA1
8ae1a029d0d505715dc4963bf9de28212d7bbd74

SHA256
1e8754db7cdda88ed48925d180d9b42d118d0c1546a5df7c6854bd7c1c247fbe

SHA512
44b941032c7b20df035388e78c25a88cc09dc8a43337396099541450161726b2058acb09fbf34f99c30fe5889320bcaa59363fe480f9afe07ed05f53fafbc6ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
2973b375a57ee42414ba6acc56cbbd1c

SHA1
0662526e97e4f2ebccba79ee7a8d8d156af4a8dc

SHA256
42c36cbf15d11712f23bd77e724a0eb0e0bde8a6716906e21509682a58a83744

SHA512
e012b5c0c6f2ce451eee1f10015fd22f57e1022713903c7ca9da89132ff825ca07916acfd1707f63bb55d60db1a1037dc920ef39218791a7016c5195ba4304b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
166b26a6facb3c58c70f5b8e2506509b

SHA1
e8210b316ea6928d70f347b83694ac363553d3b0

SHA256
59e3554707c9967a8e918cc7e41bea43e8cc594186ab6c7d3c215baa80dd99c2

SHA512
24afa7f0b2496d2101146f02dd104c5180e44ad12dc1935558ba40672d9f901a5844711069cb1360f397183d5901f3f5b5be8d5235ae1492daa330b6d0f34c67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.16.1\typosquatting_list.pb

Filesize
631KB

MD5
c3ec8bf0a625c2583833a3340825f1cb

SHA1
582054710a312897117128ed59ddadc983525eb6

SHA256
7d10e035e0b2e152a1fe32a92b0b34295a979f7db2269cfba69d4aaf3401b77f

SHA512
175125259eb39225d0584fa4e3c5cbfc66bd22646cf32677f0eb7514a0abeb2c08118375210a69207be85e6e7ebdd9b6fa9a967d3c4ecd40ecd514e306873c6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
955a29ddce71a6ed037b5d53c79f142a

SHA1
5a692b55f06ad759e6e0bf5d4c030675078237d9

SHA256
117c7f2535c5a2daa31121ee8d3849d0b1b8197d22f0cb8b3c90f2900da98679

SHA512
5b933431a388c1ef39ddafe13e2fa178d282af62de7651a5908ea23e28a45649188635b65de379bda61f2b7fcd8bfcf6b2ce53d0c970147b3c936744da254634

Download Submit