36c671f11e2ed73f203ce4e7d38e3488ebbe29f8de0234c8727297b8d4c21f9b

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_961f18f59bc81a16f4a89b9ab044a819.html
Size

44KB
MD5

961f18f59bc81a16f4a89b9ab044a819
SHA1

57c1125709df905aa1256dcb922267b978833473
SHA256

36c671f11e2ed73f203ce4e7d38e3488ebbe29f8de0234c8727297b8d4c21f9b
SHA512

2fdade064eda0435338a978c422fc70a275aa90ff4ab90deee0a4271560cded90a4b6cbad5ac97c299a4bdc057c2079f977ebf38acf90463cf45fa550d459b71
SSDEEP

384:jSV0u+0L1tC/PYjamXRM9ULJtZEA0GNSRYkbeF0TSHoI3Ur0ktOS+B5TQwDd6mbT:jSau+0L1fNGBubDC3ffxdzbiHeY

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_1254988977\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_440520686\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_440520686\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_440520686\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_440520686\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_46610113\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_46610113\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_1757344963\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_5320_146744460\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_440520686\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_46610113\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_46610113\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_1757344963\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_1757344963\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5320_630430477\_locales\cs\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877878122458704"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{C6BC030C-7839-403B-A5AB-A3C92ED41896}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4152	msedge.exe
4152	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe
5320	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5320 wrote to memory of 2876	5320	msedge.exe	86
PID 5320 wrote to memory of 2876	5320	msedge.exe	86
PID 5320 wrote to memory of 2160	5320	msedge.exe	87
PID 5320 wrote to memory of 2160	5320	msedge.exe	87
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5340	5320	msedge.exe	88
PID 5320 wrote to memory of 5268	5320	msedge.exe	89
PID 5320 wrote to memory of 5268	5320	msedge.exe	89
PID 5320 wrote to memory of 5268	5320	msedge.exe	89
PID 5320 wrote to memory of 5268	5320	msedge.exe	89
PID 5320 wrote to memory of 5268	5320	msedge.exe	89
PID 5320 wrote to memory of 5268	5320	msedge.exe	89
PID 5320 wrote to memory of 5268	5320	msedge.exe	89
PID 5320 wrote to memory of 5268	5320	msedge.exe	89
PID 5320 wrote to memory of 5268	5320	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_961f18f59bc81a16f4a89b9ab044a819.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x290,0x7ff96a6df208,0x7ff96a6df214,0x7ff96a6df220
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1780,i,14403955777868481895,17311579482754979672,262144 --variations-seed-version --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2276,i,14403955777868481895,17311579482754979672,262144 --variations-seed-version --mojo-platform-channel-handle=2272 /prefetch:2
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2472,i,14403955777868481895,17311579482754979672,262144 --variations-seed-version --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3528,i,14403955777868481895,17311579482754979672,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3556,i,14403955777868481895,17311579482754979672,262144 --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5000,i,14403955777868481895,17311579482754979672,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4940,i,14403955777868481895,17311579482754979672,262144 --variations-seed-version --mojo-platform-channel-handle=4352 /prefetch:8
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5416,i,14403955777868481895,17311579482754979672,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5456,i,14403955777868481895,17311579482754979672,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5456,i,14403955777868481895,17311579482754979672,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6032,i,14403955777868481895,17311579482754979672,262144 --variations-seed-version --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6056,i,14403955777868481895,17311579482754979672,262144 --variations-seed-version --mojo-platform-channel-handle=6200 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5428,i,14403955777868481895,17311579482754979672,262144 --variations-seed-version --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6212,i,14403955777868481895,17311579482754979672,262144 --variations-seed-version --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6188,i,14403955777868481895,17311579482754979672,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5148,i,14403955777868481895,17311579482754979672,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5724,i,14403955777868481895,17311579482754979672,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5784,i,14403955777868481895,17311579482754979672,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5832,i,14403955777868481895,17311579482754979672,262144 --variations-seed-version --mojo-platform-channel-handle=764 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5564,i,14403955777868481895,17311579482754979672,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5596,i,14403955777868481895,17311579482754979672,262144 --variations-seed-version --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4984

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5320_1254988977\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5320_1254988977\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5320_1757344963\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5320_46610113\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5320_46610113\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
df2d1721cd4e4eff7049314710dc7c11

SHA1
f5aed0158b2c0a00302f743841188881d811637a

SHA256
ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93

SHA512
11fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
406a4b2d888f39096623cdb242e38256

SHA1
4649e126f6a57453386ced25ed1085a80d583c67

SHA256
6f48b7419184edf1384443adb71bcce75efcfb660ded29afc86ad6940b9e6e6a

SHA512
5b1f7bea6c0d39a158a99d1ddf654d273d7cf214d66c2a00bd4fbdf1ba2105ce7267545b1b6d7218de4b9500ac1d7f3747788731c082b2c3fa806cfc4efc998d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
e93e7fe53b32dadcba7f1fc25903833e

SHA1
6d7037456ea43074b7140c0a0cc0ea05a4ac7018

SHA256
bd945cbcbc35164fa5606b4dddfef2b324953a29c00a263ee6ced999dbb28290

SHA512
72a5266ca65955b3392cb3c18042637ece81509ba019f03f38c6f372d79c4998c556d1b119e2d80867fb01e3f62571a4983528ac7b6e91b21e981edcedb24d1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
bf0c769c901491e0163f82139524a5d8

SHA1
690e68877cd5fe1288ae9c2635ff41f76d18fb8f

SHA256
c57892daafd7e10905ae128a0a892a80e327c0842486a44e75494aab93b9ff19

SHA512
b8f75e9a7470a9517b44df60f4402e2a5f49252858fa2820b0569ef0f46fde64c8d8ad9d6bb3f85b3dd631943f6e9c8b89ff90730ed3054fc18f6a1159437102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
f47af513e48f0f1d4c93d43c072bd252

SHA1
398093296d2e5e90c770e2208aedb9030af7272b

SHA256
7e352a49338f75e0b168963f05adbf0852a77e2cedeef2c37dc21facd2ce07fc

SHA512
af44da09f7bc88ce735bfd11259556a90614e99344222a4eab8bb3bb970e4cf157b83ca35b79bd50314f1341fdbb1c33a0272b181e6b94222ba39c6c030eb764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
36859e1aa0036e4e2faa9afe52eaa27a

SHA1
0bd3fd25835acad22000234f8834d1fdf5d85c94

SHA256
a0f1f448aa3ad9d53148270bd808eb9d8f3a793bf225f146812758b226e78926

SHA512
0a4046c96d0821bb06260866afa5d76fac38eb301316071a67a41cfe34f18da2b1e7adc38ecc401657e2a864be4eb9b7db3ae7dcc92fd7aba91811a668f667ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
50770f098c112653107d495998786d16

SHA1
30787b79c43d3a1776835a558a5bec32141a397a

SHA256
97c04f984f3e2595457b7c9593b18ebf086e8407d00bbe970a1756fbe4b6f830

SHA512
faf95ec5a04dc3daabbcb88e643ea087591e4c7b8a6a3b8811b933b3feff2df57453e6c8c9a8f6e968eacf04c148deea4c11eb2bc1a66e6b2a9752f1a01189c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
87e8ded2f173fe052784c90a7a0e5909

SHA1
095c7872db0d8a4515c6d3c14fc541c80094f6b4

SHA256
c82939e92cd11a3ca2fd9c75a38ce322f75c9ea81b31dbd3ea5841b453b4a1cb

SHA512
65121f8d696f327ac9c50e5e478ffaca845ab04d1abd405c30943400bf995a3bb54dc73476ae6d548f4557973ea7f635f2a2b6ed55b74584ab3a2cf12bb97a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
896B

MD5
5f7d452ad044d267e2a99b21a626311c

SHA1
c45f72fe8cf1c32a57093e080f6c4bf209d62961

SHA256
f8c1314178b9011cc5afd287f797bc7d2a1193cb6ada5a27643acceb952b8e01

SHA512
c33c49e48d97cd6610c2519c50cb21dad843524ccb1aa7bc8bcc4621fb92c9ceb6db4379db6771e17918f28aff9a236ec32a3a87ce9cd6f578247fd919a7f4e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
8f26a33cb475a96e230179192787ad52

SHA1
b0462e3fa26c2538a8f57108e06942c96f0b623a

SHA256
d760544bedc38093d20e39d04ade7f7e9e7c6130a9dd6fe10815f28780bcfd12

SHA512
045755e9f886d9d8fc1071f669266258cbfa1cde2cf2868a929f438f1f283c3cac26344376ee057dc55bffd51e03bf3cafb320779a756f30ee552c224028916f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
be0efd94f1b7e6b7f1fd4d00a2d8a84e

SHA1
dadeed00ccd4d1ddf901dde267efc53e2469e3db

SHA256
456bc5672fb98c21d8acaae60f4eb5213b21dba108d8284b1b8bd5385a6a86a7

SHA512
7abc220e043c42dc72a1148c9a91196fd8c34db2becf24688004a866802c2bde901e4c712defa38f488435308652d11e5d2b8cd3d75719fc64ffc327309579a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
8396056eb306fd8765b7654bbca13cc9

SHA1
67f26f5a0623ced3ae36c1efcb40c4e9f315f879

SHA256
77f1451d7802af3667675c82f6e773f31f7d16dc0e8472f701acbc2b0e5c07e7

SHA512
45ead4ad29b67e8381d26cb545e68ed23dcb471007b5a9e97e0145496f4036a2e12b0e6980dcfcf383b1263fd9a0cd901999dbe8c79e1dd3e9a897b5504991a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
e5e2c7fe2f659ca9519533541729a658

SHA1
9127ca3f51dbbdb8f6c3e29cbbd94e1fc8624e0d

SHA256
5eac5fdc2c4a3106d2240f6c387f5d1cf9b4e4a87dba2819f610701c3a58f034

SHA512
54b7021d16f0e88d34b22b1a1b12d752f8d7b53d9bca5ef8731c08f9c3e126bec8cfc9fa3c790d5abfd130b6af7eeeb00ef2914d318ceaa52e3d14e8937e4c89

Download Submit