hxxps://is[.]gd/wlBdWX

Analysis

max time kernel
144s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
01/04/2025, 19:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/wlBdWX

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
69	1996	msedge.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_2136025101\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_1228590025\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_201478345\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_1228590025\manifest.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_5368_800521030\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_2136025101\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_2136025101\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_1228590025\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_1665467860\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_1665467860\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_537583135\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_1665467860\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5368_201478345\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133880090584830572"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-446031748-3036493239-2009529691-1000\{B4B50AD7-51FB-4E30-8E47-632BA2A1E5AC}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2756	msedge.exe
2756	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe
5368	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5368 wrote to memory of 1356	5368	msedge.exe	85
PID 5368 wrote to memory of 1356	5368	msedge.exe	85
PID 5368 wrote to memory of 1996	5368	msedge.exe	86
PID 5368 wrote to memory of 1996	5368	msedge.exe	86
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 2108	5368	msedge.exe	87
PID 5368 wrote to memory of 5624	5368	msedge.exe	88
PID 5368 wrote to memory of 5624	5368	msedge.exe	88
PID 5368 wrote to memory of 5624	5368	msedge.exe	88
PID 5368 wrote to memory of 5624	5368	msedge.exe	88
PID 5368 wrote to memory of 5624	5368	msedge.exe	88
PID 5368 wrote to memory of 5624	5368	msedge.exe	88
PID 5368 wrote to memory of 5624	5368	msedge.exe	88
PID 5368 wrote to memory of 5624	5368	msedge.exe	88
PID 5368 wrote to memory of 5624	5368	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://is.gd/wlBdWX
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2b8,0x7ff825b7f208,0x7ff825b7f214,0x7ff825b7f220
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1844,i,10034321514386784973,6478217238768104199,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2208,i,10034321514386784973,6478217238768104199,262144 --variations-seed-version --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2576,i,10034321514386784973,6478217238768104199,262144 --variations-seed-version --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3460,i,10034321514386784973,6478217238768104199,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3480,i,10034321514386784973,6478217238768104199,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4956,i,10034321514386784973,6478217238768104199,262144 --variations-seed-version --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3756,i,10034321514386784973,6478217238768104199,262144 --variations-seed-version --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4828,i,10034321514386784973,6478217238768104199,262144 --variations-seed-version --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5492,i,10034321514386784973,6478217238768104199,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5564,i,10034321514386784973,6478217238768104199,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5564,i,10034321514386784973,6478217238768104199,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6124,i,10034321514386784973,6478217238768104199,262144 --variations-seed-version --mojo-platform-channel-handle=6160 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6156,i,10034321514386784973,6478217238768104199,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,10034321514386784973,6478217238768104199,262144 --variations-seed-version --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5908,i,10034321514386784973,6478217238768104199,262144 --variations-seed-version --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5884,i,10034321514386784973,6478217238768104199,262144 --variations-seed-version --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5208,i,10034321514386784973,6478217238768104199,262144 --variations-seed-version --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5788,i,10034321514386784973,6478217238768104199,262144 --variations-seed-version --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5220,i,10034321514386784973,6478217238768104199,262144 --variations-seed-version --mojo-platform-channel-handle=4024 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6176,i,10034321514386784973,6478217238768104199,262144 --variations-seed-version --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3212,i,10034321514386784973,6478217238768104199,262144 --variations-seed-version --mojo-platform-channel-handle=6236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5376,i,10034321514386784973,6478217238768104199,262144 --variations-seed-version --mojo-platform-channel-handle=3976 /prefetch:8
  2⤵
  PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1616

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5368_1665467860\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5368_1665467860\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5368_1665467860\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1bb7de95-695b-48d1-bc19-490987ab25bc.tmp

Filesize
40KB

MD5
638aa3b1d69dec406c5fd69f5595c9a5

SHA1
f5508e4b0b25c761f9005968a96b18121bb36b76

SHA256
d6ce1b0e3ab861eedef7b53b36f36b5ff02e06469a533e282454b312bab7b7b2

SHA512
8b32ca313c91e219af3e11e8cab794b6cfdd1f705a93724fe34dc61d40c5d68ae21eadbf0fa92e74fdcb490273b4472a07c529765d2350a18d7e9de11caf8c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8625e8ce164e1039c0d19156210674ce

SHA1
9eb5ae97638791b0310807d725ac8815202737d2

SHA256
2f65f9c3c54fe018e0b1f46e3c593d100a87758346d3b00a72cb93042daf60a2

SHA512
3c52b8876982fe41d816f9dfb05cd888c551cf7efd266a448050c87c3fc52cc2172f53c83869b87d7643ce0188004c978570f35b0fcc1cb50c9fffea3dec76a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
97c96ddf867d88c3635dffb9acb54d78

SHA1
cb8078a34e9a2ae5f9af13c000ed1abcf39c715a

SHA256
77e579e9e06c627e9006587e5871a8257886485e0f79602a94d595b8a48b9a7a

SHA512
526f2e672dea29facbcb80661291c4e2db4db46e793bfe3330364017beeba4e125416181c02a7277bcf7ead9b2179d7faf116a70520c235926387054457a6f98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a841cd853e70ff44498c38e2a01d1e53

SHA1
c5830489b2d0698ad90f361483d3d5e3d249de71

SHA256
0b8a80dd78b083c4d4e078b5ddd16af1c5506ee402016e50579559e24e5da13d

SHA512
362938e20e745eff8c49a7a4323f0d14b40f0fcc3f20b01f6ca36559b61a53f367240e1113d849c1086384720ff90c902c9df55cbb8b2e9ee67d277d60d1fb7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57d486.TMP

Filesize
3KB

MD5
a26efbefc6bb87c9dd3227a1b58007c7

SHA1
7a09409a4b40a4bb04eeae03f05e5a1f2f485ab3

SHA256
41a1edf758ad46f0d90a63fda2113d112f70e632669f330f27dd0c2311db450a

SHA512
1845b49947d9c19f4c71a96b96bb1f9a194bbf23f51a5e63a89e328ba94160b09015f5da23575bc855338d7c15c9b99a786e4f951498215134995205784e46b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c88506bdcca1963ba3ee5ed0c87864ab

SHA1
5cae041f82c790b1c7bad589e880a142166b9ba7

SHA256
a371fba93dfe7f7e853f2c6cb0ba589b7e28b83882af06e07ae4972337493a95

SHA512
169702d663352c476453c07f42ff3c47ea76a0e32b6756158baaa74fdd1b4bd44b7d6cd6435c0fc7954d9e6a9f8a8db1f8a3e14352ab3b527509c796cc99c449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e71aafd68c8fdb00799abc7251e7a0d4

SHA1
4c8fe6e2a5a81cd1ab0a78f31852b63a665eff22

SHA256
2c2f8668f245b242f75dae0550e74a082b0656b88b09003e2f21bf6ad9dd2a5a

SHA512
6250c468c021b32e960a9d944712075f9220d18936136fb2044f8ac4e3295facccbdd6508422f7edbda7480df3d43376d6d748a4682661f545a73f0376d0eef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
9571d957b611aca7a3e64318bb19681b

SHA1
6cef6ce9abceaef0f65c7ccbce4aa57aba2e9bd6

SHA256
8090c379bf7eebfd7123db88d458b6b7d35ee4f8eaf6c318477f9f740f211448

SHA512
7703da69709e016802e0d7cc53008c95e1c59b7e569d519e39bcfee047dd5ba753cd922a4fe2fc77ee8e0449980694670583cdb2f1b5e715acb4b0dea4ad9eb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
34ff07ba74edb0b6b4f18e3da93b99c0

SHA1
325014dcc122ca8c70552ca8c34825f9cee07058

SHA256
f5485b1c03f436cdf0d285deb28da10d02292f970228c30e590d9f15cc125283

SHA512
402b89caba69089fdd52b316b229f3f77499c40176c2ef35610b7771656052c691e7be1d8d462a6daa72b452d8b391d41bdd6dc46f9f313b0c52611dbe8fa986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
9a48bd8e6d77f368ec3ae4f2587099c0

SHA1
426a58f47e6da56be4c05b39a9ba588e7f87ce24

SHA256
625530cb144ac6c85afd39d7f98583817e16b3c59c4b494c79fe55879341aec1

SHA512
d11ceb65ab3538b87cf1be822fb8d416dd199eca84ce6553ba434f3339bdd1ef0ee2ff0e6295e4b9463053359a4f31fe17f986a388abc44e279b8b9cb28a1871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d700ed61-7876-4c51-bfd0-9265ec5b2e2a.tmp

Filesize
16KB

MD5
d56b393cdf4da69844afe0c98f67a543

SHA1
8b664e49bd3d7901e9446bf0861f7346a95117a8

SHA256
c3134ea367b0016594d4713bc2a1cffa5b64309257ec00d251de9fac9b895a37

SHA512
ec926e4e5722a5a1697dc49a9449f60166eca9cafd5651fc8a627761f1cadbbd4eebc081e889e687496aff702054afa5d07cdc704b3bcac3380f9ca0ab09f6c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
e154372386a5f3348878aeeb0341c2af

SHA1
9737e35b22f054658189e7c8e7f007f224e341bd

SHA256
91a3a0c8b945ef6c7eaffa477d496530584013b406123ebb55576070ffdd75cf

SHA512
19b48f3d45b23fd28f9a2c9919063c0b83753ccae90cd88349ef02ebd689fae3fb92fa3dbce034534c43c92e78e4a622b0d17a93109081a59a31d66e60f2f100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
ac8860147d50e8afc1695ad71cbf400a

SHA1
9ce633edc59cb77e3e0b08fd9e03b1c93365911e

SHA256
4cfbf02d5193c41e9d93ff06894749ada340fa1aea05cf32d2f10ab1e63c59c9

SHA512
e29eaf374ed4cd5c1142db160cbf7e99dcf94ca355c39bfeabee694d26fd370be145c34c673018db0841ed353ed54b4509254ebf64a7c47cbe7ab2bdbaa49dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
9e05d5025dbcbb82d7428977b444f443

SHA1
b2195a9d30d70b315ce6cadc263aeedeb9620ca4

SHA256
cc1a23827a4943ca8f745f4066ec3e70bcb38b9f90184ac36406e717221684d7

SHA512
eb0e9d356005c0f62870d6fa86a09d1de167b22d237a53c12409a4ed9937542cd08b5e9fc722825ec7aecc3983dcb84e590bd4a91d2d7ea8fbf5df07bca5521d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
c841deb512230cf0a12dc14290d7842b

SHA1
d6580f22fa22dc40502a11391c05b2914292e69a

SHA256
352a5b743557ee294e2036bfe352a0a26c70c53f73c4b540bbdef0f3ee5996e0

SHA512
945b070dbad35965933f6ce01adb4e9e6c7ca5800d0f9fafacd7451a99ddad28dd711f693a8dcc0e29c609cbf6266af40c48b662f39d1064331c3c30de8c1e9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
a4a48abf90b8c61f9c14c6c52933e75e

SHA1
596e5b8d97667afb72f2e74b62e2a99abefca02f

SHA256
36d6f64e9a1cdc802224b24c84bb070c245f8974c55a18b06ae217bf57d427f9

SHA512
1872538e0d569530b155c74ae62cecc7e2766b85818c20d8150f387cab16bee4ac88a32d45fc2f197c006835abbd87873fdd38a13696f535c73815e07e4b470a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
235b5ddbd31ccd915df8aad1ee023e2a

SHA1
fbec4a1e9730918230176873773c3ab10b901bc1

SHA256
de444b3f604f361cc17372a1157854eb45f654bf023790cce0e7b1163a1f51b0

SHA512
3420630c970096bae77fc060e262cc7f698da4049ccac173dd2cbdb8a1de15a240feba72233f0c1079edb20fd768b81d55593c2e98bd6c62af27b04a4b6dbb21

Download Submit