51f352fdb2535cb5333114e1de3fe12eaf56e3a771327f438a0f72e7f1b156a9

Analysis

max time kernel
22s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01/03/2023, 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IMG_9715.heic
Size

1.3MB
MD5

eb4190d50458289116b15a11fb0d0cb7
SHA1

1e3af914792b4e71a93bdeee7eecc71eae8e4fe0
SHA256

51f352fdb2535cb5333114e1de3fe12eaf56e3a771327f438a0f72e7f1b156a9
SHA512

6a7bfaf5466dd617ef5a93185e2125f3eedb0c25eec1d52d34d8621c1a1b5f5101c450579bb00890872fa2d2dd7a56711a1a70906e36fc2a967b7ec377ffcdfc
SSDEEP

24576:Z36zpSfRRJz3PgtNhCGXt7Mz2Q2zgBrcNyGxpNBE5zLUwUnocSW:Z3gSJHz/gbhCIMaQ2kBwNVAf5K

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 11 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\heic_auto_file	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\.heic\ = "heic_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\heic_auto_file\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\""	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2275444769-3691835758-4097679484-1000\{5C99FB9D-AE18-4A3A-83E3-F2BBA8E6E55C}	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\.heic	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\heic_auto_file\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\heic_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\heic_auto_file\shell\open\command	OpenWith.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3992	OpenWith.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4780	firefox.exe
4780	firefox.exe
4780	firefox.exe
4780	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4780	firefox.exe
4780	firefox.exe
4780	firefox.exe

Suspicious use of SetWindowsHookEx 46 IoCs

pid	Process
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
3992	OpenWith.exe
4780	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3992 wrote to memory of 1132	3992	OpenWith.exe	89
PID 3992 wrote to memory of 1132	3992	OpenWith.exe	89
PID 1132 wrote to memory of 4780	1132	firefox.exe	91
PID 1132 wrote to memory of 4780	1132	firefox.exe	91
PID 1132 wrote to memory of 4780	1132	firefox.exe	91
PID 1132 wrote to memory of 4780	1132	firefox.exe	91
PID 1132 wrote to memory of 4780	1132	firefox.exe	91
PID 1132 wrote to memory of 4780	1132	firefox.exe	91
PID 1132 wrote to memory of 4780	1132	firefox.exe	91
PID 1132 wrote to memory of 4780	1132	firefox.exe	91
PID 1132 wrote to memory of 4780	1132	firefox.exe	91
PID 1132 wrote to memory of 4780	1132	firefox.exe	91
PID 1132 wrote to memory of 4780	1132	firefox.exe	91
PID 4780 wrote to memory of 3116	4780	firefox.exe	93
PID 4780 wrote to memory of 3116	4780	firefox.exe	93
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 2160	4780	firefox.exe	94
PID 4780 wrote to memory of 4812	4780	firefox.exe	95

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\IMG_9715.heic
1⤵
- Modifies registry class
PID:4904

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3992
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\IMG_9715.heic"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\IMG_9715.heic
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4780
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4780.0.1969309002\416324208" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {17dfccb6-4494-4102-86f2-a23481379411} 4780 "\\.\pipe\gecko-crash-server-pipe.4780" 1916 19c3fd18558 gpu
      4⤵
      PID:3116
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4780.1.1741246262\1232898447" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {baa0a7e0-a888-4d29-a186-d8d55bd22228} 4780 "\\.\pipe\gecko-crash-server-pipe.4780" 2332 19c31d73558 socket
      4⤵
      PID:2160
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4780.2.466390988\345940456" -childID 1 -isForBrowser -prefsHandle 3200 -prefMapHandle 3216 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1504 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78496bf2-3823-4a49-a324-57eb951359bb} 4780 "\\.\pipe\gecko-crash-server-pipe.4780" 3188 19c4230fd58 tab
      4⤵
      PID:4812
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4780.3.1682428025\1917971664" -childID 2 -isForBrowser -prefsHandle 4072 -prefMapHandle 3828 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1504 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67c19b3f-6711-4de3-af79-71cf027218bd} 4780 "\\.\pipe\gecko-crash-server-pipe.4780" 4084 19c31d61d58 tab
      4⤵
      PID:4468
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4780.4.1870385810\693187872" -childID 3 -isForBrowser -prefsHandle 4592 -prefMapHandle 4596 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1504 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71fa8b6d-d687-457f-a6e2-0fdbe383ab98} 4780 "\\.\pipe\gecko-crash-server-pipe.4780" 4684 19c3fd1ac58 tab
      4⤵
      PID:2768
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4780.5.1930960284\1238611694" -childID 4 -isForBrowser -prefsHandle 3012 -prefMapHandle 3412 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1504 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8e7403b-148f-483c-ad27-4718b67a8f56} 4780 "\\.\pipe\gecko-crash-server-pipe.4780" 2860 19c40f8ca58 tab
      4⤵
      PID:1956
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4780.6.1015004685\1549444558" -childID 5 -isForBrowser -prefsHandle 3928 -prefMapHandle 2908 -prefsLen 27099 -prefMapSize 232675 -jsInitHandle 1504 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c68b902-7aba-4221-a0f0-189197db98df} 4780 "\\.\pipe\gecko-crash-server-pipe.4780" 4232 19c41a41658 tab
      4⤵
      PID:5000

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\IMG_9715.heic"
1⤵
PID:2724
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\IMG_9715.heic
  2⤵
  PID:3240

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp

Filesize
156KB

MD5
e69449f01c3487f321926de1c39a1fdf

SHA1
129102870f5dc6a26c00d70187b84d44b76afd40

SHA256
780da18c4850743a15543f92f1513e9d1fa7b99d9f2a61a01a1e5bd1997aa026

SHA512
ba3e55835e7aeff64db08cbe3f1e7eac175e535d9f9ff05323c12748003e9c26b4974258a60ef97c28fc09d7ca8a2b4345368292bef861e2778cd17eddc75f7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
e38c807bf65396af03da7b1e2511381b

SHA1
b387f519d7845fe23c061e4b702e210e77971904

SHA256
bb2532a3227cd6c5374991299e23e6634ee28c6ee0dfc58f2133d85d2f9b0bba

SHA512
d13d6352b3fa45f0b0b295de9694cf7c73152bc1ff04b28eb8ffb155384e6428f30f465690a5cd42555e947491f019f873b8b715304de38a216b0f007dd7ee41

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
c288da0ea861d5cba622e3a5ca8c2f79

SHA1
e7e936afa26da87f389e39bd927261fcad13e2b1

SHA256
31dbf3b6cd716e81c672b9b0236d194430f05300aa6c3a65871e9ea35f046db4

SHA512
da106dc1ed671a874fb0f9e731a538ad6ebcdd3231cbd3111e81498461c15799b758232b69d3b80bf59d7d6253c392131ff71bc70ed5dd23e3f1b0eb421d07f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
c9911b3e6556c71b1bf5f61dbdb4e643

SHA1
b4c60d46324a2c8056cf37839faa5cdceb48bcf7

SHA256
225d7d10fb48845c5ccec061ab7470dc8e174da58bcb43aaf0aa0cbedaadab9f

SHA512
d3c9f7a5db769f1c8b3d825cd6f0b2b269c6e86e29d8b645319e27ede1b560a7ff20845ab4b929ce20cfa2a6ed4fc6dd9c0e797ee90fd7426416b146df70f94a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
7KB

MD5
dcfc42f093f3253ffddeeb4e4704c582

SHA1
5e3369fa4b570570f53c7d4b224615dd7a9ecebc

SHA256
33311f627fd8ae53194baab8266256aaa985272b85d009e12b4633829ac5acfe

SHA512
b5af0f5e1e0fab560463aa06d3aa219e5dcc42fcfe30a50625ab82d7e9ba8c19479b3ddd446c56bfa979af36d9c2599d241c957c02ce17ac38b4702c4e2e04cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js

Filesize
6KB

MD5
feb8a52858c8167a58f36caa1b37f116

SHA1
7ae7f9d2721ae3c579f9e18e4fea679e8c848158

SHA256
adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a

SHA512
109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
65fd506cbbc2fbc144ebe594759f67fd

SHA1
6711966fe0ce79482866528b39aa61c8c8e5b447

SHA256
c44e178dd3a5c71a6a1be7af3e636c30961ed0e23ef07b83105787b65adfd292

SHA512
cf61d0bc7d54934c2e864663838467ab5c7121ddec2427fb9b5b50efd47eabf81bf77e0867ea6fe45dfd2b853542ea4b12c52b3842530adad136bda37645af4a

Download Submit
C:\Users\Admin\Downloads\MGPvMMEa.heic.part

Filesize
1.3MB

MD5
eb4190d50458289116b15a11fb0d0cb7

SHA1
1e3af914792b4e71a93bdeee7eecc71eae8e4fe0

SHA256
51f352fdb2535cb5333114e1de3fe12eaf56e3a771327f438a0f72e7f1b156a9

SHA512
6a7bfaf5466dd617ef5a93185e2125f3eedb0c25eec1d52d34d8621c1a1b5f5101c450579bb00890872fa2d2dd7a56711a1a70906e36fc2a967b7ec377ffcdfc

Download Submit