aa9d74747ff1321739d0a1531db02690fdd871e4cf7ebd12cfa3659c10e454ad

Analysis

max time kernel
122s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2023 03:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e-Secure_FedEx03818420230315112447.html
Size

754B
MD5

dca833a07c4887a97e26a98bb99fbec0
SHA1

a31df4a6c008a2bbb6d269c2b35a517ddb78d327
SHA256

aa9d74747ff1321739d0a1531db02690fdd871e4cf7ebd12cfa3659c10e454ad
SHA512

0fd97cd54180d24bb5e107a2d6e9996e7d809e4a42e8e290e2b99f9c99b38ee950e547c361269b2f8cdaa650af4269c8da025c47717c5f120f130ac671210b4a

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133241904470674394"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

3300 chrome.exe
3300 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

3300 chrome.exe
3300 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3300 wrote to memory of 4920	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 4920	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 3924	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1508	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1508	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1456	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1456	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1456	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1456	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1456	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1456	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1456	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1456	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1456	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1456	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1456	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1456	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1456	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1456	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1456	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1456	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1456	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1456	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1456	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1456	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1456	3300	chrome.exe	chrome.exe
PID 3300 wrote to memory of 1456	3300	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\e-Secure_FedEx03818420230315112447.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff8faad9758,0x7ff8faad9768,0x7ff8faad9778
2⤵
PID:4920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1812,i,5652273514358388977,16228046912837040032,131072 /prefetch:2
2⤵
PID:3924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,5652273514358388977,16228046912837040032,131072 /prefetch:8
2⤵
PID:1508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2272 --field-trial-handle=1812,i,5652273514358388977,16228046912837040032,131072 /prefetch:8
2⤵
PID:1456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3280 --field-trial-handle=1812,i,5652273514358388977,16228046912837040032,131072 /prefetch:1
2⤵
PID:1564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3272 --field-trial-handle=1812,i,5652273514358388977,16228046912837040032,131072 /prefetch:1
2⤵
PID:2840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5240 --field-trial-handle=1812,i,5652273514358388977,16228046912837040032,131072 /prefetch:8
2⤵
PID:1408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 --field-trial-handle=1812,i,5652273514358388977,16228046912837040032,131072 /prefetch:8
2⤵
PID:3188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1812,i,5652273514358388977,16228046912837040032,131072 /prefetch:8
2⤵
PID:2092

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3256

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\225bb9e1-97d8-4718-bd72-a20026046754.tmp
Filesize
6KB

MD5
31d87224c51eef74afe1cd9f607b597c

SHA1
0b8148362ebf0dc9a5933f80c39bd5e147f7306a

SHA256
0d9810eef393218cd179df9160b2c8a0fc597c8b5b9364b798ac3b1f925f30a5

SHA512
30c1f729b3683470d7542336321946c823459a40e23d01c170cb00e7bfe4d7d4d5c6f6c24e3f4bcf9709dcf14616321f96e4670f07a8400eb51759dced83b779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
7fbcecc7285e8de64e7322c2659c1a03

SHA1
ea8677a97caf9d94a42cfd7cf04f35c3c932f3a6

SHA256
c77d9c6bcd0568cb7dc0745dec85695c914a5a869a00028912eee0c4073016fe

SHA512
f4e34d121f4d18426dc53043b50f88fd498c66fc9e0b6c619372b3bd25a2e37f87685a808c207c56bce5ae9bc78a5c69ca66a13bc846c15f15d3a7ae9e6241e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
538B

MD5
d386934e2ee114968a3545a57c358ef1

SHA1
ac8b514c4e6c0ceff8ef2b5dde6f73422743f025

SHA256
adce62d69123b98b6872ed0297f63121aa8483f79ed4e2e198f5cb0c57429cce

SHA512
cb73288ccf6c2b607ec119aa6ae762c1741f477d22e17fdfd58c5f2554506b4ebb8d0d6798ce1e20eb26aeece14f44e586631b560449c12ad88e1147d06f7f6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
36b0d14f5c353eb705d4dbe9c07f04c0

SHA1
17c4df42a39fc521826c6adbe4375278b0fa965e

SHA256
8dd40d9dd869793d37e68ea0354f198ed625390e52089e4ddb4b88ebfd00a342

SHA512
3c0c67a58652ade1f2e8afcf63b1f0ce06d44c59a5c031b3627085e552cc68e24ededadaa28f8c29f0c8de36ccbfa0cbe3502dd4cca829f70b122c743001576e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
b14a12a015c8f36f5f192c129636136d

SHA1
2bde3886daed5b6912250ee1c1dcac3de793c43b

SHA256
ab7f55a6e55318a3e9dce045a73d51fe67009fbec40396665660c46cba7a49a8

SHA512
04af9d59fe4affde5837720eddc56eed8fd70f64c3e148961be9a2f498739f5f256769b6c51e6a8f3761d09411584c5101f14fae05d2015a332e0f7a585bcac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
40f65ea2a0d12f6ab6c0b85c678d6c7b

SHA1
599c948d4731306a5ae4f01953f5c893e2a08c7e

SHA256
645d485e871417ea252649b946d5f0448303f6cd7d5fa114ed42bc03907c162e

SHA512
c3d64c66c4774da76a7bb0f0fa697d5b90dfe09f30bb007308917a55368fc16c9f611a233739663b143f06d355da068a0dbc27041a825115d2ef0b0a46ef797f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
2a5349d9c7a07a28640ebeeb429aef08

SHA1
339ef00a8bf5f3ebd4c37226190102087861341c

SHA256
b2180e2e5ae6e604a396155c188ca316c7c8f98a021219433cbc51dfb48cb99b

SHA512
21df7da7734f6bfe420ecd6a9190816d02c07dd51fe79af8f1f3ba9b8fc3653e1bb5e1853decba797b9ffaefc47c6c64bbbdd3500602568ad85f1e32605e6c13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_3300_VQVFFJYPJOILVKMP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit