hxxps://hello[.]launchdarkly[.]com/api/mailings/click/PMRGSZBCHIZDKMBZHE2DGLBCOVZGYIR2EJUHI5DQOM5C6L3MMF2W4Y3IMRQXE23MPEXGG33NF5TWC3DBPB4T64K7NVQWS3DJNZTV6MSBOBSTIWCXJBGEM5KLKRSDSSSLGVBXMYKBLJREU5CKLJQXCNLOIJQTK5R5KJXHMZRUMFKTSMTBONYFA4TUMUZFEYS2NVKUM2LBJZDHSTDZOZDW6OKCM54TOQKEJVATO5CKORCFK4SGGRDGKQ2IKNFFY5JQGAZDM5LUNVPWGYLNOBQWSZ3OHVTXQ6LWNFZDEM27OVRXEZTSMVWFY5JQGAZDM5LUNVPW2ZLENF2W2PLCMRZF633VORRG65LOMROHKMBQGI3HK5DNL5ZW65LSMNST233VORZGKYLDNBOHKMBQGI3HK5DNL52GK4TNHVZW63DJOZUWK4RFGQYGYYLVNZRWQZDBOJVWY6JOMNXW2IRMEJXXEZZCHIRGEMZVMI3TQN3BFUZDENZSFU2GGMRTFU4TSNZSFVTDENLCMEYWGYRSMQ2TSIRMEJ3GK4TTNFXW4IR2EI2CELBCONUWOIR2EJKUOTLVONEGE6CXPFBFOZKEINHWMVBYPJ2VIM32IUYWI52VGFUWYMBUJ5DDM3SUGBGTMVJ5EJ6Q====

Analysis

max time kernel
14s
max time network
20s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2023, 02:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://hello.launchdarkly.com/api/mailings/click/PMRGSZBCHIZDKMBZHE2DGLBCOVZGYIR2EJUHI5DQOM5C6L3MMF2W4Y3IMRQXE23MPEXGG33NF5TWC3DBPB4T64K7NVQWS3DJNZTV6MSBOBSTIWCXJBGEM5KLKRSDSSSLGVBXMYKBLJREU5CKLJQXCNLOIJQTK5R5KJXHMZRUMFKTSMTBONYFA4TUMUZFEYS2NVKUM2LBJZDHSTDZOZDW6OKCM54TOQKEJVATO5CKORCFK4SGGRDGKQ2IKNFFY5JQGAZDM5LUNVPWGYLNOBQWSZ3OHVTXQ6LWNFZDEM27OVRXEZTSMVWFY5JQGAZDM5LUNVPW2ZLENF2W2PLCMRZF633VORRG65LOMROHKMBQGI3HK5DNL5ZW65LSMNST233VORZGKYLDNBOHKMBQGI3HK5DNL52GK4TNHVZW63DJOZUWK4RFGQYGYYLVNZRWQZDBOJVWY6JOMNXW2IRMEJXXEZZCHIRGEMZVMI3TQN3BFUZDENZSFU2GGMRTFU4TSNZSFVTDENLCMEYWGYRSMQ2TSIRMEJ3GK4TTNFXW4IR2EI2CELBCONUWOIR2EJKUOTLVONEGE6CXPFBFOZKEINHWMVBYPJ2VIM32IUYWI52VGFUWYMBUJ5DDM3SUGBGTMVJ5EJ6Q====

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3228	msedge.exe
3228	msedge.exe
688	msedge.exe
688	msedge.exe
2836	identity_helper.exe
2836	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe
688	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 688 wrote to memory of 1468	688	msedge.exe	42
PID 688 wrote to memory of 1468	688	msedge.exe	42
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 952	688	msedge.exe	86
PID 688 wrote to memory of 3228	688	msedge.exe	87
PID 688 wrote to memory of 3228	688	msedge.exe	87
PID 688 wrote to memory of 5112	688	msedge.exe	88
PID 688 wrote to memory of 5112	688	msedge.exe	88
PID 688 wrote to memory of 5112	688	msedge.exe	88
PID 688 wrote to memory of 5112	688	msedge.exe	88
PID 688 wrote to memory of 5112	688	msedge.exe	88
PID 688 wrote to memory of 5112	688	msedge.exe	88
PID 688 wrote to memory of 5112	688	msedge.exe	88
PID 688 wrote to memory of 5112	688	msedge.exe	88
PID 688 wrote to memory of 5112	688	msedge.exe	88
PID 688 wrote to memory of 5112	688	msedge.exe	88
PID 688 wrote to memory of 5112	688	msedge.exe	88
PID 688 wrote to memory of 5112	688	msedge.exe	88
PID 688 wrote to memory of 5112	688	msedge.exe	88
PID 688 wrote to memory of 5112	688	msedge.exe	88
PID 688 wrote to memory of 5112	688	msedge.exe	88
PID 688 wrote to memory of 5112	688	msedge.exe	88
PID 688 wrote to memory of 5112	688	msedge.exe	88
PID 688 wrote to memory of 5112	688	msedge.exe	88
PID 688 wrote to memory of 5112	688	msedge.exe	88
PID 688 wrote to memory of 5112	688	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hello.launchdarkly.com/api/mailings/click/PMRGSZBCHIZDKMBZHE2DGLBCOVZGYIR2EJUHI5DQOM5C6L3MMF2W4Y3IMRQXE23MPEXGG33NF5TWC3DBPB4T64K7NVQWS3DJNZTV6MSBOBSTIWCXJBGEM5KLKRSDSSSLGVBXMYKBLJREU5CKLJQXCNLOIJQTK5R5KJXHMZRUMFKTSMTBONYFA4TUMUZFEYS2NVKUM2LBJZDHSTDZOZDW6OKCM54TOQKEJVATO5CKORCFK4SGGRDGKQ2IKNFFY5JQGAZDM5LUNVPWGYLNOBQWSZ3OHVTXQ6LWNFZDEM27OVRXEZTSMVWFY5JQGAZDM5LUNVPW2ZLENF2W2PLCMRZF633VORRG65LOMROHKMBQGI3HK5DNL5ZW65LSMNST233VORZGKYLDNBOHKMBQGI3HK5DNL52GK4TNHVZW63DJOZUWK4RFGQYGYYLVNZRWQZDBOJVWY6JOMNXW2IRMEJXXEZZCHIRGEMZVMI3TQN3BFUZDENZSFU2GGMRTFU4TSNZSFVTDENLCMEYWGYRSMQ2TSIRMEJ3GK4TTNFXW4IR2EI2CELBCONUWOIR2EJKUOTLVONEGE6CXPFBFOZKEINHWMVBYPJ2VIM32IUYWI52VGFUWYMBUJ5DDM3SUGBGTMVJ5EJ6Q====
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa98046f8,0x7ffaa9804708,0x7ffaa9804718
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16834017247311507180,14880445132594777499,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,16834017247311507180,14880445132594777499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,16834017247311507180,14880445132594777499,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16834017247311507180,14880445132594777499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16834017247311507180,14880445132594777499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16834017247311507180,14880445132594777499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,16834017247311507180,14880445132594777499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,16834017247311507180,14880445132594777499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16834017247311507180,14880445132594777499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16834017247311507180,14880445132594777499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16834017247311507180,14880445132594777499,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bf009481892dd0d1c49db97428428ede

SHA1
aee4e7e213f6332c1629a701b42335eb1a035c66

SHA256
18236c88bc4fe576f82223cca595133aa3b4e5fd24ebac9fd515b70e6f403ab4

SHA512
d05515ff319b0b82030bc9d4a27f0432b613488f945d1dae8b8dfe73c64e651eb39f4141a5d2e157e2afb43dd1dd95b6611c1003ac4e2e80511e6c5cd7cfdf11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
39fdfd2273950a5bd85ad9e3a44c57fa

SHA1
de1d8862758ff0fc2577cfdbfbbf457c31da81c7

SHA256
acc2c714099d5445341ac32361d89ea959b8abd637863d0a03713481161f99d7

SHA512
866bd65db6c832e68bf3e3f0c9826aa2bc1bd5e24541014303a03f556c25187a83e454bcfaa028262c58d4c3711b28f740971a4121ec6462a832debe9db9ccf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b08a9934e2242b910efc4a0aa5beba38

SHA1
abb77fa55b11f4b7000a5f7307d49964bab759a3

SHA256
bae6b05d77ffc03acad8fc208893cffd1c3a0150aff556f44b7b4e888782a3f0

SHA512
ba72615398244bd7083fe2c2a96b7cab4628bc82b69b6ea8707bb5359e0f8bf33d43389613e847cf2338297d1a24ba8ea170c1658f326be0fbaf92ec00901cc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
25ac77f8c7c7b76b93c8346e41b89a95

SHA1
5a8f769162bab0a75b1014fb8b94f9bb1fb7970a

SHA256
8ad26364375358eac8238a730ef826749677c62d709003d84e758f0e7478cc4b

SHA512
df64a3593882972f3b10c997b118087c97a7fa684cd722624d7f5fb41d645c605d59a89eccf7518570ff9e73b4310432c4bb5864ee58e78c0743c0c1606853a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007

Filesize
20KB

MD5
e8e1f8273c10625d8b5e1541f8cab8fd

SHA1
18d7a3b3362fc592407e5b174a8fb60a128ce544

SHA256
45870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44

SHA512
ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
38dc88d60debe430ac9df5cbf519a312

SHA1
87d55dbe2d8c3cb9cf4fa3698b8928315683a8a6

SHA256
8bdfa7e0ade7d64bdc905e7dbed3938f1f917a33204fdfee68a3d7ece58cb940

SHA512
19aaa22b1a4c6164e7b7c554d465c3367441df51bfe50c74833a1117a44c4d11aeae641a0394e71a2f99cf0dbbbb0ac7cf5104f2e626b744395316be2c38a083

Download Submit