hxxps://fileshare[.]laiora[.]cfd/fileshare

Resubmissions

23-10-2023 07:14

231023-h2tr1agf82 1

23-10-2023 06:58

231023-hrxqxaef5s 1

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
23-10-2023 07:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fileshare.laiora.cfd/fileshare

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3096	msedge.exe
3096	msedge.exe
1584	msedge.exe
1584	msedge.exe
2088	identity_helper.exe
2088	identity_helper.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 3172	1584	msedge.exe	65
PID 1584 wrote to memory of 3172	1584	msedge.exe	65
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 1416	1584	msedge.exe	85
PID 1584 wrote to memory of 3096	1584	msedge.exe	84
PID 1584 wrote to memory of 3096	1584	msedge.exe	84
PID 1584 wrote to memory of 4712	1584	msedge.exe	86
PID 1584 wrote to memory of 4712	1584	msedge.exe	86
PID 1584 wrote to memory of 4712	1584	msedge.exe	86
PID 1584 wrote to memory of 4712	1584	msedge.exe	86
PID 1584 wrote to memory of 4712	1584	msedge.exe	86
PID 1584 wrote to memory of 4712	1584	msedge.exe	86
PID 1584 wrote to memory of 4712	1584	msedge.exe	86
PID 1584 wrote to memory of 4712	1584	msedge.exe	86
PID 1584 wrote to memory of 4712	1584	msedge.exe	86
PID 1584 wrote to memory of 4712	1584	msedge.exe	86
PID 1584 wrote to memory of 4712	1584	msedge.exe	86
PID 1584 wrote to memory of 4712	1584	msedge.exe	86
PID 1584 wrote to memory of 4712	1584	msedge.exe	86
PID 1584 wrote to memory of 4712	1584	msedge.exe	86
PID 1584 wrote to memory of 4712	1584	msedge.exe	86
PID 1584 wrote to memory of 4712	1584	msedge.exe	86
PID 1584 wrote to memory of 4712	1584	msedge.exe	86
PID 1584 wrote to memory of 4712	1584	msedge.exe	86
PID 1584 wrote to memory of 4712	1584	msedge.exe	86
PID 1584 wrote to memory of 4712	1584	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://fileshare.laiora.cfd/fileshare
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc69e546f8,0x7ffc69e54708,0x7ffc69e54718
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,9072037769345857199,4400151037034349618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9072037769345857199,4400151037034349618,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,9072037769345857199,4400151037034349618,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9072037769345857199,4400151037034349618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9072037769345857199,4400151037034349618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,9072037769345857199,4400151037034349618,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9072037769345857199,4400151037034349618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9072037769345857199,4400151037034349618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9072037769345857199,4400151037034349618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9072037769345857199,4400151037034349618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9072037769345857199,4400151037034349618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9072037769345857199,4400151037034349618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9072037769345857199,4400151037034349618,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:560

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x50c
1⤵
PID:4124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0477e8d5f2ca61e6037746d359e0e27

SHA1
025ecbf1ee3429c252baca04b648b0b1c343d5b6

SHA256
5247adecb13d0664e188ba65524419d0b4960e948b267bd1a059e71218b49d5a

SHA512
f04dd3db67545bd46ea597d514272df57d6040ec8a3d391d2bfed09d5a1ab96943fa5013f850ea5c3b56617a0a12949ea75ecac892fd167a329ee8fe01189c5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
dd8a4509017b5cd0341ecdd52167eaee

SHA1
cb14d28e755b91dd9900ce3aef3495d33beb1558

SHA256
eec0ed4c0f828c2e1fb5c3b804da355a6737723219b09512b310645f41241a0a

SHA512
09c0e46a22336b59d7d4996d82be1538534f2a6c1091099b8d3228e87e63ca7fc8be285371ddc76d28dd4fa569a7452d9df7cd18de90923453356ccc69861f68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6ec2e2abc94fa5ccc93a7259592776eb

SHA1
42dc886f8090d47f26caac0b80178a0d86351191

SHA256
7e04bc6626044a5efe4fefa7528ae3f24e8d1a4c2c4e55b6bf52ef5bfb2ee6cd

SHA512
e4b1a1d2edfac8f7bd6dc4969fa1043f30e2a7cab746e455554e24c17c3b3aeaa6bf6e387b85b2da93020b6323ba21c6c47c5bcfbb03da9bf2578e3f352f7347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e7e05f6e7a41ffce7441e4aaf32354dd

SHA1
70476c568ce31069d5713f62e0293ec9980702ed

SHA256
f352584ed741a7d51b3d9682a5c4395177805da5ca5e2a2b502f9e357b08bc4c

SHA512
af56e9f6bda2afeb5f7812bd017f8706e8c3e692873d7436e237f9a40a92bda2cf0a526428c37d0e658bfddfb5cb409577b2e7c88ddc81d786a7cc50f153d385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ff2194ba30343eb496bcf98bac8128d6

SHA1
1883847974220c2eb3b5f87f02968caef5967f17

SHA256
bcaa5ed48d30d996ec951af451b0405333c18804fd97acc7d1d4a44ce8c84f4d

SHA512
4fe859acbc88a411ee089b6264e32682c60c863b274cfba608c3c4ae970cb86fd3a31e273f4a1bda40342b92ee9f414adb245a373ef49b54ca44baa4a7f847ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
78ddf646b677edfdc3743730d0ae969b

SHA1
2834692ca105a5387afcafc2179d8e1021909ae2

SHA256
0b0187771ab2a3ca3d3d74fdc473d3baa8844d2da2ec6961ea9014f43896b99b

SHA512
2f67041538953615c6804c362dbad816089d1a5ed603478d491e52029f7678aa5b1a1fceb913445ececc98886a54a1491d0a0fd8f5cc695601dcc48d05a16206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e9cdfa7a-2975-4210-975c-da5482e649bd.tmp

Filesize
5KB

MD5
a0cbc706a4bcb7c3012c712311490a50

SHA1
043bfe0373f0aa553217d2c09cdbbfc34b05605f

SHA256
fe4371aea7bfd97d8f0fe6a9bd10830f4b2847c3263e37efd4397bded0d6715d

SHA512
e2d185aee6e04f9b7bd3983485fbe65012ea22ecac72c686fd06b1dcbaa46252a5f80df7015d20f907662b39b822b4008239d1e9373f0417605c786399c5fb65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fe02aa9d-a785-445b-8031-db3c53c9c149.tmp

Filesize
5KB

MD5
a007086fc916c7413cd891e8693dae63

SHA1
eb569709afb40f92e73e456e7ecffdccc49b43f1

SHA256
bfc81fe2c966cf3f4ce848f734d0094e528463a132c2f8a179a0ccbd9ce15067

SHA512
4c8ba942dd128563f9a8d7f686fc31f58a87be7170b5a310a7999cf88648aa8ecc3e8f19c28b6070577c3e90fa6140ef45fb3c8b7bf1248611f554f2e55fe8a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0108d31aa6fca661750d74b8581dcf88

SHA1
28836595dfd814ed10a48c7db57f5461b479444c

SHA256
5827c73fd8865d0ba3a6fe63d505a999414bd287600f6ec21e85443858dde031

SHA512
bb479f2d44a0f8b203480bc7c8eea099d9362e4308b29d73a85d799d1af4933995b7a500559585842bf1cd4e8cfbb0f49398a8c0379489cde01dfc0c25f42d5b

Download Submit