hxxps://speedpro-signs1-redirectpdfexchange[.]nimbusweb[.]me/share/10368308/ui58kal0es1azheeskqe

Analysis

max time kernel
147s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
26-02-2024 21:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://speedpro-signs1-redirectpdfexchange.nimbusweb.me/share/10368308/ui58kal0es1azheeskqe

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
400	msedge.exe
400	msedge.exe
4796	msedge.exe
4796	msedge.exe
3856	identity_helper.exe
3856	identity_helper.exe
2180	msedge.exe
2180	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

4796 msedge.exe
4796 msedge.exe
4796 msedge.exe
4796 msedge.exe
4796 msedge.exe
4796 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4796 wrote to memory of 3508	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 3508	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 4652	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 400	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 400	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 1308	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 1308	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 1308	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 1308	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 1308	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 1308	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 1308	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 1308	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 1308	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 1308	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 1308	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 1308	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 1308	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 1308	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 1308	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 1308	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 1308	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 1308	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 1308	4796	msedge.exe	msedge.exe
PID 4796 wrote to memory of 1308	4796	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://speedpro-signs1-redirectpdfexchange.nimbusweb.me/share/10368308/ui58kal0es1azheeskqe
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xa8,0x10c,0x7ffa52623cb8,0x7ffa52623cc8,0x7ffa52623cd8
2⤵
PID:3508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,13191414037789784195,2323867485075074292,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
2⤵
PID:4652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,13191414037789784195,2323867485075074292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,13191414037789784195,2323867485075074292,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
2⤵
PID:1308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13191414037789784195,2323867485075074292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
2⤵
PID:2032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13191414037789784195,2323867485075074292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
2⤵
PID:3972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13191414037789784195,2323867485075074292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
2⤵
PID:1832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13191414037789784195,2323867485075074292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
2⤵
PID:3632

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,13191414037789784195,2323867485075074292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,13191414037789784195,2323867485075074292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13191414037789784195,2323867485075074292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
2⤵
PID:4468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13191414037789784195,2323867485075074292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
2⤵
PID:3932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,13191414037789784195,2323867485075074292,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5788 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:776

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3b1e59e67b947d63336fe9c8a1a5cebc

SHA1
5dc7146555c05d8eb1c9680b1b5c98537dd19b91

SHA256
7fccd8c81f41a2684315ad9c86ef0861ecf1f2bf5d13050f760f52aef9b4a263

SHA512
2d9b8f574f7f669c109f7e0d9714b84798e07966341a0200baac01ed5939b611c7ff75bf1978fe06e37e813df277b092ba68051fae9ba997fd529962e2e5d7b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0e10a8550dceecf34b33a98b85d5fa0b

SHA1
357ed761cbff74e7f3f75cd15074b4f7f3bcdce0

SHA256
5694744f7e6c49068383af6569df880eed386f56062933708c8716f4221cac61

SHA512
fe6815e41c7643ddb7755cc542d478814f47acea5339df0b5265d9969d02c59ece6fc61150c6c75de3f4f59b052bc2a4f58a14caa3675daeb67955b4dc416d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
408B

MD5
9d5a762c5172157ed077c0673956c344

SHA1
8fb623b3d83306498fea9326d4b569487cdc3cb3

SHA256
53de07531e54f3574efd9e5b6f6e662475c03ae4aeef8fce0c5d814d8a4c3ad5

SHA512
5f89ada51d5cddc2509f2e92dfb72be6b639697c644aa6824900719ee152038dc3a0bb1e0800b794bde7d0515e76d2ac0ef2319a10f82bdce5b7c07d6913d32f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
b4d472554e901ea7945a601097acbadc

SHA1
861f888117a3744274ec6bef1ddee4d198c04b35

SHA256
896e8226a7e85c26859680b0947747de04eae0dae7de8cccd9dcac77e4404f2f

SHA512
d56033360cd903f34da56b86753c5c63c12d4215a3166ea7e725db033dc87e9bdaede723e42d9babef2aa787b94aa7e0f6a2eea0bee2fa398a11deedda2956e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
681ffae36a939db04f128982fa72013d

SHA1
45ddc6650a32cb28a1901ebdc7cdf5f9f182a5c9

SHA256
fcbc7f513586f66a6db69d8958390a28db49e4e6d79ca854c23ab9df45f532e8

SHA512
0d5728e241222d5138c5d08c102a3c4b7abb178446fc972cf21b2e44e2b626c1a6eae92379bb3dc78f15099d80ae5e2c25a7c1662f24e54ae01a7d4e670a15e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5396c56a4d52362445b2d2b6ffc86aff

SHA1
5ffde358ca87c8317f9af9b82764ed5d1c3f8cb6

SHA256
471273962367a09768fdcb0ccdffbf0eac26645b095067073a8fb45ddd4b62aa

SHA512
8ac50584a8578b1be95de5e8a0769af26b137bc403573b60d94198ecbf58630c6cb3479b3f7a29e4fb76f5ec983043ad794b4bc492b2ff67325bb18bd76cd042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
f5d5b5787ad1df6eaf71d3cb0335c2d9

SHA1
757e5bdf7a027c15cab81c28fbded7464137769c

SHA256
d87c5fbd8d32258d5f5ef195539d56da4acdb180be632c9d3f984fdd6b7a1bfe

SHA512
9ec35c5fb98554d36c478e4b2b43d4838be147e8f3effd7a94c2b9af71b4d239f26cd4d6bd02e2ebb775f5fef260a7c8a76d19d1cfb04bcf74a432983cbc319d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
43f4ad22f0c84edc424e9c2ac9fa8b7b

SHA1
ba50d3bf296708823e08ba0cba5c05ea69b704c2

SHA256
d8454d34a8b82b6d9173d6d20545cd06394456ff5de2ff1a2e616c67b5ae7569

SHA512
1cefbd43e36277a431b661c3794fc298d4343f9f62947c515d6067e827c87b5daa9471d231c85a90ad7dd8b207a99fe11debd7a21ed6a238f75106048c28bd7f

Download Submit
\??\pipe\LOCAL\crashpad_4796_WKBUECKKPMSWVGMU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit