6f49cd8b64f0bc2ff5ede2be35a3b689a9832f4c19638a6fe78b503c42d00f3a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b96744f95a898190456b06293b2965ed.html
Size

47KB
MD5

b96744f95a898190456b06293b2965ed
SHA1

5800c43876bbd7e2a8d216727955cf2963e90c69
SHA256

6f49cd8b64f0bc2ff5ede2be35a3b689a9832f4c19638a6fe78b503c42d00f3a
SHA512

7578ea825f4629428882d762d9225f907869ba9084404048cab499b553646d0b368774ead99ecb70969dc3faef1fad969a7e84a9942351302d9ab0ef863a64b4
SSDEEP

768:6G00pokcluTMpbWy4cJ4UUGRbYwf6RH0J+ddnfXh21XbcFUQ2S88FS:6p0pokclJpbWy4cJ4yRbYwf6RH0J+zne

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1908	msedge.exe
1908	msedge.exe
4588	msedge.exe
4588	msedge.exe
2740	identity_helper.exe
2740	identity_helper.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4588 wrote to memory of 4796	4588	msedge.exe	87
PID 4588 wrote to memory of 4796	4588	msedge.exe	87
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1140	4588	msedge.exe	88
PID 4588 wrote to memory of 1908	4588	msedge.exe	89
PID 4588 wrote to memory of 1908	4588	msedge.exe	89
PID 4588 wrote to memory of 876	4588	msedge.exe	90
PID 4588 wrote to memory of 876	4588	msedge.exe	90
PID 4588 wrote to memory of 876	4588	msedge.exe	90
PID 4588 wrote to memory of 876	4588	msedge.exe	90
PID 4588 wrote to memory of 876	4588	msedge.exe	90
PID 4588 wrote to memory of 876	4588	msedge.exe	90
PID 4588 wrote to memory of 876	4588	msedge.exe	90
PID 4588 wrote to memory of 876	4588	msedge.exe	90
PID 4588 wrote to memory of 876	4588	msedge.exe	90
PID 4588 wrote to memory of 876	4588	msedge.exe	90
PID 4588 wrote to memory of 876	4588	msedge.exe	90
PID 4588 wrote to memory of 876	4588	msedge.exe	90
PID 4588 wrote to memory of 876	4588	msedge.exe	90
PID 4588 wrote to memory of 876	4588	msedge.exe	90
PID 4588 wrote to memory of 876	4588	msedge.exe	90
PID 4588 wrote to memory of 876	4588	msedge.exe	90
PID 4588 wrote to memory of 876	4588	msedge.exe	90
PID 4588 wrote to memory of 876	4588	msedge.exe	90
PID 4588 wrote to memory of 876	4588	msedge.exe	90
PID 4588 wrote to memory of 876	4588	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b96744f95a898190456b06293b2965ed.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb16a46f8,0x7ffbb16a4708,0x7ffbb16a4718
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,1893223241195793254,6518985601248581382,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,1893223241195793254,6518985601248581382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,1893223241195793254,6518985601248581382,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1893223241195793254,6518985601248581382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1893223241195793254,6518985601248581382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1893223241195793254,6518985601248581382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,1893223241195793254,6518985601248581382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,1893223241195793254,6518985601248581382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1893223241195793254,6518985601248581382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1893223241195793254,6518985601248581382,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1893223241195793254,6518985601248581382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1893223241195793254,6518985601248581382,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,1893223241195793254,6518985601248581382,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
3dca649955fe37f4f0d6694668c7e339

SHA1
5b0333ff5f30b443f15ce57e87d0772326ac6946

SHA256
41d077980b2b449de08c0ff6e6e7b2f5ade31de344de10c57fc5136f30c29492

SHA512
a4a78ae247cee9562409631d73ed6ee36f3ab55972fdd5f5d16b6b18ea55e5b0720acdae6833f87446ff5e674303f3b469b943695dcf0790babf672c4eb5019f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e3e30c6afbfa462df7bccd4f0fb015fd

SHA1
4e6115bd30a4ea1ebe146579d1515fef134edfb3

SHA256
438eedb319fe2447d8b20dcdc5c051a485279539cbcaba2d740f181297e33988

SHA512
96bf0754b7e0d7b3db6a4efaab652ce19c5e375eebac010d8d91a44e0cf83fa8b8ac1ea5fcda97124713d558a099d5db8abd7f89bd45cf01efc4a9d9e30a77a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a173e7b6f50eddadf9653d14a8fc47c0

SHA1
91a6911c4c6d6953152fe7722b4085e8877fbd8a

SHA256
a1291232368e10ca5414edd62a6aa9a2604c2b1d9875f4d273cf9c0bba6d842c

SHA512
bc6bde860e7c23ba9e816e89d394ed67d4704e9908ae16cbe06c2761c74896f9ff862fefd9c8c415b336a5c8dfe817d8c99e376372080f21d24303a53a813a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
784403989c264a7c65f9e82b1ea9eb28

SHA1
547a9b4150a131439772d5ed966427e16830b7d0

SHA256
c4d2d7b0903422d92153a6c202bfac24dff0372899ebeed2568536a7a4db2820

SHA512
85efa796b71f8421786f5dbd5815812e8645fac702598d946ce86e25be08caca3573079050771b65333cb28e58655bc6930ffb2e3b9ccd4643380dc984d0e759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2618d093c2ea9ca5e6a97f56f856107

SHA1
c096a1caafd16f6f3c692aa39d8a66435f644649

SHA256
905f6d8a6db94bbadc8afc065331383a7bf32a664fdad719251f13a10b796a80

SHA512
ce5e8c4708d3ce9212c515370549751566666369f2ca2edb17ef9ab8b90de188b13969040cbaed63e5500837b861a45e5034095f65fd721d3ec0a9c0efcc2366

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7c0fca9c89ef963b2bd393b0b7b6f573

SHA1
0dc2fe9e8f71308ce0edfdb04a31383ac07d6460

SHA256
6b902e8e3d2fd9e8474ca7afb2f79d80986e508524b2d56cf9d74f171f0394d1

SHA512
c5ad45635b04697c5ba29ac7108ac356040e1f1bab6aa278d20d21d29c0bcad031e6fd0900a87b31810d40832ea2468ed91027594e8a44497a7aad63c0ddf6a2

Download Submit