225721d4f140eb08888fdede8d3ac4e18970921e36214a4ecf18da2d1ae1739f

Analysis

max time kernel
146s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-03-2024 15:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0ea46287f8000baf653b9901832b560.html
Size

34KB
MD5

c0ea46287f8000baf653b9901832b560
SHA1

2f37c57aefed90da6aadde23da212968a3cd2093
SHA256

225721d4f140eb08888fdede8d3ac4e18970921e36214a4ecf18da2d1ae1739f
SHA512

169c7918e93b096b7669e7148dabb225c9a9bfaa2c015a4db7c8c21eafb82834f545ea486eff3058fc281d615387965a935d4fa6eb2082a38e64985d8f681f2c
SSDEEP

768:xPewvc7TPHuCZgwAoGb+FHqY4fRBI4RSNfP2VBgUXy7qwuDGinugVg:xPCTvuCZzAoGb+FHwfRGNP2bgUXy7qwJ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4420	msedge.exe
4420	msedge.exe
2776	msedge.exe
2776	msedge.exe
3188	identity_helper.exe
3188	identity_helper.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4420 wrote to memory of 2972	4420	msedge.exe	87
PID 4420 wrote to memory of 2972	4420	msedge.exe	87
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 4976	4420	msedge.exe	88
PID 4420 wrote to memory of 2776	4420	msedge.exe	89
PID 4420 wrote to memory of 2776	4420	msedge.exe	89
PID 4420 wrote to memory of 2380	4420	msedge.exe	90
PID 4420 wrote to memory of 2380	4420	msedge.exe	90
PID 4420 wrote to memory of 2380	4420	msedge.exe	90
PID 4420 wrote to memory of 2380	4420	msedge.exe	90
PID 4420 wrote to memory of 2380	4420	msedge.exe	90
PID 4420 wrote to memory of 2380	4420	msedge.exe	90
PID 4420 wrote to memory of 2380	4420	msedge.exe	90
PID 4420 wrote to memory of 2380	4420	msedge.exe	90
PID 4420 wrote to memory of 2380	4420	msedge.exe	90
PID 4420 wrote to memory of 2380	4420	msedge.exe	90
PID 4420 wrote to memory of 2380	4420	msedge.exe	90
PID 4420 wrote to memory of 2380	4420	msedge.exe	90
PID 4420 wrote to memory of 2380	4420	msedge.exe	90
PID 4420 wrote to memory of 2380	4420	msedge.exe	90
PID 4420 wrote to memory of 2380	4420	msedge.exe	90
PID 4420 wrote to memory of 2380	4420	msedge.exe	90
PID 4420 wrote to memory of 2380	4420	msedge.exe	90
PID 4420 wrote to memory of 2380	4420	msedge.exe	90
PID 4420 wrote to memory of 2380	4420	msedge.exe	90
PID 4420 wrote to memory of 2380	4420	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c0ea46287f8000baf653b9901832b560.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa60c846f8,0x7ffa60c84708,0x7ffa60c84718
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,8390422355099193782,12861459780082204853,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,8390422355099193782,12861459780082204853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,8390422355099193782,12861459780082204853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8390422355099193782,12861459780082204853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8390422355099193782,12861459780082204853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,8390422355099193782,12861459780082204853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,8390422355099193782,12861459780082204853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8390422355099193782,12861459780082204853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2428 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8390422355099193782,12861459780082204853,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8390422355099193782,12861459780082204853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8390422355099193782,12861459780082204853,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,8390422355099193782,12861459780082204853,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
910048c4fb439e46bd41462ed81fb4e6

SHA1
c737d15d5317fe98d00a1a0f9570b627875e613e

SHA256
d2589aa5139593fc2b0c5fa71ebfbb633cf82b4babc081bec7e8fe8a4c10b667

SHA512
9985a2db5bc78beef7a23f3099c2b55f96e3da176fbfb0a6418acbc35745c6d72f8c2d61c203a6f19563a6cd97bbea5bdde8bd819b9f9ea54af5b3926d1e8c81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6c2a9582e31c96c5cf574a617c32df38

SHA1
a1527e55d0ed9d917d0862d092216fbe97235560

SHA256
445e9c82e418e618cf32a4623da26378970d76b4975d6c5f8df7076237473287

SHA512
31334c06e1df6917fddf692fa96567cb9891858873b52704d056cf9d7a4f24ab18c05fd79c5ec851a21d72f44fc0de75d55fd89bb627625c08365e06e76833b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8040da86cab95e4ccb38a78d534c61ac

SHA1
5ba2abceb1d16671c5448b94e4dc909475463bc7

SHA256
ce7a1701883dfc9fddd47af1ac14a9e380e8cfcf2e0c8525d42ad386a5f927e0

SHA512
e09312191b771d90c97f5426411cbc696fe1e09e71e8ddd96a6869e546c31d622c60b9eac15c19992e2fc51adc1d087356c74fbccec497d5032fe576abfcda6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9066878fc99eafc14138ad1940a7f6a4

SHA1
ce6cb2ff85cd30080d127668480842f24e9c5ee6

SHA256
9384f31d3e6caea6ae74f82f72f1d27b89ea5761a76b875850275519f9d3652a

SHA512
bfc72eb71707d73563d6418c6279b4ce479e35233ece398f97723a0e4539c07eda14f93913bd4dbb28a6cb5e9408463af07576522fc35c2da981c90202987fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
1703397320dfea826680361fa693b686

SHA1
abd425c30b34fe264e9829f0c8f277b8242885e2

SHA256
c7472dd85cc9564fdd76172cc77b40f4f7a1898c35199e18ffe7f2fc9779fd3f

SHA512
0605b48bcd1725e12be049b0952c8be17818cd4e0359d5a7bb32cea62cc5f95ba4648c84ea4b7618cb228d29d9b0afb1f7ff465ccefcbe8c6bf6cbe94b94f666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58170d.TMP

Filesize
371B

MD5
731ac0f620e28b0786a14d35722bff6f

SHA1
9040b127b7305e7077590fc24ec300a5140a39af

SHA256
3725a9e63882214ba6cd0743422a0edb2e69109e6cc9f6fd3f310efbdf4139f6

SHA512
600425918a474710de1c665dc95aff3c385bd3319361b5d9aa1f1db7fe8198333480385eb86354cdc2ef73e1dad9a9e6c9e41f333d3422a98f0f1be31e61e925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2f96c6c800aedb599aa901f602f0d153

SHA1
95f4eb08130d503272b26ff8a907caa10664ada4

SHA256
2e7d67acaa99d2e3bb3f20ed7e77dad81775df47e93f5ac2b6d7f2404d5eb554

SHA512
986131fc5c4a73c5580ad96d15213b72d4e94e86b5abf316b5fd7ca2c5aa040533776993614807f3ca37ea7e899b5917d9fbe85042ce4fbbcc79b627af5fe10b

Download Submit