a8bc0978cb650de58e6d73194a6055f64632365f60b94974bda66000088a0cfe

Analysis

max time kernel
174s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2024, 22:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e03bd064df655fdb6ef524ee115570a3.html
Size

30KB
MD5

e03bd064df655fdb6ef524ee115570a3
SHA1

e5d5b1141bf6954d08793289f56b7ac7e61939b8
SHA256

a8bc0978cb650de58e6d73194a6055f64632365f60b94974bda66000088a0cfe
SHA512

774a47ac2dd15c3628f3ba9ada7f79a3585f0b004762bd9742f3dba1e9863656352bd0165c78d974505715e98886c68ba05755f02055d445f1edae496ba7a26b
SSDEEP

768:G9PMFnY6IT4HrzMrKOyg+MSrsqLe8hpvxL:OPMFnY6IT4HrzMrxybMmsqL9hpvxL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2844	msedge.exe
2844	msedge.exe
2756	msedge.exe
2756	msedge.exe
4404	identity_helper.exe
4404	identity_helper.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 3376	2756	msedge.exe	87
PID 2756 wrote to memory of 3376	2756	msedge.exe	87
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2172	2756	msedge.exe	88
PID 2756 wrote to memory of 2844	2756	msedge.exe	89
PID 2756 wrote to memory of 2844	2756	msedge.exe	89
PID 2756 wrote to memory of 1248	2756	msedge.exe	90
PID 2756 wrote to memory of 1248	2756	msedge.exe	90
PID 2756 wrote to memory of 1248	2756	msedge.exe	90
PID 2756 wrote to memory of 1248	2756	msedge.exe	90
PID 2756 wrote to memory of 1248	2756	msedge.exe	90
PID 2756 wrote to memory of 1248	2756	msedge.exe	90
PID 2756 wrote to memory of 1248	2756	msedge.exe	90
PID 2756 wrote to memory of 1248	2756	msedge.exe	90
PID 2756 wrote to memory of 1248	2756	msedge.exe	90
PID 2756 wrote to memory of 1248	2756	msedge.exe	90
PID 2756 wrote to memory of 1248	2756	msedge.exe	90
PID 2756 wrote to memory of 1248	2756	msedge.exe	90
PID 2756 wrote to memory of 1248	2756	msedge.exe	90
PID 2756 wrote to memory of 1248	2756	msedge.exe	90
PID 2756 wrote to memory of 1248	2756	msedge.exe	90
PID 2756 wrote to memory of 1248	2756	msedge.exe	90
PID 2756 wrote to memory of 1248	2756	msedge.exe	90
PID 2756 wrote to memory of 1248	2756	msedge.exe	90
PID 2756 wrote to memory of 1248	2756	msedge.exe	90
PID 2756 wrote to memory of 1248	2756	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e03bd064df655fdb6ef524ee115570a3.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfe0946f8,0x7ffcfe094708,0x7ffcfe094718
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15896013105959016832,14466519953060175330,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
516B

MD5
a17829a179504c4c70b6c3077d2dcafb

SHA1
049dd78722aefd2cf983d78f8bdae1e306cd8d8a

SHA256
80da12cd4f562cf5a802186a4626122b6d2da48465d70525e8c70a3065029635

SHA512
6f9c44573ef4749b21761691b714a20343a77740d4f4a240dd1011327391b23d698562751df3d7f9cdccb4bffc1153582b077c68d26199665881eb004c7da7b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9dcd765cfc8b98f14fef47992a6d04cd

SHA1
7c0e8e9551f0cb9780cdbb9962132012034c12b9

SHA256
8885df9728025481fffbe6b731b6e6a5d3ff1bda7fda088fafd2dfe55cf3b43c

SHA512
814b7adba3e4db92c59b6c70aa9ae4cb65d4c8a980264de8b5a6dcdfe7cc082177ef67899239c8138f020d1c376a5c69de9b5349556a308dbe73949618bf4d9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb95defef68a2ad982d46fbbfa017ad1

SHA1
a6d2b9423d2f12da46f6e51a461dea2a0d57d946

SHA256
68ed4fbd5745b9fdc7052f72314379576829390f7ad4634d72ed563a364e1669

SHA512
b39fcc4c65cb82958d208bfd42d5ea5a7748eb9a80bb95425b2e5a0c9be56e280f61b4e1625c081842856ee7ef8798c9c181a4a141df3ed5368b66b45d3f4e4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa3b7a340c323ecd23c5766c4edaa99b

SHA1
f333d8dadd134ed0d4068144450f3b594fd861a9

SHA256
813438e4efd6d9a61bf819d9b057c3cef41236c6570f4a9da23c81e55dfc3d39

SHA512
c1859360e74924592faafb6a9c5c24a8f2ad8783ccc2a6be9282cf42c2d1b71b199303800dd226d46c39d9e3d4ff46661a1aaa45c0d13b978df61911c6b72928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
3c1e96f2b486fa2b7795e80856e0bd50

SHA1
6c7127aaa3f1757d8b829456ab98f71af4288e69

SHA256
698a9eb4976ffcc559a5b039934e55f76ff13cce639dc0e55121509d79cf7361

SHA512
49f71da33f463b52d2881c23815c65b6a94fe17843056fdaf1a565043267ad86819cb35207ae84506466c8aa4229f9a18bab6e1194e81eda21998581784fd27e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58dc80.TMP

Filesize
203B

MD5
a0640e558324a8f9606479fd9e7badeb

SHA1
86f23583a2c6dd4a7137bb350d689d3625e432b1

SHA256
af845eb52f45090823a21340e98c11c39ba24eec8131b8a52c8508f68ba0cd03

SHA512
72a317e294ad8625bb922b9c5cff1845b082f9b1bc0eed321467cd5881d1968dd7d0fe9a852b7f456b6ac84fe6e4937b667fe45951009b973922360cbfc3a498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ed5f41298af6bc7b78b55dac2125f313

SHA1
b1cefd7262a60e741e5f08e418cfc1874e1c85d1

SHA256
d4c5511109fc4291d71e6b10f6f9158644fc75f0771387bd619a7c5a32dd41ae

SHA512
1858b809dbfa7cf5a1e3e5f70128b060358125d6c8d1f97535845420dfe83164032cbc1406476e01cb4f744af488b7305b4b5a9723ce98428e09fa7ae42e9179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dd3484f1bb60f6a4ffb0714ca4d87be9

SHA1
ae1ee8cbda0cc75046f62ac6707f13cd04c649a6

SHA256
a9e1f7bf381c5db04879e9a3269056a1870b684806a9bdacc1dbbe8acda9f5aa

SHA512
d7a0dde6c9c3f17ab380eb9ca18ad299b7f80adef56a4e86bc0eff664b9ef9f30fea881bdbebf4d95f6cc55c36b2c035f1c5d992d2df55933325c6e28235398f

Download Submit