hxxps://ul5os[.]ru/c

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ul5os.ru/c

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4144	msedge.exe
4144	msedge.exe
220	msedge.exe
220	msedge.exe
4372	identity_helper.exe
4372	identity_helper.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

220 msedge.exe
220 msedge.exe
220 msedge.exe
220 msedge.exe
220 msedge.exe
220 msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

msedge.exe

pid	process
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 220 wrote to memory of 228	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 228	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3212	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 4144	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 4144	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 2384	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 2384	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 2384	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 2384	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 2384	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 2384	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 2384	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 2384	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 2384	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 2384	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 2384	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 2384	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 2384	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 2384	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 2384	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 2384	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 2384	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 2384	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 2384	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 2384	220	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ul5os.ru/c
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97d9546f8,0x7ff97d954708,0x7ff97d954718
2⤵
PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,1743274474042558302,4821787541628564367,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
2⤵
PID:3212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,1743274474042558302,4821787541628564367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,1743274474042558302,4821787541628564367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
2⤵
PID:2384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1743274474042558302,4821787541628564367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:1324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1743274474042558302,4821787541628564367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:824

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,1743274474042558302,4821787541628564367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
2⤵
PID:3524

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,1743274474042558302,4821787541628564367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1743274474042558302,4821787541628564367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
2⤵
PID:2476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1743274474042558302,4821787541628564367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
2⤵
PID:732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1743274474042558302,4821787541628564367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
2⤵
PID:2928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1743274474042558302,4821787541628564367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
2⤵
PID:1756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,1743274474042558302,4821787541628564367,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4612 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4192

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
cda7af55826cb9c1691736026cfe9fc0

SHA1
3e22578121531e4a6a77c7b8ad88b5170aba8d7a

SHA256
cdc447883ed52714f9d1024fe16d77c546469d55250491d0572822196de71283

SHA512
7e4f7a3a136d29b91a6d015720389fd29a521f9f6a88cf09fb6c406c3534c8a33d011a284d8d4ea9f2abf50b83621f48c78ac46a7a935eda161b171c5e5358fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
59ef7f7e63c0a9f8187f0e6a68d34791

SHA1
a087b8648eca68fa59e86a077eb4b118dbeb7eaf

SHA256
c7db58bf3c1f827594de1864f46bb66ed7f23b3d35c2d2290726746214f76fd2

SHA512
14e21a8b8c626c5d2cf91052d39cf019dcbeff8ead01f023138ad91cfa34557e6c339e8a50e3bc306abe6a97b6148b2abae0606a7c50b64a6e7f877bdcfb96eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
617B

MD5
ba9cd5da78d527711ace113ad633176a

SHA1
a554ecd792c561cdac8361a752cf58cdb9e57621

SHA256
3cb9155c66a930c2268eef502f899dbfd40214f6c917242b855cc06c5674f488

SHA512
d64bf5341deefe35680e9248c908125649d7feed3ae73cef09526d858e103d3298cef3072f6e501e371331a813325e048518daa4af31094f009701226018824c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
ef05fa6ce830c17995db7985645d7216

SHA1
3af7f737ef1ac1099161fdc492b2e197b0c04546

SHA256
d90db766d6e71ed225bf247ec47d0d15164dcaa99dcc80eee0fe29b84c8f62ea

SHA512
4443db01b04d6857793510058a89ac93e80a1d6587894c4c454bcc2c0ae791ac8484463ad192c92db8b4adf13af685c06917764630bbff45212ad9d1dc1ec837

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
65aeec30b4a358c55e35555609c92a32

SHA1
bcb1d4aafbb372cc4d6dc0b2d08edf64358f845e

SHA256
316466c4f67e8db7903ee7c5a586c61a88ca5f43e3ea948ba70f26e659cf49e3

SHA512
966f6caab9c4170d0c27ec89f667d3b7fbe01eb1796f578143206a5d8492c11749d04450faa57cdcb038d37192ad2890e3f89c8eee1f9dd8776ca611b66705d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a791c33d0b4d61950227d08ae2639114

SHA1
c15b0176a9c5a94a6681868243f95f91d3044725

SHA256
c32a211209fcd99b04291021ea5de003497a3a2454e479654b986356833e1f7a

SHA512
0e3f2ab904e5328f85e4b0e106ad71d22ec966522c085ac7241b2e413f23f01eebfb38e3451e3e2ed63d7911ee8c028f73211af94e316e50d830512c431ab488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4c7cc13796c60f28e3c7a4f8c13e1b05

SHA1
c5fc4aa3d8d42813ea5cb543af247e28007bfd61

SHA256
8e4788ada4b94794f132a0661154b133d6160eb999781a327c60dbc2b6dc1877

SHA512
7efbec22fd94d740dca47caf05e20b83aaea7f7711834947e14039344c43e61bcd86c478683f26d8185c3068b484c6bd853509f89190b86aba85e966cf998d4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
6bd47281fa4373082bf4d6dd3b81970f

SHA1
4e45ec094fd96e24eeeccc23295423d8ef94fa79

SHA256
85ed5f233982a3062bda01b4a1d0ad0630dd0512a4c446d74376ae7b06d2200d

SHA512
ead651a02d906d9cd99f3fe2df220c057d0c0b2864077a5a9d02db7d8e64e5db222b53da57a111a15713e73dc977152803e26a4f6edccf66717ebe6bf371c60c

Download Submit
\??\pipe\LOCAL\crashpad_220_TEHHRDGJDHKIPXEJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit