hxxp://techtest[.]org

Analysis

max time kernel
57s
max time network
52s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
20/08/2024, 13:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://techtest.org

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
776	msedge.exe
776	msedge.exe
5004	msedge.exe
5004	msedge.exe
1616	identity_helper.exe
1616	identity_helper.exe
3508	msedge.exe
3508	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5004 wrote to memory of 4560	5004	msedge.exe	79
PID 5004 wrote to memory of 4560	5004	msedge.exe	79
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 4808	5004	msedge.exe	80
PID 5004 wrote to memory of 776	5004	msedge.exe	81
PID 5004 wrote to memory of 776	5004	msedge.exe	81
PID 5004 wrote to memory of 1144	5004	msedge.exe	82
PID 5004 wrote to memory of 1144	5004	msedge.exe	82
PID 5004 wrote to memory of 1144	5004	msedge.exe	82
PID 5004 wrote to memory of 1144	5004	msedge.exe	82
PID 5004 wrote to memory of 1144	5004	msedge.exe	82
PID 5004 wrote to memory of 1144	5004	msedge.exe	82
PID 5004 wrote to memory of 1144	5004	msedge.exe	82
PID 5004 wrote to memory of 1144	5004	msedge.exe	82
PID 5004 wrote to memory of 1144	5004	msedge.exe	82
PID 5004 wrote to memory of 1144	5004	msedge.exe	82
PID 5004 wrote to memory of 1144	5004	msedge.exe	82
PID 5004 wrote to memory of 1144	5004	msedge.exe	82
PID 5004 wrote to memory of 1144	5004	msedge.exe	82
PID 5004 wrote to memory of 1144	5004	msedge.exe	82
PID 5004 wrote to memory of 1144	5004	msedge.exe	82
PID 5004 wrote to memory of 1144	5004	msedge.exe	82
PID 5004 wrote to memory of 1144	5004	msedge.exe	82
PID 5004 wrote to memory of 1144	5004	msedge.exe	82
PID 5004 wrote to memory of 1144	5004	msedge.exe	82
PID 5004 wrote to memory of 1144	5004	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://techtest.org
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffde88a3cb8,0x7ffde88a3cc8,0x7ffde88a3cd8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,819136445292200168,6267354278860062332,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:2656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
174KB

MD5
a8345a04de89c967e96182438c4d9118

SHA1
fad9c10333b992f396d45a43cf203ee7f9122cb3

SHA256
e8bb780fbb935a7d0cd102218417c2f9ee0b4283e40a21f936713788660c8917

SHA512
c5cadcef2e198dc3d62f76179ede0233c413f5e0b01009d0f943d32755cb2adbaff904019553abf692c8b103f23b8ae123f09e3d5b55f0b61bae223ff8471e22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ba2d6e90e77ad233ad02ef6ecab707d3

SHA1
8e0027f0ac162c08b41a9c2d434a8909343a0bb8

SHA256
e3a9c63aadc41cdb153264ee0032804fc072d64b8c3b717201658616453ae460

SHA512
4331ea65961c706d966613b7425f8382334c8fe26f82ad54332a8227c8fcb7e4737c5a4a130ea1d991c49a40a6c236eaeb950f4446f1287c601c02d15492ef16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
e17235e41160975729970a2c59c6d4d4

SHA1
6cd17c8cdfd0e556d8a0706c85a0116be8c0f15d

SHA256
f62c2e57cfeed1b369959998c6ab3ebb452f29bffdd1cb3d3f85779e5ec33e3a

SHA512
82bdd3431fef97b6bb6357af2c779a989b3229f766f22ac4d0c7d802c7e4de1b4f625bd5c5a3a4bb897f24645c9e7824b2bb8db116689ba595e6d0c8374900f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6c0f4624ee26b281406653531c6fefad

SHA1
a358e37d96f1f70a1f13684aeffa0560a7dd0240

SHA256
f978087fe2956c75122408a42e1f214189374947902fc9487e5cf9b7275f8298

SHA512
ca44902c95626ae88bcaddbed7043a1a68aa86cb7817f80aec408da210888c64cf0b03df8c443595f5404aa83778b6e6757dbc3d620e5ad034010ef4dcb00085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ddcd0755a574a4f38e12b9862544000c

SHA1
52ef41ac225349b1de8cbae1b9e9f9473eb52fc8

SHA256
fcc124330dc8d465ac99b509265ccca8d98d520000bb77e93e1543748058c446

SHA512
6cc7bfffd2796ebdb263de535ff5851fc321f86d3f68a8cd6c5071297711026a35039a24a55543f6c8fdaba5944c89d1d4d63238381360e7662b1daf953c1bf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5f3de12f40eb442b1b00fa3ac2df94a

SHA1
1cdac5ab07868df15f7164f6da9d70a53e2ba9e3

SHA256
16c092968f2767585dfaa3e99f2e0c352d95ce66872003fddd69c479ad2d9062

SHA512
faab39f52607d8848ad65e3036243af5d4c8237725a228353e52e5741989b0f849ae8c444b4b2e706ea8e7ee575f57909605513772f00f2c845b228e9c947095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
06418b4c3cd01dcfc78fc419d5682c5d

SHA1
c547ad86c0915548bcfef45dab54c180b279ecfc

SHA256
4e6af989ec249bbe415457e0a99492e6588f4c970915c8ebe67f2912b6341b5b

SHA512
bcb9fce30887a4cae3a93551d1a2212e46f69c6a9b241650955e508a30482c8a3f2486fd83b47a7577d9d7451658eb526d2826b1ea6db6e3a63924401a20c788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
ddd24666ccf967ea9a3313fe363a8b07

SHA1
ac925e6aff8dd58d957272ba955de05069a5a0ba

SHA256
77cfc048b4393c38966302cee3dbf4bfcd26272322bde4f89cb55dfa3d19c71b

SHA512
fe7558b6b31fa23332471b4cfce7fd3f1d5229f1c2da860dcad2b475d1759bfede157bfa93bb3ab797bb2edeeba1040c2b88b977355f0bb7ff81cfe15573ce8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e0ea.TMP

Filesize
538B

MD5
37f9a04f8b3b024bb296d780f877ed98

SHA1
d49054cec8d3839a03998f15da339389a4cdfff1

SHA256
7886d90894d08366ff54180a24d2859748d6e7cc1da7b45463a21cdb1387ae3d

SHA512
0365a1f3a3e1d51d61dafe73dc4a7706466471edf3aa38f3d022d868d972b130731a4b5ad68298e118a6ee9056a08443a9ab5a71bcbbe49bea2b0e962717e526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e79476f3e6a194ac445da514619e6c91

SHA1
324be00c2c7fda2a038baa7b2393e7915d0852d8

SHA256
ef05fe8d9191fce3c294926daa6a6665d64c7b5d17435483bde609b7fb2b3fde

SHA512
13d806beb2370a55bf3cce8c4b709fb028e5cee82de01fe019e273927229f789dcb95f58038b202e17745f71feda54b4a65b8760b97c2552ce97a12b1638c120

Download Submit