e7fae689e8e6207ce50a393a41d6543dbbfc45dfb3cf3f8bd51dba89478382eb

Analysis

max time kernel
147s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01-09-2024 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AssetRipper.GUI.Free.exe
Size

113.5MB
MD5

f60cdb62a68941a4aa461ae92a40deeb
SHA1

97f54ad57297837eeaed14a7c8f8b4c0486ff9b2
SHA256

132ef0a45bd127143a28cbfc3f84cd7c28c43d3394d991650e4082ddf9a3ef29
SHA512

985d77f07e16512d1714bd97f1d1c9d408ef423af17ff3b4a11a0d45284acfa3e06fe9497b22052c7ba9cd9a0b338d41b4c59e167b6282394685adadc53214b3
SSDEEP

1572864:EuIGONZtKzFDgJ8aZVkyQNYF9SnrPSWF:1ODtMgJ8kAI9SnzSQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
3988	msedge.exe
3988	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
4144	identity_helper.exe
4144	identity_helper.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	376	AssetRipper.GUI.Free.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 376 wrote to memory of 2004	376	AssetRipper.GUI.Free.exe	85
PID 376 wrote to memory of 2004	376	AssetRipper.GUI.Free.exe	85
PID 2004 wrote to memory of 984	2004	msedge.exe	87
PID 2004 wrote to memory of 984	2004	msedge.exe	87
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3284	2004	msedge.exe	89
PID 2004 wrote to memory of 3988	2004	msedge.exe	90
PID 2004 wrote to memory of 3988	2004	msedge.exe	90
PID 2004 wrote to memory of 3952	2004	msedge.exe	91
PID 2004 wrote to memory of 3952	2004	msedge.exe	91
PID 2004 wrote to memory of 3952	2004	msedge.exe	91
PID 2004 wrote to memory of 3952	2004	msedge.exe	91
PID 2004 wrote to memory of 3952	2004	msedge.exe	91
PID 2004 wrote to memory of 3952	2004	msedge.exe	91
PID 2004 wrote to memory of 3952	2004	msedge.exe	91
PID 2004 wrote to memory of 3952	2004	msedge.exe	91
PID 2004 wrote to memory of 3952	2004	msedge.exe	91
PID 2004 wrote to memory of 3952	2004	msedge.exe	91
PID 2004 wrote to memory of 3952	2004	msedge.exe	91
PID 2004 wrote to memory of 3952	2004	msedge.exe	91
PID 2004 wrote to memory of 3952	2004	msedge.exe	91
PID 2004 wrote to memory of 3952	2004	msedge.exe	91
PID 2004 wrote to memory of 3952	2004	msedge.exe	91
PID 2004 wrote to memory of 3952	2004	msedge.exe	91
PID 2004 wrote to memory of 3952	2004	msedge.exe	91
PID 2004 wrote to memory of 3952	2004	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\AssetRipper.GUI.Free.exe
"C:\Users\Admin\AppData\Local\Temp\AssetRipper.GUI.Free.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://127.0.0.1:54570/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd498e46f8,0x7ffd498e4708,0x7ffd498e4718
    3⤵
    PID:984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1804,9989140735607546770,11564281282592648661,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:3284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1804,9989140735607546770,11564281282592648661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1804,9989140735607546770,11564281282592648661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2348 /prefetch:8
    3⤵
    PID:3952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,9989140735607546770,11564281282592648661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
    3⤵
    PID:1728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,9989140735607546770,11564281282592648661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
    3⤵
    PID:2500
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1804,9989140735607546770,11564281282592648661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
    3⤵
    PID:64
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1804,9989140735607546770,11564281282592648661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,9989140735607546770,11564281282592648661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
    3⤵
    PID:3780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,9989140735607546770,11564281282592648661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
    3⤵
    PID:1808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,9989140735607546770,11564281282592648661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
    3⤵
    PID:876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,9989140735607546770,11564281282592648661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
    3⤵
    PID:848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1804,9989140735607546770,11564281282592648661,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2828 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
6129d35e06cd18824723a4c37eab89bb

SHA1
162810b09513f187982ccf5e973f681ee96a000f

SHA256
452c73cb5a4619b73a7cef255cd34aeb9de4ee0229fa1c77fa442a4dfe14013d

SHA512
784309e6bac862c7b7ad08b33b669d4dd4eee6b6c660e953a695a0b0180e218c6a239bbd1b398e8547d897680a03c7d61dd67f369b4c93dba3665729720e243f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
305B

MD5
eb05fc014baabea46c761a56b8aca295

SHA1
15b8befd254d8eedf35ae25bf280465ff124b0a6

SHA256
7f358a144aea12151be1901384d9b75588918ae539db8607e006704ddbce085f

SHA512
42381190e93539a7d51469056985f16b9f9a89b4e95d6208ead222b28f0174b693aa99d6deeb8e9c19a9277880c35d356ba8d34548a312a8b057ef7e552dd235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6b75ceca317393d0685b54c05a79c483

SHA1
7dd942268b337ed35314d4f3ce36772330cfe6d8

SHA256
4b8df26c84c1dbb1edb6c482e77df615f60fa989d61c5461674145c9cbe8cad6

SHA512
3dea036791353098f02170a5929755ce626049fe715c5eeb12d391f4cb839077c8c903830fa49da93382bbc0930e978c87bcaacbdd56964d760844593e5c0f76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6e06eed01011d0bc7356553d0e162b66

SHA1
8b369d1230f0288527f8df47003dcecbb8cef86c

SHA256
3b1466023b06c710b3a4875a8c654e310f69ceb65edbdf891cb23604a999c09a

SHA512
042cbb34e78f9093bec159c413860287889a65ef95b0e72e779a5495bc1d22569e134bb29a6ceab647dda0ddead41cdc2460a11996bbcb3fc0f6c685088ba9e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1ee21e41f6553932b1e84e94bdfc62ae

SHA1
a4fa46d90b6fdc9de002265acafe67334cdb30d1

SHA256
a1399ba4dea668c2e589d2ab49dfbc47673a0ee708315a38cd57bcab4aa63068

SHA512
b8037b8bc760286ac295958986a077a956e2669cf5b4a85d1a7372443a39b2c331c5dbb9ebf114c6f5d6364c7b1bae7372479c2148da1988cf018413cde6758f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7fa81d3a1c74a1175eafbad2ef24cab0

SHA1
8dba2fb88cfd5d4498293ee130572f59f3cbdf77

SHA256
73314822f4e65fa36d5a891a1e9cdb3673b6f99610e18e49ff1d7c7da2f35b72

SHA512
d050df4edd7728c0615e7eb3942d4c1c172dbc74ab10da83ad668e8f9804c76522d6ff80ca0025e9ead1898bb4b8b3394b11bc7f338c826f05c6062412b7e447

Download Submit
C:\Users\Admin\AppData\Local\Temp\AssetRipper.log

Filesize
327B

MD5
fa647dce7eb77a63019f80abdf98bc44

SHA1
f08c7b618f8c400da45f20d8c8965b8850e7e1b5

SHA256
f6ede049720e56b143a157a4b39f3a47aaa115a2697447e826ef2f315ff31505

SHA512
83ea81c9a744418763eba7282618579ef5d8f1dc784d68205c2c497ff3c5bf86aec7e8ff261b1e90b2757ccf386f081f0217186557bd6e004b31d5ec106e8e96

Download Submit