hxxp://cefivalidate-stretto[.]site

Analysis

max time kernel
1141s
max time network
1143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-09-2024 12:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://cefivalidate-stretto.site

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1400	msedge.exe
1400	msedge.exe
3104	identity_helper.exe
3104	identity_helper.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 1592	1400	msedge.exe	83
PID 1400 wrote to memory of 1592	1400	msedge.exe	83
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 3836	1400	msedge.exe	85
PID 1400 wrote to memory of 1804	1400	msedge.exe	86
PID 1400 wrote to memory of 1804	1400	msedge.exe	86
PID 1400 wrote to memory of 1788	1400	msedge.exe	87
PID 1400 wrote to memory of 1788	1400	msedge.exe	87
PID 1400 wrote to memory of 1788	1400	msedge.exe	87
PID 1400 wrote to memory of 1788	1400	msedge.exe	87
PID 1400 wrote to memory of 1788	1400	msedge.exe	87
PID 1400 wrote to memory of 1788	1400	msedge.exe	87
PID 1400 wrote to memory of 1788	1400	msedge.exe	87
PID 1400 wrote to memory of 1788	1400	msedge.exe	87
PID 1400 wrote to memory of 1788	1400	msedge.exe	87
PID 1400 wrote to memory of 1788	1400	msedge.exe	87
PID 1400 wrote to memory of 1788	1400	msedge.exe	87
PID 1400 wrote to memory of 1788	1400	msedge.exe	87
PID 1400 wrote to memory of 1788	1400	msedge.exe	87
PID 1400 wrote to memory of 1788	1400	msedge.exe	87
PID 1400 wrote to memory of 1788	1400	msedge.exe	87
PID 1400 wrote to memory of 1788	1400	msedge.exe	87
PID 1400 wrote to memory of 1788	1400	msedge.exe	87
PID 1400 wrote to memory of 1788	1400	msedge.exe	87
PID 1400 wrote to memory of 1788	1400	msedge.exe	87
PID 1400 wrote to memory of 1788	1400	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cefivalidate-stretto.site
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91c4a46f8,0x7ff91c4a4708,0x7ff91c4a4718
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3785811965120443103,7946396376376258781,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,3785811965120443103,7946396376376258781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,3785811965120443103,7946396376376258781,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3785811965120443103,7946396376376258781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3785811965120443103,7946396376376258781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,3785811965120443103,7946396376376258781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,3785811965120443103,7946396376376258781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3785811965120443103,7946396376376258781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3785811965120443103,7946396376376258781,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3785811965120443103,7946396376376258781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3785811965120443103,7946396376376258781,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3785811965120443103,7946396376376258781,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
865f4d13e4292c343de174308ae4e47f

SHA1
1a6693a185f60f885ab004d853ffd4aa9ecdf5c2

SHA256
af7022e6e31575f8634b799934685fc4bdd0fa27a218f865aa1c476c0e7f5f1a

SHA512
cef92319c82a0b04a857c818e6159c9f2745032929803661438819ecdda7df0b4717e9376684fc56eaae495d19c11dbd489a21d45882cc2e3d12b6515ffb14c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
c114de4a8d752a09f871a22597f93e3e

SHA1
ed961bd7b7519d364e5a3605a9429eb81303910c

SHA256
5054c2f35c30f644a4cc9081b5f15f2c341cf0687ce4ea3adede4b02c5a0c926

SHA512
84797ec9e465c4826ff61f41f023621a2a2f0ad51e6281a6fac1a5f4b7659f111af96291db309ef064e39a90ce4f36b955081ed9e4dc44630820aca749c81c7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8aacec6961a1b5e05367c9e27660b4a8

SHA1
55a839127e5a72e5fd9f3e879076a65d3025fa89

SHA256
e045858496c86ceb3c47c4051e38de2a3fd34540ea95612af7c53769146bfd0c

SHA512
bb007eaa0178d73e8673ad4f26441807d62f2ffc3719ee4bce3a4a01c2616d9be8914a9119713491bf6b562816ebedf92706f9e471144f905e51d12a45442d07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b2ed32c85692a84229ad1797b59c638c

SHA1
2b63b70da44c1f5075244a87b7bdbc65b18ba176

SHA256
f27d157a38c5fcdaec60f88a467644bd6b0a643adf30e922092b6ee57d2903b2

SHA512
9484ca81beca05643e1898a8878422b1a29ba825badfb733cad114be840a35986abb1ca9ff61058da7c73303e5ec09c73ec0ed4cfd890fb37c1f6e10342797b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
68af0c9c6b26cd8cd80d0d984f8493aa

SHA1
b0ecdaa25437c9b92267c5c3d3cddc04a588371b

SHA256
7e5ab499d030d6499bb5439cd66ece1a2b3ceeee1e16e31f86071e33d98fb90c

SHA512
81a470db2dd28cbfeff5ca72b68dc144915ea01fcb3952f92d5fa8e8f015c9c8e8e28daf2dc00e711dd2886b597d490408a08d1f5896f312deb3b2a1acaaee76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
edcc3f0e4eafff06bd001fe96d48b668

SHA1
b9b43a744e616229471a692606f607b751afd963

SHA256
641f40c87b1026dcfd544dda43d3a70931fa772d4d6e6af39878b961f2f48a4c

SHA512
980278689f8a76654ea6689fba711a8e45f10dc83b56077d3fe192df19347752027c9393715e2117cafea9225c7d722247e09baa01a812a2cee322a5e77d68d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f089fcb3eea94b5a8ad49a14c800bc6

SHA1
91da1f5b0775abd6ddc66b672d1c5c8b31745423

SHA256
a29443132764e6d8c958c1e543815df2a2a9ff58baed91e70d4879812dd63704

SHA512
173a0d578fbb357bed974ef8f59751fb07dddab6ff4167c5acbff145453682481e44e8d3d6b660adbfe0bdb2aae7fa29cf67f1ce7aeacffc7e6261188cd58e1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
43b24e012d4255113d64666f68416368

SHA1
6d889bb4fdb36b800bf564710378df0e66ab4978

SHA256
277632f197814afde6f8f2774f59691f7eec394e2b6b5b77692681aed6bd3b64

SHA512
99529e2ef83f71cd466bc49ca280e0622e52355ee7f2ffda7b403f5f0478dfa2971cf92634fc5838a01b40a8747ce8d53feae8180f96d694e340ab77308b8b25

Download Submit