093c53817e1a5fa74c43bfaf81e5b5846d7d9e8162e0e6dbdfd8e1525ae84c93

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-10-2024 04:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

74KB
MD5

69e59d058a59be7209c2709448fd2ca6
SHA1

8d49bc6f247fe48f1b6b5ef647cf0b84cabf36d2
SHA256

9a8eababfef3149dbfa7e141d51bb1b1e8972522512d6216de358b0122e9533d
SHA512

214bc89d537a458e85e996ddec91970035c9e6f0049ef96df0f8856760c2c15cfab6d71bef47f527898e4f3f9c0f4c8cc227b53305b8f85aaf88c5e1b8e3de80
SSDEEP

1536:SBlfMfRLx3SKz/5Zqfr8dRs5KExTqrJnMSoYNKKHXVLMkdUAhNDx/P5ZND6XUtib:SBlfMfRN3SKz/5Zqfr8dRs5KcTPSoYEl

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3260	msedge.exe
3260	msedge.exe
5068	msedge.exe
5068	msedge.exe
1324	identity_helper.exe
1324	identity_helper.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5068 wrote to memory of 4388	5068	msedge.exe	82
PID 5068 wrote to memory of 4388	5068	msedge.exe	82
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3340	5068	msedge.exe	83
PID 5068 wrote to memory of 3260	5068	msedge.exe	84
PID 5068 wrote to memory of 3260	5068	msedge.exe	84
PID 5068 wrote to memory of 4300	5068	msedge.exe	85
PID 5068 wrote to memory of 4300	5068	msedge.exe	85
PID 5068 wrote to memory of 4300	5068	msedge.exe	85
PID 5068 wrote to memory of 4300	5068	msedge.exe	85
PID 5068 wrote to memory of 4300	5068	msedge.exe	85
PID 5068 wrote to memory of 4300	5068	msedge.exe	85
PID 5068 wrote to memory of 4300	5068	msedge.exe	85
PID 5068 wrote to memory of 4300	5068	msedge.exe	85
PID 5068 wrote to memory of 4300	5068	msedge.exe	85
PID 5068 wrote to memory of 4300	5068	msedge.exe	85
PID 5068 wrote to memory of 4300	5068	msedge.exe	85
PID 5068 wrote to memory of 4300	5068	msedge.exe	85
PID 5068 wrote to memory of 4300	5068	msedge.exe	85
PID 5068 wrote to memory of 4300	5068	msedge.exe	85
PID 5068 wrote to memory of 4300	5068	msedge.exe	85
PID 5068 wrote to memory of 4300	5068	msedge.exe	85
PID 5068 wrote to memory of 4300	5068	msedge.exe	85
PID 5068 wrote to memory of 4300	5068	msedge.exe	85
PID 5068 wrote to memory of 4300	5068	msedge.exe	85
PID 5068 wrote to memory of 4300	5068	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffd99e846f8,0x7ffd99e84708,0x7ffd99e84718
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10110639169080829959,15512561684538265815,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,10110639169080829959,15512561684538265815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,10110639169080829959,15512561684538265815,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10110639169080829959,15512561684538265815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10110639169080829959,15512561684538265815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10110639169080829959,15512561684538265815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10110639169080829959,15512561684538265815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10110639169080829959,15512561684538265815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10110639169080829959,15512561684538265815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10110639169080829959,15512561684538265815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10110639169080829959,15512561684538265815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10110639169080829959,15512561684538265815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10110639169080829959,15512561684538265815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10110639169080829959,15512561684538265815,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
043f91ced9d13ac0c53a2f98b8699714

SHA1
14d986c995d495d7708023d754564d750d7cab0b

SHA256
ad3ebc0697f2a53f6a793cd010d93311c874173d86ae97a233e9be2348793783

SHA512
fe0b25fd019fbb686872e87ef613e9cbdc451d1df0e716625d21e2519e70ff3e164a12f47eda76c2619335e51fda5d6c0e1d5299845531b19ce090981e3ff716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
88b3a10c2814816c00417f1e2c974a1c

SHA1
99215421a7eec722b2362ff0a29be6bfc06cb41e

SHA256
32043c4310a7e142940f4fc30934f2d1977c278f795f7689e0241dbd6003fa49

SHA512
d414cad95a7c959839cb7571177128143a0e8ede34182f0cac6a94d443b7dde50b8142c777cb28f9fabffb321b7bb540bab2185661b352839fafb6f8eaee01cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ac78005b13a729bbb1d4201311213ca0

SHA1
ad5cc888b6cff4b08761ac19d9f32ab0fb2c3b8f

SHA256
2c47667b7d2989070e2cc41a722a631a097f951cfdbf1e57742dd2101a62b4d5

SHA512
0ff8d59536c31a6188258c30b131b79d2bed2f854866d65d45ce087213ab8f69c5662ffd16b654ffb9ee6e6d6cebadd24d6c614a3c584805c05f1dc9a6a2cddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e9e858aa3e5aed06a2904928f6d1c298

SHA1
e5fdf60c6b48163974917356ab853a822e37da2d

SHA256
1c1d557e2ed0254fffb1010a0944bb6918fe79abcbe3045dfe97c6aa1689accb

SHA512
f72647aa78b6437084502d002d39bedcc12171bb26de528273b2c1e4330c7a5df65a9f7e0fcf03ecd00d21ed7a76bb77b63054adc4723e7f60f64a9c3e2d5bf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581846.TMP

Filesize
1KB

MD5
9a4424f88c2b3bbdeaf49b7fc13fd9ae

SHA1
2398bce26c5a7057681d4c75e6adbceabfc04d4c

SHA256
1bf1187025d2c99a0b740359a3918edd91e19f8feed5b088b08123f2aca90dd4

SHA512
d0b5705f2dffc492429b96ee74517f9a511cdf71a97a866f58040314c007c6c4b35f155a99a00d043ab851ea41d103a12aa3805c3a01dcdfbceb5550f7539cc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d3ebfedcbb3aa82ec5aca711ffba807c

SHA1
74f19657e3e8cbe8011d60869851fa816f1b1a55

SHA256
cc09878dd3c5c02f97560d5fd3dd4b8ebf9a2e3f4cccb0a812c26204285e8b3c

SHA512
b964044ea91eb028389e13890287e1c7397ca63c309027945a0026769b3aafa72453e1c6f496731a4a9325f9792ac647d631c654463ef1960ebcc3a18b7a4b6c

Download Submit