hxxp://staffmark[.]com

Analysis

max time kernel
146s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 05:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://staffmark.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2880	msedge.exe
2880	msedge.exe
116	msedge.exe
116	msedge.exe
1368	identity_helper.exe
1368	identity_helper.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 116 wrote to memory of 5020	116	msedge.exe	83
PID 116 wrote to memory of 5020	116	msedge.exe	83
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 1264	116	msedge.exe	84
PID 116 wrote to memory of 2880	116	msedge.exe	85
PID 116 wrote to memory of 2880	116	msedge.exe	85
PID 116 wrote to memory of 2132	116	msedge.exe	86
PID 116 wrote to memory of 2132	116	msedge.exe	86
PID 116 wrote to memory of 2132	116	msedge.exe	86
PID 116 wrote to memory of 2132	116	msedge.exe	86
PID 116 wrote to memory of 2132	116	msedge.exe	86
PID 116 wrote to memory of 2132	116	msedge.exe	86
PID 116 wrote to memory of 2132	116	msedge.exe	86
PID 116 wrote to memory of 2132	116	msedge.exe	86
PID 116 wrote to memory of 2132	116	msedge.exe	86
PID 116 wrote to memory of 2132	116	msedge.exe	86
PID 116 wrote to memory of 2132	116	msedge.exe	86
PID 116 wrote to memory of 2132	116	msedge.exe	86
PID 116 wrote to memory of 2132	116	msedge.exe	86
PID 116 wrote to memory of 2132	116	msedge.exe	86
PID 116 wrote to memory of 2132	116	msedge.exe	86
PID 116 wrote to memory of 2132	116	msedge.exe	86
PID 116 wrote to memory of 2132	116	msedge.exe	86
PID 116 wrote to memory of 2132	116	msedge.exe	86
PID 116 wrote to memory of 2132	116	msedge.exe	86
PID 116 wrote to memory of 2132	116	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://staffmark.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f7dc46f8,0x7ff9f7dc4708,0x7ff9f7dc4718
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,16565249853683212018,10809099504800645162,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,16565249853683212018,10809099504800645162,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,16565249853683212018,10809099504800645162,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16565249853683212018,10809099504800645162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16565249853683212018,10809099504800645162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16565249853683212018,10809099504800645162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,16565249853683212018,10809099504800645162,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,16565249853683212018,10809099504800645162,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16565249853683212018,10809099504800645162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16565249853683212018,10809099504800645162,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16565249853683212018,10809099504800645162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16565249853683212018,10809099504800645162,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,16565249853683212018,10809099504800645162,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
16c970d41d7206921556ef9cce0d2786

SHA1
0d882dc360e53d75fdd42d07cabe66b881f61cdf

SHA256
e22064071c66cbcde6bd821fa89d7627d5c596e4c5520bb0d4d595b809a52364

SHA512
95e29dfd3efef2cbb4a415b41c0d536daa858ee73e71c6bced54860f8e734e389cac7ab92d95aa1fa581e5dcf68d5cedbd925e66be113bf92445d2e29ef87014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
050dd6b092713363d423c7e5753d98f3

SHA1
fe1c13ab0072ce85602cac14f3447bb43437e4a0

SHA256
8bb0468aa7104a59d81c787d4e0b0fe82f69332b581e75229b498e39b2b2ccd5

SHA512
bb796e023d4f168ef834b94c41d724955ccd729a98ba69c4f8cd7c8cc257763168a79818abda8b984a49d62c388693a9f868ea53839dc446e07f3472511c1f7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
05571518d31545f425a6f1d78d28d479

SHA1
49a5088fba0d775d5658f4e03e93aa5e9bf60ab0

SHA256
6b4a07d1f83fe2f618d6f953a63d307b37b9b6e0b92856325d3cd4c9360852e2

SHA512
e43a3dab9a24cc80b1ddcdadf8e3c71accaf551d56b5c931dba7f7d6e48139da3d3cc00cb18ec810140842e7d7c29b94b189176b852304c8d38f6fb72480333e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c51540348379673e583bef04b374e345

SHA1
12b65a5d10071d01ee3775405e563f166236d3e8

SHA256
f6df188619a64e95f55b908acaf93575c930bfa8fbc8e1e6153555f3aa661a30

SHA512
cc1c0bd36849d02af14402998aeb27aadb0adee5aab97fb9c50d849273313ee73608d1b5a33c78ae963363680905e39dfcc1e148e8c5caca8ad30459b7124a27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7fbe76a51f1797e2c328bf4c05648c36

SHA1
cb00e0b775c133cafe1b0f018311dc2ce6977415

SHA256
2c83559734b3a2c9d37f686b5bbcdd7632e76a8f5b4080595912bfe3ec73181e

SHA512
b5ec84a75ccf653dda9e936c908995afc66be8a92b66fa13f0daf098c058148b5b2d75af9dda39d4fd529eccd27785b4921cde8215766baf849bd96fa9225319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dfb198b3ea809cd59d51a831e068bdee

SHA1
6eb4e8d909c0494305cada6c0c3e486942accc5b

SHA256
efaa248e92be51b4323951b7365a18b7cf10267aa6cdac0f0134caac6d78fa8d

SHA512
b7556ee67e08c3af2d79f5bc94aab3f9461dee26adcf8c765f9a0c592c58a588f75924c9d9bff120291314c8aa6de407fb7a048fd6677051b5ea05670966e0ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e830ccafaa38acdad558c26857494f88

SHA1
efa30318e8219440742bb40e8c8a839a4efd1c8b

SHA256
f7e0fac6fa07fb7d80e463954859acf23a0d4f98cd5cef3ad083e25ff58683d3

SHA512
d7f53e21b767f502ab9e4086fc5f6dab36e641d009a587852a0af154b25d86752c09fd798fd65dbb77c3fedbb8917dfee542f6be79af84e3fe6821132d34fd05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8babadfdfbd841a46aa4f6f4ae511a3e

SHA1
13a068358b561ca013304f2c8517acc19cb9e0f1

SHA256
6ab44541ae97ea3b6e9979f5fc071fbe6e3fefb439890b400d62302f38cccc90

SHA512
03983d53c8f03ecdd5140e677407af66c18a9782baed582cd7d6067136b156b5061a04a9c95d3e667a6638ccce1f2095a41499bd7e5ed8ff8033cfea9f4a6701

Download Submit