hxxp://capsresearch[.]org

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://capsresearch.org

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3312	msedge.exe
3312	msedge.exe
2340	msedge.exe
2340	msedge.exe
4072	identity_helper.exe
4072	identity_helper.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 5024	2340	msedge.exe	83
PID 2340 wrote to memory of 5024	2340	msedge.exe	83
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 1788	2340	msedge.exe	84
PID 2340 wrote to memory of 3312	2340	msedge.exe	85
PID 2340 wrote to memory of 3312	2340	msedge.exe	85
PID 2340 wrote to memory of 1508	2340	msedge.exe	86
PID 2340 wrote to memory of 1508	2340	msedge.exe	86
PID 2340 wrote to memory of 1508	2340	msedge.exe	86
PID 2340 wrote to memory of 1508	2340	msedge.exe	86
PID 2340 wrote to memory of 1508	2340	msedge.exe	86
PID 2340 wrote to memory of 1508	2340	msedge.exe	86
PID 2340 wrote to memory of 1508	2340	msedge.exe	86
PID 2340 wrote to memory of 1508	2340	msedge.exe	86
PID 2340 wrote to memory of 1508	2340	msedge.exe	86
PID 2340 wrote to memory of 1508	2340	msedge.exe	86
PID 2340 wrote to memory of 1508	2340	msedge.exe	86
PID 2340 wrote to memory of 1508	2340	msedge.exe	86
PID 2340 wrote to memory of 1508	2340	msedge.exe	86
PID 2340 wrote to memory of 1508	2340	msedge.exe	86
PID 2340 wrote to memory of 1508	2340	msedge.exe	86
PID 2340 wrote to memory of 1508	2340	msedge.exe	86
PID 2340 wrote to memory of 1508	2340	msedge.exe	86
PID 2340 wrote to memory of 1508	2340	msedge.exe	86
PID 2340 wrote to memory of 1508	2340	msedge.exe	86
PID 2340 wrote to memory of 1508	2340	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://capsresearch.org
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3ec546f8,0x7ffc3ec54708,0x7ffc3ec54718
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,4851953618040861282,800887338670781498,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,4851953618040861282,800887338670781498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,4851953618040861282,800887338670781498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4851953618040861282,800887338670781498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4851953618040861282,800887338670781498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4851953618040861282,800887338670781498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4851953618040861282,800887338670781498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4851953618040861282,800887338670781498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4851953618040861282,800887338670781498,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,4851953618040861282,800887338670781498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,4851953618040861282,800887338670781498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4851953618040861282,800887338670781498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4851953618040861282,800887338670781498,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,4851953618040861282,800887338670781498,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
e1049f51c97dc22f4976cb670f601f79

SHA1
1451f9313c7146859e28f770b977fb1e712dabf8

SHA256
360009bc14aa4d15c45be159eb2326b1f5ee7e37ba79f122cf8a6279f7eec8fb

SHA512
a3a40846453cf42d9c2800aa4b8f461d7c97b2141c49b6eb7250aa3af0b227b4a947ae5a4de90ecf0d12e315e89fa1128eba839c7dc1b5f51f5b3d5ae5aa1a97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
17adcf0cfd9adc095d50c156b5ed1446

SHA1
7272bb875a0efb1321e3701f9a154f59a288c12a

SHA256
0c97c87b24f7b5f9980ab7205210841095e2b0739f2788b87d2d21e825d5fd0b

SHA512
b9cb274aba674783cd7c165478131b523cb83be4faf4e0d83e9b40ea30a51db1b53902bf9a82e75ab28e8632af05daebffbb69ce9f6fba79b82fdc72c762999b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3df737325e510f46a17b2f546d9c8e1c

SHA1
dc4ad33520d954f40842f9dfec01dbb22e6a6aef

SHA256
896805531492799214cdde56f7e4aa11616b309e3cfc55ebd1d48f60e65599c2

SHA512
8a434391f61f7760e678114bb9ac062dfe4c5ad24cf910b5697f1747def50de453c6eed9009fcb65026fa92a1d0e579cdd7846a0458baed4e824b3b8fb777fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
396f20f025fe418329fedaf69e9aa86d

SHA1
96bb2dbe110dbc7b6ffb7cfae650fbe5b9a6d6cb

SHA256
697dfcb37c78730f9e5e2c05113a289f7b0cd73e375a91ef4169aa548322eeb0

SHA512
14e004a907fee60a8d3cdd081fe68aa4a62b36fa81a67ca30cc604f97a23053deeb41037d747d53bf65464c29f9b73cb19b17d3de7f65635f156f999f7c852f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8e5db672d389096b12f7a10f4df5c3f5

SHA1
e63b7d2dd5854910759598b5ffd2d58064fd2110

SHA256
4bcdfd695d44d52e0e10300e91a35f828140c01bc84cb03776f2a2e58be9a9e5

SHA512
369a581701bd792a1ef51bad4260bce25072d746e468dde0bada65e63f29dfa0509963b2b46c42c68d1fe9c968111aa7cc4021e655d9f812a8f628e6f3bd9134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7b8b20c3a8e01fe405b78d06e28a0474

SHA1
20e4e12ed3ace95944bd0a91f6fea2cb65bf00a9

SHA256
146aef4b0e54a7e96cf9271ad2a6d01584e792119e626d1a3bd01d37c51356d8

SHA512
7f1b696cb68b207c131ec05965cea5cef6007da48bef52a1d4bc6b8c6433769b6a1de712a404db2b3ee042ade3aab9c637608dd5aee687e366dca9e204ff4929

Download Submit