9528b9056f310903335dcddfce32c61a7ddb4a9ace0ff667c923ebd9b0e49768

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 21:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f69caa331257e3fd7646a65ac7878ce9_JaffaCakes118.html
Size

422KB
MD5

f69caa331257e3fd7646a65ac7878ce9
SHA1

28affab81d44d44a206574465897be4560d9cd31
SHA256

9528b9056f310903335dcddfce32c61a7ddb4a9ace0ff667c923ebd9b0e49768
SHA512

ad2a2b38215b8159f8dbc2d17df35697d411548468c015e9ffa633e6112e34b89bb683344ee7a1980a45f1ebc8718136b2cdf9391511b5f213e651a023db7d2e
SSDEEP

12288:JfzSS087RbgE3Q0g1IPt23rl/ZslohtkE2F7nJmel8BlXbjfei:ZRbgE3Q0g1IPt23rl/ZslohtKnJtCz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2692	msedge.exe
2692	msedge.exe
2384	msedge.exe
2384	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2640	2384	msedge.exe	85
PID 2384 wrote to memory of 2640	2384	msedge.exe	85
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 700	2384	msedge.exe	86
PID 2384 wrote to memory of 2692	2384	msedge.exe	87
PID 2384 wrote to memory of 2692	2384	msedge.exe	87
PID 2384 wrote to memory of 2764	2384	msedge.exe	88
PID 2384 wrote to memory of 2764	2384	msedge.exe	88
PID 2384 wrote to memory of 2764	2384	msedge.exe	88
PID 2384 wrote to memory of 2764	2384	msedge.exe	88
PID 2384 wrote to memory of 2764	2384	msedge.exe	88
PID 2384 wrote to memory of 2764	2384	msedge.exe	88
PID 2384 wrote to memory of 2764	2384	msedge.exe	88
PID 2384 wrote to memory of 2764	2384	msedge.exe	88
PID 2384 wrote to memory of 2764	2384	msedge.exe	88
PID 2384 wrote to memory of 2764	2384	msedge.exe	88
PID 2384 wrote to memory of 2764	2384	msedge.exe	88
PID 2384 wrote to memory of 2764	2384	msedge.exe	88
PID 2384 wrote to memory of 2764	2384	msedge.exe	88
PID 2384 wrote to memory of 2764	2384	msedge.exe	88
PID 2384 wrote to memory of 2764	2384	msedge.exe	88
PID 2384 wrote to memory of 2764	2384	msedge.exe	88
PID 2384 wrote to memory of 2764	2384	msedge.exe	88
PID 2384 wrote to memory of 2764	2384	msedge.exe	88
PID 2384 wrote to memory of 2764	2384	msedge.exe	88
PID 2384 wrote to memory of 2764	2384	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f69caa331257e3fd7646a65ac7878ce9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa382846f8,0x7ffa38284708,0x7ffa38284718
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2312,10896641993530428265,10660577501034127474,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2312,10896641993530428265,10660577501034127474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2312,10896641993530428265,10660577501034127474,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,10896641993530428265,10660577501034127474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,10896641993530428265,10660577501034127474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,10896641993530428265,10660577501034127474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,10896641993530428265,10660577501034127474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2136 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,10896641993530428265,10660577501034127474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2312,10896641993530428265,10660577501034127474,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6100 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cff358b013d6f9f633bc1587f6f54ffa

SHA1
6cb7852e096be24695ff1bc213abde42d35bb376

SHA256
39205cdf989e3a86822b3f473c5fc223d7290b98c2a3fb7f75e366fc8e3ecbe9

SHA512
8831c223a1f0cf5f71fa851cdd82f4a9f03e5f267513e05b936756c116997f749ffa563623b4724de921d049de34a8f277cc539f58997cda4d178ea205be2259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc629a750e345390344524fe0ea7dcd7

SHA1
5f9f00a358caaef0321707c4f6f38d52bd7e0399

SHA256
38b634f3fedcf2a9dc3280aa76bd1ea93e192200b8a48904664fac5c9944636a

SHA512
2a941fe90b748d0326e011258fa9b494dc2f47ac047767455ed16a41d523f04370f818316503a5bad0ff5c5699e92a0aaf3952748b09287c5328354bfa6cc902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
22KB

MD5
5ee0252e2decbc463a6836b4644944cf

SHA1
ece04be6904d2fa53f47a5ce4441cede7e672530

SHA256
2d923fec0cef8f8685631958275c13e0228113cd9c3abaf8d78b73299b5e1908

SHA512
c242aeb360f88bd727075353e4fea4c086df02e3f6bfd8f938cebd85ebb72bfa31a46f5626b3c8a75f6d99ce616b6373f4fc6d98d538fb46059bc70423cefab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
4a169d56e54903103079511787808b5d

SHA1
a248412075a842fcc72191f6cc6751a111e39591

SHA256
b75a27d49dce8cd5736a7640fff67559a6cb01ef015eb932a540b4d719df0c00

SHA512
54b389c7e32c81098c867ccc1213af3a4413183a99d98a20ec29eb4e5a7a74fd19f304fc4a5c9c0b4978adca9d5eadd45dc637c5213fa6ed46215f39c5eb70c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
52915fc16c4a31dc8a37f652692cc7d7

SHA1
7a857aae36a9cbb51ba44879314ec7c60fea8660

SHA256
6fb2e0fe6e8213f24c2c8ba47d9f2a4a3c38d46766885d15d491b9f24c08a76a

SHA512
bf1dc99908dfd9ac9fbf77eec38895aff85af056697c8bad4d7c8970bc710b2679d057f2dc4d289fa568e416149bf0d5e3b2631c6e6f5aa64b6be8450de6fde2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8ccc0f1aac128b87660ed2cda03d2d4a

SHA1
ddf8be20ad7aee501c4bcc69b24d4e1e311c0da5

SHA256
77520dd4470e963b255554c967172e702ecf0dde4523566a8a40920e4b147556

SHA512
5ffe59ed00c32f10832976d010e7559b221474c2fe4f63b4c8e7d9e414c74682210f1418fdf30dc783ceab2ad8654dd4b2b43fbd4955ad2c2af016cbef0f1d02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
785B

MD5
9602cc9696c29846e5489cc702d0b056

SHA1
22b2b94ab593bdc621447fccb26e4cac9ee6b168

SHA256
ff953bd9a2d094b63c2a64963f9f282d97751ee0db912e6d82db1eeb935cd018

SHA512
a33a5621927f1b23f5473f6d2048e60db354e8054d4b8daa33de84c4a81f6760be446630179e2d5cfdfa88786dcbb21ceeefbae9c595e8bb319103d2de0b5f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
48ecfbb065aee72feebc454713b81de5

SHA1
7cec12f4a3d26acca6666a68c5a55fd5850cd5f0

SHA256
b2d7866308e1ba88937aad6d0515ec417ce6555c6cb5a5fa1f40bf9f8f29abfe

SHA512
da35dcf567a3f63e6858c77af9344667b00a16a538f008dcd1b00ccd136dca76ab039965f638f471eb6c52d36eb838e6626cd6850280ec15476d76fad1e9c80f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5df464fce2f429346527afe926e9c00a

SHA1
1fd76ef0a2ba35525bfe48a357ca827165946fa6

SHA256
05f0fbad2a51fe4e98267887a79acfd0ef0fc121736296cf9bba4f453f71d997

SHA512
2946aa5f36bf3bf32d0b2b945092ba1fe3abdba874185afacb62570ba0d99fecaa931050dc39e9b8ddbda04512dd6a706384e8396b42311e8493b33739b9a1a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
223a56be3add032f08f9716af7e69aaa

SHA1
ec40bed8515f845bf556caff24e114539fa016cc

SHA256
c0981d0cbfb86631a244b334e070902333fad90bd292b73f4a3f25e9d4ac3a55

SHA512
ba9016177e14a1a3036b1637489a0a4af9697334eb0715e76577f66918f72c3908603e2fb81b3e5f3ef7baaf7df9b475414d24d65cf5f3acac4c65c077850026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
a33ed483b2589bb397099e11ef13fb96

SHA1
b20cc1465b3ba4e022a8390b3c95174c58ce2790

SHA256
d163ef4386da363abd0453d8b8450ed8b85cf6fca4a8c554719e913ecf0bc530

SHA512
573e703b2669c167a07464a9478e256798bbb4f14e8aec8142f6162d7e05c9930b77a679754584ac4a2c5c8cb3523c67299cc1dfea8bd5f24b42c838a693dfd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
615cb26da111c36d8c7d4d32c9515537

SHA1
3bcad36d1d120d402ed72137572006d26087f899

SHA256
8bf8a2278ee27c2566c166c009e95154f2caa397286a9ecffcb19f6cb04babb9

SHA512
fd1b64604daecdcf3dc0ea737e890729fbfce7432c6995b346df7f5c45f8777d83bd3bbb39858249591759bbb9058ae910325ab19ea4510dcf3b39662e86f067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bbaa.TMP

Filesize
203B

MD5
893b2b6af6b488bd43bd236dbb8dff70

SHA1
05d713a813afec834e85575dce19fb196a7deb12

SHA256
7b961d581012d017e753fa1dc70f52a3d34d442c264493f7983b1f2cd3164107

SHA512
38af56129350d2d6542011027568cbb31de93defb7bd9d5a28b647eb89af0a160c6c254785455ab5c7022aca858e52b0d446735696b46c2abbf584a865b1a575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d1649f3ff6fb9d74ccd73d43681c1c54

SHA1
0040605028a79f851c536548ca32935e90e0c039

SHA256
84e8b5b24f6d642df7989b02f2686d2900acce67bdaf937107a085cbfdd21d8d

SHA512
0a931beb1b11db51a769e81823d71b69987c5855e61daeede6fa63300e0a01d2d707c8d3571fd977da77422c06b3a9bef2bed480ba966c97eea1c1477743c5ed

Download Submit