69787ce37ac414bdc2baba96986f9b0e6065547668dd6ef4b4444c6451804100

Analysis

max time kernel
146s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 08:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

11df0c93cd3de8ec3ab0469e0ece3c09_JaffaCakes118.html
Size

25KB
MD5

11df0c93cd3de8ec3ab0469e0ece3c09
SHA1

5a2d38895bb06cff5887e89d049ef0b38ca27b52
SHA256

69787ce37ac414bdc2baba96986f9b0e6065547668dd6ef4b4444c6451804100
SHA512

9d560486fb7dbf4dd1d22025b03d73cee8aa8d47c69eb77b8b65b5ad18ba217e4bc6f5520b07708d840313b9c67b5ea5a90c636ba8672b535c21eb7983d6090c
SSDEEP

384:SD6/z0a6YdYnSv3sOpowT/b4a5CUub1EWPtg:SD6h6YdYnSv3sOp4jUs1/Fg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4532	msedge.exe
4532	msedge.exe
2724	msedge.exe
2724	msedge.exe
2284	identity_helper.exe
2284	identity_helper.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 852	2724	msedge.exe	83
PID 2724 wrote to memory of 852	2724	msedge.exe	83
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 2484	2724	msedge.exe	84
PID 2724 wrote to memory of 4532	2724	msedge.exe	85
PID 2724 wrote to memory of 4532	2724	msedge.exe	85
PID 2724 wrote to memory of 4784	2724	msedge.exe	86
PID 2724 wrote to memory of 4784	2724	msedge.exe	86
PID 2724 wrote to memory of 4784	2724	msedge.exe	86
PID 2724 wrote to memory of 4784	2724	msedge.exe	86
PID 2724 wrote to memory of 4784	2724	msedge.exe	86
PID 2724 wrote to memory of 4784	2724	msedge.exe	86
PID 2724 wrote to memory of 4784	2724	msedge.exe	86
PID 2724 wrote to memory of 4784	2724	msedge.exe	86
PID 2724 wrote to memory of 4784	2724	msedge.exe	86
PID 2724 wrote to memory of 4784	2724	msedge.exe	86
PID 2724 wrote to memory of 4784	2724	msedge.exe	86
PID 2724 wrote to memory of 4784	2724	msedge.exe	86
PID 2724 wrote to memory of 4784	2724	msedge.exe	86
PID 2724 wrote to memory of 4784	2724	msedge.exe	86
PID 2724 wrote to memory of 4784	2724	msedge.exe	86
PID 2724 wrote to memory of 4784	2724	msedge.exe	86
PID 2724 wrote to memory of 4784	2724	msedge.exe	86
PID 2724 wrote to memory of 4784	2724	msedge.exe	86
PID 2724 wrote to memory of 4784	2724	msedge.exe	86
PID 2724 wrote to memory of 4784	2724	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\11df0c93cd3de8ec3ab0469e0ece3c09_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8a2246f8,0x7ffe8a224708,0x7ffe8a224718
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,8217290944432122128,15124819659398449477,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,8217290944432122128,15124819659398449477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,8217290944432122128,15124819659398449477,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8217290944432122128,15124819659398449477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8217290944432122128,15124819659398449477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8217290944432122128,15124819659398449477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,8217290944432122128,15124819659398449477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,8217290944432122128,15124819659398449477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8217290944432122128,15124819659398449477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8217290944432122128,15124819659398449477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8217290944432122128,15124819659398449477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8217290944432122128,15124819659398449477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,8217290944432122128,15124819659398449477,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
e9724c23c4a31288fdc22a7dd1113c25

SHA1
37ab4f997fdab37aad3e8141b6bccda370eb3b87

SHA256
4d662e0272309919e20e17d3a4c395c254d4268958bc87d11921f91609841ac5

SHA512
7b8adcaa50ddcce880b976209b209ab9641c9b041be9befc39f3dde51b330df2965ace17ba579a215619d1eec65bb6ace61d9d852e7467167eebb6ebd6d58373

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
716B

MD5
1c661a691ec7a5d3f087a2dd23556b86

SHA1
9be7a7cfa99f78a479624778726796a04a9ac31e

SHA256
7b8eedc8fa9e78b7261546cfe4c8802fbbfa5609bbe5ec9e0dffe53c13ebb319

SHA512
9f47118b38d5e2b96e9572d59a01c4c6f15eefc25eb7c68882ce09cc77018202501bb4332b2ce2131d3fac83605ec0fce530c0bfadff8f9c72030df6d70c04f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
951B

MD5
39416a37c6fcfef472206bc4b798c4e0

SHA1
80623acf157cd8a01ec05c000a330cb519a2ffe5

SHA256
589e3ce0d2343e8c96cd3b5bf520071ca32da079ff85df9b77876d218df0902d

SHA512
47d1aec744328eb1f614922cf1214279d9a9f6059d0735c8f22dee91893ffb9b23b93c2fc341d642a4333f2aea0421586f2bce0efd170ae56a32d8a83e839cf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6ebde948cb80580831837eb6d5f8c499

SHA1
5197ac9174c26afe9d53ca1bd27bf694e741ef22

SHA256
dc5e34febe82f5f441837505dc8d1571c8706d8a3d636bb00d76d0200faa3406

SHA512
404a02d361e2ee3c8004e80b3ca6444773344e5b2c823d3bf1073b859dfab3b6040f1f7ec63aa4c8175bfa60985091840a5dd6351a355147347b1809be187f80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2a73b1247bac8511b28e51d55f1cdb97

SHA1
2351c3f769f12e43c00805535265adeb06b85965

SHA256
a1f1967aaeba5568afe2d3caad971a72ddf4f98765d89a71ab20601b4fba79c3

SHA512
382968919bcc65f85a068fe8539290df493ffc8d82f52ee45eb064d9b16f8dd8164e2a1427f0a49ef7adc6d70d2af4bd09b82c16445b9ad49b077a7b5997dd38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0bf818d100f4d2fd5c9154bea4028822

SHA1
20757988d91c574275cd7a6d155a957bb86abf6b

SHA256
2ecee5189601bb31e6216d43689be5f4a584f4fefca40d32fe721aae327109e3

SHA512
61b03916d238abd266372ad291c03d6fccb3515e92179690c597e122eaea6b7d149f90c0deb1d97e0e49ebe7a7920ef872301080bdcce1d41de7235788769627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fee3c7a57a445906d40eea6383d8dda9

SHA1
ace399ca19c4e7dd9a193baeb8db485a792b0651

SHA256
f4cc8920b10cb7e341a2eccc9fc1611141510ef281ad2fe18af257e13ac356d1

SHA512
579f47bc1e85779b5723dd9c8d4dbf6d0498ba22da3229577b0fe215028497c006a8b2dc813b566106bded0dad8bc5546f53cdf9e30d9683c27e9aa2a0429c4e

Download Submit