04a25bfe1b12e21e61cde41e44de7770a77a0d2a99438a20782dcadf89a36fa8

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 20:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

219835fc284c9ff4ddac37298a080571_JaffaCakes118.html
Size

105KB
MD5

219835fc284c9ff4ddac37298a080571
SHA1

1ad87fb50c467ce0bf51511de04d0ec7ed8eb37a
SHA256

04a25bfe1b12e21e61cde41e44de7770a77a0d2a99438a20782dcadf89a36fa8
SHA512

209b018d033be647b4bca575cb25c31a15ef116502da1d19d025382149c79b297f23b082d2b22e140052a09a859a8d5b45c5fbe16db77cefd231b04cec4c4fa8
SSDEEP

768:8uIR6GFD03X7at5ekBGlR0xQz87H9+BzwEMB3mPgaH8z79jWm+1CE9Rjx8/:sRhFCGqlOZ7H9mAjkCkjx8/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
2200	msedge.exe
2200	msedge.exe
4536	identity_helper.exe
4536	identity_helper.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 212	2200	msedge.exe	86
PID 2200 wrote to memory of 212	2200	msedge.exe	86
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 2100	2200	msedge.exe	87
PID 2200 wrote to memory of 4912	2200	msedge.exe	88
PID 2200 wrote to memory of 4912	2200	msedge.exe	88
PID 2200 wrote to memory of 4532	2200	msedge.exe	89
PID 2200 wrote to memory of 4532	2200	msedge.exe	89
PID 2200 wrote to memory of 4532	2200	msedge.exe	89
PID 2200 wrote to memory of 4532	2200	msedge.exe	89
PID 2200 wrote to memory of 4532	2200	msedge.exe	89
PID 2200 wrote to memory of 4532	2200	msedge.exe	89
PID 2200 wrote to memory of 4532	2200	msedge.exe	89
PID 2200 wrote to memory of 4532	2200	msedge.exe	89
PID 2200 wrote to memory of 4532	2200	msedge.exe	89
PID 2200 wrote to memory of 4532	2200	msedge.exe	89
PID 2200 wrote to memory of 4532	2200	msedge.exe	89
PID 2200 wrote to memory of 4532	2200	msedge.exe	89
PID 2200 wrote to memory of 4532	2200	msedge.exe	89
PID 2200 wrote to memory of 4532	2200	msedge.exe	89
PID 2200 wrote to memory of 4532	2200	msedge.exe	89
PID 2200 wrote to memory of 4532	2200	msedge.exe	89
PID 2200 wrote to memory of 4532	2200	msedge.exe	89
PID 2200 wrote to memory of 4532	2200	msedge.exe	89
PID 2200 wrote to memory of 4532	2200	msedge.exe	89
PID 2200 wrote to memory of 4532	2200	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\219835fc284c9ff4ddac37298a080571_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffa3a8246f8,0x7ffa3a824708,0x7ffa3a824718
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13431640287701037641,17311331592861649146,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,13431640287701037641,17311331592861649146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,13431640287701037641,17311331592861649146,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13431640287701037641,17311331592861649146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13431640287701037641,17311331592861649146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13431640287701037641,17311331592861649146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13431640287701037641,17311331592861649146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1136 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13431640287701037641,17311331592861649146,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3024 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13431640287701037641,17311331592861649146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13431640287701037641,17311331592861649146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13431640287701037641,17311331592861649146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13431640287701037641,17311331592861649146,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13431640287701037641,17311331592861649146,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
317B

MD5
92633e3cecfec4790ef96f0cd79bee98

SHA1
644dc1acaaa4c739ba228ee71359af26ae7e5880

SHA256
aa329d8cb1bab2193aa061eebb7b673f5e54e5b8e892ddd3a56392771d623369

SHA512
0b2067ec6f497339810d8a36df6305cfe6ea3d16975ae7e6ea10654220412e169bc237a526faeb0dc1ede3093667a8671729249b32c08f49d5234d5fe0643ca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8ecb9e09d8fa4a2cdd19729447319b14

SHA1
1fb0e9f658171ffed0d5e80d1d26b725b0fa42c0

SHA256
2daa943959fb8d9a84e9582be981168b8a664c4b3bcaa262733b08c6c9287cd6

SHA512
d91a1ac60c5505cb2efab60d3bd7c726acb6fca55d40772fb7084ab0a78306a1a32b01c2abca082faf1921aebcf6acca6204a04ef3313c5cdbec7e94646391eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7327f26225de85d2d0c958a85fc49c1f

SHA1
a776549f618523dc1b22b998f5076f89361edc9c

SHA256
3ce8b3823e3c4d3c3aafc73f3c43d67c07bf1610201404514d98186bb88529fe

SHA512
3cbf049b6ce02bb2617f94195660295ccd674edfa556d867c1427ffa00eef86afdf83d24b7aa9559a25ca474031453857b7e62af20b8033672e83b6c6ae3bf49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6becac0381aa332a9e3ea6606b0d47b6

SHA1
6e907c86e4ae2566e0e82bc5302da572c08ed339

SHA256
b5a05d46e574cbb2ec434610e4f591ce28ac52ca747cf9057d5a8b77afa43b52

SHA512
1867453b52bfbf43672ea3d74c0d126c5eee6cff0ce618de1cd2ad7f487917dd611fd3b0d0266a8d70145cac62a22315191f247c4b7a1a08adffac8486562f72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
cda94961cd20ddfd47b419a169308bd6

SHA1
15ab8b663acb21b928b3f63a356496607888b317

SHA256
af67cfea8103afacd8bc2e023156ff30fba3c56a516cd36d284cc19933a90c33

SHA512
5c0763986bc6343c9440f22629f96321912a526acafd07a73c09ad76f5d3eaad7c898e63146ba65b4966ae2d0c6fc0a2f07225068be8cf3204669723db3aacb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c0df.TMP

Filesize
372B

MD5
d81d979844b4840fd335bd2c6e2205d2

SHA1
85d6ad39c25d89cde273ea7a9906eee945f300cc

SHA256
b17484445990c56b867ddfec4c186b98af6417e5ea62e6a6efec0fca04ec31cc

SHA512
e7167ba6a45392e1b6c6aec770122d2af38bb05ecddb6bf3d3f30bdaf7ebe2ff80a9e8de2acab8599eff721388d7c5c552c70783e7f89a933a4dc0c415f7702a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
03901f08ec4102d9362689b78def07da

SHA1
322e3893a9f5ac97a72b4a0119e0cd8748c20dea

SHA256
c22747286ed4bee342aaa22eecd911aa2ea1bc3da88806c8a9f9c17961af9fdb

SHA512
ab76629abb617b1fc6677348d5b53f4c9e856c261d295d9b71b9a610fcd119c034c734766e863547902274d1186e4af9cc538e999f18779a1ca78761e9ebe42d

Download Submit