ab4c1518b3e48a4463459a359adb45821ef88b8b818c0e7ba74079686083c79a

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 12:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f0841699e7ef23c39faf0307e644081_JaffaCakes118.html
Size

89KB
MD5

2f0841699e7ef23c39faf0307e644081
SHA1

8ac4aa0c9b75aa07c57c7c21241f0c3c44e55e16
SHA256

ab4c1518b3e48a4463459a359adb45821ef88b8b818c0e7ba74079686083c79a
SHA512

2ba2839cf88e1c842eea3a5e4d2262716ef4974dded7797684c03315311ed47dd0d5425419fab052d7df2231552c4e956693ca125ed9902bd08b5446beb031b2
SSDEEP

768:B0R3xs0MHvvCIynoWgGmA9TgtIA4CX08H7k6uV6z4aaZJJX2JJNPhlRZLGpIAicO:BlBHv7ynvBTgtIA3kTnSJLcIAlCVF

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3756	msedge.exe
3756	msedge.exe
4372	msedge.exe
4372	msedge.exe
3164	identity_helper.exe
3164	identity_helper.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4372 wrote to memory of 532	4372	msedge.exe	83
PID 4372 wrote to memory of 532	4372	msedge.exe	83
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 1080	4372	msedge.exe	84
PID 4372 wrote to memory of 3756	4372	msedge.exe	85
PID 4372 wrote to memory of 3756	4372	msedge.exe	85
PID 4372 wrote to memory of 2640	4372	msedge.exe	86
PID 4372 wrote to memory of 2640	4372	msedge.exe	86
PID 4372 wrote to memory of 2640	4372	msedge.exe	86
PID 4372 wrote to memory of 2640	4372	msedge.exe	86
PID 4372 wrote to memory of 2640	4372	msedge.exe	86
PID 4372 wrote to memory of 2640	4372	msedge.exe	86
PID 4372 wrote to memory of 2640	4372	msedge.exe	86
PID 4372 wrote to memory of 2640	4372	msedge.exe	86
PID 4372 wrote to memory of 2640	4372	msedge.exe	86
PID 4372 wrote to memory of 2640	4372	msedge.exe	86
PID 4372 wrote to memory of 2640	4372	msedge.exe	86
PID 4372 wrote to memory of 2640	4372	msedge.exe	86
PID 4372 wrote to memory of 2640	4372	msedge.exe	86
PID 4372 wrote to memory of 2640	4372	msedge.exe	86
PID 4372 wrote to memory of 2640	4372	msedge.exe	86
PID 4372 wrote to memory of 2640	4372	msedge.exe	86
PID 4372 wrote to memory of 2640	4372	msedge.exe	86
PID 4372 wrote to memory of 2640	4372	msedge.exe	86
PID 4372 wrote to memory of 2640	4372	msedge.exe	86
PID 4372 wrote to memory of 2640	4372	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f0841699e7ef23c39faf0307e644081_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd92c546f8,0x7ffd92c54708,0x7ffd92c54718
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,1673927177788802335,13886261535337083557,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,1673927177788802335,13886261535337083557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,1673927177788802335,13886261535337083557,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1673927177788802335,13886261535337083557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1673927177788802335,13886261535337083557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1673927177788802335,13886261535337083557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1673927177788802335,13886261535337083557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,1673927177788802335,13886261535337083557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:8
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,1673927177788802335,13886261535337083557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1673927177788802335,13886261535337083557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1673927177788802335,13886261535337083557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1673927177788802335,13886261535337083557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1673927177788802335,13886261535337083557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,1673927177788802335,13886261535337083557,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5212 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
980188d1e5f3a97da23061c3aef72403

SHA1
10d87445eb6790996fb5033b2e1932301bb655a8

SHA256
0a2f34b4b523f2b882a5e3e8e95c8b95d4f90dc0cecd14e5d3b476d9a21dc772

SHA512
23ddd11539a32f7e5d8e062ba3ce63cfa6655838f21da6111818f22a2d378862986ecfed35fb08677849f7b80df696416a7bd8862da1b1ecf92e646e9c1571b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
821B

MD5
d1a61962db92ad3460e6f2b3477a7b3e

SHA1
cb412d09c7c68ae7e247ba3edface4b8534f45bc

SHA256
bd322f7b7a56cc601ccefbe7143049950629682c57fed60993a04f64399f33f7

SHA512
5155dcbf9c54555ab762e9ec35f6cdb25e560e9813659a36386cfa675590984707ec46e994fe39a88e906266bf09e7f55b36fbdc2904b793dbaeed37250a7475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b20cab0250816a628f42d283b73aa10c

SHA1
20a39ab049abd600926d23670c28e3e402290ee9

SHA256
69a246026b0f1449f051e60e13b0ac2c0eceb9e1f6d8d290ad7c9103bf7be17d

SHA512
0b4613032b21ad728dc7b545abaec2f54eab061b5e67b4f67bef96d23dfcbd05d831667df669594b817f46039edefffb46e03023bd5982e62c10eeec4d4f6bb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0a126a92d490aa5965736fec2705e877

SHA1
697b7d654e8e580e637fb80a1cdb9ec69ebfc3b5

SHA256
4adbb513e8d6bb065e0688f4e42aa318c8e96b642a4e8ef1cd3b9fc7a1e99926

SHA512
dd7bd0556f4f59f2dc421a502092263a828558a91cb90ce2f3b15b7ad2e96b27fbfaeeb4ed1ac8ac399c2b56b5a4e47fc99d88977ee475abe5d5d4ef6cab4c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
669fe4c189c5b5ceb3b8c23b65e3fa2f

SHA1
1b2a9343116060f1bbf8328b7896e5728b515258

SHA256
6cb9991f61ac2ab46204de39e63a90909ed73bbdb2b37da0c4cfbb2489e918f2

SHA512
8513ff31496ebc893d55309fb43b6fef4823a5e0b97cdbf40338b229fe45a3d3d3cd5dd6cb223c7dc84a32b16ad0f262d6cd83461a5a79277adf30e0a0185586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d9ec88b9f31236778cead55c3f025bf5

SHA1
c63a280702f82af7ee2852e5765a403174f3f452

SHA256
7cbe55daca5b4d2d94dd4c221c0b10843dc7f92cf6dadcd7202c0d65cdf6f895

SHA512
53d391e88867ddcaf6d8c9805bb14299af85bd71b7162bba2512de39106d05671877102b7f440e75de3eec91019fda568ddcca270de5a4393045e38f769b1772

Download Submit