37e0c514b729ba1f37758042f95f350eae30b87647ae07278d24497bab1246e8

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 18:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4c7c55b8208ec0d35788875af55299cb_JaffaCakes118.html
Size

7KB
MD5

4c7c55b8208ec0d35788875af55299cb
SHA1

0e9272f7d1b23dcec319ef6f01017452102d7153
SHA256

37e0c514b729ba1f37758042f95f350eae30b87647ae07278d24497bab1246e8
SHA512

a5a5ac1a46adcd1e5fe50c84534b6b77e2793fa1ad4bf1ff68d78b48d89574b2abfd45b82a50ec39c0cd2fcaf02fca11df5d3d0f73278dc8e019f172df9bebdd
SSDEEP

192:PPxsh4jSPKJ+6336s31G/6XiVAQ9Y/j7TZ4ON:Xe4j0F6axVA4YvTZzN

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1972	msedge.exe
1972	msedge.exe
2576	msedge.exe
2576	msedge.exe
1784	identity_helper.exe
1784	identity_helper.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2576 wrote to memory of 2028	2576	msedge.exe	81
PID 2576 wrote to memory of 2028	2576	msedge.exe	81
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 4788	2576	msedge.exe	82
PID 2576 wrote to memory of 1972	2576	msedge.exe	83
PID 2576 wrote to memory of 1972	2576	msedge.exe	83
PID 2576 wrote to memory of 1072	2576	msedge.exe	84
PID 2576 wrote to memory of 1072	2576	msedge.exe	84
PID 2576 wrote to memory of 1072	2576	msedge.exe	84
PID 2576 wrote to memory of 1072	2576	msedge.exe	84
PID 2576 wrote to memory of 1072	2576	msedge.exe	84
PID 2576 wrote to memory of 1072	2576	msedge.exe	84
PID 2576 wrote to memory of 1072	2576	msedge.exe	84
PID 2576 wrote to memory of 1072	2576	msedge.exe	84
PID 2576 wrote to memory of 1072	2576	msedge.exe	84
PID 2576 wrote to memory of 1072	2576	msedge.exe	84
PID 2576 wrote to memory of 1072	2576	msedge.exe	84
PID 2576 wrote to memory of 1072	2576	msedge.exe	84
PID 2576 wrote to memory of 1072	2576	msedge.exe	84
PID 2576 wrote to memory of 1072	2576	msedge.exe	84
PID 2576 wrote to memory of 1072	2576	msedge.exe	84
PID 2576 wrote to memory of 1072	2576	msedge.exe	84
PID 2576 wrote to memory of 1072	2576	msedge.exe	84
PID 2576 wrote to memory of 1072	2576	msedge.exe	84
PID 2576 wrote to memory of 1072	2576	msedge.exe	84
PID 2576 wrote to memory of 1072	2576	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4c7c55b8208ec0d35788875af55299cb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe32e546f8,0x7ffe32e54708,0x7ffe32e54718
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3350206387367732390,12620298536131629202,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3350206387367732390,12620298536131629202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,3350206387367732390,12620298536131629202,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3350206387367732390,12620298536131629202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3350206387367732390,12620298536131629202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3350206387367732390,12620298536131629202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3350206387367732390,12620298536131629202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3350206387367732390,12620298536131629202,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3350206387367732390,12620298536131629202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3350206387367732390,12620298536131629202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3350206387367732390,12620298536131629202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3350206387367732390,12620298536131629202,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3350206387367732390,12620298536131629202,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
ce1b356b445f2cf0528ecb8968527852

SHA1
878651bdc17319cc51abe5663ca0b14d9d7207a5

SHA256
bc3940fbcfe3629825b1f27f7263c07e32e6746be69db2e739f32c4fa4d32208

SHA512
86e5d78fe34ac43cafe82ed731358b4cd3be9fbc16f21b76bf410c3fac5d6bea8f965d1223a0b4d70d34f165c8a0e1b43c08eb43f87d0050e5d93d4eb833f1d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c1e993400bc82138c3ee987a39b4b370

SHA1
3a2158abef0d26f5c485deb710361e7dfe293643

SHA256
66a41996f6ef89277e43838063e0788cbe7cfa6b603db416d012e91e188dbe23

SHA512
aeb8a95cf6bd8f321d6b72ea3ec78fe8f645a2435d6092d0f97d8154538a8cfa115911f8a914f621c3e871f6063d8c49230a630a52347c4fa6155065995d1cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
47b113d5a50d1a68fdf869dd31e1c8aa

SHA1
986f56aabdc06286efff0db661f348b09ab781bc

SHA256
719e7d280b7a8fce31630bc8eb8c7950652181b24bf8a4c0b748d31c8ec95d3c

SHA512
7b59976b38fbcdf7ab3c3b54f93221e5731271e2603ead1ca5b3802fba27c7957796b21520b8db14eb6c5d450b500fa91474419ed7a8ef0a84ccbd89ae4388a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8c30185675099edee3d3c5efed2ab910

SHA1
6996b3df5687e2b3e1003af34a79c444efc6e22f

SHA256
6970a7ea2210e042365cc44ca020f0bb7e59d5dff8863520619613fa3213bd7e

SHA512
0dab9476e6f916ae5cc7b6387814f6c8ffe138da0bfd6d509df17c2d7c9aa1a348a26e38efce2685d46c0aff02b322b377c191eba69ad0f2051517aaab52e83d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fbcde8b65ed4ae263570edbdecfda4b5

SHA1
63031b0dd9ccb38196aeb04245cbfca14267beae

SHA256
f90831ae0f7f227406faadbdad8ea4035bcd1fda8a57bb118f5a858fdade39b8

SHA512
26e96f62fdd850796002e35c779eb4cac5938994530f5687a2d6fa9118aa1e947b5ddd23f8b6ee66bc06d15a8665c677060365173668eae1e434ab079d64d373

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
439688ea58788e0a6e3ddc7a76f99d19

SHA1
85b9ac1c1066d475adb0f2bb69ceb663eadae4f2

SHA256
4b575065accdb4f8e9bb2ca3cd4a9ce47cbcbca394aa791f8f19a61ad8669348

SHA512
bce147b71e71078482f8c654d88a8fbed44605d1727c82953adc62e423a9f6d40f65a22c3a57c28483be820ce67629108cf25c65079ef4032be60e4619e5310e

Download Submit