bd1d4c681f4eab298bca7f430f20e7ba3f0f67df146ffe232604684314a828a1

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 10:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ea3669d7f6cf50d0cb90ef404c94a72_JaffaCakes118.html
Size

125KB
MD5

5ea3669d7f6cf50d0cb90ef404c94a72
SHA1

cf37e269f4194bf63d6ebda24f5914f4aedff132
SHA256

bd1d4c681f4eab298bca7f430f20e7ba3f0f67df146ffe232604684314a828a1
SHA512

51288597e18b622ec7419ab3069e0eecc9f646d20ca5fcee18f09f9d991ef5af2cac3adedca7e35e1f1ea099c1a4fd0005eb4254f8f7dd7a934e8e1d5c9596b9
SSDEEP

3072:RZwI0tWyKm25L9NqC5SaWSqMc9SsSDehIqJmbCEhQZEwtHkYH548:HyCuwbCEhQZz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3672	msedge.exe
3672	msedge.exe
4520	msedge.exe
4520	msedge.exe
4500	identity_helper.exe
4500	identity_helper.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4520 wrote to memory of 220	4520	msedge.exe	83
PID 4520 wrote to memory of 220	4520	msedge.exe	83
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 2124	4520	msedge.exe	84
PID 4520 wrote to memory of 3672	4520	msedge.exe	85
PID 4520 wrote to memory of 3672	4520	msedge.exe	85
PID 4520 wrote to memory of 3668	4520	msedge.exe	86
PID 4520 wrote to memory of 3668	4520	msedge.exe	86
PID 4520 wrote to memory of 3668	4520	msedge.exe	86
PID 4520 wrote to memory of 3668	4520	msedge.exe	86
PID 4520 wrote to memory of 3668	4520	msedge.exe	86
PID 4520 wrote to memory of 3668	4520	msedge.exe	86
PID 4520 wrote to memory of 3668	4520	msedge.exe	86
PID 4520 wrote to memory of 3668	4520	msedge.exe	86
PID 4520 wrote to memory of 3668	4520	msedge.exe	86
PID 4520 wrote to memory of 3668	4520	msedge.exe	86
PID 4520 wrote to memory of 3668	4520	msedge.exe	86
PID 4520 wrote to memory of 3668	4520	msedge.exe	86
PID 4520 wrote to memory of 3668	4520	msedge.exe	86
PID 4520 wrote to memory of 3668	4520	msedge.exe	86
PID 4520 wrote to memory of 3668	4520	msedge.exe	86
PID 4520 wrote to memory of 3668	4520	msedge.exe	86
PID 4520 wrote to memory of 3668	4520	msedge.exe	86
PID 4520 wrote to memory of 3668	4520	msedge.exe	86
PID 4520 wrote to memory of 3668	4520	msedge.exe	86
PID 4520 wrote to memory of 3668	4520	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5ea3669d7f6cf50d0cb90ef404c94a72_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90ebc46f8,0x7ff90ebc4708,0x7ff90ebc4718
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12443990448605340036,1288359404436125820,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,12443990448605340036,1288359404436125820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,12443990448605340036,1288359404436125820,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12443990448605340036,1288359404436125820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12443990448605340036,1288359404436125820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12443990448605340036,1288359404436125820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,12443990448605340036,1288359404436125820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,12443990448605340036,1288359404436125820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12443990448605340036,1288359404436125820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12443990448605340036,1288359404436125820,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12443990448605340036,1288359404436125820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12443990448605340036,1288359404436125820,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12443990448605340036,1288359404436125820,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5768 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
efb18f6f0640e957e132fd7d2ecccb94

SHA1
9f45a619930f2b49b5ef48cdbef67864e8867af6

SHA256
bdf19e6d0af2bdc272a0f8ca73caea529dfdf4364636ae8364d6b4eae072bcf7

SHA512
7c81e18a3c9f26f733a2f7b71530f8459f01eee2525563e5c289539bf8e01274cd357b3d637e319c66aa98d1f5997ec15cad22796b3874f58f72951732ee6a72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
733B

MD5
ecca7ac0e51801f9f286480748fc9375

SHA1
87e41f65905e3b210896b54fab8e13d8be4a77bd

SHA256
6e185a7db44c769496e62aa9dee5325e742527e8c7e518dde1133b6cf8a6729a

SHA512
6689e4bdcf0ec95829d62dd2c85d57ef3cf8e213b87f562887d70b29ab52692aa439de3d4ff477415fc09d3866cc1438f1484c133568ff9d1133d5e2b83d69cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
987e9f65a45dcf23d03c00a54c74062b

SHA1
d59ec42a027377acc862b8b9463b2b9c1f6087fa

SHA256
7ece924a86d1422f778f3ce39980df89a09b4912b442bdcadec41b8a924c6eba

SHA512
1c455abdfec4bd8bab869f6cee5f5e5e1de1e43ff5e0a8b904db6d90feb957878891b109cf69ac31564873dcb84885bee96488c087559d29a57e8103cea24cfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ea5477302dba07b418e307ea02ccf4d

SHA1
3a78683bb3e6316626477371a792d63a2bd3e750

SHA256
2e586d068944adc7ff813a0a879eeb193abe0c963d4e75f42ec77f119bea002f

SHA512
fd02f4909106419bf7e65ad9ab2e6268d2e139f972d7093d766242ec0fd8d4885487a32c9d92b00e0c7ba262fa48201577c9714d8a7b176ea4a63e2a1807787f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
e48517491e73c4bd98be89467ce87957

SHA1
e05b6e3d1415a0df032b5a623f45e88d83539dfe

SHA256
fb9070c2016b6db54d4d36f36c6064bec4ab0381da89db6fca5a36cf617e3d58

SHA512
3ca441de3059d02822a27353060eb50ccdb029e0c2deab371fce1e3325b84213eb7f252ba52a87308077beaec062ccf5a2f0de304d84ab04dbb3b572f86eae24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cf17.TMP

Filesize
204B

MD5
cb959b58f79466f43f4f9aea08e23561

SHA1
8e930352e2083ca59d2f07a47e3515ab342b9bd1

SHA256
dcc31fabab994d76d398f617f5031c75f368d54840120f33d2a4cd846275fdd5

SHA512
5f2eceeb7fbe4dd6acfd0f0f3997e8b7db6783db6c37749395ccc5f1b38fe96d08ee18b8870eb9cfadb10906918da54f8b609d33395370943a1e70cb90dd63d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2d2aac93264e9b8581cfc88b109cd590

SHA1
25b19e1858668c7f5f54289d7ec8b6214c30ee88

SHA256
4739d80709fc711989dc954acd526c13af4ddb668ec5173ed2d1ca39007b909f

SHA512
3a3993cd7c2908bf816051232b5e968bdaab9fbed8ba013e0031c100c1b9c905e0b7e35b7893f977c6ed93f8906499daeefc2f948b96cf14572eac73327d5495

Download Submit