cd81e21b2e3c5225c61d8d312b6493ebc658f716345911c7d16a21c5f1ed9a45

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 23:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

73a81e74c8ca19fbe7375535b04598f4_JaffaCakes118.html
Size

277KB
MD5

73a81e74c8ca19fbe7375535b04598f4
SHA1

ec594b8304adcf86b5e2571a8868158775e1a55e
SHA256

cd81e21b2e3c5225c61d8d312b6493ebc658f716345911c7d16a21c5f1ed9a45
SHA512

cd7a3eae3d179d53fa777e0eb3c8d831b2185eb9ea9ed03bcb011f44f81b60fd33506558041966d3705aab91a887f1e8acf106936e76d057802816cd9f5ffb89
SSDEEP

6144:unlD088/JjiLUh7PfnR+tkp2sLH+dEXO7:unZ8/ZiLY7PfnR+tkJH+p7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3476	msedge.exe
3476	msedge.exe
3636	msedge.exe
3636	msedge.exe
4972	identity_helper.exe
4972	identity_helper.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe
1196	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3636 wrote to memory of 2324	3636	msedge.exe	84
PID 3636 wrote to memory of 2324	3636	msedge.exe	84
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 4816	3636	msedge.exe	85
PID 3636 wrote to memory of 3476	3636	msedge.exe	86
PID 3636 wrote to memory of 3476	3636	msedge.exe	86
PID 3636 wrote to memory of 1264	3636	msedge.exe	87
PID 3636 wrote to memory of 1264	3636	msedge.exe	87
PID 3636 wrote to memory of 1264	3636	msedge.exe	87
PID 3636 wrote to memory of 1264	3636	msedge.exe	87
PID 3636 wrote to memory of 1264	3636	msedge.exe	87
PID 3636 wrote to memory of 1264	3636	msedge.exe	87
PID 3636 wrote to memory of 1264	3636	msedge.exe	87
PID 3636 wrote to memory of 1264	3636	msedge.exe	87
PID 3636 wrote to memory of 1264	3636	msedge.exe	87
PID 3636 wrote to memory of 1264	3636	msedge.exe	87
PID 3636 wrote to memory of 1264	3636	msedge.exe	87
PID 3636 wrote to memory of 1264	3636	msedge.exe	87
PID 3636 wrote to memory of 1264	3636	msedge.exe	87
PID 3636 wrote to memory of 1264	3636	msedge.exe	87
PID 3636 wrote to memory of 1264	3636	msedge.exe	87
PID 3636 wrote to memory of 1264	3636	msedge.exe	87
PID 3636 wrote to memory of 1264	3636	msedge.exe	87
PID 3636 wrote to memory of 1264	3636	msedge.exe	87
PID 3636 wrote to memory of 1264	3636	msedge.exe	87
PID 3636 wrote to memory of 1264	3636	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\73a81e74c8ca19fbe7375535b04598f4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1e7f46f8,0x7ffa1e7f4708,0x7ffa1e7f4718
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,1913815968501823965,17687306117865773941,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,1913815968501823965,17687306117865773941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,1913815968501823965,17687306117865773941,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1913815968501823965,17687306117865773941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1913815968501823965,17687306117865773941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1913815968501823965,17687306117865773941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2156 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,1913815968501823965,17687306117865773941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,1913815968501823965,17687306117865773941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1913815968501823965,17687306117865773941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1913815968501823965,17687306117865773941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1913815968501823965,17687306117865773941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1913815968501823965,17687306117865773941,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,1913815968501823965,17687306117865773941,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4652 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
7b88e458bdb8c4fe7c3797e52f549bbc

SHA1
a8c9e5ffef8bba6a6f67930ee5df7b5e52b3c425

SHA256
26d6f293856574dadf37765c34e31956a22c74a31913d33d3f4a3cafde2c521d

SHA512
6c438d24c12a8e258bd6394fb12543922fe1224e4852ef5450c84ab6970d23047fc3291c9ea7269920c657c9a6ac10d7ccb954ca2688eec646394a07b6367b4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7c0cabae3d13764ce96e179609b6152d

SHA1
a492529c5413d4df6a4a98cc425a56a03479f776

SHA256
3cbb1b8d95ed95219322bac30ffb6b9598eb461d8eced4199a54f401ccbbc746

SHA512
a4b6c4a6a0282cd4265a7823e53a46a6efc11fe0f5c5a99e8dfaba413e6f135970d98e6d141328c886ec7c5b98999583e901dbfbb6949ec0bafc9d82daa3180f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
73a7ac266a51f2974e8aa3a94c481038

SHA1
b76278f64bada80c83c5ebbe86a3b123287c6aaf

SHA256
85b6708e9c8ec99597c1ea8d0b4b82bbe3c45fd216cdc5ad719c931f18d2fa87

SHA512
006552f96c1b72800996716362c155a3e7e37166de818c279a2ebc9b0ab046c81bfd7e0dd79f1e9435e108ea7a5ccad2d6916ec8c1e1baa7abb3c6a72332e4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
666b2d4a96c1bf35ad14cb02e80caec9

SHA1
5eb88e4e23d93afd2f771831e70f9cc0a87147b1

SHA256
8419335a5e8b86f7edea7fbb461255c751eb46c1c831b3d5592c6ea167d689e1

SHA512
bfc7a2695afbaf8a6c0ae62b1da9729a40cf55a9e1e04ea176ac23e7a6e861d432a7dd97affeae9d9aba4b34a48e84d702127b6487f60c4fa360425a3ec974cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
30a27ee0a907ae7fd99b44a4c41a05e1

SHA1
4ad281667c0dfde53cc4724885ca75df7f1b44b2

SHA256
64f88fca11a2887ef1855753425c343e92c16e9b7645631205d045886522d4d4

SHA512
74bdd434d8d3e19a81159abc96da9f70af9ecea7e035d0d5a9ef0fdcd68e0af645393d82e41bf1e114d35935cbc8d7d3f58b34de31cbdd66e9f6d48961a2449f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
13b855fda11cdef2e7518b588d05d77c

SHA1
925941998461e213a7fa428d22f6fc4acfc4c11f

SHA256
475ca66f10e67fe4bc439984d54bfaa5f777e529afa0c1b1227203c0ecbeb1f6

SHA512
016727681e8839fadf973be0ed6775054cdc65d92870d2953d8102d9b0abe20c2bf901f1a33318a871525fd022c56acb4f8fc1da1f9bbd28ebc4551d92f67740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b9114f34b82135e8ffd80f7b1e0e8561

SHA1
b8899f4b1ad02e5588eac0e57759f0fa10f8b103

SHA256
c7c30bcc4a6b8408847059217c7bd4eb9369be49778a0f44a8672d943aef950b

SHA512
676895c690687a136042d3ddbfd8302c00aae4e7dc885744c73bfec6151196bf69c4cd28554bba1db4254caf6c3b9a02f19f22c5580cff73f704c70f0ac51d9c

Download Submit