59c39a44ce041bbff6713b8fcf7ece74db47ecfcbc04d90bce7ba7502f8f6788

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 18:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8172ff2dfe80c9d2ec1d37883bc76a6a_JaffaCakes118.html
Size

12KB
MD5

8172ff2dfe80c9d2ec1d37883bc76a6a
SHA1

95cb612f05038b3ce40b9d13b8b072f362305d62
SHA256

59c39a44ce041bbff6713b8fcf7ece74db47ecfcbc04d90bce7ba7502f8f6788
SHA512

20a16ec099654c0ca01eed6ad2b3291712135a81aa39d4468bdc85c32d20d5093a6b4c6b3ed8ec3b2aa7acb7b7930018632e4dbf1bd32d2ffba2a1868e1b5d04
SSDEEP

192:BVcy+uEXKsK9TWtcpPgyXY8/JZDzDr/hdbNzxrF/uiPuiJ:B1EXRqlPgJUZX//hNtuiPuiJ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4088	msedge.exe
4088	msedge.exe
4948	msedge.exe
4948	msedge.exe
424	identity_helper.exe
424	identity_helper.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 1432	4948	msedge.exe	81
PID 4948 wrote to memory of 1432	4948	msedge.exe	81
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 3876	4948	msedge.exe	82
PID 4948 wrote to memory of 4088	4948	msedge.exe	83
PID 4948 wrote to memory of 4088	4948	msedge.exe	83
PID 4948 wrote to memory of 5008	4948	msedge.exe	84
PID 4948 wrote to memory of 5008	4948	msedge.exe	84
PID 4948 wrote to memory of 5008	4948	msedge.exe	84
PID 4948 wrote to memory of 5008	4948	msedge.exe	84
PID 4948 wrote to memory of 5008	4948	msedge.exe	84
PID 4948 wrote to memory of 5008	4948	msedge.exe	84
PID 4948 wrote to memory of 5008	4948	msedge.exe	84
PID 4948 wrote to memory of 5008	4948	msedge.exe	84
PID 4948 wrote to memory of 5008	4948	msedge.exe	84
PID 4948 wrote to memory of 5008	4948	msedge.exe	84
PID 4948 wrote to memory of 5008	4948	msedge.exe	84
PID 4948 wrote to memory of 5008	4948	msedge.exe	84
PID 4948 wrote to memory of 5008	4948	msedge.exe	84
PID 4948 wrote to memory of 5008	4948	msedge.exe	84
PID 4948 wrote to memory of 5008	4948	msedge.exe	84
PID 4948 wrote to memory of 5008	4948	msedge.exe	84
PID 4948 wrote to memory of 5008	4948	msedge.exe	84
PID 4948 wrote to memory of 5008	4948	msedge.exe	84
PID 4948 wrote to memory of 5008	4948	msedge.exe	84
PID 4948 wrote to memory of 5008	4948	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8172ff2dfe80c9d2ec1d37883bc76a6a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80c8546f8,0x7ff80c854708,0x7ff80c854718
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11855519059599030831,7494620139324965163,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11855519059599030831,7494620139324965163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,11855519059599030831,7494620139324965163,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11855519059599030831,7494620139324965163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11855519059599030831,7494620139324965163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11855519059599030831,7494620139324965163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11855519059599030831,7494620139324965163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11855519059599030831,7494620139324965163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11855519059599030831,7494620139324965163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11855519059599030831,7494620139324965163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11855519059599030831,7494620139324965163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11855519059599030831,7494620139324965163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11855519059599030831,7494620139324965163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11855519059599030831,7494620139324965163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11855519059599030831,7494620139324965163,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
6cbbae08f9f23d41c467bd18d0a084da

SHA1
50bdeae8bc6d3e8de993580d0fb73cc040a5f529

SHA256
5519db60f2c24d1f0553e565474c330a2b4c6e09305aec55b0171e7b9cef5df9

SHA512
331d90842604d3fa9e6f65454386c1905cce255a2519754df758641ff8ddacc98c4c6ce9b21afbaaa630a036e4da274a23af9fd2cae5065dc3bd2cd86c05874c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1013B

MD5
f75de7bf84685b2f8635399f594e9f75

SHA1
327efcb1bd1affd5edfad99de8afac9e4e8ab186

SHA256
2c1201bd47452f2fa28a36520fcfdcb4636f8e00b858d4952e621c2da428ef55

SHA512
eded59731b80171edb9bd1dbe9f9f73966057680c420405f87e2be0f23b56afd1c7119ef9c9650f2c5efb2e3685d1f10a3ef38435a9ec34e0dc24e9a373e5e88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ae7f0b9277e7679a2dd46ca9fc9c59cd

SHA1
136ff749b5a72b23b600b6fd99f20f7757584394

SHA256
3e101d706f2f8a335a5ecd10c1f0a9ae9e42df4965b1b7da0b24d0b24f879e7d

SHA512
e722e25cf0dbbeb6fb383ecd6192119841477be58f7e7225ee2ed0f67177fe3f704fd2b8fbce90831808d307b378319ea34fef7dc20d427288918f65cdd48eab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
03a247d7cfaee4e9fde808c0608c9e3a

SHA1
420757807af8b9748752159ef67d9631b882bdcf

SHA256
88b71c8a33f3d286a3f365c361d99a1b59be35b940bdae4e8e8b8e09aa8c8589

SHA512
5659f96489263f9453563ff2d92fce7f96ed6945f22cb2657ae99fc2250b2cf75a3180b5a51f17430f6b86ac944f52b58e1293258624e85e5f1c2e8626697ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
90a4942615a595bce18a05381ba5d750

SHA1
04c7ff86eb0f723851df238d4672edafff6742d8

SHA256
dd65d84dc1b847edc341c61079ea3a226002d934b3e28646b10705a2e0e9a7b7

SHA512
e25b4329cfb54c076e60a20453c845dd15518b652b193ac9f103750b7c3234de3d5f99eac528e0081d70acf0c006c2bd40b9927b75dcc65fe3e67732840b822b

Download Submit