1f6253743823ed399fe99053bf838bfbc888cfc67a7f89a96435119d603bb239

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 03:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89434114e434623ec2c62ac566a75fe4_JaffaCakes118.html
Size

202KB
MD5

89434114e434623ec2c62ac566a75fe4
SHA1

5d4719a8ad4cb674315f6bbf9d0d83b5352f4dea
SHA256

1f6253743823ed399fe99053bf838bfbc888cfc67a7f89a96435119d603bb239
SHA512

8ef5f885acf40ab97323c23811fd5be7e8be5f902e717832cf293fb1044e580e32dded794651fc1c8d584f0965a94379e21bff4df2385a2d99a4b24234e77b68
SSDEEP

6144:/VtjwujxMSUl9vn3oWtrIFntpB9UkQgNn:NtjwujxJGvn3oWtrIFntpB9UkQgNn

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5100	msedge.exe
5100	msedge.exe
2308	msedge.exe
2308	msedge.exe
3340	identity_helper.exe
3340	identity_helper.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 2584	2308	msedge.exe	84
PID 2308 wrote to memory of 2584	2308	msedge.exe	84
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 4760	2308	msedge.exe	85
PID 2308 wrote to memory of 5100	2308	msedge.exe	86
PID 2308 wrote to memory of 5100	2308	msedge.exe	86
PID 2308 wrote to memory of 3212	2308	msedge.exe	87
PID 2308 wrote to memory of 3212	2308	msedge.exe	87
PID 2308 wrote to memory of 3212	2308	msedge.exe	87
PID 2308 wrote to memory of 3212	2308	msedge.exe	87
PID 2308 wrote to memory of 3212	2308	msedge.exe	87
PID 2308 wrote to memory of 3212	2308	msedge.exe	87
PID 2308 wrote to memory of 3212	2308	msedge.exe	87
PID 2308 wrote to memory of 3212	2308	msedge.exe	87
PID 2308 wrote to memory of 3212	2308	msedge.exe	87
PID 2308 wrote to memory of 3212	2308	msedge.exe	87
PID 2308 wrote to memory of 3212	2308	msedge.exe	87
PID 2308 wrote to memory of 3212	2308	msedge.exe	87
PID 2308 wrote to memory of 3212	2308	msedge.exe	87
PID 2308 wrote to memory of 3212	2308	msedge.exe	87
PID 2308 wrote to memory of 3212	2308	msedge.exe	87
PID 2308 wrote to memory of 3212	2308	msedge.exe	87
PID 2308 wrote to memory of 3212	2308	msedge.exe	87
PID 2308 wrote to memory of 3212	2308	msedge.exe	87
PID 2308 wrote to memory of 3212	2308	msedge.exe	87
PID 2308 wrote to memory of 3212	2308	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\89434114e434623ec2c62ac566a75fe4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf44a46f8,0x7ffaf44a4708,0x7ffaf44a4718
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,15398031691735658411,8666260433016835911,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,15398031691735658411,8666260433016835911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,15398031691735658411,8666260433016835911,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15398031691735658411,8666260433016835911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15398031691735658411,8666260433016835911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15398031691735658411,8666260433016835911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,15398031691735658411,8666260433016835911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,15398031691735658411,8666260433016835911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15398031691735658411,8666260433016835911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15398031691735658411,8666260433016835911,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15398031691735658411,8666260433016835911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15398031691735658411,8666260433016835911,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,15398031691735658411,8666260433016835911,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3676 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
480B

MD5
2e792f190c9981dd6e477855e81587a8

SHA1
711f6394afafd336f866b5e5db9facd8c3d56b24

SHA256
69f5b86790d8b79aa3bfbcf3e8613aa63e71137ab13fa8b8c62fd3e47fadec5f

SHA512
0cb27bff0003e6288eba4feff0191dbae6cc434266bbd9808ca86586ef7e5dbfedb4d67d54a1d6bec4820476d29c9a4cefa9407b4bb1ab6bec1c5772369ecf74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b76591e5342c4b2b0a5face81d5e23bc

SHA1
7b0a03e718d5a2eb1f42e4895385120490b61710

SHA256
c67c5fbe3c4361178e7cc3bb83c74afd3a6cf875148158a9eb88629246f06464

SHA512
620c38eff2deb81da8c0c7dd49ca6ba76a5100d6f57af3de6720a82b8b882bd0a714f86b2f5845e8a25da990f03e563e021b279965d66a8929c0d7c745770a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
046e8af1d4c0075e16bbc874a7ef672d

SHA1
65a39d59957a2e05d0fa5675c52a7ed37f5ef9a4

SHA256
6bfe09a43d9abba0ba5f906269868ab23422d3e74c11eecc901366e93d114c3d

SHA512
e825eb622c3ef9d501998ea47b6a41356ab06c17ed2b539e288836c49b66694d0bf045f92c8dbdde8d9ea90d7f9d50e2bea47143c52d14fd775983c3b347d4f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ae574e0b75e7790eb4542ca29af2f6b

SHA1
2ff0c7a81a20df561e1ebf53ecca6790a739cee3

SHA256
d36870eb448fd90ed19d006e1c06c55b2182212d557322f6def883c2255eef3a

SHA512
6809ed51ff5780c792f52edefde474a1d8a945a5f43b25d86e2ea32d5fb407d84e80b27eb8be99d92df6c659dd49bc734aa778972c043bd92595e42e0211eda4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a62c48e2b57de37f0f2c46c41625cd11

SHA1
51b5c21a8b728824ebaf52fa8dabff533872854f

SHA256
c1a5fe616fe973f5cf97fe8bd37cf64e36855a89a1d80cf21627df16c4cd6e13

SHA512
597893c8c522a43b18491b627c5e51a7c86a27e01c378d19ffb58403b45d976997650aef5100787fa2fad7d677e812ce3fe7af58143bb0cef3c3d1f97b971f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583a55.TMP

Filesize
1KB

MD5
49bf7c2866a5f8665f5186d4d056e2d0

SHA1
f05890032290ff6d4a1b996bc760dff9101efb3f

SHA256
f3204d3814a4ff9dbc268768cccb5faedbe4f267d22dbc40cad330eca0a5cb05

SHA512
f6abc4ae67b7dcf4e258563e64c47f1531aad198f4abfe743e646147ee33ae9a164665925f94b2265d671d1949e6de5de5745a28bce4ccc4e84fa2b5727d7a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7fb9dcef747a844bc7ef81b21f2f78a9

SHA1
c47ff2c5a99f8ad6bc34f94b7831d414877a711d

SHA256
dc1fb63de67a0036227df8e98f586c025b905fad0b91bc49d0afb5153b73c545

SHA512
7789dfa579923a37cd9cdc41a54f8f5dcc0be76ce5a1f891d5766bd91ffdaffe83417831371b39edc580be45f14cb77479b0c4883289b93f6adbba448968589a

Download Submit