56f29a76d042d20114875984c06707e7105c0fe055d44ea11c6a3cd9963798d1

Analysis

max time kernel
149s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 03:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

906328d325c70969cfa8ce71af32cd4f_JaffaCakes118.html
Size

28KB
MD5

906328d325c70969cfa8ce71af32cd4f
SHA1

6f08342db8cb44c698f841d54e8d7a1fab3ffc71
SHA256

56f29a76d042d20114875984c06707e7105c0fe055d44ea11c6a3cd9963798d1
SHA512

753907d16366e69f9ab178466ab6b2b42f84942d6f89a587b1d46b8690b9357f6af5cea10fabf07424e551dc417906d9bab112e5b76e2765d9d4604b120b78eb
SSDEEP

384:CC+BMxtrW9WyV+4bmKYg+PbxktHeqdOHb/0Q9VWQVu+jSE2bOi95PG0uIvTw:CC+CfyFb2g+Dx1XbBjP2bL9Jxw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3052	msedge.exe
3052	msedge.exe
212	msedge.exe
212	msedge.exe
2516	identity_helper.exe
2516	identity_helper.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 212 wrote to memory of 4804	212	msedge.exe	81
PID 212 wrote to memory of 4804	212	msedge.exe	81
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 4568	212	msedge.exe	82
PID 212 wrote to memory of 3052	212	msedge.exe	83
PID 212 wrote to memory of 3052	212	msedge.exe	83
PID 212 wrote to memory of 3916	212	msedge.exe	84
PID 212 wrote to memory of 3916	212	msedge.exe	84
PID 212 wrote to memory of 3916	212	msedge.exe	84
PID 212 wrote to memory of 3916	212	msedge.exe	84
PID 212 wrote to memory of 3916	212	msedge.exe	84
PID 212 wrote to memory of 3916	212	msedge.exe	84
PID 212 wrote to memory of 3916	212	msedge.exe	84
PID 212 wrote to memory of 3916	212	msedge.exe	84
PID 212 wrote to memory of 3916	212	msedge.exe	84
PID 212 wrote to memory of 3916	212	msedge.exe	84
PID 212 wrote to memory of 3916	212	msedge.exe	84
PID 212 wrote to memory of 3916	212	msedge.exe	84
PID 212 wrote to memory of 3916	212	msedge.exe	84
PID 212 wrote to memory of 3916	212	msedge.exe	84
PID 212 wrote to memory of 3916	212	msedge.exe	84
PID 212 wrote to memory of 3916	212	msedge.exe	84
PID 212 wrote to memory of 3916	212	msedge.exe	84
PID 212 wrote to memory of 3916	212	msedge.exe	84
PID 212 wrote to memory of 3916	212	msedge.exe	84
PID 212 wrote to memory of 3916	212	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\906328d325c70969cfa8ce71af32cd4f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffa632546f8,0x7ffa63254708,0x7ffa63254718
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,12884886729531888468,6536437267364162497,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,12884886729531888468,6536437267364162497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,12884886729531888468,6536437267364162497,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12884886729531888468,6536437267364162497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12884886729531888468,6536437267364162497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12884886729531888468,6536437267364162497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12884886729531888468,6536437267364162497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12884886729531888468,6536437267364162497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,12884886729531888468,6536437267364162497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,12884886729531888468,6536437267364162497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12884886729531888468,6536437267364162497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12884886729531888468,6536437267364162497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12884886729531888468,6536437267364162497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12884886729531888468,6536437267364162497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,12884886729531888468,6536437267364162497,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
17c7a2b775d496c1a92ae898f0229623

SHA1
f1be6ffc9e645690bd500f524966fece7dde7d55

SHA256
8d998f9a6be89a7741ce34b94a6917c169eba85bcbee3bb42f050e238cad5ac1

SHA512
6a0ad4f62af27d45e9e74de60da729261476b902f74b5e41f60d221736eddb8925f977b11dde8870e82f7c9d7883c3fe7100b34010af0c00be3db99dc56a2209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7e7bb246c4c006812855e8f64591ac57

SHA1
44781d38f01ed4e30ce0813cae07629f4d5b50b5

SHA256
a9e30e87679fc3839f80adedfdd8bcf5c85630bba9a64e0304f20c593a63fce7

SHA512
14414b3f4c392ab1f94a06b4b56750fdf361f75cadcd1e98efdd633fc67a4fbb72d77833b29b747e30b624af3320120acd2244f4631053568b8545563204a3aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5eeb10e850803223fcae186600012518

SHA1
ba831df56e45cbc144697ecb40b2b3c42fb54a61

SHA256
ac4ed53103157d94a2110558b6d1bc7312f985133add1d90ad5edb2ff3b34928

SHA512
9fc4eff1d91a5d242dd58a1939de03da154f742003bdc4a4a605bdb572a2d6f685cb12746b24d42d5171af8c796fe8a9b05780e4abdbd92270edc2284b55262e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
175a4d436ae9b405c88f464b42ad7b96

SHA1
de9c0fc0fb85e46a3c99d42484f48897f69616e9

SHA256
d9499ba8d066f190e96e09bd638d6ecfa3ec78969836f86f7363eab342721a1c

SHA512
cd608be8f2ad4382f6f46325796cea521ade686f1de2b6221a8e52d4a828c1aba061f3a5b3c78ead8407f1b31d81307b0364857f6f1ad433649f5e83fdb42e02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b966186ad0398bf39e9a66de78d027c6

SHA1
6443184e1758319e7ed3649cdb5eb026e59a1580

SHA256
1ad1a9d60857f8bf48de35771cb0074b4bddff1d860606d94c5e33e06f6e40de

SHA512
756c84a20860a12f26f0dae90c93a13f47f3a1a2bfc922dd94a8dfd07a982923cfc88a9150c5b6b8e58a83ca2214d8c5384987c4fc245b7c62d358e6bd5bd633

Download Submit