8fc7694ea3903749ca5b552ae95920964d06a93599f859121b7509151bcfec7c

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 00:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a30dcdb4f660c5aecff0e4fe2ce66123_JaffaCakes118.html
Size

56KB
MD5

a30dcdb4f660c5aecff0e4fe2ce66123
SHA1

dc8975b8ba9b176668d1eb2d3c18a2e221f9a4b7
SHA256

8fc7694ea3903749ca5b552ae95920964d06a93599f859121b7509151bcfec7c
SHA512

21c5b14608ec024ae9a9d4e981e60a9dab606e780ef9cd34463f6eb9e1c52c82a4f90c4243e33f2d1af3995cb5c621ee3e9dd1cf794acbd11d1fc3dd78bb13c7
SSDEEP

1536:wHGHv7oqjayAJ+FwFypTw9IsQM0CzD9deO:/HTjGz+FSyVuPQM0iD9df

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1476	msedge.exe
1476	msedge.exe
4528	msedge.exe
4528	msedge.exe
3928	identity_helper.exe
3928	identity_helper.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4528 wrote to memory of 3088	4528	msedge.exe	79
PID 4528 wrote to memory of 3088	4528	msedge.exe	79
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 3684	4528	msedge.exe	81
PID 4528 wrote to memory of 1476	4528	msedge.exe	82
PID 4528 wrote to memory of 1476	4528	msedge.exe	82
PID 4528 wrote to memory of 3764	4528	msedge.exe	83
PID 4528 wrote to memory of 3764	4528	msedge.exe	83
PID 4528 wrote to memory of 3764	4528	msedge.exe	83
PID 4528 wrote to memory of 3764	4528	msedge.exe	83
PID 4528 wrote to memory of 3764	4528	msedge.exe	83
PID 4528 wrote to memory of 3764	4528	msedge.exe	83
PID 4528 wrote to memory of 3764	4528	msedge.exe	83
PID 4528 wrote to memory of 3764	4528	msedge.exe	83
PID 4528 wrote to memory of 3764	4528	msedge.exe	83
PID 4528 wrote to memory of 3764	4528	msedge.exe	83
PID 4528 wrote to memory of 3764	4528	msedge.exe	83
PID 4528 wrote to memory of 3764	4528	msedge.exe	83
PID 4528 wrote to memory of 3764	4528	msedge.exe	83
PID 4528 wrote to memory of 3764	4528	msedge.exe	83
PID 4528 wrote to memory of 3764	4528	msedge.exe	83
PID 4528 wrote to memory of 3764	4528	msedge.exe	83
PID 4528 wrote to memory of 3764	4528	msedge.exe	83
PID 4528 wrote to memory of 3764	4528	msedge.exe	83
PID 4528 wrote to memory of 3764	4528	msedge.exe	83
PID 4528 wrote to memory of 3764	4528	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a30dcdb4f660c5aecff0e4fe2ce66123_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffa2f8546f8,0x7ffa2f854708,0x7ffa2f854718
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17514802153585802475,8550576048352367368,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,17514802153585802475,8550576048352367368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,17514802153585802475,8550576048352367368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17514802153585802475,8550576048352367368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17514802153585802475,8550576048352367368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17514802153585802475,8550576048352367368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17514802153585802475,8550576048352367368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3032 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17514802153585802475,8550576048352367368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17514802153585802475,8550576048352367368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17514802153585802475,8550576048352367368,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17514802153585802475,8550576048352367368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17514802153585802475,8550576048352367368,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17514802153585802475,8550576048352367368,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
257c0005d0c4d0bb282cb470925e4376

SHA1
f9b8efb511ed64292568977c9f2ec255509e8f7d

SHA256
8185c36aaacfc71e42f94fad8e198fe7fb2d868398ceabb89261cae94341cb22

SHA512
2f3e8f352ed3ef88e8c28650390f93f98c92174d268330b886f3ebd1ba0163999051298ee12a054606b4986005452a241c6864cd292e69492d79c37d500556f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4819fbc4513c82d92618f50a379ee232

SHA1
ab618827ff269655283bf771fc957c8798ab51ee

SHA256
05e479e8ec96b7505e01e5ec757ccfe35cb73cd46b27ff4746dce90d43d9237c

SHA512
bc24fb972d04b55505101300e268f91b11e5833f1a18e925b5ded7e758b5e3e08bee1aa8f3a0b65514d6df981d0cbfa8798344db7f2a3675307df8de12ae475b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
cd1a1613e50fc83a214e357ecd554208

SHA1
36b312edd794e550dd84bde3305f0beee4582fe0

SHA256
70dc96c398e72c87b97af2f23ca55c6304776103fa97fe0795a22b064840ebea

SHA512
c81f2b6672243ebf91434df0984d89e6b8d64c3995d2600f54d27fbda1c3778fb87ba8fd3ebccfc8a1f27a925abdfa8eda8549253ca63446ac0ad7041216e2bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1f646e0fc294b774daf636820a7ffe41

SHA1
8f294368f67b79ff0c830808d8973ce531a26d37

SHA256
f08bdd10cc673ab8a8b783d05cbf224a71d752613ecfb4ea775917ed6da0fb3b

SHA512
ba2814a530946f74c492f7a10872c28211c8a80faea41c5660bb31838ce7af36242d4dddd1fdf524abb498bcc88d90bcb098f5ac150dd28a0a525b8925c06515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cff82b42e3c33fd1e337d8bb94caab5b

SHA1
de5cd60f072dc8c081ab439a139878d27a9c2b9d

SHA256
c5949189e904f3524eb1566c0f99dacc7fc9233e31d25cb3d0e288dd91c6004b

SHA512
f5b4147ed8838b6722f316160ac1f7bb5d2684a12daa5246ca13c850bb252ea1a6335502ca9696912feec8339c8744b74215b4876c56768a8670dcdf2067f36e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
94f84b896df04ee189feeb438691c0cd

SHA1
4e163e575b4a4ae4b7f8967097f2ace16a4b96fe

SHA256
566af551242ae6c63816d5fefc95193818170f363259a5e330fb78535d6e6ff1

SHA512
51296a807c4e65b8028a9c4a36709d6fd93178b4c1a8dc49742366d4021090fa4a3a6d8094592e781d781339ea943c54d2a68245bae8a561f8a8838d1791ede6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7c9526bc092a4c91df3033c950f5c97f

SHA1
862dccd62bcf7a5d5fe73261b51549d43b6910cd

SHA256
3ceea93c917cdab7fcf76bbe12b9abdc89d466e86fcdce14df235340e02a8c65

SHA512
be07b0453e9a378ee712c7c876e2cb915908a7af005e174039d77d4c1abe8f84992b1f9f6427c500fdb14649e8d381ca41bbe826b872b29f1ee2151eb9f38648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
95cd1581c30a5c26f698a8210bcab430

SHA1
5e8e551a47dd682ec51a7d6808fe8e0f2af39e86

SHA256
d58162c5ae5e18fc06604c285e024c01686093d70994dc93b4ae9d85b4c3f7b9

SHA512
e49403df10177053634c431203a91d26df5dfb23cbbb88847459ecdf4b6107040d0944a3e84ee6bb26cb4e8017a35c8c31b658387cd1b6938ba4cb9f59606ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5035a68a7027fce9c218c8e0f030205d

SHA1
96f7a4e14ef0f9d6c9285f0779eb9f8155c5c2db

SHA256
d8c4379ef9fbbe96153d9da57bcfb960ef95c4fdc2b51fbe505a7c8d84ad0b60

SHA512
1c63b552da59b2eb9268c9e89d8f8df845cfeb5ac90f6177ce1d63b39abc077521718344781bb4cecef3483882ff8a6b9ddb4b3c65965c43fa8adf158525b309

Download Submit