95512c1e61ab222a0f9b384f1cc741ceb8e52affe5c2764e4854e502202b8409

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
17/06/2024, 07:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7685b702c6b1da2985b86d730180ddc_JaffaCakes118.html
Size

85KB
MD5

b7685b702c6b1da2985b86d730180ddc
SHA1

e555be0652f5844552ce28b0f6e34c24e77fc2a4
SHA256

95512c1e61ab222a0f9b384f1cc741ceb8e52affe5c2764e4854e502202b8409
SHA512

6fd420d2be050fc10bf710b37277f0ab3e26699eff3217295428003eedeb63dcf1985e050be370815858e9ef3b7e629ce2aaca7f5a907d7b458ec5a68d331977
SSDEEP

1536:umDccABlbzNHL2kpzST4JXZZbGJEDsQbD78lIg72B90:uLb5HbST0vbGJxQDiI42B90

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1316	msedge.exe
1316	msedge.exe
2184	msedge.exe
2184	msedge.exe
1572	identity_helper.exe
1572	identity_helper.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe
1480	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 4628	2184	msedge.exe	81
PID 2184 wrote to memory of 4628	2184	msedge.exe	81
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 3396	2184	msedge.exe	83
PID 2184 wrote to memory of 1316	2184	msedge.exe	84
PID 2184 wrote to memory of 1316	2184	msedge.exe	84
PID 2184 wrote to memory of 3688	2184	msedge.exe	85
PID 2184 wrote to memory of 3688	2184	msedge.exe	85
PID 2184 wrote to memory of 3688	2184	msedge.exe	85
PID 2184 wrote to memory of 3688	2184	msedge.exe	85
PID 2184 wrote to memory of 3688	2184	msedge.exe	85
PID 2184 wrote to memory of 3688	2184	msedge.exe	85
PID 2184 wrote to memory of 3688	2184	msedge.exe	85
PID 2184 wrote to memory of 3688	2184	msedge.exe	85
PID 2184 wrote to memory of 3688	2184	msedge.exe	85
PID 2184 wrote to memory of 3688	2184	msedge.exe	85
PID 2184 wrote to memory of 3688	2184	msedge.exe	85
PID 2184 wrote to memory of 3688	2184	msedge.exe	85
PID 2184 wrote to memory of 3688	2184	msedge.exe	85
PID 2184 wrote to memory of 3688	2184	msedge.exe	85
PID 2184 wrote to memory of 3688	2184	msedge.exe	85
PID 2184 wrote to memory of 3688	2184	msedge.exe	85
PID 2184 wrote to memory of 3688	2184	msedge.exe	85
PID 2184 wrote to memory of 3688	2184	msedge.exe	85
PID 2184 wrote to memory of 3688	2184	msedge.exe	85
PID 2184 wrote to memory of 3688	2184	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b7685b702c6b1da2985b86d730180ddc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa70eb46f8,0x7ffa70eb4708,0x7ffa70eb4718
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2120715400747476105,13269364299452500384,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,2120715400747476105,13269364299452500384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,2120715400747476105,13269364299452500384,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2120715400747476105,13269364299452500384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2120715400747476105,13269364299452500384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2120715400747476105,13269364299452500384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2120715400747476105,13269364299452500384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2120715400747476105,13269364299452500384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2120715400747476105,13269364299452500384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2120715400747476105,13269364299452500384,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2120715400747476105,13269364299452500384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2120715400747476105,13269364299452500384,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2120715400747476105,13269364299452500384,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9081c34e133c32d02f593df88f047a

SHA1
a0da007c14fd0591091924edc44bee90456700c6

SHA256
c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e

SHA512
12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3a09f853479af373691d131247040276

SHA1
1b6f098e04da87e9cf2d3284943ec2144f36ac04

SHA256
a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f

SHA512
341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f265c2e640afc46f52b119a2dda36943

SHA1
5c7108635cb7fe423302d2f9969cacc94019af52

SHA256
f5043ba146bfe299577329ab1f2b8ec352e0b170d61422cf6d43f811101de0e4

SHA512
2a2d1fbfe1b861bcbf0c214ad3d25ba0d798d7715a775292a29d9d89372b4fe27539a70e585edbb1bf3482b7565b23acc5a68ab99638f23a874a7feb7ca1f9f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
dcdaef4c0197714cfe03344c761f1a1c

SHA1
85c60c4179d7bab1ce35c08ae64ff584eac97ab4

SHA256
c5a6614ed8cbea3296ae26c606b006986d5efd752696d4dd139c35cb21e3655a

SHA512
b09a1ce6a554e7845ec15715afc0db15c39c81ea359d87a3d68a01f8f4f8a0a4504ff83d233e709da067acd8fd0dd9e63ac38ff2a1504f5178d4895c1e4daac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2cbe3753dd7f2e99639fcb3122dd6a35

SHA1
cc0de155d587193176c314211f4c34e8b1c1c917

SHA256
f5eb4e87cfced3e357a89964b595a55122d699c16c12d4ba14fb1dd9ff802efa

SHA512
cd31ca1e955f56b943485b5daeb5134e58d7c490ffb8fecb83e0fd04be7e72e068a58fcf11b5d531f51f7ed658b76be7eb03c15f021c471c9267e4041cbd92d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
acdcb2e04fd1a9ff722e096690ed8dc7

SHA1
b6780533256149f5e9f52b5e8dbbb7d899788da2

SHA256
5fb02b4699230c9ca111abf2ed2b146dd46a44aca3b13c5532e0a706c6523abd

SHA512
e9ef821e6b2ec92c0e19273f99be8c4d1c80e5ef15111070f7c9db40c674ba7587514bc50cb1960fa7854e3cc3897c69391e839562df477ec9d4ce89f1cf41b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3ad08bc5306b580b6bf017cb59b6e46

SHA1
ff51916668e72182b3f8c04763c674f7b3e5c9d0

SHA256
733f21ef270b59b929b71ffe297f08fb7f0152d626ff08320cb84f3911645bc3

SHA512
82cfab9a87bc2021a929ae62d6e2322b6952f2b9171a10e4fa1b1d001c9cccfe31201724e8fa87028cc37a351976ab3a032383b3b872932b05ba8433a6751036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2125b315e6d646b20ea9bec380589dd8

SHA1
af9c0d08d6a7d9eacb97af74eafdb9a196b30e09

SHA256
db7ad4edfe9a4e3e6c6037e3d92bb950c53f15252e2da7b35c52028754037438

SHA512
0e4be7a728872f1d06bcc1d8dd53fd228313f5329f372419cb8c219271a4226ad907c2fe0928918645a624f2ddbcc9981ba8883680d87088f56d215463ca8e87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b1fa8570771b0559f80649cc4cb24f85

SHA1
f4c337267c7cee5c5c38c222d860b7d3530fb9c1

SHA256
a8b085ed610f01881c3f428f36b7ee1449c417a83bb0bf622a62447fac57e1d8

SHA512
b5bed669ed9a27cdc3df01617b7004ce176f343c862fffe652b5dcfd0f38f019e22783d6e6da45264b171ffe7c73163435fe657f15f09eaf2a2cc8ef12a506c9

Download Submit