9618c5c882ee5a3885433d371354f317ddef2e6e766a5cb3f9f797f1e4ccc14f

Analysis

max time kernel
148s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 07:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6254b8ec3eaf6d67ed86670f3f9f9fbd_JaffaCakes118.html
Size

53KB
MD5

6254b8ec3eaf6d67ed86670f3f9f9fbd
SHA1

321658ca94838ff5d4917a9658419ab281de3fbf
SHA256

9618c5c882ee5a3885433d371354f317ddef2e6e766a5cb3f9f797f1e4ccc14f
SHA512

fa04550cef9ce3512461aafdb0b2e5b53e0f091981c144ae1d183dea5b5fbaace9ab3c03a346b92284b043c035ace1b07296128580bc4938eefeb9585c190949
SSDEEP

1536:CkgUiIakTqGivi+PyUFrunlY763Nj+q5VyvR0w2AzTICbbPoo/t9M/dNwIUTDmD9:CkgUiIakTqGivi+PyUFrunlY763Nj+qf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4152	msedge.exe
4152	msedge.exe
3912	msedge.exe
3912	msedge.exe
3936	identity_helper.exe
3936	identity_helper.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3912 wrote to memory of 4492	3912	msedge.exe	84
PID 3912 wrote to memory of 4492	3912	msedge.exe	84
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 2528	3912	msedge.exe	85
PID 3912 wrote to memory of 4152	3912	msedge.exe	86
PID 3912 wrote to memory of 4152	3912	msedge.exe	86
PID 3912 wrote to memory of 4620	3912	msedge.exe	87
PID 3912 wrote to memory of 4620	3912	msedge.exe	87
PID 3912 wrote to memory of 4620	3912	msedge.exe	87
PID 3912 wrote to memory of 4620	3912	msedge.exe	87
PID 3912 wrote to memory of 4620	3912	msedge.exe	87
PID 3912 wrote to memory of 4620	3912	msedge.exe	87
PID 3912 wrote to memory of 4620	3912	msedge.exe	87
PID 3912 wrote to memory of 4620	3912	msedge.exe	87
PID 3912 wrote to memory of 4620	3912	msedge.exe	87
PID 3912 wrote to memory of 4620	3912	msedge.exe	87
PID 3912 wrote to memory of 4620	3912	msedge.exe	87
PID 3912 wrote to memory of 4620	3912	msedge.exe	87
PID 3912 wrote to memory of 4620	3912	msedge.exe	87
PID 3912 wrote to memory of 4620	3912	msedge.exe	87
PID 3912 wrote to memory of 4620	3912	msedge.exe	87
PID 3912 wrote to memory of 4620	3912	msedge.exe	87
PID 3912 wrote to memory of 4620	3912	msedge.exe	87
PID 3912 wrote to memory of 4620	3912	msedge.exe	87
PID 3912 wrote to memory of 4620	3912	msedge.exe	87
PID 3912 wrote to memory of 4620	3912	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6254b8ec3eaf6d67ed86670f3f9f9fbd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb4d5a46f8,0x7ffb4d5a4708,0x7ffb4d5a4718
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,7554007062698695912,1762484701826970033,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,7554007062698695912,1762484701826970033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,7554007062698695912,1762484701826970033,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7554007062698695912,1762484701826970033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7554007062698695912,1762484701826970033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7554007062698695912,1762484701826970033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,7554007062698695912,1762484701826970033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,7554007062698695912,1762484701826970033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7554007062698695912,1762484701826970033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7554007062698695912,1762484701826970033,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7554007062698695912,1762484701826970033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7554007062698695912,1762484701826970033,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,7554007062698695912,1762484701826970033,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4960 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaaad45aced1889a90a8aa4c39f92659

SHA1
5c0130d9e8d1a64c97924090d9a5258b8a31b83c

SHA256
5e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b

SHA512
0db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ee50fb26a9d3f096c47ff8696c24321

SHA1
a8c83e798d2a8b31fec0820560525e80dfa4fe66

SHA256
d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f

SHA512
479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
402B

MD5
38710a00821ad69736f2e512d3df0cef

SHA1
51e4c18e240cab5d62635db7f23f0224244010d7

SHA256
3ec128cfa5ed4d5127e398adf5c8d5ee8298b1be80eb502eeda240a44adda690

SHA512
2a2e30515bd03261aa49ef8b89f9d54d4470cb3ac0417e387e8bd20d3a99492082b3f60ba1e8d7585a94a59398c9532f4c02dd3eb1134aa0d338c04bcccbf16d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
736c4c19f244c72a3001dfccd0459ad8

SHA1
06157c1464245ebfe7a4770f092deaf22eee1480

SHA256
8792b74a346ee2e1f2d429cdf0fbf2cd3df482bab5791eaa55ec3d8baac5a81c

SHA512
2f847871bac60f32818d318076a89b72b958106162ea64f1a233ce7f4197fbab2c56f33a77ea839c283510ed8fa7086dbda357b84554e717036c8f6593bba053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd9a52bcd21df23682a46effd4c8c12e

SHA1
181b85b5eb517223ab0cc5f47dbe8834195e7b1c

SHA256
57541ad1a77d25daf4588a91b4a1586aab03e98a462ae0074e1b5b9570f5918b

SHA512
3140291f250a1a9b5eea117398e30e2c2c53a3571bcf12a3dd4507037ec2277a3116f9548491fdc4519d2d7dd672456640a78a158ebf8811a700e7382701ae4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
744c02c5974cb9f080991f82111bef4f

SHA1
51f767e0a5051a69208505b98984876c85d3e59f

SHA256
63159d5c335b32182957f467f7ca3d7f7b44b32e9186a5da2f0c6615997b91ae

SHA512
9461864d314a01ddd8529f43bb52c104bd3e702155b639ea9e50eff96bee4c593e47aee154968cf299fe47170e4e1a831957c6aea4aabf97d04f62523a1f0be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1933e595ff8d5d24c1692a5a6ab34fbf

SHA1
b8d4e82264a37f63c3c32afcefa2612b8dde8720

SHA256
4125287304bd2031108c5c68de9e980929d89235d2535905153eecb0d1664b51

SHA512
a9b463d12982169225d6ad91cf1c10dba22374bc62e9e27bcf74705cd2b7424a8918b8663edeeaa66fdcb7e49843b28da1ac4a34c87b782064fc18cbe6fd287e

Download Submit